, &(0x7f0000000240)=""/197) r4 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r4, 0x80404521, 0x0) ioctl$EVIOCSCLOCKID(r4, 0x400445a0, &(0x7f00000000c0)=0xe4) r5 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x200000) ioctl$EVIOCSCLOCKID(r5, 0x400445a0, &(0x7f0000000000)=0x5) 22:45:07 executing program 4: getrlimit(0x0, &(0x7f0000000000)) r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x200000000000000, 0x42200) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) connect$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x20) sendto$l2tp6(r1, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:07 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (fail_nth: 1) 22:45:07 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000000)=""/233) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:07 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000000)=""/233) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) [ 885.096284] FAULT_INJECTION: forcing a failure. [ 885.096284] name failslab, interval 1, probability 0, space 0, times 0 [ 885.130100] CPU: 1 PID: 14185 Comm: syz-executor.2 Not tainted 4.14.302-syzkaller #0 [ 885.138021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 885.147718] Call Trace: [ 885.150309] dump_stack+0x1b2/0x281 [ 885.153939] should_fail.cold+0x10a/0x149 [ 885.158096] should_failslab+0xd6/0x130 [ 885.162076] kmem_cache_alloc+0x28e/0x3c0 [ 885.166233] getname_flags+0xc8/0x550 [ 885.170044] ? vfs_write+0x319/0x4d0 [ 885.173756] SyS_mkdirat+0x83/0x270 [ 885.177371] ? SyS_mknod+0x30/0x30 [ 885.180899] ? __do_page_fault+0x159/0xad0 [ 885.185121] ? do_syscall_64+0x4c/0x640 [ 885.189075] ? SyS_mknod+0x30/0x30 [ 885.192600] do_syscall_64+0x1d5/0x640 [ 885.196470] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 885.201643] RIP: 0033:0x7fa212aa10e7 [ 885.205351] RSP: 002b:00007fa211013f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 885.213132] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa212aa10e7 [ 885.220384] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 885.227631] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 885.234876] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 22:45:07 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 1) 22:45:07 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (fail_nth: 1) 22:45:07 executing program 4: getrlimit(0x0, &(0x7f0000000000)) r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x200000000000000, 0x42200) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) connect$l2tp6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @private2}, 0x20) sendto$l2tp6(r1, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:07 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) [ 885.242130] R13: 0000000020000040 R14: 00007fa211013fe0 R15: 00000000200022c0 22:45:07 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (fail_nth: 2) 22:45:07 executing program 4: getrlimit(0x0, &(0x7f0000000000)) r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x200000000000000, 0x42200) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) [ 885.275845] FAULT_INJECTION: forcing a failure. [ 885.275845] name failslab, interval 1, probability 0, space 0, times 0 [ 885.299617] FAULT_INJECTION: forcing a failure. [ 885.299617] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 885.311438] CPU: 1 PID: 14204 Comm: syz-executor.2 Not tainted 4.14.302-syzkaller #0 [ 885.319319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 885.328286] FAULT_INJECTION: forcing a failure. [ 885.328286] name failslab, interval 1, probability 0, space 0, times 0 [ 885.328754] Call Trace: [ 885.328771] dump_stack+0x1b2/0x281 [ 885.328786] should_fail.cold+0x10a/0x149 [ 885.328798] __alloc_pages_nodemask+0x21e/0x2900 [ 885.328816] ? __lock_acquire+0x5fc/0x3f20 [ 885.359270] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 885.364128] ? lock_downgrade+0x740/0x740 [ 885.368279] ? get_pid_task+0xb8/0x130 [ 885.372170] ? proc_fail_nth_write+0x7b/0x180 [ 885.376664] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 885.381591] cache_grow_begin+0x91/0x700 [ 885.385639] ? fs_reclaim_release+0xd0/0x110 [ 885.390031] ? check_preemption_disabled+0x35/0x240 [ 885.395029] cache_alloc_refill+0x273/0x350 [ 885.399335] kmem_cache_alloc+0x333/0x3c0 [ 885.403466] getname_flags+0xc8/0x550 [ 885.407246] ? vfs_write+0x319/0x4d0 [ 885.410959] SyS_mkdirat+0x83/0x270 [ 885.414587] ? SyS_mknod+0x30/0x30 [ 885.418113] ? __do_page_fault+0x159/0xad0 [ 885.422334] ? do_syscall_64+0x4c/0x640 [ 885.426287] ? SyS_mknod+0x30/0x30 [ 885.429824] do_syscall_64+0x1d5/0x640 [ 885.433713] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 885.438890] RIP: 0033:0x7fa212aa10e7 [ 885.442585] RSP: 002b:00007fa211013f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 885.450283] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa212aa10e7 [ 885.457804] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 885.465055] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 885.472305] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 885.479551] R13: 0000000020000040 R14: 00007fa211013fe0 R15: 00000000200022c0 [ 885.486831] CPU: 0 PID: 14208 Comm: syz-executor.1 Not tainted 4.14.302-syzkaller #0 [ 885.494714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 885.504062] Call Trace: [ 885.506635] dump_stack+0x1b2/0x281 [ 885.510247] should_fail.cold+0x10a/0x149 [ 885.514382] should_failslab+0xd6/0x130 [ 885.518340] kmem_cache_alloc+0x28e/0x3c0 [ 885.522476] getname_flags+0xc8/0x550 [ 885.526265] ? vfs_write+0x319/0x4d0 [ 885.529968] SyS_mkdirat+0x83/0x270 [ 885.533583] ? SyS_mknod+0x30/0x30 [ 885.537102] ? __do_page_fault+0x159/0xad0 [ 885.541317] ? do_syscall_64+0x4c/0x640 [ 885.545272] ? SyS_mknod+0x30/0x30 [ 885.548793] do_syscall_64+0x1d5/0x640 [ 885.552664] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 885.557842] RIP: 0033:0x7f71707450e7 [ 885.561546] RSP: 002b:00007f716ecb7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 885.569237] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f71707450e7 [ 885.576492] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 885.583755] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 885.591017] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 885.598271] R13: 0000000020000040 R14: 00007f716ecb7fe0 R15: 00000000200022c0 [ 885.605540] CPU: 1 PID: 14201 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 885.613428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 885.622783] Call Trace: [ 885.625377] dump_stack+0x1b2/0x281 [ 885.629011] should_fail.cold+0x10a/0x149 [ 885.633163] should_failslab+0xd6/0x130 [ 885.637144] kmem_cache_alloc+0x28e/0x3c0 [ 885.641308] getname_flags+0xc8/0x550 [ 885.645113] ? vfs_write+0x319/0x4d0 [ 885.648833] SyS_mkdirat+0x83/0x270 [ 885.652464] ? SyS_mknod+0x30/0x30 [ 885.656008] ? __do_page_fault+0x159/0xad0 [ 885.660250] ? do_syscall_64+0x4c/0x640 [ 885.664228] ? SyS_mknod+0x30/0x30 [ 885.667776] do_syscall_64+0x1d5/0x640 [ 885.671672] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 885.676863] RIP: 0033:0x7f8e2a1750e7 [ 885.680573] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 885.688977] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 [ 885.696239] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 885.703490] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 885.710738] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 885.717988] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:08 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (fail_nth: 2) 22:45:08 executing program 4: getrlimit(0x0, &(0x7f0000000000)) r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x200000000000000, 0x42200) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:08 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 2) 22:45:08 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (fail_nth: 3) 22:45:08 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) [ 885.977715] FAULT_INJECTION: forcing a failure. [ 885.977715] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 885.978214] FAULT_INJECTION: forcing a failure. [ 885.978214] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 885.989552] CPU: 1 PID: 14234 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 886.009208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 886.018543] Call Trace: [ 886.021120] dump_stack+0x1b2/0x281 [ 886.024734] should_fail.cold+0x10a/0x149 [ 886.028866] __alloc_pages_nodemask+0x21e/0x2900 [ 886.033608] ? __lock_acquire+0x5fc/0x3f20 [ 886.037830] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 886.042656] ? lock_downgrade+0x740/0x740 [ 886.046790] ? get_pid_task+0xb8/0x130 [ 886.050663] ? proc_fail_nth_write+0x7b/0x180 [ 886.055142] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 886.060057] cache_grow_begin+0x91/0x700 [ 886.064098] ? fs_reclaim_release+0xd0/0x110 [ 886.068487] ? check_preemption_disabled+0x35/0x240 [ 886.073486] cache_alloc_refill+0x273/0x350 [ 886.077792] kmem_cache_alloc+0x333/0x3c0 [ 886.081926] getname_flags+0xc8/0x550 [ 886.085707] ? vfs_write+0x319/0x4d0 [ 886.089402] SyS_mkdirat+0x83/0x270 [ 886.093012] ? SyS_mknod+0x30/0x30 [ 886.096535] ? __do_page_fault+0x159/0xad0 [ 886.100751] ? do_syscall_64+0x4c/0x640 [ 886.104706] ? SyS_mknod+0x30/0x30 [ 886.108231] do_syscall_64+0x1d5/0x640 [ 886.112103] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 886.117281] RIP: 0033:0x7f8e2a1750e7 [ 886.120971] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 886.128658] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 [ 886.135908] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 886.143157] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 886.150407] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 886.157656] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 [ 886.164920] CPU: 0 PID: 14235 Comm: syz-executor.1 Not tainted 4.14.302-syzkaller #0 [ 886.172802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 886.178034] FAULT_INJECTION: forcing a failure. [ 886.178034] name failslab, interval 1, probability 0, space 0, times 0 [ 886.182156] Call Trace: [ 886.182175] dump_stack+0x1b2/0x281 [ 886.182190] should_fail.cold+0x10a/0x149 [ 886.182203] __alloc_pages_nodemask+0x21e/0x2900 [ 886.182219] ? __lock_acquire+0x5fc/0x3f20 [ 886.182231] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 886.182248] ? lock_downgrade+0x740/0x740 [ 886.182261] ? get_pid_task+0xb8/0x130 [ 886.225618] ? proc_fail_nth_write+0x7b/0x180 [ 886.230101] ? proc_tgid_io_accounting+0x7a0/0x7a0 [ 886.235018] cache_grow_begin+0x91/0x700 [ 886.239076] ? fs_reclaim_release+0xd0/0x110 [ 886.243474] ? check_preemption_disabled+0x35/0x240 [ 886.248479] cache_alloc_refill+0x273/0x350 [ 886.252784] kmem_cache_alloc+0x333/0x3c0 [ 886.256914] getname_flags+0xc8/0x550 [ 886.260694] ? vfs_write+0x319/0x4d0 [ 886.264394] SyS_mkdirat+0x83/0x270 [ 886.268003] ? SyS_mknod+0x30/0x30 [ 886.271523] ? __do_page_fault+0x159/0xad0 [ 886.275739] ? do_syscall_64+0x4c/0x640 [ 886.279692] ? SyS_mknod+0x30/0x30 [ 886.283214] do_syscall_64+0x1d5/0x640 [ 886.287097] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 886.292273] RIP: 0033:0x7f71707450e7 [ 886.295964] RSP: 002b:00007f716ecb7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 886.303653] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f71707450e7 [ 886.310904] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 886.318154] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 886.325408] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 886.332665] R13: 0000000020000040 R14: 00007f716ecb7fe0 R15: 00000000200022c0 [ 886.339927] CPU: 1 PID: 14241 Comm: syz-executor.2 Not tainted 4.14.302-syzkaller #0 [ 886.347811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 886.357162] Call Trace: [ 886.359758] dump_stack+0x1b2/0x281 [ 886.363394] should_fail.cold+0x10a/0x149 [ 886.367551] should_failslab+0xd6/0x130 [ 886.371530] kmem_cache_alloc+0x28e/0x3c0 [ 886.375682] __d_alloc+0x2a/0xa20 [ 886.379139] ? d_lookup+0x172/0x220 [ 886.382770] d_alloc+0x46/0x240 [ 886.386053] __lookup_hash+0x101/0x270 [ 886.389948] filename_create+0x156/0x3f0 [ 886.394014] ? kern_path_mountpoint+0x40/0x40 [ 886.398516] ? vfs_write+0x319/0x4d0 [ 886.402226] SyS_mkdirat+0x95/0x270 [ 886.405834] ? SyS_mknod+0x30/0x30 [ 886.409356] ? __do_page_fault+0x159/0xad0 [ 886.413569] ? do_syscall_64+0x4c/0x640 [ 886.417525] ? SyS_mknod+0x30/0x30 [ 886.421051] do_syscall_64+0x1d5/0x640 22:45:08 executing program 4: getrlimit(0x0, &(0x7f0000000000)) r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x200000000000000, 0x42200) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:08 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/163, 0xa3) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4080010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}]}, 0x1c}}, 0x4008005) 22:45:08 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 3) 22:45:08 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (fail_nth: 3) 22:45:08 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) [ 886.424923] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 886.430093] RIP: 0033:0x7fa212aa10e7 [ 886.433780] RSP: 002b:00007fa210ff2f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 886.441468] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa212aa10e7 [ 886.448725] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 886.455976] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 886.463222] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 886.470469] R13: 0000000020000040 R14: 00007fa210ff2fe0 R15: 00000000200022c0 22:45:08 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (fail_nth: 4) [ 886.555998] FAULT_INJECTION: forcing a failure. [ 886.555998] name failslab, interval 1, probability 0, space 0, times 0 [ 886.566489] FAULT_INJECTION: forcing a failure. [ 886.566489] name failslab, interval 1, probability 0, space 0, times 0 [ 886.571311] CPU: 1 PID: 14259 Comm: syz-executor.2 Not tainted 4.14.302-syzkaller #0 [ 886.586301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 886.595659] Call Trace: [ 886.598246] dump_stack+0x1b2/0x281 [ 886.601876] should_fail.cold+0x10a/0x149 [ 886.606030] should_failslab+0xd6/0x130 [ 886.610005] kmem_cache_alloc+0x28e/0x3c0 [ 886.614151] ? ext4_sync_fs+0x7e0/0x7e0 [ 886.618124] ext4_alloc_inode+0x1a/0x640 [ 886.622182] ? ext4_sync_fs+0x7e0/0x7e0 [ 886.626150] alloc_inode+0x5d/0x170 [ 886.629783] new_inode+0x1d/0xf0 [ 886.633156] __ext4_new_inode+0x360/0x4eb0 [ 886.637395] ? finish_task_switch+0x178/0x610 [ 886.641901] ? _raw_spin_unlock_irq+0x24/0x80 [ 886.646404] ? ext4_free_inode+0x1460/0x1460 [ 886.650815] ? __switch_to_asm+0x31/0x60 [ 886.654870] ? __switch_to_asm+0x25/0x60 [ 886.658922] ? trace_event_raw_event_ext4__trim+0x150/0x2f0 [ 886.664634] ? __schedule+0x893/0x1de0 [ 886.668524] ? dquot_initialize_needed+0x240/0x240 [ 886.673459] ? retint_kernel+0x2d/0x2d [ 886.677355] ext4_mkdir+0x2e4/0xbd0 [ 886.680994] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 886.685663] ? __inode_permission+0x13/0x2f0 [ 886.690076] ? security_inode_mkdir+0xca/0x100 [ 886.694660] vfs_mkdir+0x463/0x6e0 [ 886.698205] SyS_mkdirat+0x1fd/0x270 [ 886.701922] ? SyS_mknod+0x30/0x30 [ 886.705461] ? __do_page_fault+0x159/0xad0 [ 886.709695] ? do_syscall_64+0x4c/0x640 [ 886.713663] ? SyS_mknod+0x30/0x30 [ 886.717189] do_syscall_64+0x1d5/0x640 [ 886.721063] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 886.726235] RIP: 0033:0x7fa212aa10e7 [ 886.729927] RSP: 002b:00007fa211013f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 886.737621] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa212aa10e7 [ 886.745220] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 886.752471] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 886.759721] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 886.766970] R13: 0000000020000040 R14: 00007fa211013fe0 R15: 00000000200022c0 [ 886.774236] CPU: 0 PID: 14262 Comm: syz-executor.1 Not tainted 4.14.302-syzkaller #0 [ 886.775043] FAULT_INJECTION: forcing a failure. [ 886.775043] name failslab, interval 1, probability 0, space 0, times 0 [ 886.782123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 886.782128] Call Trace: 22:45:09 executing program 4: getrlimit(0x0, &(0x7f0000000000)) r0 = syz_open_dev$evdev(&(0x7f00000001c0), 0x200000000000000, 0x42200) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) [ 886.782145] dump_stack+0x1b2/0x281 [ 886.782158] should_fail.cold+0x10a/0x149 [ 886.782170] should_failslab+0xd6/0x130 [ 886.782189] kmem_cache_alloc+0x28e/0x3c0 [ 886.821108] __d_alloc+0x2a/0xa20 [ 886.824562] ? d_lookup+0x172/0x220 [ 886.828179] d_alloc+0x46/0x240 [ 886.831443] __lookup_hash+0x101/0x270 [ 886.835319] filename_create+0x156/0x3f0 [ 886.839391] ? kern_path_mountpoint+0x40/0x40 [ 886.843871] ? vfs_write+0x319/0x4d0 [ 886.847573] SyS_mkdirat+0x95/0x270 [ 886.851189] ? SyS_mknod+0x30/0x30 [ 886.854712] ? __do_page_fault+0x159/0xad0 [ 886.858933] ? do_syscall_64+0x4c/0x640 [ 886.862889] ? SyS_mknod+0x30/0x30 [ 886.866411] do_syscall_64+0x1d5/0x640 [ 886.870286] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 886.875459] RIP: 0033:0x7f71707450e7 [ 886.879156] RSP: 002b:00007f716ecb7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 886.886849] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f71707450e7 [ 886.894105] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 886.901363] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 886.908631] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 886.915897] R13: 0000000020000040 R14: 00007f716ecb7fe0 R15: 00000000200022c0 [ 886.923174] CPU: 1 PID: 14261 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 886.931062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 886.940415] Call Trace: [ 886.943007] dump_stack+0x1b2/0x281 [ 886.946645] should_fail.cold+0x10a/0x149 [ 886.950801] should_failslab+0xd6/0x130 [ 886.954780] kmem_cache_alloc+0x28e/0x3c0 [ 886.958930] ? ext4_sync_fs+0x7e0/0x7e0 [ 886.962907] ext4_alloc_inode+0x1a/0x640 [ 886.966967] ? ext4_sync_fs+0x7e0/0x7e0 [ 886.970943] alloc_inode+0x5d/0x170 [ 886.974564] new_inode+0x1d/0xf0 [ 886.977912] __ext4_new_inode+0x360/0x4eb0 [ 886.982128] ? kmem_cache_free+0x7c/0x2b0 [ 886.986253] ? putname+0xcd/0x110 [ 886.989684] ? SyS_mkdirat+0x95/0x270 [ 886.993461] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 886.998806] ? ext4_free_inode+0x1460/0x1460 [ 887.003210] ? lock_downgrade+0x740/0x740 [ 887.007337] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 887.012481] ? dquot_initialize_needed+0x240/0x240 [ 887.017400] ext4_mkdir+0x2e4/0xbd0 [ 887.021016] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 887.025668] ? security_inode_mkdir+0xca/0x100 [ 887.030242] vfs_mkdir+0x463/0x6e0 [ 887.033762] SyS_mkdirat+0x1fd/0x270 [ 887.037460] ? SyS_mknod+0x30/0x30 [ 887.040977] ? __do_page_fault+0x159/0xad0 [ 887.045212] ? do_syscall_64+0x4c/0x640 [ 887.049183] ? SyS_mknod+0x30/0x30 [ 887.052709] do_syscall_64+0x1d5/0x640 [ 887.056581] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 887.061750] RIP: 0033:0x7f8e2a1750e7 [ 887.065440] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 887.073131] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 [ 887.080377] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 887.087627] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 887.094880] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 22:45:09 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (fail_nth: 4) 22:45:09 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 4) 22:45:09 executing program 3: ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:09 executing program 4: getrlimit(0x0, &(0x7f0000000000)) syz_open_dev$evdev(&(0x7f00000001c0), 0x200000000000000, 0x42200) r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:09 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (fail_nth: 5) [ 887.102138] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 [ 887.127039] FAULT_INJECTION: forcing a failure. [ 887.127039] name failslab, interval 1, probability 0, space 0, times 0 [ 887.179173] CPU: 1 PID: 14278 Comm: syz-executor.1 Not tainted 4.14.302-syzkaller #0 [ 887.187086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 887.196440] Call Trace: [ 887.199034] dump_stack+0x1b2/0x281 [ 887.202670] should_fail.cold+0x10a/0x149 [ 887.206832] should_failslab+0xd6/0x130 [ 887.210815] kmem_cache_alloc+0x28e/0x3c0 [ 887.214968] ? ext4_sync_fs+0x7e0/0x7e0 [ 887.218942] ext4_alloc_inode+0x1a/0x640 [ 887.223006] ? ext4_sync_fs+0x7e0/0x7e0 [ 887.226985] alloc_inode+0x5d/0x170 [ 887.230617] new_inode+0x1d/0xf0 [ 887.233985] __ext4_new_inode+0x360/0x4eb0 [ 887.238227] ? kmem_cache_free+0x7c/0x2b0 [ 887.242382] ? putname+0xcd/0x110 [ 887.245833] ? SyS_mkdirat+0x95/0x270 [ 887.249635] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 887.253290] FAULT_INJECTION: forcing a failure. [ 887.253290] name failslab, interval 1, probability 0, space 0, times 0 [ 887.254994] ? ext4_free_inode+0x1460/0x1460 [ 887.255013] ? lock_downgrade+0x740/0x740 [ 887.255029] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 887.279914] ? dquot_initialize_needed+0x240/0x240 [ 887.284849] ext4_mkdir+0x2e4/0xbd0 [ 887.288472] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 887.293125] ? security_inode_mkdir+0xca/0x100 [ 887.297699] vfs_mkdir+0x463/0x6e0 [ 887.301229] SyS_mkdirat+0x1fd/0x270 [ 887.304928] ? SyS_mknod+0x30/0x30 [ 887.308448] ? __do_page_fault+0x159/0xad0 [ 887.312662] ? do_syscall_64+0x4c/0x640 [ 887.316623] ? SyS_mknod+0x30/0x30 [ 887.320152] do_syscall_64+0x1d5/0x640 [ 887.324026] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 887.329198] RIP: 0033:0x7f71707450e7 [ 887.332893] RSP: 002b:00007f716ecb7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 887.340596] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f71707450e7 [ 887.347853] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 887.355104] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 887.362356] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 887.369607] R13: 0000000020000040 R14: 00007f716ecb7fe0 R15: 00000000200022c0 22:45:09 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (fail_nth: 5) [ 887.376873] CPU: 0 PID: 14284 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 887.384759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 887.394112] Call Trace: [ 887.396700] dump_stack+0x1b2/0x281 [ 887.400344] should_fail.cold+0x10a/0x149 [ 887.404502] should_failslab+0xd6/0x130 [ 887.406881] FAULT_INJECTION: forcing a failure. [ 887.406881] name failslab, interval 1, probability 0, space 0, times 0 [ 887.408478] __kmalloc+0x2c1/0x400 [ 887.408494] ? ext4_find_extent+0x879/0xbc0 [ 887.427509] ext4_find_extent+0x879/0xbc0 [ 887.431661] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 887.437110] ext4_ext_map_blocks+0x19a/0x6b10 [ 887.437447] FAULT_INJECTION: forcing a failure. [ 887.437447] name failslab, interval 1, probability 0, space 0, times 0 [ 887.441602] ? __lock_acquire+0x5fc/0x3f20 [ 887.441617] ? __lock_acquire+0x5fc/0x3f20 [ 887.441635] ? trace_hardirqs_on+0x10/0x10 [ 887.465430] ? ext4_chunk_trans_blocks+0x30/0x30 [ 887.470171] ? ext4_find_delalloc_cluster+0x180/0x180 [ 887.475342] ? trace_hardirqs_on+0x10/0x10 [ 887.479559] ? ext4_mark_inode_dirty+0x1db/0x7a0 [ 887.484299] ? ext4_expand_extra_isize+0x460/0x460 [ 887.489213] ? ext4_es_lookup_extent+0x321/0xac0 [ 887.493953] ? lock_acquire+0x170/0x3f0 [ 887.497912] ? lock_acquire+0x170/0x3f0 [ 887.501868] ? ext4_map_blocks+0x29f/0x1730 [ 887.506182] ext4_map_blocks+0xb19/0x1730 [ 887.510316] ? ext4_issue_zeroout+0x150/0x150 [ 887.514791] ? ext4_free_inode+0x1460/0x1460 [ 887.519183] ? lock_downgrade+0x740/0x740 [ 887.523315] ext4_append+0x18d/0x440 [ 887.527014] ? ext4_dx_csum+0x3a0/0x3a0 [ 887.530980] ext4_mkdir+0x4c9/0xbd0 [ 887.534599] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 887.539258] ? security_inode_mkdir+0xca/0x100 [ 887.543823] vfs_mkdir+0x463/0x6e0 [ 887.547345] SyS_mkdirat+0x1fd/0x270 [ 887.551041] ? SyS_mknod+0x30/0x30 [ 887.554563] ? __do_page_fault+0x159/0xad0 [ 887.558779] ? do_syscall_64+0x4c/0x640 [ 887.562736] ? SyS_mknod+0x30/0x30 [ 887.566260] do_syscall_64+0x1d5/0x640 [ 887.570133] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 887.575310] RIP: 0033:0x7f8e2a1750e7 [ 887.579015] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 887.586723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 [ 887.593987] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 887.601252] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 887.608508] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 887.615760] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 [ 887.627632] CPU: 1 PID: 14294 Comm: syz-executor.2 Not tainted 4.14.302-syzkaller #0 [ 887.635521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 887.644871] Call Trace: [ 887.647466] dump_stack+0x1b2/0x281 [ 887.651096] should_fail.cold+0x10a/0x149 [ 887.655249] should_failslab+0xd6/0x130 [ 887.659232] __kmalloc+0x2c1/0x400 [ 887.662774] ? ext4_find_extent+0x879/0xbc0 [ 887.667104] ext4_find_extent+0x879/0xbc0 [ 887.671263] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 887.676718] ext4_ext_map_blocks+0x19a/0x6b10 [ 887.681224] ? __lock_acquire+0x5fc/0x3f20 [ 887.685466] ? __lock_acquire+0x5fc/0x3f20 [ 887.689709] ? trace_hardirqs_on+0x10/0x10 [ 887.693948] ? ext4_chunk_trans_blocks+0x30/0x30 [ 887.698706] ? ext4_find_delalloc_cluster+0x180/0x180 [ 887.703897] ? trace_hardirqs_on+0x10/0x10 [ 887.707526] FAULT_INJECTION: forcing a failure. [ 887.707526] name failslab, interval 1, probability 0, space 0, times 0 [ 887.708137] ? ext4_mark_inode_dirty+0x1db/0x7a0 [ 887.708148] ? ext4_expand_extra_isize+0x460/0x460 [ 887.708163] ? ext4_es_lookup_extent+0x321/0xac0 [ 887.733823] ? lock_acquire+0x170/0x3f0 [ 887.737787] ? lock_acquire+0x170/0x3f0 [ 887.741745] ? ext4_map_blocks+0x29f/0x1730 [ 887.746053] ext4_map_blocks+0xb19/0x1730 [ 887.750187] ? ext4_issue_zeroout+0x150/0x150 [ 887.754671] ? ext4_free_inode+0x1460/0x1460 [ 887.759071] ? lock_downgrade+0x740/0x740 [ 887.763215] ext4_append+0x18d/0x440 [ 887.766914] ? ext4_dx_csum+0x3a0/0x3a0 [ 887.770877] ext4_mkdir+0x4c9/0xbd0 [ 887.774497] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 887.779153] ? security_inode_mkdir+0xca/0x100 [ 887.783723] vfs_mkdir+0x463/0x6e0 [ 887.787246] SyS_mkdirat+0x1fd/0x270 [ 887.790939] ? SyS_mknod+0x30/0x30 [ 887.794461] ? __do_page_fault+0x159/0xad0 [ 887.798676] ? do_syscall_64+0x4c/0x640 [ 887.802629] ? SyS_mknod+0x30/0x30 [ 887.806154] do_syscall_64+0x1d5/0x640 [ 887.810029] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 887.815200] RIP: 0033:0x7fa212aa10e7 [ 887.818894] RSP: 002b:00007fa211013f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 22:45:09 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/163, 0xa3) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4080010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}]}, 0x1c}}, 0x4008005) socket$nl_generic(0x10, 0x3, 0x10) (async) read$char_usb(r0, &(0x7f00000001c0)=""/163, 0xa3) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4080010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}]}, 0x1c}}, 0x4008005) (async) 22:45:09 executing program 3: ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:09 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 5) [ 887.826591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa212aa10e7 [ 887.833842] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 887.841103] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 887.848357] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 887.855607] R13: 0000000020000040 R14: 00007fa211013fe0 R15: 00000000200022c0 [ 887.862873] CPU: 0 PID: 14302 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 887.870759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 887.880112] Call Trace: [ 887.882702] dump_stack+0x1b2/0x281 [ 887.886326] should_fail.cold+0x10a/0x149 [ 887.890471] should_failslab+0xd6/0x130 [ 887.894444] __kmalloc+0x2c1/0x400 [ 887.897986] ? ext4_find_extent+0x879/0xbc0 [ 887.902311] ext4_find_extent+0x879/0xbc0 [ 887.906463] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 887.911919] ext4_ext_map_blocks+0x19a/0x6b10 [ 887.916418] ? __lock_acquire+0x5fc/0x3f20 [ 887.920658] ? __lock_acquire+0x5fc/0x3f20 [ 887.924902] ? trace_hardirqs_on+0x10/0x10 [ 887.929147] ? ext4_chunk_trans_blocks+0x30/0x30 [ 887.933905] ? ext4_find_delalloc_cluster+0x180/0x180 [ 887.939090] ? trace_hardirqs_on+0x10/0x10 [ 887.943314] ? ext4_mark_inode_dirty+0x1db/0x7a0 [ 887.948051] ? ext4_expand_extra_isize+0x460/0x460 [ 887.952964] ? ext4_es_lookup_extent+0x321/0xac0 [ 887.957702] ? lock_acquire+0x170/0x3f0 [ 887.961658] ? lock_acquire+0x170/0x3f0 [ 887.965631] ? ext4_map_blocks+0x29f/0x1730 [ 887.969950] ext4_map_blocks+0xb19/0x1730 [ 887.974100] ? ext4_issue_zeroout+0x150/0x150 [ 887.978587] ? ext4_free_inode+0x1460/0x1460 [ 887.982982] ? lock_downgrade+0x740/0x740 [ 887.987145] ext4_append+0x18d/0x440 [ 887.990860] ? ext4_dx_csum+0x3a0/0x3a0 [ 887.994837] ext4_mkdir+0x4c9/0xbd0 [ 887.998556] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 888.003227] ? security_inode_mkdir+0xca/0x100 [ 888.007806] vfs_mkdir+0x463/0x6e0 [ 888.011343] SyS_mkdirat+0x1fd/0x270 [ 888.015053] ? SyS_mknod+0x30/0x30 [ 888.018586] ? __do_page_fault+0x159/0xad0 [ 888.022807] ? do_syscall_64+0x4c/0x640 [ 888.026811] ? SyS_mknod+0x30/0x30 [ 888.030347] do_syscall_64+0x1d5/0x640 [ 888.034233] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 888.039408] RIP: 0033:0x7f8e2a1750e7 [ 888.043106] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 888.050800] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 [ 888.058053] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 888.065306] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 888.072556] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 888.079806] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 [ 888.087071] CPU: 1 PID: 14296 Comm: syz-executor.1 Not tainted 4.14.302-syzkaller #0 [ 888.094956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 888.104313] Call Trace: [ 888.106909] dump_stack+0x1b2/0x281 [ 888.110554] should_fail.cold+0x10a/0x149 [ 888.114711] should_failslab+0xd6/0x130 [ 888.118690] __kmalloc+0x2c1/0x400 [ 888.122230] ? ext4_find_extent+0x879/0xbc0 [ 888.126559] ext4_find_extent+0x879/0xbc0 [ 888.130714] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 888.136170] ext4_ext_map_blocks+0x19a/0x6b10 [ 888.140684] ? __lock_acquire+0x5fc/0x3f20 [ 888.144935] ? __lock_acquire+0x5fc/0x3f20 [ 888.149180] ? trace_hardirqs_on+0x10/0x10 [ 888.153420] ? ext4_chunk_trans_blocks+0x30/0x30 [ 888.158184] ? ext4_find_delalloc_cluster+0x180/0x180 [ 888.162276] FAULT_INJECTION: forcing a failure. [ 888.162276] name failslab, interval 1, probability 0, space 0, times 0 [ 888.163375] ? trace_hardirqs_on+0x10/0x10 [ 888.163390] ? ext4_mark_inode_dirty+0x1db/0x7a0 [ 888.163400] ? ext4_expand_extra_isize+0x460/0x460 [ 888.163411] ? ext4_es_lookup_extent+0x321/0xac0 [ 888.163428] ? lock_acquire+0x170/0x3f0 [ 888.163441] ? lock_acquire+0x170/0x3f0 [ 888.205659] ? ext4_map_blocks+0x29f/0x1730 [ 888.209968] ext4_map_blocks+0xb19/0x1730 [ 888.214108] ? ext4_issue_zeroout+0x150/0x150 [ 888.218586] ? ext4_free_inode+0x1460/0x1460 [ 888.222987] ? lock_downgrade+0x740/0x740 [ 888.227122] ext4_append+0x18d/0x440 [ 888.230821] ? ext4_dx_csum+0x3a0/0x3a0 [ 888.234781] ext4_mkdir+0x4c9/0xbd0 [ 888.238402] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 888.243055] ? security_inode_mkdir+0xca/0x100 [ 888.247623] vfs_mkdir+0x463/0x6e0 [ 888.251150] SyS_mkdirat+0x1fd/0x270 [ 888.254845] ? SyS_mknod+0x30/0x30 [ 888.258367] ? __do_page_fault+0x159/0xad0 [ 888.262583] ? do_syscall_64+0x4c/0x640 [ 888.266541] ? SyS_mknod+0x30/0x30 [ 888.270066] do_syscall_64+0x1d5/0x640 [ 888.273942] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 888.279117] RIP: 0033:0x7f71707450e7 [ 888.282808] RSP: 002b:00007f716ecb7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 888.290496] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f71707450e7 [ 888.297747] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 888.304998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 888.312255] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 888.319507] R13: 0000000020000040 R14: 00007f716ecb7fe0 R15: 00000000200022c0 [ 888.326771] CPU: 0 PID: 14317 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 22:45:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/163, 0xa3) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4080010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}]}, 0x1c}}, 0x4008005) socket$nl_generic(0x10, 0x3, 0x10) (async) read$char_usb(r0, &(0x7f00000001c0)=""/163, 0xa3) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4080010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6}]}, 0x1c}}, 0x4008005) (async) 22:45:10 executing program 3: ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:10 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 6) 22:45:10 executing program 3: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:10 executing program 4: getrlimit(0x0, &(0x7f0000000000)) r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) [ 888.334652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 888.344006] Call Trace: [ 888.346615] dump_stack+0x1b2/0x281 [ 888.350254] should_fail.cold+0x10a/0x149 [ 888.354414] should_failslab+0xd6/0x130 [ 888.358396] kmem_cache_alloc+0x40/0x3c0 [ 888.362463] __es_insert_extent+0x338/0x1360 [ 888.366874] ? __es_shrink+0x8c0/0x8c0 [ 888.370760] ? lock_acquire+0x170/0x3f0 [ 888.374740] ? ext4_es_insert_extent+0x11f/0x530 [ 888.379511] ext4_es_insert_extent+0x1b9/0x530 22:45:10 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) [ 888.384119] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 888.389922] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 888.395387] ? ext4_es_find_delayed_extent_range+0x646/0x930 [ 888.401190] ext4_ext_map_blocks+0x1e2c/0x6b10 [ 888.405779] ? __lock_acquire+0x5fc/0x3f20 [ 888.410025] ? __lock_acquire+0x5fc/0x3f20 [ 888.414270] ? trace_hardirqs_on+0x10/0x10 [ 888.418512] ? ext4_chunk_trans_blocks+0x30/0x30 [ 888.423273] ? ext4_find_delalloc_cluster+0x180/0x180 [ 888.428464] ? trace_hardirqs_on+0x10/0x10 [ 888.432701] ? ext4_mark_inode_dirty+0x1db/0x7a0 22:45:10 executing program 4: socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) [ 888.437455] ? ext4_expand_extra_isize+0x460/0x460 [ 888.442389] ? ext4_es_lookup_extent+0x321/0xac0 [ 888.447148] ? lock_acquire+0x170/0x3f0 [ 888.451128] ? lock_acquire+0x170/0x3f0 [ 888.455103] ? ext4_map_blocks+0x29f/0x1730 [ 888.459430] ext4_map_blocks+0xb19/0x1730 [ 888.463589] ? ext4_issue_zeroout+0x150/0x150 [ 888.468084] ? ext4_free_inode+0x1460/0x1460 [ 888.472493] ? lock_downgrade+0x740/0x740 [ 888.476648] ext4_append+0x18d/0x440 [ 888.480363] ? ext4_dx_csum+0x3a0/0x3a0 22:45:10 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x2f, 0xb07e, 0x83, 0x220d, 0xffff, 0x8, 0x5}}}, 0x60) [ 888.484341] ext4_mkdir+0x4c9/0xbd0 [ 888.487976] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 888.492650] ? security_inode_mkdir+0xca/0x100 [ 888.497236] vfs_mkdir+0x463/0x6e0 [ 888.500776] SyS_mkdirat+0x1fd/0x270 [ 888.504489] ? SyS_mknod+0x30/0x30 [ 888.508028] ? __do_page_fault+0x159/0xad0 [ 888.512273] ? do_syscall_64+0x4c/0x640 [ 888.516427] ? SyS_mknod+0x30/0x30 [ 888.519974] do_syscall_64+0x1d5/0x640 [ 888.523871] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 888.529081] RIP: 0033:0x7f8e2a1750e7 [ 888.532786] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 888.540494] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 [ 888.548108] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 888.555382] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 888.562654] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 888.569936] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:10 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = syz_open_dev$media(&(0x7f00000007c0), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_ENTITIES(r1, 0xc1007c01, &(0x7f0000001000)) ioctl$MEDIA_IOC_DEVICE_INFO(r1, 0xc1007c00, &(0x7f0000000000)) write$char_usb(0xffffffffffffffff, &(0x7f0000000100)="9ec202fdaa0f5488ecfe4beec84f7107f93a2da95199d5c76cf100a5d6a3c960815921f661bcc4eb996952fe0df6d40797299b58ab9502460e1e3c69b191d86848b9d7564535fba76b74d7e31444fe00c792eca354e3ee061715cb05fe1238a68468225ca2a514ab88cfbf8890433d18f4ed69de9df2898d2dc066e4d79c0ed422eb776eb3a99f957e7d42c15da447d600e517a85ca0df07f55ce705fd6ed7c43ef5927b12cdfc6c5ac6618404eb5ad3e0052d5f90de", 0xb6) openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x80200, 0x0) 22:45:10 executing program 4: socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:10 executing program 3: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:10 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x2f, 0xb07e, 0x83, 0x220d, 0xffff, 0x8, 0x5}}}, 0x60) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x2f, 0xb07e, 0x83, 0x220d, 0xffff, 0x8, 0x5}}}, 0x60) (async) 22:45:10 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0xffffffffffffffda, r3, {0xfffffff8}}, 0x18) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:10 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 7) 22:45:10 executing program 4: socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000080)="7c739d9791910c0a1f316c8a97fc1627d12933e367cac59b71744b9ddce6329ea2e1bf504930aaf7f7f5f74841453329551ef7f403e1a72faab78b23076ae18ed6eee551cbccdb5ea899bd12b1adcc2026eaed7201c138a342bb6083e6a10b26803b21ff4f16c0101818117d412e166544092db6d587c19ff3cd658bfcbae4ebcbb0f5019e7701620c378ec8cd689dbd1febafe861d6490c6da35797ab5c76e2d0a415111aa0ff79d75aaa8c8d090e9a09e80843b1dc2d91f8446f25b9b64a517963b937c18ee4abcaad5adfad739eb1162d51d744ab324b64c6b3638d8f7bea132e58b6371ad7acbbfaf4", 0xeb, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:10 executing program 3: r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:10 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x2f, 0xb07e, 0x83, 0x220d, 0xffff, 0x8, 0x5}}}, 0x60) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x2f, 0xb07e, 0x83, 0x220d, 0xffff, 0x8, 0x5}}}, 0x60) (async) 22:45:10 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:10 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0xffffffffffffffda, r3, {0xfffffff8}}, 0x18) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) (async) write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0xffffffffffffffda, r3, {0xfffffff8}}, 0x18) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) [ 888.721037] FAULT_INJECTION: forcing a failure. [ 888.721037] name failslab, interval 1, probability 0, space 0, times 0 [ 888.774610] CPU: 1 PID: 14375 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 888.782514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 888.791869] Call Trace: [ 888.794461] dump_stack+0x1b2/0x281 [ 888.798097] should_fail.cold+0x10a/0x149 [ 888.802254] should_failslab+0xd6/0x130 [ 888.806232] __kmalloc+0x2c1/0x400 [ 888.809775] ? ext4_find_extent+0x879/0xbc0 [ 888.814100] ? debug_check_no_obj_freed+0x2c0/0x680 [ 888.819124] ext4_find_extent+0x879/0xbc0 22:45:11 executing program 3: syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) [ 888.823281] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 888.828739] ext4_ext_map_blocks+0x19a/0x6b10 [ 888.833240] ? __lock_acquire+0x5fc/0x3f20 [ 888.837486] ? __lock_acquire+0x5fc/0x3f20 [ 888.841734] ? trace_hardirqs_on+0x10/0x10 [ 888.846408] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 888.851868] ? ext4_find_delalloc_cluster+0x180/0x180 [ 888.857081] ? ext4_es_lookup_extent+0x321/0xac0 [ 888.861857] ? lock_acquire+0x170/0x3f0 [ 888.865839] ? lock_acquire+0x170/0x3f0 [ 888.869820] ? ext4_map_blocks+0x623/0x1730 [ 888.874157] ext4_map_blocks+0x675/0x1730 [ 888.878327] ? lock_acquire+0x170/0x3f0 [ 888.882306] ? ext4_issue_zeroout+0x150/0x150 [ 888.886806] ? lock_acquire+0x170/0x3f0 [ 888.890784] ? lock_downgrade+0x740/0x740 [ 888.894946] ext4_getblk+0x98/0x420 [ 888.898585] ? up_read+0x17/0x30 [ 888.901956] ? ext4_iomap_begin+0x7f0/0x7f0 [ 888.906290] ext4_bread+0x6c/0x1b0 [ 888.909832] ? ext4_getblk+0x420/0x420 [ 888.913732] ext4_append+0x1ed/0x440 [ 888.917460] ? ext4_dx_csum+0x3a0/0x3a0 [ 888.921436] ext4_mkdir+0x4c9/0xbd0 [ 888.925067] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 888.929723] ? security_inode_mkdir+0xca/0x100 [ 888.934284] vfs_mkdir+0x463/0x6e0 [ 888.937803] SyS_mkdirat+0x1fd/0x270 [ 888.941494] ? SyS_mknod+0x30/0x30 [ 888.945035] ? __do_page_fault+0x159/0xad0 [ 888.949274] ? do_syscall_64+0x4c/0x640 [ 888.953229] ? SyS_mknod+0x30/0x30 [ 888.956749] do_syscall_64+0x1d5/0x640 [ 888.960618] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 888.965792] RIP: 0033:0x7f8e2a1750e7 [ 888.969485] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 888.977173] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 [ 888.984418] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 888.991665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 888.998925] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 889.006187] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r1 = syz_open_dev$media(&(0x7f00000007c0), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_ENTITIES(r1, 0xc1007c01, &(0x7f0000001000)) ioctl$MEDIA_IOC_DEVICE_INFO(r1, 0xc1007c00, &(0x7f0000000000)) (async, rerun: 32) write$char_usb(0xffffffffffffffff, &(0x7f0000000100)="9ec202fdaa0f5488ecfe4beec84f7107f93a2da95199d5c76cf100a5d6a3c960815921f661bcc4eb996952fe0df6d40797299b58ab9502460e1e3c69b191d86848b9d7564535fba76b74d7e31444fe00c792eca354e3ee061715cb05fe1238a68468225ca2a514ab88cfbf8890433d18f4ed69de9df2898d2dc066e4d79c0ed422eb776eb3a99f957e7d42c15da447d600e517a85ca0df07f55ce705fd6ed7c43ef5927b12cdfc6c5ac6618404eb5ad3e0052d5f90de", 0xb6) (rerun: 32) openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x80200, 0x0) 22:45:11 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:11 executing program 3: syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:11 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) (async) write$FUSE_GETXATTR(r0, &(0x7f00000000c0)={0x18, 0xffffffffffffffda, r3, {0xfffffff8}}, 0x18) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:11 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES8=0x0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d6561737572652c004cc917e980ca4105dba87dac75b31f54d7d1801dc3a7b2928b7be64040e055479c2b0d41337c344331cf70398add39029b359fe2aa74ebf28c1d5013614b50eb4b5d2e3091a2920fa3e5e384ac9fca948b6987ce0e6061dfe07fbd62aa5fc046b0814fe88e31d9333f64b2aebf7218caa63663bc72eddf68d9cb411b9cb4fea5ce83b18cfafe0277fb0fd7eeb076d08b508ce03344e539114b67aaf73e8dafbf32d89c8acc3e693715eb52da3f7c77b692a5b1e1b290a583089394c53bd4ce89e150e27ef6a188a6e7106d0175d830be51196930dc6bd6cc60c08129e784b55c9635f180ae81cf3b1601814eca04400f042b795bc2a93a545a5eacd1ddd7eb4bef348c958680d5dcd15bd051e3b3d345685da1350ce15da6fabaec4fba01628958e7ec0167f54e446a6424480ff77b64"], 0x0, 0x0, 0x0) setsockopt$MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f00000002c0)={{0xa, 0x4e24, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, {0xa, 0x4e24, 0xd0d4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0xffffffffffffffff, {[0xb8d3, 0x134f, 0x3, 0x9, 0x6312, 0xffff, 0x1, 0x1]}}, 0x5c) 22:45:11 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 8) 22:45:11 executing program 3: syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, &(0x7f0000000100)={0x4, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:11 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:11 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66643dc488b46b31971013b541c95dd210599fa1747e20294de1df24b065c7c489072c2d31a9c49e1ed4c7c9fa1d2478dabfaca8318ecaa8dcaafb20f804a5f9d9b4dfad43af7f9085c22d9b7ba5d5ecd344a9792e6d373713cce860374a8f2d924424557fd5c90de7ee6ec9469e224f6a31f694f829689410", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x000000000,subj_type=\x00'/128], 0x0, 0x0, 0x0) 22:45:11 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES8=0x0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d6561737572652c004cc917e980ca4105dba87dac75b31f54d7d1801dc3a7b2928b7be64040e055479c2b0d41337c344331cf70398add39029b359fe2aa74ebf28c1d5013614b50eb4b5d2e3091a2920fa3e5e384ac9fca948b6987ce0e6061dfe07fbd62aa5fc046b0814fe88e31d9333f64b2aebf7218caa63663bc72eddf68d9cb411b9cb4fea5ce83b18cfafe0277fb0fd7eeb076d08b508ce03344e539114b67aaf73e8dafbf32d89c8acc3e693715eb52da3f7c77b692a5b1e1b290a583089394c53bd4ce89e150e27ef6a188a6e7106d0175d830be51196930dc6bd6cc60c08129e784b55c9635f180ae81cf3b1601814eca04400f042b795bc2a93a545a5eacd1ddd7eb4bef348c958680d5dcd15bd051e3b3d345685da1350ce15da6fabaec4fba01628958e7ec0167f54e446a6424480ff77b64"], 0x0, 0x0, 0x0) setsockopt$MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f00000002c0)={{0xa, 0x4e24, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, {0xa, 0x4e24, 0xd0d4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0xffffffffffffffff, {[0xb8d3, 0x134f, 0x3, 0x9, 0x6312, 0xffff, 0x1, 0x1]}}, 0x5c) [ 889.559586] FAULT_INJECTION: forcing a failure. [ 889.559586] name failslab, interval 1, probability 0, space 0, times 0 [ 889.613468] CPU: 0 PID: 14434 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 889.621384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 889.630743] Call Trace: [ 889.633337] dump_stack+0x1b2/0x281 [ 889.636972] should_fail.cold+0x10a/0x149 [ 889.641126] should_failslab+0xd6/0x130 [ 889.645107] kmem_cache_alloc+0x28e/0x3c0 [ 889.649262] ext4_mb_new_blocks+0x514/0x3db0 [ 889.653679] ? ext4_find_extent+0x6f7/0xbc0 [ 889.658000] ? ext4_ext_search_right+0x2bc/0xaa0 [ 889.662759] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 889.667784] ext4_ext_map_blocks+0x2845/0x6b10 [ 889.672375] ? __lock_acquire+0x5fc/0x3f20 [ 889.676622] ? trace_hardirqs_on+0x10/0x10 [ 889.680859] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 889.686314] ? ext4_find_delalloc_cluster+0x180/0x180 [ 889.691514] ? ext4_es_lookup_extent+0x321/0xac0 [ 889.696275] ? lock_acquire+0x170/0x3f0 [ 889.700262] ext4_map_blocks+0x675/0x1730 [ 889.704426] ? lock_acquire+0x170/0x3f0 [ 889.708393] ? ext4_issue_zeroout+0x150/0x150 [ 889.712881] ? lock_acquire+0x170/0x3f0 [ 889.716841] ? lock_downgrade+0x740/0x740 [ 889.720979] ext4_getblk+0x98/0x420 [ 889.724584] ? up_read+0x17/0x30 [ 889.727971] ? ext4_iomap_begin+0x7f0/0x7f0 [ 889.732276] ext4_bread+0x6c/0x1b0 [ 889.735795] ? ext4_getblk+0x420/0x420 [ 889.739666] ext4_append+0x1ed/0x440 [ 889.743360] ? ext4_dx_csum+0x3a0/0x3a0 [ 889.747315] ext4_mkdir+0x4c9/0xbd0 [ 889.750925] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 889.755632] ? security_inode_mkdir+0xca/0x100 [ 889.760205] vfs_mkdir+0x463/0x6e0 [ 889.763748] SyS_mkdirat+0x1fd/0x270 [ 889.767440] ? SyS_mknod+0x30/0x30 [ 889.770960] ? __do_page_fault+0x159/0xad0 [ 889.775176] ? do_syscall_64+0x4c/0x640 [ 889.779127] ? SyS_mknod+0x30/0x30 [ 889.782643] do_syscall_64+0x1d5/0x640 [ 889.786522] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 889.791705] RIP: 0033:0x7f8e2a1750e7 [ 889.795392] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 889.803088] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1750e7 22:45:12 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x8000, @local, 0x2, 0x1}, 0x20) 22:45:12 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66643dc488b46b31971013b541c95dd210599fa1747e20294de1df24b065c7c489072c2d31a9c49e1ed4c7c9fa1d2478dabfaca8318ecaa8dcaafb20f804a5f9d9b4dfad43af7f9085c22d9b7ba5d5ecd344a9792e6d373713cce860374a8f2d924424557fd5c90de7ee6ec9469e224f6a31f694f829689410", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x000000000,subj_type=\x00'/128], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66643dc488b46b31971013b541c95dd210599fa1747e20294de1df24b065c7c489072c2d31a9c49e1ed4c7c9fa1d2478dabfaca8318ecaa8dcaafb20f804a5f9d9b4dfad43af7f9085c22d9b7ba5d5ecd344a9792e6d373713cce860374a8f2d924424557fd5c90de7ee6ec9469e224f6a31f694f829689410", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x000000000,subj_type=\x00'/128], 0x0, 0x0, 0x0) (async) [ 889.810345] RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c [ 889.817597] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 889.824847] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000020000000 [ 889.832094] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:12 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r1 = syz_open_dev$media(&(0x7f00000007c0), 0x0, 0x0) ioctl$MEDIA_IOC_ENUM_ENTITIES(r1, 0xc1007c01, &(0x7f0000001000)) (async) ioctl$MEDIA_IOC_DEVICE_INFO(r1, 0xc1007c00, &(0x7f0000000000)) (async) write$char_usb(0xffffffffffffffff, &(0x7f0000000100)="9ec202fdaa0f5488ecfe4beec84f7107f93a2da95199d5c76cf100a5d6a3c960815921f661bcc4eb996952fe0df6d40797299b58ab9502460e1e3c69b191d86848b9d7564535fba76b74d7e31444fe00c792eca354e3ee061715cb05fe1238a68468225ca2a514ab88cfbf8890433d18f4ed69de9df2898d2dc066e4d79c0ed422eb776eb3a99f957e7d42c15da447d600e517a85ca0df07f55ce705fd6ed7c43ef5927b12cdfc6c5ac6618404eb5ad3e0052d5f90de", 0xb6) openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x80200, 0x0) 22:45:12 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, 0x0) 22:45:12 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x20004014, 0x0, 0x0) 22:45:12 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 9) 22:45:12 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES8=0x0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d6561737572652c004cc917e980ca4105dba87dac75b31f54d7d1801dc3a7b2928b7be64040e055479c2b0d41337c344331cf70398add39029b359fe2aa74ebf28c1d5013614b50eb4b5d2e3091a2920fa3e5e384ac9fca948b6987ce0e6061dfe07fbd62aa5fc046b0814fe88e31d9333f64b2aebf7218caa63663bc72eddf68d9cb411b9cb4fea5ce83b18cfafe0277fb0fd7eeb076d08b508ce03344e539114b67aaf73e8dafbf32d89c8acc3e693715eb52da3f7c77b692a5b1e1b290a583089394c53bd4ce89e150e27ef6a188a6e7106d0175d830be51196930dc6bd6cc60c08129e784b55c9635f180ae81cf3b1601814eca04400f042b795bc2a93a545a5eacd1ddd7eb4bef348c958680d5dcd15bd051e3b3d345685da1350ce15da6fabaec4fba01628958e7ec0167f54e446a6424480ff77b64"], 0x0, 0x0, 0x0) (async) setsockopt$MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f00000002c0)={{0xa, 0x4e24, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x6}, {0xa, 0x4e24, 0xd0d4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0xffffffffffffffff, {[0xb8d3, 0x134f, 0x3, 0x9, 0x6312, 0xffff, 0x1, 0x1]}}, 0x5c) 22:45:12 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66643dc488b46b31971013b541c95dd210599fa1747e20294de1df24b065c7c489072c2d31a9c49e1ed4c7c9fa1d2478dabfaca8318ecaa8dcaafb20f804a5f9d9b4dfad43af7f9085c22d9b7ba5d5ecd344a9792e6d373713cce860374a8f2d924424557fd5c90de7ee6ec9469e224f6a31f694f829689410", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x000000000,subj_type=\x00'/128], 0x0, 0x0, 0x0) 22:45:12 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x20004014, 0x0, 0x0) 22:45:12 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, 0x0) 22:45:12 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LK(r1, &(0x7f00000000c0)={0x28, 0x0, r2, {{0xfffffffffffffffb, 0x9, 0x0, r3}}}, 0x28) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x101}}, {@allow_other}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:12 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f00000002c0)={0x9, 0x5, 0x2, 0x20, 0x3f, 0x11, 0x4, "1fe881ac04db8e086abfcd3578f17dedd593202e", "5eeb3ca50408a822ce642ca699131126a5dc1856"}) [ 890.465227] FAULT_INJECTION: forcing a failure. [ 890.465227] name failslab, interval 1, probability 0, space 0, times 0 22:45:12 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x20004014, 0x0, 0x0) 22:45:12 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LK(r1, &(0x7f00000000c0)={0x28, 0x0, r2, {{0xfffffffffffffffb, 0x9, 0x0, r3}}}, 0x28) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x101}}, {@allow_other}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) (async) write$FUSE_LK(r1, &(0x7f00000000c0)={0x28, 0x0, r2, {{0xfffffffffffffffb, 0x9, 0x0, r3}}}, 0x28) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x101}}, {@allow_other}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) [ 890.510345] CPU: 1 PID: 14487 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 890.518277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 890.527634] Call Trace: [ 890.530228] dump_stack+0x1b2/0x281 [ 890.533867] should_fail.cold+0x10a/0x149 [ 890.538030] should_failslab+0xd6/0x130 [ 890.542013] __kmalloc_track_caller+0x2bc/0x400 [ 890.546695] ? strndup_user+0x5b/0xf0 [ 890.550510] memdup_user+0x22/0xa0 [ 890.554065] strndup_user+0x5b/0xf0 [ 890.557693] ? copy_mnt_ns+0xa30/0xa30 [ 890.561582] SyS_mount+0x39/0x120 [ 890.565044] ? copy_mnt_ns+0xa30/0xa30 [ 890.568940] do_syscall_64+0x1d5/0x640 [ 890.572838] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 890.578031] RIP: 0033:0x7f8e2a1775fa [ 890.581747] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 890.589454] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 890.596724] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 890.603995] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 890.611269] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 890.618540] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:13 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 10) 22:45:13 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LK(r1, &(0x7f00000000c0)={0x28, 0x0, r2, {{0xfffffffffffffffb, 0x9, 0x0, r3}}}, 0x28) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x101}}, {@allow_other}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) (async) write$FUSE_LK(r1, &(0x7f00000000c0)={0x28, 0x0, r2, {{0xfffffffffffffffb, 0x9, 0x0, r3}}}, 0x28) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x6}}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x101}}, {@allow_other}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) 22:45:13 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x0, @local, 0x2, 0x1}, 0x20) 22:45:13 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f00000002c0)={0x9, 0x5, 0x2, 0x20, 0x3f, 0x11, 0x4, "1fe881ac04db8e086abfcd3578f17dedd593202e", "5eeb3ca50408a822ce642ca699131126a5dc1856"}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020) (async) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") (async) socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)) (async) ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f00000002c0)={0x9, 0x5, 0x2, 0x20, 0x3f, 0x11, 0x4, "1fe881ac04db8e086abfcd3578f17dedd593202e", "5eeb3ca50408a822ce642ca699131126a5dc1856"}) (async) 22:45:13 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, 0x0) 22:45:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x3) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r0) read$char_usb(r1, &(0x7f00000001c0)=""/166, 0xf4) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x25, 0x2f, 0xc, 0x7, 0x5, 0x3, 0x6, 0x1b, 0x7ffffffffffffffe}) [ 891.307974] FAULT_INJECTION: forcing a failure. [ 891.307974] name failslab, interval 1, probability 0, space 0, times 0 [ 891.342152] CPU: 1 PID: 14526 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 22:45:13 executing program 2: ptrace$poke(0x4, 0x0, &(0x7f0000000080), 0x80000001) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) [ 891.350061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 891.359417] Call Trace: [ 891.362007] dump_stack+0x1b2/0x281 [ 891.365644] should_fail.cold+0x10a/0x149 [ 891.369803] should_failslab+0xd6/0x130 [ 891.373800] kmem_cache_alloc_trace+0x29a/0x3d0 [ 891.378479] ? copy_mnt_ns+0xa30/0xa30 [ 891.382373] copy_mount_options+0x59/0x2f0 [ 891.386609] ? copy_mnt_ns+0xa30/0xa30 [ 891.390506] SyS_mount+0x84/0x120 [ 891.393963] ? copy_mnt_ns+0xa30/0xa30 [ 891.397857] do_syscall_64+0x1d5/0x640 [ 891.401757] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 22:45:13 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x0, 0xd, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:13 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x0, @local, 0x0, 0x1}, 0x20) [ 891.406946] RIP: 0033:0x7f8e2a1775fa [ 891.410652] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 891.418363] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 891.425634] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 891.432905] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 891.440175] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 891.447445] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:13 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 11) 22:45:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x3) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r0) (async) read$char_usb(r1, &(0x7f00000001c0)=""/166, 0xf4) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x25, 0x2f, 0xc, 0x7, 0x5, 0x3, 0x6, 0x1b, 0x7ffffffffffffffe}) 22:45:13 executing program 2: ptrace$poke(0x4, 0x0, &(0x7f0000000080), 0x80000001) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:13 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") (async) socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f00000002c0)={0x9, 0x5, 0x2, 0x20, 0x3f, 0x11, 0x4, "1fe881ac04db8e086abfcd3578f17dedd593202e", "5eeb3ca50408a822ce642ca699131126a5dc1856"}) 22:45:13 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x0, 0x0, 0x8, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:13 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x20004014, &(0x7f0000000180)={0xa, 0x0, 0x0, @local}, 0x20) 22:45:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x3) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r0) (async) read$char_usb(r1, &(0x7f00000001c0)=""/166, 0xf4) (async) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000000)={0x25, 0x2f, 0xc, 0x7, 0x5, 0x3, 0x6, 0x1b, 0x7ffffffffffffffe}) 22:45:13 executing program 2: ptrace$poke(0x4, 0x0, &(0x7f0000000080), 0x80000001) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) ptrace$poke(0x4, 0x0, &(0x7f0000000080), 0x80000001) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) [ 891.563368] FAULT_INJECTION: forcing a failure. [ 891.563368] name failslab, interval 1, probability 0, space 0, times 0 [ 891.609577] CPU: 1 PID: 14567 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 891.617488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 891.626846] Call Trace: [ 891.629442] dump_stack+0x1b2/0x281 [ 891.633089] should_fail.cold+0x10a/0x149 [ 891.637244] should_failslab+0xd6/0x130 [ 891.641227] kmem_cache_alloc_trace+0x29a/0x3d0 [ 891.645905] ? copy_mnt_ns+0xa30/0xa30 [ 891.649803] copy_mount_options+0x59/0x2f0 [ 891.654049] ? copy_mnt_ns+0xa30/0xa30 [ 891.657944] SyS_mount+0x84/0x120 [ 891.661401] ? copy_mnt_ns+0xa30/0xa30 [ 891.665296] do_syscall_64+0x1d5/0x640 [ 891.669194] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 891.674385] RIP: 0033:0x7f8e2a1775fa [ 891.678097] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 891.685813] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 891.693084] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 891.700355] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 22:45:13 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f14855854ac65", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_GETXATTR(r1, &(0x7f00000001c0)={0x18, 0x0, 0x0, {0x4}}, 0x18) r2 = socket(0x15, 0x5, 0x0) sendto$l2tp6(r2, 0x0, 0x0, 0x20040844, 0x0, 0x0) getpeername$l2tp6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000180)=0x20) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000000080)=""/76, &(0x7f0000000100)=0x4c) [ 891.707626] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 891.714897] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000780), r0) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = syz_open_dev$media(&(0x7f0000000000), 0x3, 0x10000) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f0000000700)={0x0, 0x1, 0x0, &(0x7f0000000040)=[{}], 0x7, 0x0, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}]}) 22:45:13 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f00000002c0)={0x9, 0x5, 0x2, 0x20, 0x3f, 0x11, 0x4, "1fe881ac04db8e086abfcd3578f17dedd593202e", "5eeb3ca50408a822ce642ca699131126a5dc1856"}) 22:45:14 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x65c7, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:14 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 12) 22:45:14 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:14 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c6157ca6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d69726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:14 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f14855854ac65", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) write$FUSE_GETXATTR(r1, &(0x7f00000001c0)={0x18, 0x0, 0x0, {0x4}}, 0x18) r2 = socket(0x15, 0x5, 0x0) sendto$l2tp6(r2, 0x0, 0x0, 0x20040844, 0x0, 0x0) (async) getpeername$l2tp6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000180)=0x20) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000000080)=""/76, &(0x7f0000000100)=0x4c) 22:45:14 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f00000002c0)={0x9, 0x5, 0x2, 0x20, 0x3f, 0x11, 0x4, "1fe881ac04db8e086abfcd3578f17dedd593202e", "5eeb3ca50408a822ce642ca699131126a5dc1856"}) 22:45:14 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:14 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f14855854ac65", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) write$FUSE_GETXATTR(r1, &(0x7f00000001c0)={0x18, 0x0, 0x0, {0x4}}, 0x18) r2 = socket(0x15, 0x5, 0x0) sendto$l2tp6(r2, 0x0, 0x0, 0x20040844, 0x0, 0x0) getpeername$l2tp6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000180)=0x20) (async, rerun: 32) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000000080)=""/76, &(0x7f0000000100)=0x4c) (rerun: 32) 22:45:14 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c6157ca6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d69726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) [ 891.930001] FAULT_INJECTION: forcing a failure. [ 891.930001] name failslab, interval 1, probability 0, space 0, times 0 [ 891.972688] CPU: 0 PID: 14629 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 891.980595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 891.989949] Call Trace: [ 891.992539] dump_stack+0x1b2/0x281 [ 891.996173] should_fail.cold+0x10a/0x149 [ 892.000329] should_failslab+0xd6/0x130 [ 892.004314] kmem_cache_alloc+0x28e/0x3c0 [ 892.008472] getname_flags+0xc8/0x550 [ 892.012289] ? __do_page_fault+0x159/0xad0 [ 892.016530] user_path_at_empty+0x2a/0x50 [ 892.020683] do_mount+0x118/0x2a30 [ 892.024236] ? __do_page_fault+0x159/0xad0 [ 892.028481] ? retint_kernel+0x2d/0x2d [ 892.032375] ? copy_mount_string+0x40/0x40 [ 892.036620] ? memset+0x20/0x40 [ 892.039908] ? copy_mount_options+0x1fa/0x2f0 [ 892.044407] ? copy_mnt_ns+0xa30/0xa30 [ 892.048296] SyS_mount+0xa8/0x120 [ 892.051749] ? copy_mnt_ns+0xa30/0xa30 [ 892.055641] do_syscall_64+0x1d5/0x640 [ 892.059537] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 892.064728] RIP: 0033:0x7f8e2a1775fa 22:45:14 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@ipv4={""/10, ""/2, @initdev}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@loopback}}, &(0x7f0000000280)=0xe8) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 892.068430] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 892.076136] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 892.083403] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 892.090670] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 892.097935] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 892.105204] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:14 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000780), r0) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = syz_open_dev$media(&(0x7f0000000000), 0x3, 0x10000) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f0000000700)={0x0, 0x1, 0x0, &(0x7f0000000040)=[{}], 0x7, 0x0, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}]}) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$team(&(0x7f0000000780), r0) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) syz_open_dev$media(&(0x7f0000000000), 0x3, 0x10000) (async) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f0000000700)={0x0, 0x1, 0x0, &(0x7f0000000040)=[{}], 0x7, 0x0, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}]}) (async) 22:45:14 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c6157ca6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d69726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c6157ca6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d69726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) 22:45:14 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)={0xffffffffffffffff}) ioctl$SIOCX25SDTEFACILITIES(r3, 0x89eb, &(0x7f00000002c0)={0x9, 0x5, 0x2, 0x20, 0x3f, 0x11, 0x4, "1fe881ac04db8e086abfcd3578f17dedd593202e", "5eeb3ca50408a822ce642ca699131126a5dc1856"}) 22:45:14 executing program 3: r0 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, "75675947c95576b1c92ee1825a366e74794d6f9cec3e88201ef03f38169fecf8"}) 22:45:14 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 13) 22:45:14 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async, rerun: 64) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@ipv4={""/10, ""/2, @initdev}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@loopback}}, &(0x7f0000000280)=0xe8) (rerun: 64) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:14 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@ipv4={""/10, ""/2, @initdev}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@loopback}}, &(0x7f0000000280)=0xe8) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 892.770459] FAULT_INJECTION: forcing a failure. [ 892.770459] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 892.782291] CPU: 1 PID: 14665 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 892.790171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 892.799524] Call Trace: [ 892.802112] dump_stack+0x1b2/0x281 [ 892.805742] should_fail.cold+0x10a/0x149 [ 892.809913] __alloc_pages_nodemask+0x21e/0x2900 [ 892.814685] ? deref_stack_reg+0x124/0x1a0 22:45:15 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@ipv4={""/10, ""/2, @initdev}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@loopback}}, &(0x7f0000000280)=0xe8) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 892.818928] ? __lock_acquire+0x5fc/0x3f20 [ 892.823173] ? cmp_ex_sort+0xb0/0xb0 [ 892.826895] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 892.831737] ? search_extable+0x6f/0x80 [ 892.835723] ? trim_init_extable+0x280/0x280 [ 892.840138] ? copy_mount_options+0x194/0x2f0 [ 892.844641] ? fixup_exception+0x93/0xd0 [ 892.848706] ? no_context+0x9c/0x7c0 [ 892.852424] ? force_sig_info_fault.constprop.0+0x260/0x260 [ 892.858136] ? bad_area_access_error+0x1f8/0x3e0 [ 892.862899] cache_grow_begin+0x91/0x700 22:45:15 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@ipv4={""/10, ""/2, @initdev}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@loopback}}, &(0x7f0000000280)=0xe8) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 892.866961] ? fs_reclaim_release+0xd0/0x110 [ 892.871376] ? check_preemption_disabled+0x35/0x240 [ 892.876401] cache_alloc_refill+0x273/0x350 [ 892.880733] kmem_cache_alloc+0x333/0x3c0 [ 892.884895] getname_flags+0xc8/0x550 [ 892.888700] ? __do_page_fault+0x159/0xad0 [ 892.892940] user_path_at_empty+0x2a/0x50 [ 892.897091] do_mount+0x118/0x2a30 [ 892.900637] ? __do_page_fault+0x159/0xad0 [ 892.904876] ? retint_kernel+0x2d/0x2d [ 892.908767] ? copy_mount_string+0x40/0x40 [ 892.913007] ? memset+0x20/0x40 [ 892.916290] ? copy_mount_options+0x1fa/0x2f0 22:45:15 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 892.920797] ? copy_mnt_ns+0xa30/0xa30 [ 892.924688] SyS_mount+0xa8/0x120 [ 892.928145] ? copy_mnt_ns+0xa30/0xa30 [ 892.936560] do_syscall_64+0x1d5/0x640 [ 892.940458] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 892.945648] RIP: 0033:0x7f8e2a1775fa [ 892.949376] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 892.957088] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa 22:45:15 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:15 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^Cmeasure,\x00'], 0x0, 0x0, 0x0) [ 892.964361] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 892.971631] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 892.978904] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 892.986173] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000780), r0) (async, rerun: 32) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async, rerun: 32) r1 = syz_open_dev$media(&(0x7f0000000000), 0x3, 0x10000) ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f0000000700)={0x0, 0x1, 0x0, &(0x7f0000000040)=[{}], 0x7, 0x0, &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0x0, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}, {}]}) 22:45:15 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@ipv4={""/10, ""/2, @initdev}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@loopback}}, &(0x7f0000000280)=0xe8) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:15 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") socketpair(0x2, 0x5, 0x10000, &(0x7f0000000280)) 22:45:15 executing program 3: mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:15 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 14) 22:45:15 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^Cmeasure,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^Cmeasure,\x00'], 0x0, 0x0, 0x0) (async) 22:45:15 executing program 3: mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:15 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = getuid() mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@max_read={'max_read', 0x3d, 0x100000001}}], [{@appraise_type}, {@smackfshat={'smackfshat', 0x3d, 'fuse\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, '-&\'.'}}]}}) 22:45:15 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x258882, &(0x7f0000000140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x1e00}}, {@default_permissions}, {@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@default_permissions}, {@allow_other}], [{@pcr={'pcr', 0x3d, 0xc}}]}}, 0x1, 0x0, &(0x7f0000000380)="36e0ec3192267e2a6040dfc872bfc46b48341fbe77cb3c2b8f1b8312f662ee9c309241fd4f3fc7094dd91bc27902cb0168bc26e13ee9b41d04538f1f65c8fb063042e5e5b9eaa14f75e15a50593c2521c0a590c2afa649010e9c1a91d3cf62f84ab4aff9a2858231c0fbb5aa60d0161046152ea0c57862a11483da2f0b1b100222fe2e4a584ee6e7adf2b52a51bf098294e2899a1c99086dbb20982e1b25a1ccc1100119ab87dcc76bec5bb1fcbd70e1dabfde393cfe967bb3b6079b50799a73451f99b7d88bb75cf48c21ffea076a159a9a631bebe5a82d") 22:45:15 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^Cmeasure,\x00'], 0x0, 0x0, 0x0) 22:45:15 executing program 3: mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 893.703411] FAULT_INJECTION: forcing a failure. [ 893.703411] name failslab, interval 1, probability 0, space 0, times 0 [ 893.753791] CPU: 0 PID: 14730 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 893.761705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 893.771063] Call Trace: [ 893.773670] dump_stack+0x1b2/0x281 [ 893.777308] should_fail.cold+0x10a/0x149 [ 893.781463] should_failslab+0xd6/0x130 [ 893.785440] kmem_cache_alloc+0x28e/0x3c0 [ 893.789589] alloc_vfsmnt+0x23/0x7f0 [ 893.793304] ? _raw_read_unlock+0x29/0x40 [ 893.797458] vfs_kern_mount.part.0+0x27/0x470 [ 893.801976] do_mount+0xe65/0x2a30 [ 893.805517] ? __do_page_fault+0x159/0xad0 [ 893.809753] ? retint_kernel+0x2d/0x2d [ 893.813643] ? copy_mount_string+0x40/0x40 [ 893.817882] ? memset+0x20/0x40 [ 893.821164] ? copy_mount_options+0x1fa/0x2f0 [ 893.825659] ? copy_mnt_ns+0xa30/0xa30 [ 893.829551] SyS_mount+0xa8/0x120 [ 893.833007] ? copy_mnt_ns+0xa30/0xa30 [ 893.836899] do_syscall_64+0x1d5/0x640 [ 893.840797] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 893.845984] RIP: 0033:0x7f8e2a1775fa 22:45:16 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = getuid() mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@max_read={'max_read', 0x3d, 0x100000001}}], [{@appraise_type}, {@smackfshat={'smackfshat', 0x3d, 'fuse\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, '-&\'.'}}]}}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) getuid() (async) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@max_read={'max_read', 0x3d, 0x100000001}}], [{@appraise_type}, {@smackfshat={'smackfshat', 0x3d, 'fuse\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, '-&\'.'}}]}}) (async) [ 893.849689] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 893.857401] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 893.864670] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 893.871941] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 893.879194] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 893.886442] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:16 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:16 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002a40)={0x14}, 0x14}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x499e4bf4afcfa579, 0x0, 0x0, {}, [@L2TP_ATTR_DEBUG={0x8}]}, 0x1c}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r2, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0xa3}, @L2TP_ATTR_FD={0x8, 0x17, @udp=r3}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x40004800}, 0x8004) ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, &(0x7f0000000080)={0x40, 0xd4b, 0x9, 0x3, 0x20, 0xa, 0x1c, "2149867ddfeab950612fd3e67e72da4c15e448d8", "9802c61ad72bbb16861a63d0a66477d5f24172fa"}) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:16 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 15) 22:45:16 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r1 = getuid() mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x9}}, {@max_read={'max_read', 0x3d, 0x100000001}}], [{@appraise_type}, {@smackfshat={'smackfshat', 0x3d, 'fuse\x00'}}, {@smackfsdef={'smackfsdef', 0x3d, '-&\'.'}}]}}) 22:45:16 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) clock_adjtime(0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', 0x0, 0x2f, 0x7, 0x0, 0x1, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @empty, 0x1, 0x20, 0x1}}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x110, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0xc004}, 0x20048015) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:16 executing program 3: syz_mount_image$fuse(0x0, 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:16 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:16 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r1, &(0x7f0000000140)={0xe0, 0x0, r2, [{0x1, 0xf8, 0xb, 0x6, 'allow_other'}, {0x1, 0x7, 0x4, 0x8, '),/]'}, {0x1, 0x8000000000000001, 0x2, 0x9, '^['}, {0x3, 0xecd, 0x1, 0x4, '-'}, {0x3, 0x3, 0x3, 0xffff, '#}^'}, {0x0, 0x57a, 0xb, 0x7, 'allow_other'}]}, 0xe0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x6, 0x7, 0x152}}, 0x30) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) [ 894.568062] FAULT_INJECTION: forcing a failure. [ 894.568062] name failslab, interval 1, probability 0, space 0, times 0 [ 894.635269] CPU: 0 PID: 14787 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 894.643302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 894.652655] Call Trace: [ 894.655252] dump_stack+0x1b2/0x281 [ 894.658886] should_fail.cold+0x10a/0x149 [ 894.663043] should_failslab+0xd6/0x130 [ 894.667024] kmem_cache_alloc_trace+0x29a/0x3d0 [ 894.671706] sget_userns+0x102/0xc10 [ 894.675425] ? get_anon_bdev+0x1c0/0x1c0 [ 894.679493] ? get_anon_bdev+0x1c0/0x1c0 22:45:16 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002a40)={0x14}, 0x14}}, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) (rerun: 32) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x499e4bf4afcfa579, 0x0, 0x0, {}, [@L2TP_ATTR_DEBUG={0x8}]}, 0x1c}}, 0x0) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r2, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0xa3}, @L2TP_ATTR_FD={0x8, 0x17, @udp=r3}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x40004800}, 0x8004) (async) ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, &(0x7f0000000080)={0x40, 0xd4b, 0x9, 0x3, 0x20, 0xa, 0x1c, "2149867ddfeab950612fd3e67e72da4c15e448d8", "9802c61ad72bbb16861a63d0a66477d5f24172fa"}) (async, rerun: 32) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 32) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) [ 894.683556] sget+0xd1/0x110 [ 894.686582] ? fuse_get_root_inode+0xc0/0xc0 [ 894.690992] mount_nodev+0x2c/0xf0 [ 894.694538] mount_fs+0x92/0x2a0 [ 894.697913] vfs_kern_mount.part.0+0x5b/0x470 [ 894.702413] do_mount+0xe65/0x2a30 [ 894.705954] ? __do_page_fault+0x159/0xad0 [ 894.710183] ? retint_kernel+0x2d/0x2d [ 894.714067] ? copy_mount_string+0x40/0x40 [ 894.718301] ? memset+0x20/0x40 [ 894.721580] ? copy_mount_options+0x1fa/0x2f0 [ 894.726073] ? copy_mnt_ns+0xa30/0xa30 [ 894.729962] SyS_mount+0xa8/0x120 [ 894.733418] ? copy_mnt_ns+0xa30/0xa30 [ 894.737829] do_syscall_64+0x1d5/0x640 [ 894.741722] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 894.746911] RIP: 0033:0x7f8e2a1775fa [ 894.750619] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 894.758328] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 894.765596] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 894.772870] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 22:45:17 executing program 3: syz_mount_image$fuse(0x0, 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:17 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002a40)={0x14}, 0x14}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x499e4bf4afcfa579, 0x0, 0x0, {}, [@L2TP_ATTR_DEBUG={0x8}]}, 0x1c}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_MODIFY(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x58, r2, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0xa3}, @L2TP_ATTR_FD={0x8, 0x17, @udp=r3}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x40004800}, 0x8004) (async) ioctl$SIOCX25SDTEFACILITIES(0xffffffffffffffff, 0x89eb, &(0x7f0000000080)={0x40, 0xd4b, 0x9, 0x3, 0x20, 0xa, 0x1c, "2149867ddfeab950612fd3e67e72da4c15e448d8", "9802c61ad72bbb16861a63d0a66477d5f24172fa"}) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:17 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r1, &(0x7f0000000140)={0xe0, 0x0, r2, [{0x1, 0xf8, 0xb, 0x6, 'allow_other'}, {0x1, 0x7, 0x4, 0x8, '),/]'}, {0x1, 0x8000000000000001, 0x2, 0x9, '^['}, {0x3, 0xecd, 0x1, 0x4, '-'}, {0x3, 0x3, 0x3, 0xffff, '#}^'}, {0x0, 0x57a, 0xb, 0x7, 'allow_other'}]}, 0xe0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x6, 0x7, 0x152}}, 0x30) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000023c0)={0x2020}, 0x2020) (async) write$FUSE_DIRENT(r1, &(0x7f0000000140)={0xe0, 0x0, r2, [{0x1, 0xf8, 0xb, 0x6, 'allow_other'}, {0x1, 0x7, 0x4, 0x8, '),/]'}, {0x1, 0x8000000000000001, 0x2, 0x9, '^['}, {0x3, 0xecd, 0x1, 0x4, '-'}, {0x3, 0x3, 0x3, 0xffff, '#}^'}, {0x0, 0x57a, 0xb, 0x7, 'allow_other'}]}, 0xe0) (async) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x6, 0x7, 0x152}}, 0x30) (async) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) (async) 22:45:17 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 894.780142] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 894.787412] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:17 executing program 3: syz_mount_image$fuse(0x0, 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:17 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 16) 22:45:17 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 894.922066] FAULT_INJECTION: forcing a failure. [ 894.922066] name failslab, interval 1, probability 0, space 0, times 0 [ 894.967136] CPU: 1 PID: 14841 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 894.975052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 894.984410] Call Trace: [ 894.987006] dump_stack+0x1b2/0x281 [ 894.990645] should_fail.cold+0x10a/0x149 [ 894.994801] should_failslab+0xd6/0x130 [ 894.998783] kmem_cache_alloc_trace+0x29a/0x3d0 [ 895.003464] sget_userns+0x102/0xc10 [ 895.007203] ? get_anon_bdev+0x1c0/0x1c0 [ 895.011272] ? get_anon_bdev+0x1c0/0x1c0 [ 895.015337] sget+0xd1/0x110 [ 895.018366] ? fuse_get_root_inode+0xc0/0xc0 [ 895.022779] mount_nodev+0x2c/0xf0 [ 895.026320] mount_fs+0x92/0x2a0 [ 895.029694] vfs_kern_mount.part.0+0x5b/0x470 [ 895.034191] do_mount+0xe65/0x2a30 [ 895.037735] ? __do_page_fault+0x159/0xad0 [ 895.041973] ? retint_kernel+0x2d/0x2d [ 895.045863] ? copy_mount_string+0x40/0x40 [ 895.050105] ? memset+0x20/0x40 [ 895.053391] ? copy_mount_options+0x1fa/0x2f0 [ 895.057889] ? copy_mnt_ns+0xa30/0xa30 [ 895.061778] SyS_mount+0xa8/0x120 [ 895.065231] ? copy_mnt_ns+0xa30/0xa30 [ 895.069117] do_syscall_64+0x1d5/0x640 [ 895.073017] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 895.078217] RIP: 0033:0x7f8e2a1775fa [ 895.081923] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 895.089635] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 895.096907] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 895.104177] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 895.111446] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 895.118719] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:17 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) clock_adjtime(0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', 0x0, 0x2f, 0x7, 0x0, 0x1, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @empty, 0x1, 0x20, 0x1}}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x110, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0xc004}, 0x20048015) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) socket$nl_generic(0x10, 0x3, 0x10) (async) clock_adjtime(0x3, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', 0x0, 0x2f, 0x7, 0x0, 0x1, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @empty, 0x1, 0x20, 0x1}}) (async) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x110, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0xc004}, 0x20048015) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) 22:45:17 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r1, &(0x7f0000000140)={0xe0, 0x0, r2, [{0x1, 0xf8, 0xb, 0x6, 'allow_other'}, {0x1, 0x7, 0x4, 0x8, '),/]'}, {0x1, 0x8000000000000001, 0x2, 0x9, '^['}, {0x3, 0xecd, 0x1, 0x4, '-'}, {0x3, 0x3, 0x3, 0xffff, '#}^'}, {0x0, 0x57a, 0xb, 0x7, 'allow_other'}]}, 0xe0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x6, 0x7, 0x152}}, 0x30) (async) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) 22:45:17 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = geteuid() r3 = geteuid() read$FUSE(r0, &(0x7f0000002840)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) getresgid(&(0x7f0000004e40), &(0x7f0000004e80)=0x0, &(0x7f0000004ec0)) syz_fuse_handle_req(r1, &(0x7f00000005c0)="ad5421051b15342178fb916323b66f3cd8f23a76fbd95e8edc0da030b5343d4c0db54fc0c8390569d21f3d0319da79648455ff536865c75bddeda405f5e2135d91c63ae325c4bf63a58ae6aa78c47b2edb6e1c44266f97a5ffa7a505035c5c793ec244adbd7360d9a0d72d27aa556fd3a116bb0ac0af84a09f68e88810f7a156c53839b728787099739f47cae9c8832885b56f85bb627bfb1928855c2dc89ad16c898840eea7299396149b7f3299fe25732835b8b97d23c4d6269f93c70b6480ba2251944d845a46bc322f7066b34a3fed6f17d716bcbf6e4234662a1f4787838a618205ee40b243607d75f2c8b9a2201c828c45e5a65588744bd87813ec17b7c8c204bde53f5b315b3987a0c12b4d194538e0b20464251ffa4d94cadb3d6edd2670aa7f7879221200afdd9fae5cffd898bd12cfd8c9df2cbd7995bc7f328bc71177a992f56f904752527287e4ce35658e01b902351ab9a7d669603090b29b511a83955254c76ae2cfb0f3add0797cd493157b44ed64dc9d5a5ea8ab3ca488fc44747da8f9b5b5f0b52a5084f11c29d289ddd9acf44af1aea501f23fb2eba8c27071c5aafc55d37e20193548d91037664833169f90cbc8123618c4cde1ba1ef97407b68e86837b5f2e53bc4310bf5af9737d404d24c212c942534045e32f423e92af19a95eac9846952ffc4e154e40bc44c49b90b31707073d55de7cdee2e214749841d65804e2e00df5561a7fb2e79fec8f4179e15e7c40bf4d34724662b33402bb3ee5ad982fd1174c1d14423a9537c80d3f7f5c07346b14ab9074fa062b2e0e0e639e5b2f655a8bdef85c12e3c573cea9eb9035d6a0bbda85826d31b5bfe2b9af06d5186a3b32a268cd83e600ef734355f9902bb25647f06fe1a8e20ec6898ae2d6447df3ceaebd9761c285b5090c5243c8e60dc01193de5a2f4667057aba99c4c0fe70b3ad96398bac6a032d1a84308db5ec1a93fbd226c51e39a4358a75288ce0d313f0a569e963406f23518dbf103011773e0b241ac716dccc3ab1151f32ad3568c5945c8569891e290e6758c8f30234d50cd9a7b26f1b8c2917af20ad45cc058a38dcaa9d1bd8d51115dd08563da951fb547bc8b906ad881e25e433a1c23d248ffd3ca53872efbe9a2591a1a1a4199254a26c0672057d763d5bc9bd1f984b132ebf0f4a95e98a9d592e9d2747b09b544945b0b7d9a563560c49299a8e36d267d1d09108fbf4612644997ece051b99610a3a3d8a36803732a8c155dd15e3eed572094ec456f7cd0e9004e2e65e479cb2ae0e5d1f8b285253e0f4117d1a84fbd5bd559e0764e550e113149c6a08bb52c7f6182a5a840099bc3d1d9f7e3507c6e00ab48476ca831973efb3210a1d8ba4d1ce38ef8dffc7920f7d13ab4dd1348ed80a2df4fbd945189bcde964849ffc0b5929b3b64301875cc9d015b729c939b8ad312bdf58c7cba46365394e1568e05c6b955501efe1b6dfa6b7cb33d77d5df438d87fcfdaf70cc2f098dd80dda71f038a48511005e78cb235a1c968cf3451bec3f1003bb39ca101cb8b8b9c8602e434dcc645c71688ebc7067c3b11b29bdff272ac4d2891c5cffc7dd6bf30c9861d774b49304cd1c74928d46ca64cb3d1c0597f0ea3690fa1829d4b75e3578da622236d327a3eb9d902874209972f10f56cab3b0dde73b7aa6921af66c4ba854bc4708c0b94f659e1ea68be12c9d47f23b7c127df60545dfdeccd1da33d0c12c28b01570cbc0acc663a64c156fd79ab940061e84fc1069e4b97295494321db8a015fc74e6cb3e87da33745e02d2631e1d63bd0ac9dc614c7c8c34c6cdfe303b5956efa5c7c526b27f8de9de079bc3c43ef5c12f7e85fb6ad845f64eca0859f3e8ad6e6c77e3a3eaa20ee88f2b4af3a01054546c50ddae966f71aadc43092130c2368693d0cba7ee22b72e2be33aac49cbcee9be14a3f0643160c0d91c5a4467f04530eec72816e19772571aa3baf2d28bc442074985d58544b707c2fafd47ed57eb52ad217baadb141ef8dba73ea17725f136512d41c5d3a263a0e070a7be77c190c0f481be954d5d0ec02df88f5f48bb1d2c415c9c9cf14d4310ac579198d99abd19cc621dea8add341f76def81a22f6b06073605a8161c33448f4c639e3d7f231b210f6ace191c69eeb0a49a5b0373c9beabaca84d2a36d2b1588739f3c6cd9702bb323f437e54c164971e46c7d66432036f95a4c3bf0359801d99129a5e14fe2c68f676e13fa316b54736275562b27768679996bdf7d2fbaa9b6788fce929d1bad7e1f0720af1ecb3a7bf2fb32ea6a7be3b7beb0246eb9c71b93653150142a283a7e141592d21a100777a55031c1c5e47e086e96030eed5a63f0f7239899f28e4f8b58598abc11f7eca98b62cd7b3f15af44ad5d2f467d16ea846643c4a35b5acdfc97f4574dbf6a6a1c1c82595a56b4036d42a94f5b1c598b96ec2959e66633697571a86e643a75187d52a444699af33c286fcb2c8b0d7b8094593686c144191e92ee9f145b644a76528cf649d9449d6dc0ee6a648cfbe74d51ce032bfbfcad28f64ec0ddb48dd5e92751471e60249a980b13775234d11a33ecaef17e3ff1457742b66418a12a9a5957d60ad43ae1b0ca15516e0c5f925bc0e9a67f2ef64024eb6d44d8f3b9b0a419ac89dcaeecf65a26775a80539d3c5292087922368c415920ab7ce562a3fba3a5232f29f68e0aeb58b9030f7f6b17115fd180fe43196e3451f5ec1181a51cd6e98f3aebc3a8ed47fa9f6806effa2ebbd330b2ad938fb2c5a97f0f554b51feab41cdbe138d90724418e2a0885988ad7f44867660ea49a087a2ca95598ae7ce74732f50defce4aaa83ab2fa472db21c4238127b9a929c54eda15ea419a741a9065627d2fbadacb27a6a4bd3b373b7bf042be7f94a6d0b6a0492ee7e83b7c19abb1546e12e4ce61928ee8493ebb22bf89d8141b9ea21b91d3d66fa28fd023069f09012e5c91375f052b9d89d37c6dcd5738f2090bae2c66b93c0c1c233ffd3fd7d65098f57b76b922bdeb6f1177c60e4c52c8c4bc648875c220d496b9265a0b385c37774f7897aac78527af7b7d5983bfc7c374cd40a4570d07abf27170ab1d66b85c247d62a6a90f5adea61cb8eb160c68d621e097d61c49ac51aa688b60dc56937c62be598fd0a967c682f33c305191a3fa6ff0e27b7b8acc22cf7325a7399b5f7e9d6a821af2e1f9011619868784131646b53e977ee73f933920c85043fa909ecc3754815d1b104314fbbd35f2457938abd6b979e0806807702402b0032222920476953a5c4bf6d72d597cedfd41b2652016f3a14b219839d602c0150eca1101bd3e5fe53bcad5966d6c5558810abe984ea486b8a588e0ee4a778b2932a274cc61b16da932664d854af2b26bffbbb4acf340dba52b418ba222d76cfcc0935ceed7ed36a266c22f42d21c1bec636bbe6727268f3367abf23ba08df1059003295545242200eecf63be6cc2d34769c0d97542c4275cc6b8e7c62f2c354843f557972163fccf674bbea111f9afa25f2605771b0e96271d9572b41f84d91d6bfa8be3d6ed0f59d31a21065c63c779e7185f98677e81ac290e37f147c22e23e844e2ac09f56179165356e999c99fb7f32fb7d399e7108d7c8965b8341a406255ecf986149d0f827104c1f63178a99b4aeb266b097a8539c454c6237072f21b5ad488f55a3e06b1fbf5b533598a85ab36c2fd923966d779aa8a94eb70aef6d963216021157e5f5173dd3f85ab85aeb6a522e5233c06584e5fd2bf7c7d332e3e859b7d091b0635aa06cdc073eb51829fbc4a7b60fa768f52343aa89ee551ec3ee2f274cf9573b7c6827cc78fc5840a6ec2f74c2b5e50c24e77a80b7fca9ff2d07731972a1e383f9e15e976c3254093fb468048106bedc88545296c9337db2009bd97823cee5a872dd1d51a9a638b0232a11bc25f68a42db3a0d021dd08dde462975dc0abbcd4d1284528691697648b1939f4adb8ddfa9d4785600fa8840254f09449b324365830906e25e12c3b274670b3e780e3f6058f8afe0bd0e4c5b4ae40d4d63a950873fc903ca64dd7399a09799f7deadfba88c585a93b98fe6421dac9a5c751b9d98de83484cacdb9e72de4f91edc6a1c07cef84fd1ebe4bfa9ae45a1e8c7c4f9a9d130b49a56b9dcc5ea112b803800ad100eb770dbaf07a686bb669159cd5c28af5a5bbb1d09d115fb4aba7d49919ac3641c2c6d5f635b120740bd3d0147c3bddccc0a04b4b53d46627cfbe29c2bee9a7ae9ed6adfa19b99aa923d549ea37f2ffd92803f47747c3eaf43b783756c0ea9637d9dfed9d410cb286490a245da7107838aa51c73048e9e9fec154e2360c3137fd431a7e13cfe8832dcaccf0e919bcf2ccac9f493340121a233b4b42699c0ce32cc8f5e25d0d9f0b10444a27b4fdb67d1055f52a51f123d588d2e8559247ea2038a10159e749795a967bdf1be8229f4d51bf1ebd8f01522c7f3e9cdf95daafba0ea1b54cdea72f1c427903ad618527ea907417954a3d216384349809d0f32ce642f1af509608a3a5fc8057bf0092d5adb16c0b36690d261310c669d64576f858f86c40645b1f551c4f2241daea9c2a041c37da04a8ef906a7a607526ff66b0fb4351a69d77421aa7990bb818e1934f990a093e438a01576eb3d21e99f0a1469967cf4c479f00361909b82aa85ea3b942d2b34206b9153e64f22c3639981f5cf6855c91cb48e84492e82cc9c8fca9ad15baf725781580013d8d6d7f35f56a1f7bce5401f2e0fc7490cc24d624bb8d6bf28b9fa6133407b4d8bb336f5ce3daf340bfeb90022c6ec2b0b3cffb5d329d02b86d4a2653df78b3efa2470f7e66c4af7ff6263774bd898a9351cf47e17ac71d153e18a798aaf16ae291aa85422670c587428924f75359897dad6941e66c7943b4250bf57ab5737b3c46931a4e9eae8d7e3909c69eeff8f36830bd60c64c601391377bb58c1036bdc8fa9eb32ea08b5ca6f3a035f8c2f4ea2a4ed57e02a24e014d0e4e9a4b08140f7849abc3bb98eb6450858216f833056ac2241ce8bb6fb32b3b3f23801de4b060ebc4b08cc3c10bd9fb049889393c6b35b270c6fd4ab6d3fc29b625a8dd1e1d4e6c62a7568c86e5505cb390a41f91ce1aab6062b6696ce76af9a4d1497839a3e669cc455b2de4a523a2cb6a8c435440b93a21c657cc03f4522cea11b3c14b1658c17208b1326a64d500fb87c83923c8fce0ba6e38f89723b67c2b96706bb5d0a4aece9c11b17e87aa4ade33fb04a64afc7b27dbd13a40dcedd5dd38b375e9762e124f96bed42d569a7b552665dcc32ecd11b826af02713dfcdf3e57c756a0422573a6cd9cf5a1fc1b2232edc8943340530041fe4c15b4c776ed1b0a368036e4576f5fe7de4ff5cf35433fbe9f3053acba0cf9a16ac44e6e9816bd90b97f0659187a898ef22d31670c23a87f88db3d39ccaf0d058a7760ec0ff632df9c3128ccd5b012e5edfcb166cf407a5cc31f2038c5e7781ac0371fd67f5b65f2d32f21e93ccd7d7ffca70ab381d2c8f118e9786fbdf021f6edbad09de7f5560e70465893a5ab665800f0eb60ead8897cdcfba990a940ee3bd0aedb17798ff72100deba2405894e39a42d63b79e85d12c885067296070d2a5c0cc3fe97a35e984462f0c5a22b8af9638b514331cadc06d3ae0e4ac27e2e14bf3f072300e08c67c7a4555761e7059c7a515c620bcf20676cc85e02bd57642eeaf16bdbe12593ad98572859e23e4abc74072857a4fb9763f0289d9bf6104d8a0cd4ac939835a4f343854a3cfe8019f13f00973dcedd220832fa878fac14837e9553f8e44f8439f5e0b9912fb01c74dc1342b02bc93029768d85f2613f7248590e78f4bb2b3dd8e14a8cc342fb10e923bd65823842605de7beb07348bac61ea663b6b5b36eec0f6490efd9ad95a81a1adbaafc5aa98ec8edf47acb18e45157264a2b6c4e889a1fe3159fb18f7fc0be844c857942b732d209c4092acd4cf66eb04a31015cdb042561ba4c1f44e922cb62ed3a472638b46a075c89b6fc594447e06623ca9675f07be742e86f73c6e99ea937d5d5547300a8f8fb69d0e5257d8de92c03d387d9de88976e1815584d9a412549f2d9e6709f08c35de2bbc82194bc07c01804f734f2cf12ab5ecff08d1b19a9775fba163b4d981b511fb8371e1a0274e1561466fbb2b29e7dacfeb9d6d6716d4dff63ba9672a3067f23fd965fb43c59ad6e9f279a9ae0ccde80e447d83560b63e0dc5f80f5f39b2d45fb78ef3caab0fdff25c7bb9ae39597faf2604c0635efdd936cd26759973f7e244c37678868872b251a9bd5a1cbcc2b117079873e58fa5f61541c932804fdc1517933dddf7426a87ce72d1487d820f4cb627be9a24de6e8acaec397a078336f051d31b13eb422a3e8a4425a59e25410bc212e1571fb9d7ff74e9d943fe8849b6fd716a07d5cd5ba415875cfd6282c906d70c214dba51283c024f4d7026e1511c648aab5f5ab49d320df16189df275d265ea85df3bc8e1f83216b46b21109a2b0b9a9826eab2fd8e88e72bb06b7b55fbfa6672a2e13b68cc64dc820362c2a1f56cbafac013af55c5eb9cb54d02a204b6da78defd49a60b060c5c63423220ee0f56c1cda6825cf7d8aea915e3db4528d482e9cb60f0dbbda1067201b58dba67c43f73ec22953e1f441c22b1cbabf9f54b173747392ed629bc5728d72ed73833a48b378370acc4e9e1efad06d070b719a58e85a9e5ec71b0fd019f6b531965540bfb00ed284a8cb3225307e4b25796c1426d9ff68c32df62dc53ae4edb47e8c19bbd6daf732ae35f3f35bb3627353e1add9688ce13ab66a19d11d684e9fcf7c46d221a44927bc7aab593d5f2a41a598abad2bb973de1abda1c789342a25e3d683d6dd4af1a24bacf4435db7e1473df84c8b102d706c0d4467becdd2f5cbbfb0a0c9909b8ca7ac0cd29099c591feceb398277c13fd4642603f5f38904be3e8fd7e2e197fbf8480a230d875bd0b36e234ba4fb56ca9f581cf46cd44f0ccabc5cfa39d0055aac01172ad3024de2bde0b7a241942a10598aac12fe3b57cc19f6dc61e88bf19c427cf470ffa549a181dde4051cb2cfb407c7b728c9be4e2efcc30ce45ea10674e58f9d6fb022c95b0637affc4ffd5c4df45e3a69478e266e3e4a9714e68ea4077ff4ba0b87f6ee83efa61313d20b36f5eecb2543c194514e5e2b32ff6b57ca66ad87d20e1d853fea0cc11deb90cf9e03e6df61af5664576d921d4dc88fd7046cd6f1034fc2c0baee9c84b24e245f9be92116c139c792d270bdfdf77af49fc8a25463958f88d362ac0584e78b787c5b1d94708d438d4dfd745c8e01fc00cb21763580aef924d50aa1a2b0b3613ccd677736c12a0255233bc7f1c4084f563e947db45255ab7c54ff0077451258f59f42a83ce76ae48eb08551447f82ad0efc8feb2409e072fd9bf0a5cfbbfa923b6069eee6e988fa7d5c098cd3a1ccf35cde80763664be90d672d4310941ebe167476c6765c14d3e7623237ee9c09f733cc2ea7ee2327d7f856940f119383fe32b1dd5dd35551d7762afcd1d5b28dab89e098fa7a1b3b407326e9a22bf1644d88ef101af531f38cf0fbdf09304711628e691bdc74e739283035d490ac528df90362fce909fb653e0a2710f953684464d0c920f0f140576016e82c9f9a5fc17d5117d6edb4eba0432a15e584ba9fd4954ae92c0ee985c1a43d7633fa28eb518bbcfbb635f58e05acb71b818ad00e018f1cf117d829bf0916e3831a1503bd149d10158169a3d8998d0985a835cbb72501ef2fe580d22fdb493ed2b0aa43e2fb90524d03b63504a0dd565879faee35e92dc74d35b6137f00d9582d82cbdfbf6ec70efb3a820ce53582b64267e9fee663b25b16da219697ceb2140c405e15fa062e10867d243088f457cbadd3559e7f599286e1cba185a2ac61d1cac504efa3f2df66a6ebe966e59db7dc5819c97e6ccfaa37a9465e73ff08fe8f2d918f6cab36e652643deb12588dcda1229cc87545c3cc51fda364d8459c2dbd691f4ff3c499718594287fdda39483795c0d12824d8fb832ddbe41c6320c921b7e049650dc6e8da234c96a7cdfa0b71a72fd0d1bfdc7ea893d32739515c301c8b2ca6b431b32f3d506afb9e995d2958010aa15f4d324c3e71c9fb6bfdd21921a4fa0689e0a2fec89a4e1ced7daf4041e1eb9f6633402bb9d1464770e3fe4431ab7028425f97bfcfaadc4a922361f363b8bda01d82044643af83305c7223ffd47f6426f6e501bf30c5f415de00d3617ad1c5164961e14e71dd9753f64de8014217ab820514e288d589d70ba002e2254379263824f0c6338ad4ebe4f5fa2deab1f09ab3a6d8d1ad62eae6fccba88d2e050b155702b76927ab2711c1c1e4a2076243531be5bf943f68e3f5b76ba3a2d0258aa4ae502717023622e8ea29b18f407ba530e2913e69b189742e8a373c9bf0d9dfa8734dd623efcf6be013e41a607e0fcef03995fa9f6cb4d76163c6efa43cd38e9bc2dc3977013bcf5f7910a30f5e97dbca04475b65085dbbdfa449250205ba7ffd45b0862af6ac5b5b3cb54998f318a5208e2e1b4bfbfa7434a59f513dc9b6eac31d292278888fe1275ee582b4cf2b945a0edbeecbd5479bc51e6de60bf4972e02c1e1683520b22f1d0137dcb5664ea6db6a54791ae7724119fba3415abe67c9b7596563a7befca8e53942910f77a71ba5e4331bdd37233d7c0bb34852594fd86e39a10c14f75fcf8dff664794ae6fca10f7b6a31a4a2f12f954ca50291ec24079ac02db59bcae859d0d129669bfedd1dbf3a990550d6ca5e17f59838c0d06fd42c7c85e380c2b1eda15ca27cc83e2b2f79f3e01458816124a92386df73a91389a788df237648b8e0daee720b17f1364829aff26d1905a7e575d5449ec46f457acf2292057e83538a0fc086aef23bd9bc96252766e0419f8f1030aaf550a9a4775f24d0a99f38fcd9b6df6fb825a55e291784edc51b5d9f9dcc5f743ab0cd13636b95c0e3a0a461096301c40ff2c9892358ba28466febb004b0a7fe71df7473a46419d94a4d3b8b8888adea2858c69d7f2f9b9fd237768d8f2775ca384732f65bcc366376120e6a66ed97ed74727d8b4ff641fa3cc45bc53e46c0039a90f8034e05a5898f18b28c765f0a1b2516c366dc37ec1e5632e4586903e10f4bbac38140affe46fc3e0e2588ad679876d3efda1b0e89f9a0c9bf7121ba5be5755d28ff809fa56a828f0af27d30b77db745a7ee45380382132a048804679518af1d60ab813d3c2162807b34268800fe48a68ec24393e3092d1e15c64c3d738a35ac802660f173976663d70fa0cd61d6a2e64d88a800bedec764dcaf031625d9b3855e8f1a56eb1c6dd8c843973ed6907a142e79b3a7e15c11698c626b5e0561e46baac96d7e611cc7a1359163d015418db359c68c8745de9909f47ec5e28db1b6c3b762cf41c1c3186b2589037d8f91073b0088a7397b2320da8bcacc4dcbf8acbdf56db75e1cd54c37e74da541c48b6a0f7b55b9f34d3727f63cc41c20931fc71b836edc729e268a460d62abfd2d0206b62c8def93e1ac1a6e71e5f643d1fcce0bc176cda52f4b4916b6a841281ed5206c49c9fefc09d70f35803a97c9e5ca0fa379af890565c91dee025e68e580fbb49dfa8e5abbc63182395ad94c1c1039bf190652eeb019c699ffc0036798efe05273c7afa054d187efe7c50ba8d454315a5bf9c73030efe245102dcd79f19830f1b4bba6b8ca4948257370adb97c836564d959a948d649e6ca94cd06622bd4a4542045576f82a5d80d1940b4b1947b1a922757c125b167ef6dd1f6de35a55245d76c21e07a443f86ee65fab35552f1ba41d44e63e44cfa6ed3c53b952dde11cbfb764718c66176534537e7ec0e4d40465ade832fb9d3cc97846371c55cba1abb688da9029e7802605df0d39c8a11c7655939bc784a15f767be18d8d8c38e21466f4b87116d0faf5c0f94dbe4ef012bb966186f97cfa47588efb1b1f68991e50ae0d30a45d77523bc0c02467b6249f4dca6782f3b3e48f2b26f806ee376a3b4871daef3116168b9ca804960e1bdc37e554d7b63483f45cf6416faea424c60421b86f24a4f0f43b2f30c499822351f1a374e62503cd3e4ebabd8a0a7a735ca6acc0be3abad4d2bef76f4e06b0943d5b60a40e446a648d31a1c3be428f182137b2df0dfb00fd1d4803f544a7109e46b7f05cb35eb3c475560ad6fb6b991f22bf36bde704df21bd5991bc8503796e3333ff637964fa497278e3e047ac94bbc139eddf9a4a51fa70fa2659178e247b7da7bd17f1fe07844504b1acb7389d71a19b2de9059b253b1c549283249e3a5268f86de0464a93e6f79e4eb83f6e27136b38c95b8e17e299b1cdbad8f2c85de271ca1ac167441e6b8659badf20964f2789f5bfb82d3060ecf1ff51d20e166552748908292ef15b0c680b3f2d136e1b209dc98aec197356244491cce999725720c222a51bef0a1c354650cc0e11ea7f117b60acec538f0baf89a166de53379e3c3560429e512469a5d66f27966b4e3d2a223c6088e0883f6fb2a6b09f400efc1c5e654c579fa96e030b1c6d54f7217fb0b7c9c70ca86dc93f680ad8610e064731e75915845382986d865bc63a0956699c2b7d794167cedaf374cff8b57453f8ae0372e20f54175cac11eef1037985727ed0a10533da1005acc83e73980c636df2a0bc3f4a2eecda690ac241cfd7ddf1173385b72444b7d7fafd5dd2a136bd2f0ce76f9e7644c0137fd57b45010f0f1d28831d80a29cf76d06ebac5e9aec5a5ff043ff4a5354f4b4024c687a33609ba29e3588f0fce19f072c065dcc387bd1bd0b33585feb7213f0506b9c20c805b9dbf03e13d0b34b9367948782108c3278a0a4b0c82b146e4742ef3eb5c85fe5416e09787ed11c8d833a7f3072172c2d7a6919620890373e150c34cca8e81f4de432c3217f1dbc7c4399623e3b4c32ee7a44d1a15b3dad31ab3a078e23c7626c8879a4d89419d4bf0d566b2b7dcb1441baeaa7f78c218786d13368241593b7f7046c1ae6b552ef0a54157af514e335ab8a23b835c1fdb8918dd47b02d2156e04a58290b2d679274f0e0e97c39b7fc7d2504b244b32e830893f014972e13d1a4ecb79f045d54e39c095bb8379fcd45d8f348a9ad0403472a0a47bb30b9d5916d28acb008c71e94fee792fd156deeb9ed19bee0b96a26936477585ffca55150ba6a2e52844fcb4ee0254aca11e26741291629c4cba58d537f76affeeee41623123819f299970815844cf3434ee8f88d6754a93e39280a7ff0de98fa38a6fa02b9a489a07e3ecf4aaaa953950c698918191a504f5e6c69b0dc69978e0b30b4a5e1c6e8bc0314e47913c3c5bc4a8f4021b9a0ac5af041a326bf928b22cda531436627fe40de358140210c641e50fd4b4d3c5f421ca7f330df198795821966269db562b3adb81fccda5265bcd3d85db3323754cd76ae9c75bcca9e87c94f389d6881d3ced77a1c5744fff633275196b96b26d47797c6327e4a3511d42cc726bff4ee201b25b3cd5740e82a65043f27e366579407c6bbcccbc17", 0x2000, &(0x7f0000005000)={&(0x7f0000000080)={0x50, 0x0, 0x6, {0x7, 0x26, 0x80000001, 0x0, 0x7, 0x0, 0x3, 0x4}}, &(0x7f0000000100)={0x18, 0xfffffffffffffff5, 0x4, {0x9}}, &(0x7f0000000140)={0x18, 0x0, 0x200}, &(0x7f0000000180)={0x18, 0x0, 0x66e, {0x8000}}, &(0x7f00000001c0)={0x18, 0x7fffffffffffffff, 0xab, {0xc7}}, &(0x7f0000000200)={0x28, 0xffffffffffffffda, 0x3, {{0x0, 0x4, 0x2, 0xffffffffffffffff}}}, &(0x7f0000000240)={0x60, 0x0, 0x1000, {{0x400, 0x7f, 0x7ee, 0x0, 0xeaf8, 0x3, 0x6, 0x9}}}, &(0x7f00000002c0)={0x18, 0x0, 0x4, {0x3f}}, &(0x7f0000000300)={0x13, 0x0, 0x8, {'\'\'\x00'}}, &(0x7f00000025c0)={0x20, 0x0, 0x9, {0x0, 0x2}}, &(0x7f0000002600)={0x78, 0x0, 0x8001, {0x400000000000000, 0x4f6, 0x0, {0x6, 0x5, 0x1, 0x0, 0xfffffffffffffffe, 0x5, 0x7, 0x8, 0x1f, 0xc000, 0x40c0, 0xffffffffffffffff, 0x0, 0x5, 0x1ef}}}, &(0x7f0000002680)={0x90, 0x0, 0xbd, {0x1, 0x2, 0x59, 0x2, 0x7, 0x7, {0x0, 0x5, 0xa7, 0x2, 0xfff, 0x5, 0x2, 0x1, 0x4, 0x6000, 0x8000000, r2, 0xffffffffffffffff, 0x880, 0xff}}}, &(0x7f0000002740)={0xe0, 0x0, 0x99e, [{0x1, 0x8, 0x2, 0x8000, '--'}, {0x0, 0x0, 0x3, 0xfffffffc, '@\\@'}, {0x0, 0x8000, 0x5, 0x9, 'fuse\x00'}, {0x3, 0x3ff, 0x5, 0x8, 'fuse\x00'}, {0x0, 0x293f, 0xc, 0x5, '!+*/)N-\\,[o.'}, {0x5, 0xffffffffffffffff, 0xa, 0xd, '/dev/fuse\x00'}]}, &(0x7f0000004880)={0x5b8, 0x0, 0x8000, [{{0x1, 0x3, 0xfffffffffffffff7, 0xa6f, 0x3ff, 0xffffffff, {0x1, 0x7, 0x4, 0x8001, 0x4, 0x100000001, 0x1, 0x3, 0x8, 0xc000, 0x0, 0xee00, 0xffffffffffffffff, 0x101, 0xab6}}, {0x1, 0x41, 0x0, 0x8}}, {{0x3, 0x0, 0x8, 0x8001, 0x1, 0x0, {0x5, 0x200, 0x4, 0xc37, 0x7f732105, 0x5, 0x1, 0xc7, 0x6, 0x8000, 0x96fe, 0xee00, 0x0, 0x65, 0x7}}, {0x5, 0x8, 0x0, 0xcf5}}, {{0x6, 0x1, 0x0, 0x0, 0x80, 0x101, {0x2, 0x800, 0x9, 0x7f, 0x6, 0x5951, 0x3, 0x0, 0x0, 0x1000, 0x5, 0xffffffffffffffff, 0xee00, 0x8, 0x20}}, {0x3, 0x101, 0x5, 0x9, 'fuse\x00'}}, {{0x5, 0x1, 0x0, 0xff, 0x7, 0x0, {0x5, 0x100000000, 0x2, 0xfffffffffffffffd, 0x4, 0x1, 0x5, 0x1, 0x0, 0x4000, 0x7, 0xffffffffffffffff, 0xee01, 0x3, 0xfffff22c}}, {0x5, 0x0, 0x2, 0x0, '\'\x00'}}, {{0x0, 0x3, 0x100000000, 0xcf, 0x6, 0x8, {0x3, 0x9, 0x3, 0x800, 0xffff, 0x5, 0x3, 0x7, 0x77, 0xc000, 0x7, 0xffffffffffffffff, 0xee01, 0x1}}, {0x0, 0x10000, 0xa, 0x3, '/dev/fuse\x00'}}, {{0x3, 0x1, 0x9, 0x0, 0x1, 0x3, {0x5, 0xdfc, 0x8, 0x400, 0x7fffffff, 0x8, 0x9, 0x2, 0x5, 0x1000, 0x39, 0xee00, 0xffffffffffffffff, 0x17e5, 0x12a}}, {0x6, 0x8000000000000001, 0x9, 0x80000001, '\xc3$]-&*#\xfc)'}}, {{0x6, 0x1, 0xfff, 0x876, 0x24, 0x9, {0x0, 0xae2e, 0x6, 0x7ff, 0x10000, 0x2, 0x1, 0x0, 0x8000, 0x2000, 0x82f, r3, 0xee01, 0x8, 0x4}}, {0x5, 0xd5, 0xa, 0x1f, '/dev/fuse\x00'}}, {{0x5, 0x1, 0x5, 0xdf5, 0x5, 0x126, {0x6, 0x400, 0x5, 0x5, 0x7f, 0x9, 0x1, 0x7fff, 0x6, 0xa000, 0x0, 0xee01, 0x0, 0xae0b, 0x1f}}, {0x5, 0x4, 0x1, 0x10001, '{'}}, {{0x5, 0x3, 0x9, 0x1, 0x20, 0x20, {0x2, 0x10000, 0x0, 0xffffffffffffffff, 0x100000001, 0x1f, 0x7, 0x6, 0x5, 0xc000, 0x1000, 0xee01, r4, 0x7, 0x7}}, {0x1, 0x9e, 0x5, 0x3, 'fuse\x00'}}]}, &(0x7f0000004f00)={0xa0, 0x0, 0x6, {{0x6, 0x1, 0x5, 0x8001, 0x0, 0xa, {0x0, 0x5, 0x2, 0x1, 0x9, 0x2, 0x200, 0x8, 0x9, 0x1000, 0x2, 0x0, r5, 0x1, 0x101}}, {0x0, 0x8}}}, &(0x7f0000004fc0)={0x20, 0x0, 0x3, {0x1, 0x0, 0x4, 0x200}}}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d307830303030303030cd02ea3030303830302c6465661b756c745f7065726d697373696f6e732c6d61785f726508003d3078303030303030303030303030303030302c6d61785f726561643d3078303030b030303030303030301820e74e3b303030302c666fbba34438f0c5a810000fe132d4b9dc563a30889f6920c209ac508519d9cd4de4e8969bf534a9a56585f10c87fe3d9d2975c31e4a2df16c61923d92c136d055ea41a28a052105b2a6909d035364ca0da5de105dc08670a36431988970ca140b42bfadf660b68bc62a1d22a887c67f86988106c23259770b2b833ee1f36fff108024b74b8077c2afb63ee7bb1e5c91de0cd4a1fc2d4718fc5de6a921aeb4272d2de8f44f1eb488a110c0c16c640c7d8e1cd453394f4829866c38b3f191d8b6f3e84448d77791cfc92cc4e2fa8a6a3c8538120283dfc1a77e372f18c073f55ec74fb45c2165258524c24d753f7812df31259d07a1768046502b94a432072c8b2e6bf243df21c254a93bc9b00bd4c7e291", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:17 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:17 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:17 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 17) 22:45:17 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_IOCTL(r1, &(0x7f0000000080)={0x20, 0x0, r4, {0x9, 0x4, 0x1, 0xab22}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:17 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async, rerun: 32) r2 = geteuid() (async, rerun: 32) r3 = geteuid() (async) read$FUSE(r0, &(0x7f0000002840)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 64) getresgid(&(0x7f0000004e40), &(0x7f0000004e80)=0x0, &(0x7f0000004ec0)) (rerun: 64) syz_fuse_handle_req(r1, &(0x7f00000005c0)="ad5421051b15342178fb916323b66f3cd8f23a76fbd95e8edc0da030b5343d4c0db54fc0c8390569d21f3d0319da79648455ff536865c75bddeda405f5e2135d91c63ae325c4bf63a58ae6aa78c47b2edb6e1c44266f97a5ffa7a505035c5c793ec244adbd7360d9a0d72d27aa556fd3a116bb0ac0af84a09f68e88810f7a156c53839b728787099739f47cae9c8832885b56f85bb627bfb1928855c2dc89ad16c898840eea7299396149b7f3299fe25732835b8b97d23c4d6269f93c70b6480ba2251944d845a46bc322f7066b34a3fed6f17d716bcbf6e4234662a1f4787838a618205ee40b243607d75f2c8b9a2201c828c45e5a65588744bd87813ec17b7c8c204bde53f5b315b3987a0c12b4d194538e0b20464251ffa4d94cadb3d6edd2670aa7f7879221200afdd9fae5cffd898bd12cfd8c9df2cbd7995bc7f328bc71177a992f56f904752527287e4ce35658e01b902351ab9a7d669603090b29b511a83955254c76ae2cfb0f3add0797cd493157b44ed64dc9d5a5ea8ab3ca488fc44747da8f9b5b5f0b52a5084f11c29d289ddd9acf44af1aea501f23fb2eba8c27071c5aafc55d37e20193548d91037664833169f90cbc8123618c4cde1ba1ef97407b68e86837b5f2e53bc4310bf5af9737d404d24c212c942534045e32f423e92af19a95eac9846952ffc4e154e40bc44c49b90b31707073d55de7cdee2e214749841d65804e2e00df5561a7fb2e79fec8f4179e15e7c40bf4d34724662b33402bb3ee5ad982fd1174c1d14423a9537c80d3f7f5c07346b14ab9074fa062b2e0e0e639e5b2f655a8bdef85c12e3c573cea9eb9035d6a0bbda85826d31b5bfe2b9af06d5186a3b32a268cd83e600ef734355f9902bb25647f06fe1a8e20ec6898ae2d6447df3ceaebd9761c285b5090c5243c8e60dc01193de5a2f4667057aba99c4c0fe70b3ad96398bac6a032d1a84308db5ec1a93fbd226c51e39a4358a75288ce0d313f0a569e963406f23518dbf103011773e0b241ac716dccc3ab1151f32ad3568c5945c8569891e290e6758c8f30234d50cd9a7b26f1b8c2917af20ad45cc058a38dcaa9d1bd8d51115dd08563da951fb547bc8b906ad881e25e433a1c23d248ffd3ca53872efbe9a2591a1a1a4199254a26c0672057d763d5bc9bd1f984b132ebf0f4a95e98a9d592e9d2747b09b544945b0b7d9a563560c49299a8e36d267d1d09108fbf4612644997ece051b99610a3a3d8a36803732a8c155dd15e3eed572094ec456f7cd0e9004e2e65e479cb2ae0e5d1f8b285253e0f4117d1a84fbd5bd559e0764e550e113149c6a08bb52c7f6182a5a840099bc3d1d9f7e3507c6e00ab48476ca831973efb3210a1d8ba4d1ce38ef8dffc7920f7d13ab4dd1348ed80a2df4fbd945189bcde964849ffc0b5929b3b64301875cc9d015b729c939b8ad312bdf58c7cba46365394e1568e05c6b955501efe1b6dfa6b7cb33d77d5df438d87fcfdaf70cc2f098dd80dda71f038a48511005e78cb235a1c968cf3451bec3f1003bb39ca101cb8b8b9c8602e434dcc645c71688ebc7067c3b11b29bdff272ac4d2891c5cffc7dd6bf30c9861d774b49304cd1c74928d46ca64cb3d1c0597f0ea3690fa1829d4b75e3578da622236d327a3eb9d902874209972f10f56cab3b0dde73b7aa6921af66c4ba854bc4708c0b94f659e1ea68be12c9d47f23b7c127df60545dfdeccd1da33d0c12c28b01570cbc0acc663a64c156fd79ab940061e84fc1069e4b97295494321db8a015fc74e6cb3e87da33745e02d2631e1d63bd0ac9dc614c7c8c34c6cdfe303b5956efa5c7c526b27f8de9de079bc3c43ef5c12f7e85fb6ad845f64eca0859f3e8ad6e6c77e3a3eaa20ee88f2b4af3a01054546c50ddae966f71aadc43092130c2368693d0cba7ee22b72e2be33aac49cbcee9be14a3f0643160c0d91c5a4467f04530eec72816e19772571aa3baf2d28bc442074985d58544b707c2fafd47ed57eb52ad217baadb141ef8dba73ea17725f136512d41c5d3a263a0e070a7be77c190c0f481be954d5d0ec02df88f5f48bb1d2c415c9c9cf14d4310ac579198d99abd19cc621dea8add341f76def81a22f6b06073605a8161c33448f4c639e3d7f231b210f6ace191c69eeb0a49a5b0373c9beabaca84d2a36d2b1588739f3c6cd9702bb323f437e54c164971e46c7d66432036f95a4c3bf0359801d99129a5e14fe2c68f676e13fa316b54736275562b27768679996bdf7d2fbaa9b6788fce929d1bad7e1f0720af1ecb3a7bf2fb32ea6a7be3b7beb0246eb9c71b93653150142a283a7e141592d21a100777a55031c1c5e47e086e96030eed5a63f0f7239899f28e4f8b58598abc11f7eca98b62cd7b3f15af44ad5d2f467d16ea846643c4a35b5acdfc97f4574dbf6a6a1c1c82595a56b4036d42a94f5b1c598b96ec2959e66633697571a86e643a75187d52a444699af33c286fcb2c8b0d7b8094593686c144191e92ee9f145b644a76528cf649d9449d6dc0ee6a648cfbe74d51ce032bfbfcad28f64ec0ddb48dd5e92751471e60249a980b13775234d11a33ecaef17e3ff1457742b66418a12a9a5957d60ad43ae1b0ca15516e0c5f925bc0e9a67f2ef64024eb6d44d8f3b9b0a419ac89dcaeecf65a26775a80539d3c5292087922368c415920ab7ce562a3fba3a5232f29f68e0aeb58b9030f7f6b17115fd180fe43196e3451f5ec1181a51cd6e98f3aebc3a8ed47fa9f6806effa2ebbd330b2ad938fb2c5a97f0f554b51feab41cdbe138d90724418e2a0885988ad7f44867660ea49a087a2ca95598ae7ce74732f50defce4aaa83ab2fa472db21c4238127b9a929c54eda15ea419a741a9065627d2fbadacb27a6a4bd3b373b7bf042be7f94a6d0b6a0492ee7e83b7c19abb1546e12e4ce61928ee8493ebb22bf89d8141b9ea21b91d3d66fa28fd023069f09012e5c91375f052b9d89d37c6dcd5738f2090bae2c66b93c0c1c233ffd3fd7d65098f57b76b922bdeb6f1177c60e4c52c8c4bc648875c220d496b9265a0b385c37774f7897aac78527af7b7d5983bfc7c374cd40a4570d07abf27170ab1d66b85c247d62a6a90f5adea61cb8eb160c68d621e097d61c49ac51aa688b60dc56937c62be598fd0a967c682f33c305191a3fa6ff0e27b7b8acc22cf7325a7399b5f7e9d6a821af2e1f9011619868784131646b53e977ee73f933920c85043fa909ecc3754815d1b104314fbbd35f2457938abd6b979e0806807702402b0032222920476953a5c4bf6d72d597cedfd41b2652016f3a14b219839d602c0150eca1101bd3e5fe53bcad5966d6c5558810abe984ea486b8a588e0ee4a778b2932a274cc61b16da932664d854af2b26bffbbb4acf340dba52b418ba222d76cfcc0935ceed7ed36a266c22f42d21c1bec636bbe6727268f3367abf23ba08df1059003295545242200eecf63be6cc2d34769c0d97542c4275cc6b8e7c62f2c354843f557972163fccf674bbea111f9afa25f2605771b0e96271d9572b41f84d91d6bfa8be3d6ed0f59d31a21065c63c779e7185f98677e81ac290e37f147c22e23e844e2ac09f56179165356e999c99fb7f32fb7d399e7108d7c8965b8341a406255ecf986149d0f827104c1f63178a99b4aeb266b097a8539c454c6237072f21b5ad488f55a3e06b1fbf5b533598a85ab36c2fd923966d779aa8a94eb70aef6d963216021157e5f5173dd3f85ab85aeb6a522e5233c06584e5fd2bf7c7d332e3e859b7d091b0635aa06cdc073eb51829fbc4a7b60fa768f52343aa89ee551ec3ee2f274cf9573b7c6827cc78fc5840a6ec2f74c2b5e50c24e77a80b7fca9ff2d07731972a1e383f9e15e976c3254093fb468048106bedc88545296c9337db2009bd97823cee5a872dd1d51a9a638b0232a11bc25f68a42db3a0d021dd08dde462975dc0abbcd4d1284528691697648b1939f4adb8ddfa9d4785600fa8840254f09449b324365830906e25e12c3b274670b3e780e3f6058f8afe0bd0e4c5b4ae40d4d63a950873fc903ca64dd7399a09799f7deadfba88c585a93b98fe6421dac9a5c751b9d98de83484cacdb9e72de4f91edc6a1c07cef84fd1ebe4bfa9ae45a1e8c7c4f9a9d130b49a56b9dcc5ea112b803800ad100eb770dbaf07a686bb669159cd5c28af5a5bbb1d09d115fb4aba7d49919ac3641c2c6d5f635b120740bd3d0147c3bddccc0a04b4b53d46627cfbe29c2bee9a7ae9ed6adfa19b99aa923d549ea37f2ffd92803f47747c3eaf43b783756c0ea9637d9dfed9d410cb286490a245da7107838aa51c73048e9e9fec154e2360c3137fd431a7e13cfe8832dcaccf0e919bcf2ccac9f493340121a233b4b42699c0ce32cc8f5e25d0d9f0b10444a27b4fdb67d1055f52a51f123d588d2e8559247ea2038a10159e749795a967bdf1be8229f4d51bf1ebd8f01522c7f3e9cdf95daafba0ea1b54cdea72f1c427903ad618527ea907417954a3d216384349809d0f32ce642f1af509608a3a5fc8057bf0092d5adb16c0b36690d261310c669d64576f858f86c40645b1f551c4f2241daea9c2a041c37da04a8ef906a7a607526ff66b0fb4351a69d77421aa7990bb818e1934f990a093e438a01576eb3d21e99f0a1469967cf4c479f00361909b82aa85ea3b942d2b34206b9153e64f22c3639981f5cf6855c91cb48e84492e82cc9c8fca9ad15baf725781580013d8d6d7f35f56a1f7bce5401f2e0fc7490cc24d624bb8d6bf28b9fa6133407b4d8bb336f5ce3daf340bfeb90022c6ec2b0b3cffb5d329d02b86d4a2653df78b3efa2470f7e66c4af7ff6263774bd898a9351cf47e17ac71d153e18a798aaf16ae291aa85422670c587428924f75359897dad6941e66c7943b4250bf57ab5737b3c46931a4e9eae8d7e3909c69eeff8f36830bd60c64c601391377bb58c1036bdc8fa9eb32ea08b5ca6f3a035f8c2f4ea2a4ed57e02a24e014d0e4e9a4b08140f7849abc3bb98eb6450858216f833056ac2241ce8bb6fb32b3b3f23801de4b060ebc4b08cc3c10bd9fb049889393c6b35b270c6fd4ab6d3fc29b625a8dd1e1d4e6c62a7568c86e5505cb390a41f91ce1aab6062b6696ce76af9a4d1497839a3e669cc455b2de4a523a2cb6a8c435440b93a21c657cc03f4522cea11b3c14b1658c17208b1326a64d500fb87c83923c8fce0ba6e38f89723b67c2b96706bb5d0a4aece9c11b17e87aa4ade33fb04a64afc7b27dbd13a40dcedd5dd38b375e9762e124f96bed42d569a7b552665dcc32ecd11b826af02713dfcdf3e57c756a0422573a6cd9cf5a1fc1b2232edc8943340530041fe4c15b4c776ed1b0a368036e4576f5fe7de4ff5cf35433fbe9f3053acba0cf9a16ac44e6e9816bd90b97f0659187a898ef22d31670c23a87f88db3d39ccaf0d058a7760ec0ff632df9c3128ccd5b012e5edfcb166cf407a5cc31f2038c5e7781ac0371fd67f5b65f2d32f21e93ccd7d7ffca70ab381d2c8f118e9786fbdf021f6edbad09de7f5560e70465893a5ab665800f0eb60ead8897cdcfba990a940ee3bd0aedb17798ff72100deba2405894e39a42d63b79e85d12c885067296070d2a5c0cc3fe97a35e984462f0c5a22b8af9638b514331cadc06d3ae0e4ac27e2e14bf3f072300e08c67c7a4555761e7059c7a515c620bcf20676cc85e02bd57642eeaf16bdbe12593ad98572859e23e4abc74072857a4fb9763f0289d9bf6104d8a0cd4ac939835a4f343854a3cfe8019f13f00973dcedd220832fa878fac14837e9553f8e44f8439f5e0b9912fb01c74dc1342b02bc93029768d85f2613f7248590e78f4bb2b3dd8e14a8cc342fb10e923bd65823842605de7beb07348bac61ea663b6b5b36eec0f6490efd9ad95a81a1adbaafc5aa98ec8edf47acb18e45157264a2b6c4e889a1fe3159fb18f7fc0be844c857942b732d209c4092acd4cf66eb04a31015cdb042561ba4c1f44e922cb62ed3a472638b46a075c89b6fc594447e06623ca9675f07be742e86f73c6e99ea937d5d5547300a8f8fb69d0e5257d8de92c03d387d9de88976e1815584d9a412549f2d9e6709f08c35de2bbc82194bc07c01804f734f2cf12ab5ecff08d1b19a9775fba163b4d981b511fb8371e1a0274e1561466fbb2b29e7dacfeb9d6d6716d4dff63ba9672a3067f23fd965fb43c59ad6e9f279a9ae0ccde80e447d83560b63e0dc5f80f5f39b2d45fb78ef3caab0fdff25c7bb9ae39597faf2604c0635efdd936cd26759973f7e244c37678868872b251a9bd5a1cbcc2b117079873e58fa5f61541c932804fdc1517933dddf7426a87ce72d1487d820f4cb627be9a24de6e8acaec397a078336f051d31b13eb422a3e8a4425a59e25410bc212e1571fb9d7ff74e9d943fe8849b6fd716a07d5cd5ba415875cfd6282c906d70c214dba51283c024f4d7026e1511c648aab5f5ab49d320df16189df275d265ea85df3bc8e1f83216b46b21109a2b0b9a9826eab2fd8e88e72bb06b7b55fbfa6672a2e13b68cc64dc820362c2a1f56cbafac013af55c5eb9cb54d02a204b6da78defd49a60b060c5c63423220ee0f56c1cda6825cf7d8aea915e3db4528d482e9cb60f0dbbda1067201b58dba67c43f73ec22953e1f441c22b1cbabf9f54b173747392ed629bc5728d72ed73833a48b378370acc4e9e1efad06d070b719a58e85a9e5ec71b0fd019f6b531965540bfb00ed284a8cb3225307e4b25796c1426d9ff68c32df62dc53ae4edb47e8c19bbd6daf732ae35f3f35bb3627353e1add9688ce13ab66a19d11d684e9fcf7c46d221a44927bc7aab593d5f2a41a598abad2bb973de1abda1c789342a25e3d683d6dd4af1a24bacf4435db7e1473df84c8b102d706c0d4467becdd2f5cbbfb0a0c9909b8ca7ac0cd29099c591feceb398277c13fd4642603f5f38904be3e8fd7e2e197fbf8480a230d875bd0b36e234ba4fb56ca9f581cf46cd44f0ccabc5cfa39d0055aac01172ad3024de2bde0b7a241942a10598aac12fe3b57cc19f6dc61e88bf19c427cf470ffa549a181dde4051cb2cfb407c7b728c9be4e2efcc30ce45ea10674e58f9d6fb022c95b0637affc4ffd5c4df45e3a69478e266e3e4a9714e68ea4077ff4ba0b87f6ee83efa61313d20b36f5eecb2543c194514e5e2b32ff6b57ca66ad87d20e1d853fea0cc11deb90cf9e03e6df61af5664576d921d4dc88fd7046cd6f1034fc2c0baee9c84b24e245f9be92116c139c792d270bdfdf77af49fc8a25463958f88d362ac0584e78b787c5b1d94708d438d4dfd745c8e01fc00cb21763580aef924d50aa1a2b0b3613ccd677736c12a0255233bc7f1c4084f563e947db45255ab7c54ff0077451258f59f42a83ce76ae48eb08551447f82ad0efc8feb2409e072fd9bf0a5cfbbfa923b6069eee6e988fa7d5c098cd3a1ccf35cde80763664be90d672d4310941ebe167476c6765c14d3e7623237ee9c09f733cc2ea7ee2327d7f856940f119383fe32b1dd5dd35551d7762afcd1d5b28dab89e098fa7a1b3b407326e9a22bf1644d88ef101af531f38cf0fbdf09304711628e691bdc74e739283035d490ac528df90362fce909fb653e0a2710f953684464d0c920f0f140576016e82c9f9a5fc17d5117d6edb4eba0432a15e584ba9fd4954ae92c0ee985c1a43d7633fa28eb518bbcfbb635f58e05acb71b818ad00e018f1cf117d829bf0916e3831a1503bd149d10158169a3d8998d0985a835cbb72501ef2fe580d22fdb493ed2b0aa43e2fb90524d03b63504a0dd565879faee35e92dc74d35b6137f00d9582d82cbdfbf6ec70efb3a820ce53582b64267e9fee663b25b16da219697ceb2140c405e15fa062e10867d243088f457cbadd3559e7f599286e1cba185a2ac61d1cac504efa3f2df66a6ebe966e59db7dc5819c97e6ccfaa37a9465e73ff08fe8f2d918f6cab36e652643deb12588dcda1229cc87545c3cc51fda364d8459c2dbd691f4ff3c499718594287fdda39483795c0d12824d8fb832ddbe41c6320c921b7e049650dc6e8da234c96a7cdfa0b71a72fd0d1bfdc7ea893d32739515c301c8b2ca6b431b32f3d506afb9e995d2958010aa15f4d324c3e71c9fb6bfdd21921a4fa0689e0a2fec89a4e1ced7daf4041e1eb9f6633402bb9d1464770e3fe4431ab7028425f97bfcfaadc4a922361f363b8bda01d82044643af83305c7223ffd47f6426f6e501bf30c5f415de00d3617ad1c5164961e14e71dd9753f64de8014217ab820514e288d589d70ba002e2254379263824f0c6338ad4ebe4f5fa2deab1f09ab3a6d8d1ad62eae6fccba88d2e050b155702b76927ab2711c1c1e4a2076243531be5bf943f68e3f5b76ba3a2d0258aa4ae502717023622e8ea29b18f407ba530e2913e69b189742e8a373c9bf0d9dfa8734dd623efcf6be013e41a607e0fcef03995fa9f6cb4d76163c6efa43cd38e9bc2dc3977013bcf5f7910a30f5e97dbca04475b65085dbbdfa449250205ba7ffd45b0862af6ac5b5b3cb54998f318a5208e2e1b4bfbfa7434a59f513dc9b6eac31d292278888fe1275ee582b4cf2b945a0edbeecbd5479bc51e6de60bf4972e02c1e1683520b22f1d0137dcb5664ea6db6a54791ae7724119fba3415abe67c9b7596563a7befca8e53942910f77a71ba5e4331bdd37233d7c0bb34852594fd86e39a10c14f75fcf8dff664794ae6fca10f7b6a31a4a2f12f954ca50291ec24079ac02db59bcae859d0d129669bfedd1dbf3a990550d6ca5e17f59838c0d06fd42c7c85e380c2b1eda15ca27cc83e2b2f79f3e01458816124a92386df73a91389a788df237648b8e0daee720b17f1364829aff26d1905a7e575d5449ec46f457acf2292057e83538a0fc086aef23bd9bc96252766e0419f8f1030aaf550a9a4775f24d0a99f38fcd9b6df6fb825a55e291784edc51b5d9f9dcc5f743ab0cd13636b95c0e3a0a461096301c40ff2c9892358ba28466febb004b0a7fe71df7473a46419d94a4d3b8b8888adea2858c69d7f2f9b9fd237768d8f2775ca384732f65bcc366376120e6a66ed97ed74727d8b4ff641fa3cc45bc53e46c0039a90f8034e05a5898f18b28c765f0a1b2516c366dc37ec1e5632e4586903e10f4bbac38140affe46fc3e0e2588ad679876d3efda1b0e89f9a0c9bf7121ba5be5755d28ff809fa56a828f0af27d30b77db745a7ee45380382132a048804679518af1d60ab813d3c2162807b34268800fe48a68ec24393e3092d1e15c64c3d738a35ac802660f173976663d70fa0cd61d6a2e64d88a800bedec764dcaf031625d9b3855e8f1a56eb1c6dd8c843973ed6907a142e79b3a7e15c11698c626b5e0561e46baac96d7e611cc7a1359163d015418db359c68c8745de9909f47ec5e28db1b6c3b762cf41c1c3186b2589037d8f91073b0088a7397b2320da8bcacc4dcbf8acbdf56db75e1cd54c37e74da541c48b6a0f7b55b9f34d3727f63cc41c20931fc71b836edc729e268a460d62abfd2d0206b62c8def93e1ac1a6e71e5f643d1fcce0bc176cda52f4b4916b6a841281ed5206c49c9fefc09d70f35803a97c9e5ca0fa379af890565c91dee025e68e580fbb49dfa8e5abbc63182395ad94c1c1039bf190652eeb019c699ffc0036798efe05273c7afa054d187efe7c50ba8d454315a5bf9c73030efe245102dcd79f19830f1b4bba6b8ca4948257370adb97c836564d959a948d649e6ca94cd06622bd4a4542045576f82a5d80d1940b4b1947b1a922757c125b167ef6dd1f6de35a55245d76c21e07a443f86ee65fab35552f1ba41d44e63e44cfa6ed3c53b952dde11cbfb764718c66176534537e7ec0e4d40465ade832fb9d3cc97846371c55cba1abb688da9029e7802605df0d39c8a11c7655939bc784a15f767be18d8d8c38e21466f4b87116d0faf5c0f94dbe4ef012bb966186f97cfa47588efb1b1f68991e50ae0d30a45d77523bc0c02467b6249f4dca6782f3b3e48f2b26f806ee376a3b4871daef3116168b9ca804960e1bdc37e554d7b63483f45cf6416faea424c60421b86f24a4f0f43b2f30c499822351f1a374e62503cd3e4ebabd8a0a7a735ca6acc0be3abad4d2bef76f4e06b0943d5b60a40e446a648d31a1c3be428f182137b2df0dfb00fd1d4803f544a7109e46b7f05cb35eb3c475560ad6fb6b991f22bf36bde704df21bd5991bc8503796e3333ff637964fa497278e3e047ac94bbc139eddf9a4a51fa70fa2659178e247b7da7bd17f1fe07844504b1acb7389d71a19b2de9059b253b1c549283249e3a5268f86de0464a93e6f79e4eb83f6e27136b38c95b8e17e299b1cdbad8f2c85de271ca1ac167441e6b8659badf20964f2789f5bfb82d3060ecf1ff51d20e166552748908292ef15b0c680b3f2d136e1b209dc98aec197356244491cce999725720c222a51bef0a1c354650cc0e11ea7f117b60acec538f0baf89a166de53379e3c3560429e512469a5d66f27966b4e3d2a223c6088e0883f6fb2a6b09f400efc1c5e654c579fa96e030b1c6d54f7217fb0b7c9c70ca86dc93f680ad8610e064731e75915845382986d865bc63a0956699c2b7d794167cedaf374cff8b57453f8ae0372e20f54175cac11eef1037985727ed0a10533da1005acc83e73980c636df2a0bc3f4a2eecda690ac241cfd7ddf1173385b72444b7d7fafd5dd2a136bd2f0ce76f9e7644c0137fd57b45010f0f1d28831d80a29cf76d06ebac5e9aec5a5ff043ff4a5354f4b4024c687a33609ba29e3588f0fce19f072c065dcc387bd1bd0b33585feb7213f0506b9c20c805b9dbf03e13d0b34b9367948782108c3278a0a4b0c82b146e4742ef3eb5c85fe5416e09787ed11c8d833a7f3072172c2d7a6919620890373e150c34cca8e81f4de432c3217f1dbc7c4399623e3b4c32ee7a44d1a15b3dad31ab3a078e23c7626c8879a4d89419d4bf0d566b2b7dcb1441baeaa7f78c218786d13368241593b7f7046c1ae6b552ef0a54157af514e335ab8a23b835c1fdb8918dd47b02d2156e04a58290b2d679274f0e0e97c39b7fc7d2504b244b32e830893f014972e13d1a4ecb79f045d54e39c095bb8379fcd45d8f348a9ad0403472a0a47bb30b9d5916d28acb008c71e94fee792fd156deeb9ed19bee0b96a26936477585ffca55150ba6a2e52844fcb4ee0254aca11e26741291629c4cba58d537f76affeeee41623123819f299970815844cf3434ee8f88d6754a93e39280a7ff0de98fa38a6fa02b9a489a07e3ecf4aaaa953950c698918191a504f5e6c69b0dc69978e0b30b4a5e1c6e8bc0314e47913c3c5bc4a8f4021b9a0ac5af041a326bf928b22cda531436627fe40de358140210c641e50fd4b4d3c5f421ca7f330df198795821966269db562b3adb81fccda5265bcd3d85db3323754cd76ae9c75bcca9e87c94f389d6881d3ced77a1c5744fff633275196b96b26d47797c6327e4a3511d42cc726bff4ee201b25b3cd5740e82a65043f27e366579407c6bbcccbc17", 0x2000, &(0x7f0000005000)={&(0x7f0000000080)={0x50, 0x0, 0x6, {0x7, 0x26, 0x80000001, 0x0, 0x7, 0x0, 0x3, 0x4}}, &(0x7f0000000100)={0x18, 0xfffffffffffffff5, 0x4, {0x9}}, &(0x7f0000000140)={0x18, 0x0, 0x200}, &(0x7f0000000180)={0x18, 0x0, 0x66e, {0x8000}}, &(0x7f00000001c0)={0x18, 0x7fffffffffffffff, 0xab, {0xc7}}, &(0x7f0000000200)={0x28, 0xffffffffffffffda, 0x3, {{0x0, 0x4, 0x2, 0xffffffffffffffff}}}, &(0x7f0000000240)={0x60, 0x0, 0x1000, {{0x400, 0x7f, 0x7ee, 0x0, 0xeaf8, 0x3, 0x6, 0x9}}}, &(0x7f00000002c0)={0x18, 0x0, 0x4, {0x3f}}, &(0x7f0000000300)={0x13, 0x0, 0x8, {'\'\'\x00'}}, &(0x7f00000025c0)={0x20, 0x0, 0x9, {0x0, 0x2}}, &(0x7f0000002600)={0x78, 0x0, 0x8001, {0x400000000000000, 0x4f6, 0x0, {0x6, 0x5, 0x1, 0x0, 0xfffffffffffffffe, 0x5, 0x7, 0x8, 0x1f, 0xc000, 0x40c0, 0xffffffffffffffff, 0x0, 0x5, 0x1ef}}}, &(0x7f0000002680)={0x90, 0x0, 0xbd, {0x1, 0x2, 0x59, 0x2, 0x7, 0x7, {0x0, 0x5, 0xa7, 0x2, 0xfff, 0x5, 0x2, 0x1, 0x4, 0x6000, 0x8000000, r2, 0xffffffffffffffff, 0x880, 0xff}}}, &(0x7f0000002740)={0xe0, 0x0, 0x99e, [{0x1, 0x8, 0x2, 0x8000, '--'}, {0x0, 0x0, 0x3, 0xfffffffc, '@\\@'}, {0x0, 0x8000, 0x5, 0x9, 'fuse\x00'}, {0x3, 0x3ff, 0x5, 0x8, 'fuse\x00'}, {0x0, 0x293f, 0xc, 0x5, '!+*/)N-\\,[o.'}, {0x5, 0xffffffffffffffff, 0xa, 0xd, '/dev/fuse\x00'}]}, &(0x7f0000004880)={0x5b8, 0x0, 0x8000, [{{0x1, 0x3, 0xfffffffffffffff7, 0xa6f, 0x3ff, 0xffffffff, {0x1, 0x7, 0x4, 0x8001, 0x4, 0x100000001, 0x1, 0x3, 0x8, 0xc000, 0x0, 0xee00, 0xffffffffffffffff, 0x101, 0xab6}}, {0x1, 0x41, 0x0, 0x8}}, {{0x3, 0x0, 0x8, 0x8001, 0x1, 0x0, {0x5, 0x200, 0x4, 0xc37, 0x7f732105, 0x5, 0x1, 0xc7, 0x6, 0x8000, 0x96fe, 0xee00, 0x0, 0x65, 0x7}}, {0x5, 0x8, 0x0, 0xcf5}}, {{0x6, 0x1, 0x0, 0x0, 0x80, 0x101, {0x2, 0x800, 0x9, 0x7f, 0x6, 0x5951, 0x3, 0x0, 0x0, 0x1000, 0x5, 0xffffffffffffffff, 0xee00, 0x8, 0x20}}, {0x3, 0x101, 0x5, 0x9, 'fuse\x00'}}, {{0x5, 0x1, 0x0, 0xff, 0x7, 0x0, {0x5, 0x100000000, 0x2, 0xfffffffffffffffd, 0x4, 0x1, 0x5, 0x1, 0x0, 0x4000, 0x7, 0xffffffffffffffff, 0xee01, 0x3, 0xfffff22c}}, {0x5, 0x0, 0x2, 0x0, '\'\x00'}}, {{0x0, 0x3, 0x100000000, 0xcf, 0x6, 0x8, {0x3, 0x9, 0x3, 0x800, 0xffff, 0x5, 0x3, 0x7, 0x77, 0xc000, 0x7, 0xffffffffffffffff, 0xee01, 0x1}}, {0x0, 0x10000, 0xa, 0x3, '/dev/fuse\x00'}}, {{0x3, 0x1, 0x9, 0x0, 0x1, 0x3, {0x5, 0xdfc, 0x8, 0x400, 0x7fffffff, 0x8, 0x9, 0x2, 0x5, 0x1000, 0x39, 0xee00, 0xffffffffffffffff, 0x17e5, 0x12a}}, {0x6, 0x8000000000000001, 0x9, 0x80000001, '\xc3$]-&*#\xfc)'}}, {{0x6, 0x1, 0xfff, 0x876, 0x24, 0x9, {0x0, 0xae2e, 0x6, 0x7ff, 0x10000, 0x2, 0x1, 0x0, 0x8000, 0x2000, 0x82f, r3, 0xee01, 0x8, 0x4}}, {0x5, 0xd5, 0xa, 0x1f, '/dev/fuse\x00'}}, {{0x5, 0x1, 0x5, 0xdf5, 0x5, 0x126, {0x6, 0x400, 0x5, 0x5, 0x7f, 0x9, 0x1, 0x7fff, 0x6, 0xa000, 0x0, 0xee01, 0x0, 0xae0b, 0x1f}}, {0x5, 0x4, 0x1, 0x10001, '{'}}, {{0x5, 0x3, 0x9, 0x1, 0x20, 0x20, {0x2, 0x10000, 0x0, 0xffffffffffffffff, 0x100000001, 0x1f, 0x7, 0x6, 0x5, 0xc000, 0x1000, 0xee01, r4, 0x7, 0x7}}, {0x1, 0x9e, 0x5, 0x3, 'fuse\x00'}}]}, &(0x7f0000004f00)={0xa0, 0x0, 0x6, {{0x6, 0x1, 0x5, 0x8001, 0x0, 0xa, {0x0, 0x5, 0x2, 0x1, 0x9, 0x2, 0x200, 0x8, 0x9, 0x1000, 0x2, 0x0, r5, 0x1, 0x101}}, {0x0, 0x8}}}, &(0x7f0000004fc0)={0x20, 0x0, 0x3, {0x1, 0x0, 0x4, 0x200}}}) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d307830303030303030cd02ea3030303830302c6465661b756c745f7065726d697373696f6e732c6d61785f726508003d3078303030303030303030303030303030302c6d61785f726561643d3078303030b030303030303030301820e74e3b303030302c666fbba34438f0c5a810000fe132d4b9dc563a30889f6920c209ac508519d9cd4de4e8969bf534a9a56585f10c87fe3d9d2975c31e4a2df16c61923d92c136d055ea41a28a052105b2a6909d035364ca0da5de105dc08670a36431988970ca140b42bfadf660b68bc62a1d22a887c67f86988106c23259770b2b833ee1f36fff108024b74b8077c2afb63ee7bb1e5c91de0cd4a1fc2d4718fc5de6a921aeb4272d2de8f44f1eb488a110c0c16c640c7d8e1cd453394f4829866c38b3f191d8b6f3e84448d77791cfc92cc4e2fa8a6a3c8538120283dfc1a77e372f18c073f55ec74fb45c2165258524c24d753f7812df31259d07a1768046502b94a432072c8b2e6bf243df21c254a93bc9b00bd4c7e291", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:17 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:17 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:17 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:17 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 895.538982] FAULT_INJECTION: forcing a failure. [ 895.538982] name failslab, interval 1, probability 0, space 0, times 0 [ 895.596514] CPU: 1 PID: 14886 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 895.604428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 895.613780] Call Trace: [ 895.616367] dump_stack+0x1b2/0x281 [ 895.619993] should_fail.cold+0x10a/0x149 [ 895.624144] should_failslab+0xd6/0x130 [ 895.628124] __kmalloc+0x2c1/0x400 [ 895.631669] ? __list_lru_init+0x67/0x710 [ 895.635821] __list_lru_init+0x67/0x710 [ 895.639804] sget_userns+0x4e4/0xc10 [ 895.643526] ? get_anon_bdev+0x1c0/0x1c0 [ 895.647619] ? get_anon_bdev+0x1c0/0x1c0 [ 895.651680] sget+0xd1/0x110 [ 895.654703] ? fuse_get_root_inode+0xc0/0xc0 [ 895.659118] mount_nodev+0x2c/0xf0 [ 895.662666] mount_fs+0x92/0x2a0 [ 895.666036] vfs_kern_mount.part.0+0x5b/0x470 [ 895.670541] do_mount+0xe65/0x2a30 [ 895.674089] ? __do_page_fault+0x159/0xad0 [ 895.678327] ? retint_kernel+0x2d/0x2d [ 895.682226] ? copy_mount_string+0x40/0x40 [ 895.686466] ? memset+0x20/0x40 [ 895.689750] ? copy_mount_options+0x1fa/0x2f0 [ 895.694245] ? copy_mnt_ns+0xa30/0xa30 [ 895.698136] SyS_mount+0xa8/0x120 [ 895.701596] ? copy_mnt_ns+0xa30/0xa30 [ 895.705487] do_syscall_64+0x1d5/0x640 [ 895.709379] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 895.714564] RIP: 0033:0x7f8e2a1775fa [ 895.718275] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 895.725981] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 895.733251] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 895.740520] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 895.747789] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 895.755054] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:18 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) clock_adjtime(0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', 0x0, 0x2f, 0x7, 0x0, 0x1, 0x40, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @empty, 0x1, 0x20, 0x1}}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000280)={0x110, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0xf4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x110}, 0x1, 0x0, 0x0, 0xc004}, 0x20048015) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:18 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:18 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async, rerun: 32) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 32) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async, rerun: 32) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async, rerun: 32) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_IOCTL(r1, &(0x7f0000000080)={0x20, 0x0, r4, {0x9, 0x4, 0x1, 0xab22}}, 0x20) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:18 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 18) 22:45:18 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) r2 = geteuid() (async) r3 = geteuid() (async) read$FUSE(r0, &(0x7f0000002840)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) getresgid(&(0x7f0000004e40), &(0x7f0000004e80)=0x0, &(0x7f0000004ec0)) syz_fuse_handle_req(r1, &(0x7f00000005c0)="ad5421051b15342178fb916323b66f3cd8f23a76fbd95e8edc0da030b5343d4c0db54fc0c8390569d21f3d0319da79648455ff536865c75bddeda405f5e2135d91c63ae325c4bf63a58ae6aa78c47b2edb6e1c44266f97a5ffa7a505035c5c793ec244adbd7360d9a0d72d27aa556fd3a116bb0ac0af84a09f68e88810f7a156c53839b728787099739f47cae9c8832885b56f85bb627bfb1928855c2dc89ad16c898840eea7299396149b7f3299fe25732835b8b97d23c4d6269f93c70b6480ba2251944d845a46bc322f7066b34a3fed6f17d716bcbf6e4234662a1f4787838a618205ee40b243607d75f2c8b9a2201c828c45e5a65588744bd87813ec17b7c8c204bde53f5b315b3987a0c12b4d194538e0b20464251ffa4d94cadb3d6edd2670aa7f7879221200afdd9fae5cffd898bd12cfd8c9df2cbd7995bc7f328bc71177a992f56f904752527287e4ce35658e01b902351ab9a7d669603090b29b511a83955254c76ae2cfb0f3add0797cd493157b44ed64dc9d5a5ea8ab3ca488fc44747da8f9b5b5f0b52a5084f11c29d289ddd9acf44af1aea501f23fb2eba8c27071c5aafc55d37e20193548d91037664833169f90cbc8123618c4cde1ba1ef97407b68e86837b5f2e53bc4310bf5af9737d404d24c212c942534045e32f423e92af19a95eac9846952ffc4e154e40bc44c49b90b31707073d55de7cdee2e214749841d65804e2e00df5561a7fb2e79fec8f4179e15e7c40bf4d34724662b33402bb3ee5ad982fd1174c1d14423a9537c80d3f7f5c07346b14ab9074fa062b2e0e0e639e5b2f655a8bdef85c12e3c573cea9eb9035d6a0bbda85826d31b5bfe2b9af06d5186a3b32a268cd83e600ef734355f9902bb25647f06fe1a8e20ec6898ae2d6447df3ceaebd9761c285b5090c5243c8e60dc01193de5a2f4667057aba99c4c0fe70b3ad96398bac6a032d1a84308db5ec1a93fbd226c51e39a4358a75288ce0d313f0a569e963406f23518dbf103011773e0b241ac716dccc3ab1151f32ad3568c5945c8569891e290e6758c8f30234d50cd9a7b26f1b8c2917af20ad45cc058a38dcaa9d1bd8d51115dd08563da951fb547bc8b906ad881e25e433a1c23d248ffd3ca53872efbe9a2591a1a1a4199254a26c0672057d763d5bc9bd1f984b132ebf0f4a95e98a9d592e9d2747b09b544945b0b7d9a563560c49299a8e36d267d1d09108fbf4612644997ece051b99610a3a3d8a36803732a8c155dd15e3eed572094ec456f7cd0e9004e2e65e479cb2ae0e5d1f8b285253e0f4117d1a84fbd5bd559e0764e550e113149c6a08bb52c7f6182a5a840099bc3d1d9f7e3507c6e00ab48476ca831973efb3210a1d8ba4d1ce38ef8dffc7920f7d13ab4dd1348ed80a2df4fbd945189bcde964849ffc0b5929b3b64301875cc9d015b729c939b8ad312bdf58c7cba46365394e1568e05c6b955501efe1b6dfa6b7cb33d77d5df438d87fcfdaf70cc2f098dd80dda71f038a48511005e78cb235a1c968cf3451bec3f1003bb39ca101cb8b8b9c8602e434dcc645c71688ebc7067c3b11b29bdff272ac4d2891c5cffc7dd6bf30c9861d774b49304cd1c74928d46ca64cb3d1c0597f0ea3690fa1829d4b75e3578da622236d327a3eb9d902874209972f10f56cab3b0dde73b7aa6921af66c4ba854bc4708c0b94f659e1ea68be12c9d47f23b7c127df60545dfdeccd1da33d0c12c28b01570cbc0acc663a64c156fd79ab940061e84fc1069e4b97295494321db8a015fc74e6cb3e87da33745e02d2631e1d63bd0ac9dc614c7c8c34c6cdfe303b5956efa5c7c526b27f8de9de079bc3c43ef5c12f7e85fb6ad845f64eca0859f3e8ad6e6c77e3a3eaa20ee88f2b4af3a01054546c50ddae966f71aadc43092130c2368693d0cba7ee22b72e2be33aac49cbcee9be14a3f0643160c0d91c5a4467f04530eec72816e19772571aa3baf2d28bc442074985d58544b707c2fafd47ed57eb52ad217baadb141ef8dba73ea17725f136512d41c5d3a263a0e070a7be77c190c0f481be954d5d0ec02df88f5f48bb1d2c415c9c9cf14d4310ac579198d99abd19cc621dea8add341f76def81a22f6b06073605a8161c33448f4c639e3d7f231b210f6ace191c69eeb0a49a5b0373c9beabaca84d2a36d2b1588739f3c6cd9702bb323f437e54c164971e46c7d66432036f95a4c3bf0359801d99129a5e14fe2c68f676e13fa316b54736275562b27768679996bdf7d2fbaa9b6788fce929d1bad7e1f0720af1ecb3a7bf2fb32ea6a7be3b7beb0246eb9c71b93653150142a283a7e141592d21a100777a55031c1c5e47e086e96030eed5a63f0f7239899f28e4f8b58598abc11f7eca98b62cd7b3f15af44ad5d2f467d16ea846643c4a35b5acdfc97f4574dbf6a6a1c1c82595a56b4036d42a94f5b1c598b96ec2959e66633697571a86e643a75187d52a444699af33c286fcb2c8b0d7b8094593686c144191e92ee9f145b644a76528cf649d9449d6dc0ee6a648cfbe74d51ce032bfbfcad28f64ec0ddb48dd5e92751471e60249a980b13775234d11a33ecaef17e3ff1457742b66418a12a9a5957d60ad43ae1b0ca15516e0c5f925bc0e9a67f2ef64024eb6d44d8f3b9b0a419ac89dcaeecf65a26775a80539d3c5292087922368c415920ab7ce562a3fba3a5232f29f68e0aeb58b9030f7f6b17115fd180fe43196e3451f5ec1181a51cd6e98f3aebc3a8ed47fa9f6806effa2ebbd330b2ad938fb2c5a97f0f554b51feab41cdbe138d90724418e2a0885988ad7f44867660ea49a087a2ca95598ae7ce74732f50defce4aaa83ab2fa472db21c4238127b9a929c54eda15ea419a741a9065627d2fbadacb27a6a4bd3b373b7bf042be7f94a6d0b6a0492ee7e83b7c19abb1546e12e4ce61928ee8493ebb22bf89d8141b9ea21b91d3d66fa28fd023069f09012e5c91375f052b9d89d37c6dcd5738f2090bae2c66b93c0c1c233ffd3fd7d65098f57b76b922bdeb6f1177c60e4c52c8c4bc648875c220d496b9265a0b385c37774f7897aac78527af7b7d5983bfc7c374cd40a4570d07abf27170ab1d66b85c247d62a6a90f5adea61cb8eb160c68d621e097d61c49ac51aa688b60dc56937c62be598fd0a967c682f33c305191a3fa6ff0e27b7b8acc22cf7325a7399b5f7e9d6a821af2e1f9011619868784131646b53e977ee73f933920c85043fa909ecc3754815d1b104314fbbd35f2457938abd6b979e0806807702402b0032222920476953a5c4bf6d72d597cedfd41b2652016f3a14b219839d602c0150eca1101bd3e5fe53bcad5966d6c5558810abe984ea486b8a588e0ee4a778b2932a274cc61b16da932664d854af2b26bffbbb4acf340dba52b418ba222d76cfcc0935ceed7ed36a266c22f42d21c1bec636bbe6727268f3367abf23ba08df1059003295545242200eecf63be6cc2d34769c0d97542c4275cc6b8e7c62f2c354843f557972163fccf674bbea111f9afa25f2605771b0e96271d9572b41f84d91d6bfa8be3d6ed0f59d31a21065c63c779e7185f98677e81ac290e37f147c22e23e844e2ac09f56179165356e999c99fb7f32fb7d399e7108d7c8965b8341a406255ecf986149d0f827104c1f63178a99b4aeb266b097a8539c454c6237072f21b5ad488f55a3e06b1fbf5b533598a85ab36c2fd923966d779aa8a94eb70aef6d963216021157e5f5173dd3f85ab85aeb6a522e5233c06584e5fd2bf7c7d332e3e859b7d091b0635aa06cdc073eb51829fbc4a7b60fa768f52343aa89ee551ec3ee2f274cf9573b7c6827cc78fc5840a6ec2f74c2b5e50c24e77a80b7fca9ff2d07731972a1e383f9e15e976c3254093fb468048106bedc88545296c9337db2009bd97823cee5a872dd1d51a9a638b0232a11bc25f68a42db3a0d021dd08dde462975dc0abbcd4d1284528691697648b1939f4adb8ddfa9d4785600fa8840254f09449b324365830906e25e12c3b274670b3e780e3f6058f8afe0bd0e4c5b4ae40d4d63a950873fc903ca64dd7399a09799f7deadfba88c585a93b98fe6421dac9a5c751b9d98de83484cacdb9e72de4f91edc6a1c07cef84fd1ebe4bfa9ae45a1e8c7c4f9a9d130b49a56b9dcc5ea112b803800ad100eb770dbaf07a686bb669159cd5c28af5a5bbb1d09d115fb4aba7d49919ac3641c2c6d5f635b120740bd3d0147c3bddccc0a04b4b53d46627cfbe29c2bee9a7ae9ed6adfa19b99aa923d549ea37f2ffd92803f47747c3eaf43b783756c0ea9637d9dfed9d410cb286490a245da7107838aa51c73048e9e9fec154e2360c3137fd431a7e13cfe8832dcaccf0e919bcf2ccac9f493340121a233b4b42699c0ce32cc8f5e25d0d9f0b10444a27b4fdb67d1055f52a51f123d588d2e8559247ea2038a10159e749795a967bdf1be8229f4d51bf1ebd8f01522c7f3e9cdf95daafba0ea1b54cdea72f1c427903ad618527ea907417954a3d216384349809d0f32ce642f1af509608a3a5fc8057bf0092d5adb16c0b36690d261310c669d64576f858f86c40645b1f551c4f2241daea9c2a041c37da04a8ef906a7a607526ff66b0fb4351a69d77421aa7990bb818e1934f990a093e438a01576eb3d21e99f0a1469967cf4c479f00361909b82aa85ea3b942d2b34206b9153e64f22c3639981f5cf6855c91cb48e84492e82cc9c8fca9ad15baf725781580013d8d6d7f35f56a1f7bce5401f2e0fc7490cc24d624bb8d6bf28b9fa6133407b4d8bb336f5ce3daf340bfeb90022c6ec2b0b3cffb5d329d02b86d4a2653df78b3efa2470f7e66c4af7ff6263774bd898a9351cf47e17ac71d153e18a798aaf16ae291aa85422670c587428924f75359897dad6941e66c7943b4250bf57ab5737b3c46931a4e9eae8d7e3909c69eeff8f36830bd60c64c601391377bb58c1036bdc8fa9eb32ea08b5ca6f3a035f8c2f4ea2a4ed57e02a24e014d0e4e9a4b08140f7849abc3bb98eb6450858216f833056ac2241ce8bb6fb32b3b3f23801de4b060ebc4b08cc3c10bd9fb049889393c6b35b270c6fd4ab6d3fc29b625a8dd1e1d4e6c62a7568c86e5505cb390a41f91ce1aab6062b6696ce76af9a4d1497839a3e669cc455b2de4a523a2cb6a8c435440b93a21c657cc03f4522cea11b3c14b1658c17208b1326a64d500fb87c83923c8fce0ba6e38f89723b67c2b96706bb5d0a4aece9c11b17e87aa4ade33fb04a64afc7b27dbd13a40dcedd5dd38b375e9762e124f96bed42d569a7b552665dcc32ecd11b826af02713dfcdf3e57c756a0422573a6cd9cf5a1fc1b2232edc8943340530041fe4c15b4c776ed1b0a368036e4576f5fe7de4ff5cf35433fbe9f3053acba0cf9a16ac44e6e9816bd90b97f0659187a898ef22d31670c23a87f88db3d39ccaf0d058a7760ec0ff632df9c3128ccd5b012e5edfcb166cf407a5cc31f2038c5e7781ac0371fd67f5b65f2d32f21e93ccd7d7ffca70ab381d2c8f118e9786fbdf021f6edbad09de7f5560e70465893a5ab665800f0eb60ead8897cdcfba990a940ee3bd0aedb17798ff72100deba2405894e39a42d63b79e85d12c885067296070d2a5c0cc3fe97a35e984462f0c5a22b8af9638b514331cadc06d3ae0e4ac27e2e14bf3f072300e08c67c7a4555761e7059c7a515c620bcf20676cc85e02bd57642eeaf16bdbe12593ad98572859e23e4abc74072857a4fb9763f0289d9bf6104d8a0cd4ac939835a4f343854a3cfe8019f13f00973dcedd220832fa878fac14837e9553f8e44f8439f5e0b9912fb01c74dc1342b02bc93029768d85f2613f7248590e78f4bb2b3dd8e14a8cc342fb10e923bd65823842605de7beb07348bac61ea663b6b5b36eec0f6490efd9ad95a81a1adbaafc5aa98ec8edf47acb18e45157264a2b6c4e889a1fe3159fb18f7fc0be844c857942b732d209c4092acd4cf66eb04a31015cdb042561ba4c1f44e922cb62ed3a472638b46a075c89b6fc594447e06623ca9675f07be742e86f73c6e99ea937d5d5547300a8f8fb69d0e5257d8de92c03d387d9de88976e1815584d9a412549f2d9e6709f08c35de2bbc82194bc07c01804f734f2cf12ab5ecff08d1b19a9775fba163b4d981b511fb8371e1a0274e1561466fbb2b29e7dacfeb9d6d6716d4dff63ba9672a3067f23fd965fb43c59ad6e9f279a9ae0ccde80e447d83560b63e0dc5f80f5f39b2d45fb78ef3caab0fdff25c7bb9ae39597faf2604c0635efdd936cd26759973f7e244c37678868872b251a9bd5a1cbcc2b117079873e58fa5f61541c932804fdc1517933dddf7426a87ce72d1487d820f4cb627be9a24de6e8acaec397a078336f051d31b13eb422a3e8a4425a59e25410bc212e1571fb9d7ff74e9d943fe8849b6fd716a07d5cd5ba415875cfd6282c906d70c214dba51283c024f4d7026e1511c648aab5f5ab49d320df16189df275d265ea85df3bc8e1f83216b46b21109a2b0b9a9826eab2fd8e88e72bb06b7b55fbfa6672a2e13b68cc64dc820362c2a1f56cbafac013af55c5eb9cb54d02a204b6da78defd49a60b060c5c63423220ee0f56c1cda6825cf7d8aea915e3db4528d482e9cb60f0dbbda1067201b58dba67c43f73ec22953e1f441c22b1cbabf9f54b173747392ed629bc5728d72ed73833a48b378370acc4e9e1efad06d070b719a58e85a9e5ec71b0fd019f6b531965540bfb00ed284a8cb3225307e4b25796c1426d9ff68c32df62dc53ae4edb47e8c19bbd6daf732ae35f3f35bb3627353e1add9688ce13ab66a19d11d684e9fcf7c46d221a44927bc7aab593d5f2a41a598abad2bb973de1abda1c789342a25e3d683d6dd4af1a24bacf4435db7e1473df84c8b102d706c0d4467becdd2f5cbbfb0a0c9909b8ca7ac0cd29099c591feceb398277c13fd4642603f5f38904be3e8fd7e2e197fbf8480a230d875bd0b36e234ba4fb56ca9f581cf46cd44f0ccabc5cfa39d0055aac01172ad3024de2bde0b7a241942a10598aac12fe3b57cc19f6dc61e88bf19c427cf470ffa549a181dde4051cb2cfb407c7b728c9be4e2efcc30ce45ea10674e58f9d6fb022c95b0637affc4ffd5c4df45e3a69478e266e3e4a9714e68ea4077ff4ba0b87f6ee83efa61313d20b36f5eecb2543c194514e5e2b32ff6b57ca66ad87d20e1d853fea0cc11deb90cf9e03e6df61af5664576d921d4dc88fd7046cd6f1034fc2c0baee9c84b24e245f9be92116c139c792d270bdfdf77af49fc8a25463958f88d362ac0584e78b787c5b1d94708d438d4dfd745c8e01fc00cb21763580aef924d50aa1a2b0b3613ccd677736c12a0255233bc7f1c4084f563e947db45255ab7c54ff0077451258f59f42a83ce76ae48eb08551447f82ad0efc8feb2409e072fd9bf0a5cfbbfa923b6069eee6e988fa7d5c098cd3a1ccf35cde80763664be90d672d4310941ebe167476c6765c14d3e7623237ee9c09f733cc2ea7ee2327d7f856940f119383fe32b1dd5dd35551d7762afcd1d5b28dab89e098fa7a1b3b407326e9a22bf1644d88ef101af531f38cf0fbdf09304711628e691bdc74e739283035d490ac528df90362fce909fb653e0a2710f953684464d0c920f0f140576016e82c9f9a5fc17d5117d6edb4eba0432a15e584ba9fd4954ae92c0ee985c1a43d7633fa28eb518bbcfbb635f58e05acb71b818ad00e018f1cf117d829bf0916e3831a1503bd149d10158169a3d8998d0985a835cbb72501ef2fe580d22fdb493ed2b0aa43e2fb90524d03b63504a0dd565879faee35e92dc74d35b6137f00d9582d82cbdfbf6ec70efb3a820ce53582b64267e9fee663b25b16da219697ceb2140c405e15fa062e10867d243088f457cbadd3559e7f599286e1cba185a2ac61d1cac504efa3f2df66a6ebe966e59db7dc5819c97e6ccfaa37a9465e73ff08fe8f2d918f6cab36e652643deb12588dcda1229cc87545c3cc51fda364d8459c2dbd691f4ff3c499718594287fdda39483795c0d12824d8fb832ddbe41c6320c921b7e049650dc6e8da234c96a7cdfa0b71a72fd0d1bfdc7ea893d32739515c301c8b2ca6b431b32f3d506afb9e995d2958010aa15f4d324c3e71c9fb6bfdd21921a4fa0689e0a2fec89a4e1ced7daf4041e1eb9f6633402bb9d1464770e3fe4431ab7028425f97bfcfaadc4a922361f363b8bda01d82044643af83305c7223ffd47f6426f6e501bf30c5f415de00d3617ad1c5164961e14e71dd9753f64de8014217ab820514e288d589d70ba002e2254379263824f0c6338ad4ebe4f5fa2deab1f09ab3a6d8d1ad62eae6fccba88d2e050b155702b76927ab2711c1c1e4a2076243531be5bf943f68e3f5b76ba3a2d0258aa4ae502717023622e8ea29b18f407ba530e2913e69b189742e8a373c9bf0d9dfa8734dd623efcf6be013e41a607e0fcef03995fa9f6cb4d76163c6efa43cd38e9bc2dc3977013bcf5f7910a30f5e97dbca04475b65085dbbdfa449250205ba7ffd45b0862af6ac5b5b3cb54998f318a5208e2e1b4bfbfa7434a59f513dc9b6eac31d292278888fe1275ee582b4cf2b945a0edbeecbd5479bc51e6de60bf4972e02c1e1683520b22f1d0137dcb5664ea6db6a54791ae7724119fba3415abe67c9b7596563a7befca8e53942910f77a71ba5e4331bdd37233d7c0bb34852594fd86e39a10c14f75fcf8dff664794ae6fca10f7b6a31a4a2f12f954ca50291ec24079ac02db59bcae859d0d129669bfedd1dbf3a990550d6ca5e17f59838c0d06fd42c7c85e380c2b1eda15ca27cc83e2b2f79f3e01458816124a92386df73a91389a788df237648b8e0daee720b17f1364829aff26d1905a7e575d5449ec46f457acf2292057e83538a0fc086aef23bd9bc96252766e0419f8f1030aaf550a9a4775f24d0a99f38fcd9b6df6fb825a55e291784edc51b5d9f9dcc5f743ab0cd13636b95c0e3a0a461096301c40ff2c9892358ba28466febb004b0a7fe71df7473a46419d94a4d3b8b8888adea2858c69d7f2f9b9fd237768d8f2775ca384732f65bcc366376120e6a66ed97ed74727d8b4ff641fa3cc45bc53e46c0039a90f8034e05a5898f18b28c765f0a1b2516c366dc37ec1e5632e4586903e10f4bbac38140affe46fc3e0e2588ad679876d3efda1b0e89f9a0c9bf7121ba5be5755d28ff809fa56a828f0af27d30b77db745a7ee45380382132a048804679518af1d60ab813d3c2162807b34268800fe48a68ec24393e3092d1e15c64c3d738a35ac802660f173976663d70fa0cd61d6a2e64d88a800bedec764dcaf031625d9b3855e8f1a56eb1c6dd8c843973ed6907a142e79b3a7e15c11698c626b5e0561e46baac96d7e611cc7a1359163d015418db359c68c8745de9909f47ec5e28db1b6c3b762cf41c1c3186b2589037d8f91073b0088a7397b2320da8bcacc4dcbf8acbdf56db75e1cd54c37e74da541c48b6a0f7b55b9f34d3727f63cc41c20931fc71b836edc729e268a460d62abfd2d0206b62c8def93e1ac1a6e71e5f643d1fcce0bc176cda52f4b4916b6a841281ed5206c49c9fefc09d70f35803a97c9e5ca0fa379af890565c91dee025e68e580fbb49dfa8e5abbc63182395ad94c1c1039bf190652eeb019c699ffc0036798efe05273c7afa054d187efe7c50ba8d454315a5bf9c73030efe245102dcd79f19830f1b4bba6b8ca4948257370adb97c836564d959a948d649e6ca94cd06622bd4a4542045576f82a5d80d1940b4b1947b1a922757c125b167ef6dd1f6de35a55245d76c21e07a443f86ee65fab35552f1ba41d44e63e44cfa6ed3c53b952dde11cbfb764718c66176534537e7ec0e4d40465ade832fb9d3cc97846371c55cba1abb688da9029e7802605df0d39c8a11c7655939bc784a15f767be18d8d8c38e21466f4b87116d0faf5c0f94dbe4ef012bb966186f97cfa47588efb1b1f68991e50ae0d30a45d77523bc0c02467b6249f4dca6782f3b3e48f2b26f806ee376a3b4871daef3116168b9ca804960e1bdc37e554d7b63483f45cf6416faea424c60421b86f24a4f0f43b2f30c499822351f1a374e62503cd3e4ebabd8a0a7a735ca6acc0be3abad4d2bef76f4e06b0943d5b60a40e446a648d31a1c3be428f182137b2df0dfb00fd1d4803f544a7109e46b7f05cb35eb3c475560ad6fb6b991f22bf36bde704df21bd5991bc8503796e3333ff637964fa497278e3e047ac94bbc139eddf9a4a51fa70fa2659178e247b7da7bd17f1fe07844504b1acb7389d71a19b2de9059b253b1c549283249e3a5268f86de0464a93e6f79e4eb83f6e27136b38c95b8e17e299b1cdbad8f2c85de271ca1ac167441e6b8659badf20964f2789f5bfb82d3060ecf1ff51d20e166552748908292ef15b0c680b3f2d136e1b209dc98aec197356244491cce999725720c222a51bef0a1c354650cc0e11ea7f117b60acec538f0baf89a166de53379e3c3560429e512469a5d66f27966b4e3d2a223c6088e0883f6fb2a6b09f400efc1c5e654c579fa96e030b1c6d54f7217fb0b7c9c70ca86dc93f680ad8610e064731e75915845382986d865bc63a0956699c2b7d794167cedaf374cff8b57453f8ae0372e20f54175cac11eef1037985727ed0a10533da1005acc83e73980c636df2a0bc3f4a2eecda690ac241cfd7ddf1173385b72444b7d7fafd5dd2a136bd2f0ce76f9e7644c0137fd57b45010f0f1d28831d80a29cf76d06ebac5e9aec5a5ff043ff4a5354f4b4024c687a33609ba29e3588f0fce19f072c065dcc387bd1bd0b33585feb7213f0506b9c20c805b9dbf03e13d0b34b9367948782108c3278a0a4b0c82b146e4742ef3eb5c85fe5416e09787ed11c8d833a7f3072172c2d7a6919620890373e150c34cca8e81f4de432c3217f1dbc7c4399623e3b4c32ee7a44d1a15b3dad31ab3a078e23c7626c8879a4d89419d4bf0d566b2b7dcb1441baeaa7f78c218786d13368241593b7f7046c1ae6b552ef0a54157af514e335ab8a23b835c1fdb8918dd47b02d2156e04a58290b2d679274f0e0e97c39b7fc7d2504b244b32e830893f014972e13d1a4ecb79f045d54e39c095bb8379fcd45d8f348a9ad0403472a0a47bb30b9d5916d28acb008c71e94fee792fd156deeb9ed19bee0b96a26936477585ffca55150ba6a2e52844fcb4ee0254aca11e26741291629c4cba58d537f76affeeee41623123819f299970815844cf3434ee8f88d6754a93e39280a7ff0de98fa38a6fa02b9a489a07e3ecf4aaaa953950c698918191a504f5e6c69b0dc69978e0b30b4a5e1c6e8bc0314e47913c3c5bc4a8f4021b9a0ac5af041a326bf928b22cda531436627fe40de358140210c641e50fd4b4d3c5f421ca7f330df198795821966269db562b3adb81fccda5265bcd3d85db3323754cd76ae9c75bcca9e87c94f389d6881d3ced77a1c5744fff633275196b96b26d47797c6327e4a3511d42cc726bff4ee201b25b3cd5740e82a65043f27e366579407c6bbcccbc17", 0x2000, &(0x7f0000005000)={&(0x7f0000000080)={0x50, 0x0, 0x6, {0x7, 0x26, 0x80000001, 0x0, 0x7, 0x0, 0x3, 0x4}}, &(0x7f0000000100)={0x18, 0xfffffffffffffff5, 0x4, {0x9}}, &(0x7f0000000140)={0x18, 0x0, 0x200}, &(0x7f0000000180)={0x18, 0x0, 0x66e, {0x8000}}, &(0x7f00000001c0)={0x18, 0x7fffffffffffffff, 0xab, {0xc7}}, &(0x7f0000000200)={0x28, 0xffffffffffffffda, 0x3, {{0x0, 0x4, 0x2, 0xffffffffffffffff}}}, &(0x7f0000000240)={0x60, 0x0, 0x1000, {{0x400, 0x7f, 0x7ee, 0x0, 0xeaf8, 0x3, 0x6, 0x9}}}, &(0x7f00000002c0)={0x18, 0x0, 0x4, {0x3f}}, &(0x7f0000000300)={0x13, 0x0, 0x8, {'\'\'\x00'}}, &(0x7f00000025c0)={0x20, 0x0, 0x9, {0x0, 0x2}}, &(0x7f0000002600)={0x78, 0x0, 0x8001, {0x400000000000000, 0x4f6, 0x0, {0x6, 0x5, 0x1, 0x0, 0xfffffffffffffffe, 0x5, 0x7, 0x8, 0x1f, 0xc000, 0x40c0, 0xffffffffffffffff, 0x0, 0x5, 0x1ef}}}, &(0x7f0000002680)={0x90, 0x0, 0xbd, {0x1, 0x2, 0x59, 0x2, 0x7, 0x7, {0x0, 0x5, 0xa7, 0x2, 0xfff, 0x5, 0x2, 0x1, 0x4, 0x6000, 0x8000000, r2, 0xffffffffffffffff, 0x880, 0xff}}}, &(0x7f0000002740)={0xe0, 0x0, 0x99e, [{0x1, 0x8, 0x2, 0x8000, '--'}, {0x0, 0x0, 0x3, 0xfffffffc, '@\\@'}, {0x0, 0x8000, 0x5, 0x9, 'fuse\x00'}, {0x3, 0x3ff, 0x5, 0x8, 'fuse\x00'}, {0x0, 0x293f, 0xc, 0x5, '!+*/)N-\\,[o.'}, {0x5, 0xffffffffffffffff, 0xa, 0xd, '/dev/fuse\x00'}]}, &(0x7f0000004880)={0x5b8, 0x0, 0x8000, [{{0x1, 0x3, 0xfffffffffffffff7, 0xa6f, 0x3ff, 0xffffffff, {0x1, 0x7, 0x4, 0x8001, 0x4, 0x100000001, 0x1, 0x3, 0x8, 0xc000, 0x0, 0xee00, 0xffffffffffffffff, 0x101, 0xab6}}, {0x1, 0x41, 0x0, 0x8}}, {{0x3, 0x0, 0x8, 0x8001, 0x1, 0x0, {0x5, 0x200, 0x4, 0xc37, 0x7f732105, 0x5, 0x1, 0xc7, 0x6, 0x8000, 0x96fe, 0xee00, 0x0, 0x65, 0x7}}, {0x5, 0x8, 0x0, 0xcf5}}, {{0x6, 0x1, 0x0, 0x0, 0x80, 0x101, {0x2, 0x800, 0x9, 0x7f, 0x6, 0x5951, 0x3, 0x0, 0x0, 0x1000, 0x5, 0xffffffffffffffff, 0xee00, 0x8, 0x20}}, {0x3, 0x101, 0x5, 0x9, 'fuse\x00'}}, {{0x5, 0x1, 0x0, 0xff, 0x7, 0x0, {0x5, 0x100000000, 0x2, 0xfffffffffffffffd, 0x4, 0x1, 0x5, 0x1, 0x0, 0x4000, 0x7, 0xffffffffffffffff, 0xee01, 0x3, 0xfffff22c}}, {0x5, 0x0, 0x2, 0x0, '\'\x00'}}, {{0x0, 0x3, 0x100000000, 0xcf, 0x6, 0x8, {0x3, 0x9, 0x3, 0x800, 0xffff, 0x5, 0x3, 0x7, 0x77, 0xc000, 0x7, 0xffffffffffffffff, 0xee01, 0x1}}, {0x0, 0x10000, 0xa, 0x3, '/dev/fuse\x00'}}, {{0x3, 0x1, 0x9, 0x0, 0x1, 0x3, {0x5, 0xdfc, 0x8, 0x400, 0x7fffffff, 0x8, 0x9, 0x2, 0x5, 0x1000, 0x39, 0xee00, 0xffffffffffffffff, 0x17e5, 0x12a}}, {0x6, 0x8000000000000001, 0x9, 0x80000001, '\xc3$]-&*#\xfc)'}}, {{0x6, 0x1, 0xfff, 0x876, 0x24, 0x9, {0x0, 0xae2e, 0x6, 0x7ff, 0x10000, 0x2, 0x1, 0x0, 0x8000, 0x2000, 0x82f, r3, 0xee01, 0x8, 0x4}}, {0x5, 0xd5, 0xa, 0x1f, '/dev/fuse\x00'}}, {{0x5, 0x1, 0x5, 0xdf5, 0x5, 0x126, {0x6, 0x400, 0x5, 0x5, 0x7f, 0x9, 0x1, 0x7fff, 0x6, 0xa000, 0x0, 0xee01, 0x0, 0xae0b, 0x1f}}, {0x5, 0x4, 0x1, 0x10001, '{'}}, {{0x5, 0x3, 0x9, 0x1, 0x20, 0x20, {0x2, 0x10000, 0x0, 0xffffffffffffffff, 0x100000001, 0x1f, 0x7, 0x6, 0x5, 0xc000, 0x1000, 0xee01, r4, 0x7, 0x7}}, {0x1, 0x9e, 0x5, 0x3, 'fuse\x00'}}]}, &(0x7f0000004f00)={0xa0, 0x0, 0x6, {{0x6, 0x1, 0x5, 0x8001, 0x0, 0xa, {0x0, 0x5, 0x2, 0x1, 0x9, 0x2, 0x200, 0x8, 0x9, 0x1000, 0x2, 0x0, r5, 0x1, 0x101}}, {0x0, 0x8}}}, &(0x7f0000004fc0)={0x20, 0x0, 0x3, {0x1, 0x0, 0x4, 0x200}}}) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c626c6b73697a653d307830303030303030cd02ea3030303830302c6465661b756c745f7065726d697373696f6e732c6d61785f726508003d3078303030303030303030303030303030302c6d61785f726561643d3078303030b030303030303030301820e74e3b303030302c666fbba34438f0c5a810000fe132d4b9dc563a30889f6920c209ac508519d9cd4de4e8969bf534a9a56585f10c87fe3d9d2975c31e4a2df16c61923d92c136d055ea41a28a052105b2a6909d035364ca0da5de105dc08670a36431988970ca140b42bfadf660b68bc62a1d22a887c67f86988106c23259770b2b833ee1f36fff108024b74b8077c2afb63ee7bb1e5c91de0cd4a1fc2d4718fc5de6a921aeb4272d2de8f44f1eb488a110c0c16c640c7d8e1cd453394f4829866c38b3f191d8b6f3e84448d77791cfc92cc4e2fa8a6a3c8538120283dfc1a77e372f18c073f55ec74fb45c2165258524c24d753f7812df31259d07a1768046502b94a432072c8b2e6bf243df21c254a93bc9b00bd4c7e291", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:18 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:18 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_IOCTL(r1, &(0x7f0000000080)={0x20, 0x0, r4, {0x9, 0x4, 0x1, 0xab22}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) write$FUSE_IOCTL(r1, &(0x7f0000000080)={0x20, 0x0, r4, {0x9, 0x4, 0x1, 0xab22}}, 0x20) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) 22:45:18 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 896.409918] FAULT_INJECTION: forcing a failure. [ 896.409918] name failslab, interval 1, probability 0, space 0, times 0 [ 896.457023] CPU: 1 PID: 14942 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 896.464930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 896.474286] Call Trace: [ 896.476882] dump_stack+0x1b2/0x281 [ 896.480528] should_fail.cold+0x10a/0x149 [ 896.484683] should_failslab+0xd6/0x130 [ 896.488658] __kmalloc+0x2c1/0x400 [ 896.492199] ? __list_lru_init+0x67/0x710 [ 896.496353] __list_lru_init+0x67/0x710 [ 896.500336] sget_userns+0x504/0xc10 [ 896.504061] ? get_anon_bdev+0x1c0/0x1c0 [ 896.508129] ? get_anon_bdev+0x1c0/0x1c0 [ 896.512192] sget+0xd1/0x110 [ 896.515216] ? fuse_get_root_inode+0xc0/0xc0 [ 896.519633] mount_nodev+0x2c/0xf0 [ 896.523178] mount_fs+0x92/0x2a0 [ 896.526561] vfs_kern_mount.part.0+0x5b/0x470 [ 896.531086] do_mount+0xe65/0x2a30 [ 896.534631] ? __do_page_fault+0x159/0xad0 [ 896.538865] ? retint_kernel+0x2d/0x2d [ 896.542756] ? copy_mount_string+0x40/0x40 [ 896.546996] ? memset+0x20/0x40 [ 896.550282] ? copy_mount_options+0x1fa/0x2f0 [ 896.554781] ? copy_mnt_ns+0xa30/0xa30 [ 896.558678] SyS_mount+0xa8/0x120 [ 896.562129] ? copy_mnt_ns+0xa30/0xa30 [ 896.566028] do_syscall_64+0x1d5/0x640 [ 896.569920] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 896.575104] RIP: 0033:0x7f8e2a1775fa [ 896.578806] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 896.586517] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 896.593790] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 22:45:18 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:18 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:18 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) [ 896.601069] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 896.608339] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 896.615609] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:18 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, &(0x7f0000000080)=""/25) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f00000000c0)={0x10000, 0x6, 0x7, 0x6, 0xffffdd24, 0xb0}) 22:45:19 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:19 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:19 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:19 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, &(0x7f0000000080)=""/25) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f00000000c0)={0x10000, 0x6, 0x7, 0x6, 0xffffdd24, 0xb0}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, &(0x7f0000000080)=""/25) (async) syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (async) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f00000000c0)={0x10000, 0x6, 0x7, 0x6, 0xffffdd24, 0xb0}) (async) 22:45:19 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 19) 22:45:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) read$FUSE(r1, &(0x7f0000002900)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x80000, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r2, @ANYBLOB="2c3d0000000000800000", @ANYRESDEC=r3, @ANYBLOB=',allow_other,default_permissions,max_read=0x0000000000010001,dont_hash,fowner>', @ANYRESDEC=r4, @ANYBLOB=',mask=^MAY_APPEND,measure,hash,\x00'], 0x0, 0x0, &(0x7f0000004940)="a06769637eb40eeeb811bbbceb3a9c109216624394ad707920bf95b238ea48e87d30254a4869bbf0bc60f1c46572f89077eccf97318749bcbf14e0b7a0378a2f63cd4b165efc3d62cc69fc08efbf936062fc3428b6d2cf1a5ccedacf4eeff3b9d0dc14337668195902f0e32da272997a7b1be162b3ee6b0e85374b5127fef8d7dda645ac00cda74e89a62c0a953c6d05888a5ee90fff5c5f8b45ba9e1f43748a6b9bfe71cc92d4fb594e3d4ba7624df08daece2cd34bd5cbbf4ebfacc1488dde44122dc862fff2827c511e60a22e155743f2f737611c61d8df94abfd75bd7987ab5123a65066ef6f0d09577472572d580f70943315aa0a050f9e07c107cab6531daf183c5a466729a4483ba542facad6b2216185539cc28ef949e69e94db372a30e8cb1c6b187acc6b23e237e59b637f30601fee3dc980453cac3d22b52baebcd84f22762e99144db09ef482fcee0a7df2f9410d2965edcfa03b4d31284a18d2a27e728925f919f1217191129e2ab1bdca5579afd25a6ba78c166c11379e7725376925e807e2af0bc80bb3001350e6de1787ff41141b894a1de324e0337c3e11bae9e7f39ebfb8fd9324c2856421a726f148500c67c33af18b24b3aa0a63fa9afe38366a7d4e8f54825107a41572de24d911cafd0f69fc20fb801944f717cc4c2222cf83f04f9e2a3cb799d95775e23f5b30d33a5115ce2fa40dab3627f2c21579cff848b3222d11ecaa49ff92c4333627f8e7a5a42b8c291354cf48730530682fec940534d90946c664bc219314d5ef300eac745a0895f29469b77ef3c81b0de0e70aeb129ec027bac15fe60e8f25d0c37fbe14c57f10322e89f5b8b2a7a2abe55c5dbfc23753a6e15cf7386cc55aaae804c1063796723ab1b623c9fce6122fedf09fc1188d4a27087edad1842f2fee110701566f519f6f1fa8c353379e804aab639e5d3e527e55b319eb14a0c7dda00eef119ec66ed915cb6ef4117558da7702057cc774811d3ce26e52561ca4dd75b6e09ae959e95c158ccda32ea30e49bcca1fbecbcbb6b886c7288baf80641d54d7800bdf824dae2970f755b81dcc004ddb5aa19fcc2611287ee159539974e34fc447fccb9389eded5fac570a471fa2774855c04aa596ae097a32b57176895c735a2623f52296b1e9da716132de0d9c804154b5fcda4977a3fcebde2ad620202b7e741b1f961da4d0c6c18366b1c5e3427fdbbb185b2da8b57a6a2e37b37d7e54cc46e2b05c84c64defc7fa8c13a4ef8a93b3212d1eb262de5d94ee09646066438f0cdedd8b99d387d346a190fc33eb073e347e30ef849f500e142bbf42421c7344ed71c7c32b211e91014b145eb999801f80783797e05ffb865d80923b2715a5cc7bb44e22df29aa534e8089f494c915dfdbc8a2cc08f4252140ceb67f8aec6143ca61d3e75401d569ec09be2cbe76d83dbf74aa9e3b4a424d337cbadac4f3f1952c67096306179c4c318b64b6930fe287fbb27a1923de703f67516c7d25447c891352cfb3a1b7aa899376ac8943d67e952aa91444c0c0eea0744bb9a8c14df8b0148e0612a9791bb0a822051c983699fb76bdce42c32f907b10c1152ae4fc0a3b67816044e756bc0a49b2a23ce3e5ad40604c168965cb8cb1ace88ea1e8931f993f287b36b4a4f6471412e2d1806e462a9af8f17c4cc18e49332db0202103ae87fd4843af00b6cdd903cdde66e5ed01cfa1ad33ff16d1027a8939b7d9b8648185e187afcd0a1a10b2aa277d794e5602966c3dcddb6d0731282e2005b92483db1ce03138f46c7814cde493065500d598c4e1289f2565aab5ee5500a986095f84c74f5d3a18785015b04144f113b53bf5f712f4dc8b8042fa0b9e88a8089408c5c322e50b6376386a3de296f47bc7e10e9c47df1e866b287ed21443f710a697adffa10a2c61f3e930e5f62d6986a90e285352b45a2c23d1f7fd0afbbb7a00e7fbe1f74251582fb18e3cd21a0835cd5b4560fbb126f6f2f0d0efbfbb292b99563fd464566eac3b4fa5fe13dec79b3e69d4734e3c02c5ad57a0e2263ee802f2abecbb45b98e0e201c8750cc99de750364838a4315a37058b53137083b805be53ab948b25109b8c564c1ca75154d5bc943f735a60ea5612fe877a4a0b38cdddf92e60f744ac966aff4db77c9be1c38a52bc2109a1020bc93bc8628f9a3d6487173198535a9ebca47843bb639695f621f897e054086f41a7873d77331d48018285b0871ac6016bcb42a96488c287d3cd2aae7a08bc4b114589b59aa0c99157e672825d8fd1ac6728840916bdcd36fb5877ed56c734ca867ab36376362b1072d799aa455bb5c176044c01d29896eb14f8ae26ff693725b7436a0f0f68d3f972e794ae558b2cb65c8ae9c7a64666b456c0118ec6a7e789b2e6d2af01949cd8688e8361ae901554fac3ec90848052b5b80398ca6637914fb523db1989711e2c4c2710e9fea0ca3598bc615c07beaaa786340937a1a94c8db6f8351166db203b736efe8dd375d22445a0626308cb782840c4b26bd800865c616273d3e0ea479de3e3c53b3bf59dec0217360968af5d70abc357343ba3269a8019c4affc4f0f14318c6a10e5f8cef54ff348825819aae4dcf6e2bf175af793c83c3e553c46892e1a1c0aec6c8d2c3b81e8c6d693e3e12ee165400ed07009c3f2b1d3e2fe76b855979150b4625caae6521b8c1e779a853c4bc696f92b64997e797a33eccbcb1317646584fa591dc9fd6d2ada1ded28c82ba5e1088e62c38d152d1f02d6f8ea75d7ceb04af178d74aad98e189d0fe746b3532f97118a6c9d5c81727d36c71243c1a65b68356d9ea5ca6d2b04ccee6ab21918921eb66e9b9c329a4c7c97047f3613d612ba8067de70037517be284f294b7a9ff59fc35c2b7360e8f2b1a70856cb9f8577b837e1023a9774e733af8d0aa882efe2a3bfdef7d5fd4e18d7a4989ec57632eff6efbbf50c3b216e655d1474da3d4c0c5bbed7b56e325183e7ac2dc634268b2c61543b66bf78e0eb789f5d1d8285ca86cd82bf61d8f3804cdb139663e1155a5f896d8623b0eb6787af59f56950cbe87902941086abbfc8dd948f34184d286ced1872e03e1760539cc2398759e42e6e49f040f031558eb42f6e074cea6ba20121873561e447fe44db1282984b621713036ad91c8ad91d1284c54f0171984ee0cdca3c6645c8b4bcc6339a5f5080f510303ed72b0011013fa4cbf4c27ca94a4892dc030f216601fb49e8f6fc6aea7b7fd82aa6eae5560c32e341af4299f7d203872cb9ac5e80c20c26bcbaef0d822620bf035e9b5b1735e9b299cb469eed6c4561f043a9ea9b2f89152d971f82493ed97382710a50bee8aba4bf7ccac77891733bf538f535d8b38c57aa1839e449b932d6531ed543cc868e0828b6ad029761c406da8041183f9914f3ad719d8c3aebd190d2cc27b88c59ed03d1ae1de55a94e3af1a11f49d7600befd66ba10cec69af8db1809e78fb853e4178116fdefebc6d02ff8b608c3f50eac409cd7458bfc59b85522743d6180872a6119416903d1bb90280eb0fee6383e3eca45acc8aac55c0b4a3c5df2b0dcb04c600400571182f73b6880e46907a0e7d4ec45aac74efe63a8581ac33047f2b8d2ec765885a4c86767838741335f90309b4a815196894c4b019a98b6264aba02358a5d84cc33ce298289f470fd41258561ed7e8735f9b805fe63185ede451d357b05ad321656951f5094f4ea4f7b5334ff69cd0fa51541178713ff52646996c0a63dfeb26e0484cf30eb0e35210fda406ec1b7b5c15584864368c6b97716158db2eb98451062026ddbc8808ec234f4adc75360e523f822a7a13f6ef1c762cfc783a6aa948145f452c75930546fa708983e5cb6df338075b64d9db1b717e1b6765b8754323b26a057b942c2a897ee4de80ed9ba0eabbacfba3493bc1f36aaa5011cd3597ac416d2324a23bc1d9b0911304c0f998b593c40f1412ca87016bf95541642f3929432f10085308e7ba877463693e46e0ea3e7bbdb6ad25da4cc0d7da2b5609982c32ed72d19ccd6fffbeffe77c86924bcd54d29df59c1611f710e4364292de24103de430097db6628804547187e64fba99d01d214f77a3adfcfa687851741180fa99de8449fb3cdacb0e52ba2e762f7eec0f12ba58e3349aa903945c4f2078cfe54aec2cae833ab70a312459ea3e082b7c859a1dce15e398ade801c9f5287cf2bac9b8a96e2967863279f165b1f2dbee378cafe27291b7805973b2e96a0661364e1cae139bd281ef3cf577acb6908f9f1be761272e88c0fea6124473bebdf88d8f3054eb3694fa4b1bdacab64ff828e6a488bb0ca0d632ca4ad545df547ce25977b4503102039e3b1340bce4295b21a391d918ca955a7a4ccdd29fe7098ad26d81274a34c0479825c8a054bbb6cfb0c622c898be2785529c9afd89f4bd7cd697cce57446547d9a6ca2711f517516fd7a9900242ec59b29f977073fd1a04f5bc814e66683a987fbc6d3e5fd722d09893ae99f6e8eadf3769f3f66be7612c44e7c4228e1aae2f82a447ebb6bea6b2718ec2f70cb4c12d00928ab6c048c1a45012990e5d79f170d548890532b51c091f977540eeb311aae2e8dcccbd60bc991ee02de8fd992f1237509914717b9c58581cd4ba665124a283e1960ae5e42cb6024e0954c1e3ee3b681bd11e56d10f8f4cc4acd016acf0f2d7416c148c742e0aa9160faf3ddd78243db79b4bb5ec9b52fead5817f0fb50add2f0fb93ea8229c9e9e5555fbde846eb17503cba2b110c4a52bbd192e12ed7dfc198b9073007688fc675d078ffbbd5053573c5d3c008eb5a7159c3b80e498591f04abc89bd660c5945016bdc8102c71ce72e470eb6a991fe73035f680a41d20cf523897bbb028c826a1b57dd702401b6b53764e2f5e3b0cb5101bc114b6e747091a215552e1ae8d394b292a03a0c4c9c942913cffdd9c725a0fab09ae072716caab418308cb8cc5e222f4013293352c4778e99c2f860471f910da01e14a327635ce2e0d25a366ea3e55670837c303a584df385a85084880c39b91662f59dc54c74f3f9523af623965e7770485aad8f866a3b680c2ae8945cc88d8fd9ad6506939c434ed77a4c8d0265638f23f92ab879cbc5c0520db5ec32c2dba3cb7230d1d2fa01b1600267fcebd32aafd7e194982784725666b29506ea1d30bd5b29cac83832d9201930b650ba8008d408bb1e6abe74a27ec858fffcbf737e1efc682b576fc1b30c700c27413e254b15d40b56464b8e51ae8ec7776e878fcc48e068539c57e07ee63d8141ba7e34cecf1456b0b64e165bca274b456c57ab3e4295e32665fe3b2b9986cd17debce1214916031a0af02818f37707af8865f1d1c837fb13128a2d6b8505aa5a8d8c06562f2f39c2d3aa07a3cd969100e8df32a74d7c373d5e3aebd7a946f11129d91fd2c874dce70d9b94fdf82c0756ff432dd4b85ffb6c58726f4707256ce681b23df6768d73dd783ee33558c05316a5e51f3a1df6751ecc3c5b62cfa6373a6cee80cc2f65af606b39edcc20083211f649af7ffbc684d1877068f086e2dbe19fb0012cdffb39a1ee06efce25d606cc084e68d820c5040ccc3caf6f35694a81c9e5a4c9dedce5ae166fbffd6e3781187294faf6def703e33507e44858df952f0735fc6045479b3e59d2cba552a7456d9b2cd7f886dd5edb41a698d3e5878e579fb158161ac497aa424d2d823a502f5e1651c041895358d6260014b193af799432f38049ae395bfdc9c7c1924d7be85a25de8ec3677b9dad32644c1df9fc") ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000080)={"b40613c0de158a319a40d520c408b2f6c1ba8a3b8fbe9926af761a2fe00a202a", 0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000100)={"811171715e709e7e0445bfa9cebf8c9c0aba793bae0a749c1a2465babc6e1264", r5}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000140)={"14c2bf9feb000000fe56a855c020c756731458f2abd1fcb8ca6f3e683d91068d"}) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:19 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64658c6fc74e60434d8c726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) 22:45:19 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 897.345493] FAULT_INJECTION: forcing a failure. [ 897.345493] name failslab, interval 1, probability 0, space 0, times 0 [ 897.366485] CPU: 1 PID: 15008 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 897.374396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 897.383752] Call Trace: [ 897.386345] dump_stack+0x1b2/0x281 [ 897.389986] should_fail.cold+0x10a/0x149 [ 897.394140] should_failslab+0xd6/0x130 [ 897.398122] __kmalloc+0x2c1/0x400 [ 897.401665] ? register_shrinker+0x1ab/0x220 [ 897.406080] register_shrinker+0x1ab/0x220 [ 897.410316] sget_userns+0x9aa/0xc10 [ 897.414040] ? get_anon_bdev+0x1c0/0x1c0 [ 897.418109] ? get_anon_bdev+0x1c0/0x1c0 [ 897.422174] sget+0xd1/0x110 [ 897.425202] ? fuse_get_root_inode+0xc0/0xc0 [ 897.429617] mount_nodev+0x2c/0xf0 [ 897.433160] mount_fs+0x92/0x2a0 [ 897.436532] vfs_kern_mount.part.0+0x5b/0x470 [ 897.441036] do_mount+0xe65/0x2a30 22:45:19 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64658c6fc74e60434d8c726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) [ 897.444579] ? __do_page_fault+0x159/0xad0 [ 897.448819] ? retint_kernel+0x2d/0x2d [ 897.452711] ? copy_mount_string+0x40/0x40 [ 897.456953] ? memset+0x20/0x40 [ 897.460241] ? copy_mount_options+0x1fa/0x2f0 [ 897.464740] ? copy_mnt_ns+0xa30/0xa30 [ 897.468634] SyS_mount+0xa8/0x120 [ 897.472085] ? copy_mnt_ns+0xa30/0xa30 [ 897.475977] do_syscall_64+0x1d5/0x640 [ 897.479873] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 897.485058] RIP: 0033:0x7f8e2a1775fa [ 897.488762] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 22:45:19 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64658c6fc74e60434d8c726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) ioctl$RTC_WIE_OFF(0xffffffffffffffff, 0x7010) 22:45:19 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) [ 897.496473] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 897.503749] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 897.511021] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 897.518295] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 897.525568] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:19 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) ioctl$EVIOCGSND(0xffffffffffffffff, 0x8040451a, &(0x7f0000000080)=""/25) (async) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f00000000c0)={0x10000, 0x6, 0x7, 0x6, 0xffffdd24, 0xb0}) 22:45:19 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq={'fowner', 0x3d, r1}}, {@subj_type={'subj_type', 0x3d, '#\x03\x00'}}, {@measure}]}}, 0x0, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="2b0000000400000049062f9a95383b82e97a5d2109470000000000000000050000000000000006000000000000000300"/57], 0x2b) 22:45:19 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:19 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:19 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq={'fowner', 0x3d, r1}}, {@subj_type={'subj_type', 0x3d, '#\x03\x00'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async, rerun: 64) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 64) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) (async) write$FUSE_NOTIFY_STORE(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="2b0000000400000049062f9a95383b82e97a5d2109470000000000000000050000000000000006000000000000000300"/57], 0x2b) 22:45:19 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 20) [ 897.800876] FAULT_INJECTION: forcing a failure. [ 897.800876] name failslab, interval 1, probability 0, space 0, times 0 [ 897.812881] CPU: 1 PID: 15081 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 897.820773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 897.830125] Call Trace: [ 897.832715] dump_stack+0x1b2/0x281 [ 897.836347] should_fail.cold+0x10a/0x149 [ 897.840502] should_failslab+0xd6/0x130 [ 897.844480] __kmalloc+0x2c1/0x400 [ 897.848021] ? match_number+0x9d/0x200 [ 897.851916] match_number+0x9d/0x200 [ 897.855626] ? match_strdup+0xa0/0xa0 [ 897.859407] ? register_shrinker+0x15a/0x220 [ 897.863796] fuse_fill_super+0x437/0x15c0 [ 897.867928] ? fuse_get_root_inode+0xc0/0xc0 [ 897.872316] ? up_write+0x17/0x60 [ 897.875748] ? register_shrinker+0x15f/0x220 [ 897.880132] ? sget_userns+0x768/0xc10 [ 897.884088] ? get_anon_bdev+0x1c0/0x1c0 [ 897.888123] ? sget+0xd9/0x110 [ 897.891294] ? fuse_get_root_inode+0xc0/0xc0 [ 897.895678] mount_nodev+0x4c/0xf0 [ 897.899199] mount_fs+0x92/0x2a0 [ 897.902544] vfs_kern_mount.part.0+0x5b/0x470 [ 897.907016] do_mount+0xe65/0x2a30 [ 897.910539] ? __do_page_fault+0x159/0xad0 [ 897.914748] ? retint_kernel+0x2d/0x2d [ 897.918611] ? copy_mount_string+0x40/0x40 [ 897.922827] ? memset+0x20/0x40 [ 897.926083] ? copy_mount_options+0x1fa/0x2f0 [ 897.930557] ? copy_mnt_ns+0xa30/0xa30 [ 897.934422] SyS_mount+0xa8/0x120 [ 897.937851] ? copy_mnt_ns+0xa30/0xa30 [ 897.941715] do_syscall_64+0x1d5/0x640 [ 897.945581] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 897.950746] RIP: 0033:0x7f8e2a1775fa [ 897.954436] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 897.962119] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 897.969365] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 897.976611] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 897.983882] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 897.991132] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:20 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 32) read$FUSE(r1, &(0x7f0000002900)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (rerun: 32) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x80000, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r2, @ANYBLOB="2c3d0000000000800000", @ANYRESDEC=r3, @ANYBLOB=',allow_other,default_permissions,max_read=0x0000000000010001,dont_hash,fowner>', @ANYRESDEC=r4, @ANYBLOB=',mask=^MAY_APPEND,measure,hash,\x00'], 0x0, 0x0, &(0x7f0000004940)="a06769637eb40eeeb811bbbceb3a9c109216624394ad707920bf95b238ea48e87d30254a4869bbf0bc60f1c46572f89077eccf97318749bcbf14e0b7a0378a2f63cd4b165efc3d62cc69fc08efbf936062fc3428b6d2cf1a5ccedacf4eeff3b9d0dc14337668195902f0e32da272997a7b1be162b3ee6b0e85374b5127fef8d7dda645ac00cda74e89a62c0a953c6d05888a5ee90fff5c5f8b45ba9e1f43748a6b9bfe71cc92d4fb594e3d4ba7624df08daece2cd34bd5cbbf4ebfacc1488dde44122dc862fff2827c511e60a22e155743f2f737611c61d8df94abfd75bd7987ab5123a65066ef6f0d09577472572d580f70943315aa0a050f9e07c107cab6531daf183c5a466729a4483ba542facad6b2216185539cc28ef949e69e94db372a30e8cb1c6b187acc6b23e237e59b637f30601fee3dc980453cac3d22b52baebcd84f22762e99144db09ef482fcee0a7df2f9410d2965edcfa03b4d31284a18d2a27e728925f919f1217191129e2ab1bdca5579afd25a6ba78c166c11379e7725376925e807e2af0bc80bb3001350e6de1787ff41141b894a1de324e0337c3e11bae9e7f39ebfb8fd9324c2856421a726f148500c67c33af18b24b3aa0a63fa9afe38366a7d4e8f54825107a41572de24d911cafd0f69fc20fb801944f717cc4c2222cf83f04f9e2a3cb799d95775e23f5b30d33a5115ce2fa40dab3627f2c21579cff848b3222d11ecaa49ff92c4333627f8e7a5a42b8c291354cf48730530682fec940534d90946c664bc219314d5ef300eac745a0895f29469b77ef3c81b0de0e70aeb129ec027bac15fe60e8f25d0c37fbe14c57f10322e89f5b8b2a7a2abe55c5dbfc23753a6e15cf7386cc55aaae804c1063796723ab1b623c9fce6122fedf09fc1188d4a27087edad1842f2fee110701566f519f6f1fa8c353379e804aab639e5d3e527e55b319eb14a0c7dda00eef119ec66ed915cb6ef4117558da7702057cc774811d3ce26e52561ca4dd75b6e09ae959e95c158ccda32ea30e49bcca1fbecbcbb6b886c7288baf80641d54d7800bdf824dae2970f755b81dcc004ddb5aa19fcc2611287ee159539974e34fc447fccb9389eded5fac570a471fa2774855c04aa596ae097a32b57176895c735a2623f52296b1e9da716132de0d9c804154b5fcda4977a3fcebde2ad620202b7e741b1f961da4d0c6c18366b1c5e3427fdbbb185b2da8b57a6a2e37b37d7e54cc46e2b05c84c64defc7fa8c13a4ef8a93b3212d1eb262de5d94ee09646066438f0cdedd8b99d387d346a190fc33eb073e347e30ef849f500e142bbf42421c7344ed71c7c32b211e91014b145eb999801f80783797e05ffb865d80923b2715a5cc7bb44e22df29aa534e8089f494c915dfdbc8a2cc08f4252140ceb67f8aec6143ca61d3e75401d569ec09be2cbe76d83dbf74aa9e3b4a424d337cbadac4f3f1952c67096306179c4c318b64b6930fe287fbb27a1923de703f67516c7d25447c891352cfb3a1b7aa899376ac8943d67e952aa91444c0c0eea0744bb9a8c14df8b0148e0612a9791bb0a822051c983699fb76bdce42c32f907b10c1152ae4fc0a3b67816044e756bc0a49b2a23ce3e5ad40604c168965cb8cb1ace88ea1e8931f993f287b36b4a4f6471412e2d1806e462a9af8f17c4cc18e49332db0202103ae87fd4843af00b6cdd903cdde66e5ed01cfa1ad33ff16d1027a8939b7d9b8648185e187afcd0a1a10b2aa277d794e5602966c3dcddb6d0731282e2005b92483db1ce03138f46c7814cde493065500d598c4e1289f2565aab5ee5500a986095f84c74f5d3a18785015b04144f113b53bf5f712f4dc8b8042fa0b9e88a8089408c5c322e50b6376386a3de296f47bc7e10e9c47df1e866b287ed21443f710a697adffa10a2c61f3e930e5f62d6986a90e285352b45a2c23d1f7fd0afbbb7a00e7fbe1f74251582fb18e3cd21a0835cd5b4560fbb126f6f2f0d0efbfbb292b99563fd464566eac3b4fa5fe13dec79b3e69d4734e3c02c5ad57a0e2263ee802f2abecbb45b98e0e201c8750cc99de750364838a4315a37058b53137083b805be53ab948b25109b8c564c1ca75154d5bc943f735a60ea5612fe877a4a0b38cdddf92e60f744ac966aff4db77c9be1c38a52bc2109a1020bc93bc8628f9a3d6487173198535a9ebca47843bb639695f621f897e054086f41a7873d77331d48018285b0871ac6016bcb42a96488c287d3cd2aae7a08bc4b114589b59aa0c99157e672825d8fd1ac6728840916bdcd36fb5877ed56c734ca867ab36376362b1072d799aa455bb5c176044c01d29896eb14f8ae26ff693725b7436a0f0f68d3f972e794ae558b2cb65c8ae9c7a64666b456c0118ec6a7e789b2e6d2af01949cd8688e8361ae901554fac3ec90848052b5b80398ca6637914fb523db1989711e2c4c2710e9fea0ca3598bc615c07beaaa786340937a1a94c8db6f8351166db203b736efe8dd375d22445a0626308cb782840c4b26bd800865c616273d3e0ea479de3e3c53b3bf59dec0217360968af5d70abc357343ba3269a8019c4affc4f0f14318c6a10e5f8cef54ff348825819aae4dcf6e2bf175af793c83c3e553c46892e1a1c0aec6c8d2c3b81e8c6d693e3e12ee165400ed07009c3f2b1d3e2fe76b855979150b4625caae6521b8c1e779a853c4bc696f92b64997e797a33eccbcb1317646584fa591dc9fd6d2ada1ded28c82ba5e1088e62c38d152d1f02d6f8ea75d7ceb04af178d74aad98e189d0fe746b3532f97118a6c9d5c81727d36c71243c1a65b68356d9ea5ca6d2b04ccee6ab21918921eb66e9b9c329a4c7c97047f3613d612ba8067de70037517be284f294b7a9ff59fc35c2b7360e8f2b1a70856cb9f8577b837e1023a9774e733af8d0aa882efe2a3bfdef7d5fd4e18d7a4989ec57632eff6efbbf50c3b216e655d1474da3d4c0c5bbed7b56e325183e7ac2dc634268b2c61543b66bf78e0eb789f5d1d8285ca86cd82bf61d8f3804cdb139663e1155a5f896d8623b0eb6787af59f56950cbe87902941086abbfc8dd948f34184d286ced1872e03e1760539cc2398759e42e6e49f040f031558eb42f6e074cea6ba20121873561e447fe44db1282984b621713036ad91c8ad91d1284c54f0171984ee0cdca3c6645c8b4bcc6339a5f5080f510303ed72b0011013fa4cbf4c27ca94a4892dc030f216601fb49e8f6fc6aea7b7fd82aa6eae5560c32e341af4299f7d203872cb9ac5e80c20c26bcbaef0d822620bf035e9b5b1735e9b299cb469eed6c4561f043a9ea9b2f89152d971f82493ed97382710a50bee8aba4bf7ccac77891733bf538f535d8b38c57aa1839e449b932d6531ed543cc868e0828b6ad029761c406da8041183f9914f3ad719d8c3aebd190d2cc27b88c59ed03d1ae1de55a94e3af1a11f49d7600befd66ba10cec69af8db1809e78fb853e4178116fdefebc6d02ff8b608c3f50eac409cd7458bfc59b85522743d6180872a6119416903d1bb90280eb0fee6383e3eca45acc8aac55c0b4a3c5df2b0dcb04c600400571182f73b6880e46907a0e7d4ec45aac74efe63a8581ac33047f2b8d2ec765885a4c86767838741335f90309b4a815196894c4b019a98b6264aba02358a5d84cc33ce298289f470fd41258561ed7e8735f9b805fe63185ede451d357b05ad321656951f5094f4ea4f7b5334ff69cd0fa51541178713ff52646996c0a63dfeb26e0484cf30eb0e35210fda406ec1b7b5c15584864368c6b97716158db2eb98451062026ddbc8808ec234f4adc75360e523f822a7a13f6ef1c762cfc783a6aa948145f452c75930546fa708983e5cb6df338075b64d9db1b717e1b6765b8754323b26a057b942c2a897ee4de80ed9ba0eabbacfba3493bc1f36aaa5011cd3597ac416d2324a23bc1d9b0911304c0f998b593c40f1412ca87016bf95541642f3929432f10085308e7ba877463693e46e0ea3e7bbdb6ad25da4cc0d7da2b5609982c32ed72d19ccd6fffbeffe77c86924bcd54d29df59c1611f710e4364292de24103de430097db6628804547187e64fba99d01d214f77a3adfcfa687851741180fa99de8449fb3cdacb0e52ba2e762f7eec0f12ba58e3349aa903945c4f2078cfe54aec2cae833ab70a312459ea3e082b7c859a1dce15e398ade801c9f5287cf2bac9b8a96e2967863279f165b1f2dbee378cafe27291b7805973b2e96a0661364e1cae139bd281ef3cf577acb6908f9f1be761272e88c0fea6124473bebdf88d8f3054eb3694fa4b1bdacab64ff828e6a488bb0ca0d632ca4ad545df547ce25977b4503102039e3b1340bce4295b21a391d918ca955a7a4ccdd29fe7098ad26d81274a34c0479825c8a054bbb6cfb0c622c898be2785529c9afd89f4bd7cd697cce57446547d9a6ca2711f517516fd7a9900242ec59b29f977073fd1a04f5bc814e66683a987fbc6d3e5fd722d09893ae99f6e8eadf3769f3f66be7612c44e7c4228e1aae2f82a447ebb6bea6b2718ec2f70cb4c12d00928ab6c048c1a45012990e5d79f170d548890532b51c091f977540eeb311aae2e8dcccbd60bc991ee02de8fd992f1237509914717b9c58581cd4ba665124a283e1960ae5e42cb6024e0954c1e3ee3b681bd11e56d10f8f4cc4acd016acf0f2d7416c148c742e0aa9160faf3ddd78243db79b4bb5ec9b52fead5817f0fb50add2f0fb93ea8229c9e9e5555fbde846eb17503cba2b110c4a52bbd192e12ed7dfc198b9073007688fc675d078ffbbd5053573c5d3c008eb5a7159c3b80e498591f04abc89bd660c5945016bdc8102c71ce72e470eb6a991fe73035f680a41d20cf523897bbb028c826a1b57dd702401b6b53764e2f5e3b0cb5101bc114b6e747091a215552e1ae8d394b292a03a0c4c9c942913cffdd9c725a0fab09ae072716caab418308cb8cc5e222f4013293352c4778e99c2f860471f910da01e14a327635ce2e0d25a366ea3e55670837c303a584df385a85084880c39b91662f59dc54c74f3f9523af623965e7770485aad8f866a3b680c2ae8945cc88d8fd9ad6506939c434ed77a4c8d0265638f23f92ab879cbc5c0520db5ec32c2dba3cb7230d1d2fa01b1600267fcebd32aafd7e194982784725666b29506ea1d30bd5b29cac83832d9201930b650ba8008d408bb1e6abe74a27ec858fffcbf737e1efc682b576fc1b30c700c27413e254b15d40b56464b8e51ae8ec7776e878fcc48e068539c57e07ee63d8141ba7e34cecf1456b0b64e165bca274b456c57ab3e4295e32665fe3b2b9986cd17debce1214916031a0af02818f37707af8865f1d1c837fb13128a2d6b8505aa5a8d8c06562f2f39c2d3aa07a3cd969100e8df32a74d7c373d5e3aebd7a946f11129d91fd2c874dce70d9b94fdf82c0756ff432dd4b85ffb6c58726f4707256ce681b23df6768d73dd783ee33558c05316a5e51f3a1df6751ecc3c5b62cfa6373a6cee80cc2f65af606b39edcc20083211f649af7ffbc684d1877068f086e2dbe19fb0012cdffb39a1ee06efce25d606cc084e68d820c5040ccc3caf6f35694a81c9e5a4c9dedce5ae166fbffd6e3781187294faf6def703e33507e44858df952f0735fc6045479b3e59d2cba552a7456d9b2cd7f886dd5edb41a698d3e5878e579fb158161ac497aa424d2d823a502f5e1651c041895358d6260014b193af799432f38049ae395bfdc9c7c1924d7be85a25de8ec3677b9dad32644c1df9fc") (async) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000080)={"b40613c0de158a319a40d520c408b2f6c1ba8a3b8fbe9926af761a2fe00a202a", 0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000100)={"811171715e709e7e0445bfa9cebf8c9c0aba793bae0a749c1a2465babc6e1264", r5}) (async) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000140)={"14c2bf9feb000000fe56a855c020c756731458f2abd1fcb8ca6f3e683d91068d"}) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:20 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, 0x0) ioctl$mixer_OSS_GETVERSION(r1, 0x80044d76, &(0x7f0000000200)) ioctl$mixer_OSS_GETVERSION(r1, 0x80044d76, &(0x7f0000000080)) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000e40), 0x0, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f0000000e80)) read$usbmon(r2, &(0x7f00000000c0)=""/248, 0xf8) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000680)=ANY=[@ANYRESDEC=r1, @ANYBLOB="b1f83ec11fc85f56ddf5d601eb64534fd17db024f1b84e18c8841867cc5bf490c3b02a6e71108c4037d78ddd26ecfc77a144188be646df4d5eb9f3d9335de07331a61f40c947ad95df22d997566bf97730e35948f9ca2ed0724c6c50e2117e6d6d6942b0211432c78dab1d69be178253c00f176c99cdf98680e00b96755d3c62d28dd6cb03a0af88ae71a8e15b4444df8647d2772bd95018e40b6f9c62e8167e08db9fa280128b93f6cc28eb7bb9a44e86f7ef940e539978a09ead280978fd111ba96fdc4fde589f51eaf72d0d3bd821e2ae027aa7c0c1edb573387f0ba787da40bd3f1fd4ac356cdd712871089c1ae59ef4c3ee9ebc327d0670993e", @ANYBLOB="2c726f6f746d6f64653d303030303028de3030303030313430b74a0077f83c14bb5f69643d0000000000b43896f95991665bad449f9abcb5318fb82d9bdbe149f2cecf0c9e88d4b2a86fff8aac70413efca252f5772713619f50d37c52602878a7d671699a7d2ed2", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES8=r3, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000040)) 22:45:20 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:20 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}, {@allow_other}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}) 22:45:20 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 21) 22:45:20 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:20 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) [ 898.338183] FAULT_INJECTION: forcing a failure. [ 898.338183] name failslab, interval 1, probability 0, space 0, times 0 [ 898.353370] CPU: 0 PID: 15209 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 898.361287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 898.370640] Call Trace: [ 898.373232] dump_stack+0x1b2/0x281 [ 898.376870] should_fail.cold+0x10a/0x149 [ 898.381024] should_failslab+0xd6/0x130 [ 898.385005] __kmalloc+0x2c1/0x400 [ 898.388541] ? register_shrinker+0x1ab/0x220 [ 898.392952] register_shrinker+0x1ab/0x220 [ 898.397190] sget_userns+0x9aa/0xc10 [ 898.400907] ? get_anon_bdev+0x1c0/0x1c0 [ 898.404975] ? get_anon_bdev+0x1c0/0x1c0 [ 898.409035] sget+0xd1/0x110 [ 898.412057] ? fuse_get_root_inode+0xc0/0xc0 [ 898.416465] mount_nodev+0x2c/0xf0 [ 898.420007] mount_fs+0x92/0x2a0 [ 898.423379] vfs_kern_mount.part.0+0x5b/0x470 [ 898.427880] do_mount+0xe65/0x2a30 [ 898.431430] ? __do_page_fault+0x159/0xad0 [ 898.435668] ? retint_kernel+0x2d/0x2d [ 898.439559] ? copy_mount_string+0x40/0x40 [ 898.443798] ? memset+0x20/0x40 [ 898.447076] ? copy_mount_options+0x1fa/0x2f0 [ 898.451570] ? copy_mnt_ns+0xa30/0xa30 [ 898.455461] SyS_mount+0xa8/0x120 [ 898.458917] ? copy_mnt_ns+0xa30/0xa30 [ 898.462811] do_syscall_64+0x1d5/0x640 [ 898.466703] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 898.471889] RIP: 0033:0x7f8e2a1775fa [ 898.475595] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 22:45:20 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:20 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:20 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x11, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq={'fowner', 0x3d, r1}}, {@subj_type={'subj_type', 0x3d, '#\x03\x00'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="2b0000000400000049062f9a95383b82e97a5d2109470000000000000000050000000000000006000000000000000300"/57], 0x2b) 22:45:20 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 22) [ 898.483299] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 898.490568] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 898.497836] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 898.505105] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 898.512384] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:20 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000280)={0x2b, 0x4, 0x0, {0x7, 0x1, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@loopback, @in=@multicast1}}, {{@in=@private}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) [ 898.673343] FAULT_INJECTION: forcing a failure. [ 898.673343] name failslab, interval 1, probability 0, space 0, times 0 [ 898.688643] CPU: 1 PID: 15247 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 898.696547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 898.705899] Call Trace: [ 898.708488] dump_stack+0x1b2/0x281 [ 898.712127] should_fail.cold+0x10a/0x149 [ 898.716284] should_failslab+0xd6/0x130 [ 898.720269] __kmalloc+0x2c1/0x400 [ 898.723810] ? match_strdup+0x58/0xa0 [ 898.727613] ? map_id_down+0xe9/0x180 [ 898.731419] match_strdup+0x58/0xa0 [ 898.735058] fuse_fill_super+0x21d/0x15c0 [ 898.739219] ? fuse_get_root_inode+0xc0/0xc0 [ 898.743633] ? up_write+0x17/0x60 [ 898.747088] ? register_shrinker+0x15f/0x220 [ 898.751497] ? sget_userns+0x768/0xc10 [ 898.755391] ? get_anon_bdev+0x1c0/0x1c0 [ 898.759455] ? sget+0xd9/0x110 [ 898.762655] ? fuse_get_root_inode+0xc0/0xc0 [ 898.767066] mount_nodev+0x4c/0xf0 [ 898.770610] mount_fs+0x92/0x2a0 [ 898.773990] vfs_kern_mount.part.0+0x5b/0x470 [ 898.778485] do_mount+0xe65/0x2a30 [ 898.782014] ? __do_page_fault+0x159/0xad0 [ 898.786238] ? retint_kernel+0x2d/0x2d [ 898.790106] ? copy_mount_string+0x40/0x40 [ 898.794328] ? memset+0x20/0x40 [ 898.797596] ? copy_mount_options+0x1fa/0x2f0 [ 898.802074] ? copy_mnt_ns+0xa30/0xa30 [ 898.805949] SyS_mount+0xa8/0x120 [ 898.809380] ? copy_mnt_ns+0xa30/0xa30 [ 898.813251] do_syscall_64+0x1d5/0x640 [ 898.817126] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 898.822290] RIP: 0033:0x7f8e2a1775fa [ 898.825979] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 898.833689] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 898.840940] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 898.848196] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 898.855444] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 898.862691] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:21 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) read$FUSE(r1, &(0x7f0000002900)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x80000, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r2, @ANYBLOB="2c3d0000000000800000", @ANYRESDEC=r3, @ANYBLOB=',allow_other,default_permissions,max_read=0x0000000000010001,dont_hash,fowner>', @ANYRESDEC=r4, @ANYBLOB=',mask=^MAY_APPEND,measure,hash,\x00'], 0x0, 0x0, &(0x7f0000004940)="a06769637eb40eeeb811bbbceb3a9c109216624394ad707920bf95b238ea48e87d30254a4869bbf0bc60f1c46572f89077eccf97318749bcbf14e0b7a0378a2f63cd4b165efc3d62cc69fc08efbf936062fc3428b6d2cf1a5ccedacf4eeff3b9d0dc14337668195902f0e32da272997a7b1be162b3ee6b0e85374b5127fef8d7dda645ac00cda74e89a62c0a953c6d05888a5ee90fff5c5f8b45ba9e1f43748a6b9bfe71cc92d4fb594e3d4ba7624df08daece2cd34bd5cbbf4ebfacc1488dde44122dc862fff2827c511e60a22e155743f2f737611c61d8df94abfd75bd7987ab5123a65066ef6f0d09577472572d580f70943315aa0a050f9e07c107cab6531daf183c5a466729a4483ba542facad6b2216185539cc28ef949e69e94db372a30e8cb1c6b187acc6b23e237e59b637f30601fee3dc980453cac3d22b52baebcd84f22762e99144db09ef482fcee0a7df2f9410d2965edcfa03b4d31284a18d2a27e728925f919f1217191129e2ab1bdca5579afd25a6ba78c166c11379e7725376925e807e2af0bc80bb3001350e6de1787ff41141b894a1de324e0337c3e11bae9e7f39ebfb8fd9324c2856421a726f148500c67c33af18b24b3aa0a63fa9afe38366a7d4e8f54825107a41572de24d911cafd0f69fc20fb801944f717cc4c2222cf83f04f9e2a3cb799d95775e23f5b30d33a5115ce2fa40dab3627f2c21579cff848b3222d11ecaa49ff92c4333627f8e7a5a42b8c291354cf48730530682fec940534d90946c664bc219314d5ef300eac745a0895f29469b77ef3c81b0de0e70aeb129ec027bac15fe60e8f25d0c37fbe14c57f10322e89f5b8b2a7a2abe55c5dbfc23753a6e15cf7386cc55aaae804c1063796723ab1b623c9fce6122fedf09fc1188d4a27087edad1842f2fee110701566f519f6f1fa8c353379e804aab639e5d3e527e55b319eb14a0c7dda00eef119ec66ed915cb6ef4117558da7702057cc774811d3ce26e52561ca4dd75b6e09ae959e95c158ccda32ea30e49bcca1fbecbcbb6b886c7288baf80641d54d7800bdf824dae2970f755b81dcc004ddb5aa19fcc2611287ee159539974e34fc447fccb9389eded5fac570a471fa2774855c04aa596ae097a32b57176895c735a2623f52296b1e9da716132de0d9c804154b5fcda4977a3fcebde2ad620202b7e741b1f961da4d0c6c18366b1c5e3427fdbbb185b2da8b57a6a2e37b37d7e54cc46e2b05c84c64defc7fa8c13a4ef8a93b3212d1eb262de5d94ee09646066438f0cdedd8b99d387d346a190fc33eb073e347e30ef849f500e142bbf42421c7344ed71c7c32b211e91014b145eb999801f80783797e05ffb865d80923b2715a5cc7bb44e22df29aa534e8089f494c915dfdbc8a2cc08f4252140ceb67f8aec6143ca61d3e75401d569ec09be2cbe76d83dbf74aa9e3b4a424d337cbadac4f3f1952c67096306179c4c318b64b6930fe287fbb27a1923de703f67516c7d25447c891352cfb3a1b7aa899376ac8943d67e952aa91444c0c0eea0744bb9a8c14df8b0148e0612a9791bb0a822051c983699fb76bdce42c32f907b10c1152ae4fc0a3b67816044e756bc0a49b2a23ce3e5ad40604c168965cb8cb1ace88ea1e8931f993f287b36b4a4f6471412e2d1806e462a9af8f17c4cc18e49332db0202103ae87fd4843af00b6cdd903cdde66e5ed01cfa1ad33ff16d1027a8939b7d9b8648185e187afcd0a1a10b2aa277d794e5602966c3dcddb6d0731282e2005b92483db1ce03138f46c7814cde493065500d598c4e1289f2565aab5ee5500a986095f84c74f5d3a18785015b04144f113b53bf5f712f4dc8b8042fa0b9e88a8089408c5c322e50b6376386a3de296f47bc7e10e9c47df1e866b287ed21443f710a697adffa10a2c61f3e930e5f62d6986a90e285352b45a2c23d1f7fd0afbbb7a00e7fbe1f74251582fb18e3cd21a0835cd5b4560fbb126f6f2f0d0efbfbb292b99563fd464566eac3b4fa5fe13dec79b3e69d4734e3c02c5ad57a0e2263ee802f2abecbb45b98e0e201c8750cc99de750364838a4315a37058b53137083b805be53ab948b25109b8c564c1ca75154d5bc943f735a60ea5612fe877a4a0b38cdddf92e60f744ac966aff4db77c9be1c38a52bc2109a1020bc93bc8628f9a3d6487173198535a9ebca47843bb639695f621f897e054086f41a7873d77331d48018285b0871ac6016bcb42a96488c287d3cd2aae7a08bc4b114589b59aa0c99157e672825d8fd1ac6728840916bdcd36fb5877ed56c734ca867ab36376362b1072d799aa455bb5c176044c01d29896eb14f8ae26ff693725b7436a0f0f68d3f972e794ae558b2cb65c8ae9c7a64666b456c0118ec6a7e789b2e6d2af01949cd8688e8361ae901554fac3ec90848052b5b80398ca6637914fb523db1989711e2c4c2710e9fea0ca3598bc615c07beaaa786340937a1a94c8db6f8351166db203b736efe8dd375d22445a0626308cb782840c4b26bd800865c616273d3e0ea479de3e3c53b3bf59dec0217360968af5d70abc357343ba3269a8019c4affc4f0f14318c6a10e5f8cef54ff348825819aae4dcf6e2bf175af793c83c3e553c46892e1a1c0aec6c8d2c3b81e8c6d693e3e12ee165400ed07009c3f2b1d3e2fe76b855979150b4625caae6521b8c1e779a853c4bc696f92b64997e797a33eccbcb1317646584fa591dc9fd6d2ada1ded28c82ba5e1088e62c38d152d1f02d6f8ea75d7ceb04af178d74aad98e189d0fe746b3532f97118a6c9d5c81727d36c71243c1a65b68356d9ea5ca6d2b04ccee6ab21918921eb66e9b9c329a4c7c97047f3613d612ba8067de70037517be284f294b7a9ff59fc35c2b7360e8f2b1a70856cb9f8577b837e1023a9774e733af8d0aa882efe2a3bfdef7d5fd4e18d7a4989ec57632eff6efbbf50c3b216e655d1474da3d4c0c5bbed7b56e325183e7ac2dc634268b2c61543b66bf78e0eb789f5d1d8285ca86cd82bf61d8f3804cdb139663e1155a5f896d8623b0eb6787af59f56950cbe87902941086abbfc8dd948f34184d286ced1872e03e1760539cc2398759e42e6e49f040f031558eb42f6e074cea6ba20121873561e447fe44db1282984b621713036ad91c8ad91d1284c54f0171984ee0cdca3c6645c8b4bcc6339a5f5080f510303ed72b0011013fa4cbf4c27ca94a4892dc030f216601fb49e8f6fc6aea7b7fd82aa6eae5560c32e341af4299f7d203872cb9ac5e80c20c26bcbaef0d822620bf035e9b5b1735e9b299cb469eed6c4561f043a9ea9b2f89152d971f82493ed97382710a50bee8aba4bf7ccac77891733bf538f535d8b38c57aa1839e449b932d6531ed543cc868e0828b6ad029761c406da8041183f9914f3ad719d8c3aebd190d2cc27b88c59ed03d1ae1de55a94e3af1a11f49d7600befd66ba10cec69af8db1809e78fb853e4178116fdefebc6d02ff8b608c3f50eac409cd7458bfc59b85522743d6180872a6119416903d1bb90280eb0fee6383e3eca45acc8aac55c0b4a3c5df2b0dcb04c600400571182f73b6880e46907a0e7d4ec45aac74efe63a8581ac33047f2b8d2ec765885a4c86767838741335f90309b4a815196894c4b019a98b6264aba02358a5d84cc33ce298289f470fd41258561ed7e8735f9b805fe63185ede451d357b05ad321656951f5094f4ea4f7b5334ff69cd0fa51541178713ff52646996c0a63dfeb26e0484cf30eb0e35210fda406ec1b7b5c15584864368c6b97716158db2eb98451062026ddbc8808ec234f4adc75360e523f822a7a13f6ef1c762cfc783a6aa948145f452c75930546fa708983e5cb6df338075b64d9db1b717e1b6765b8754323b26a057b942c2a897ee4de80ed9ba0eabbacfba3493bc1f36aaa5011cd3597ac416d2324a23bc1d9b0911304c0f998b593c40f1412ca87016bf95541642f3929432f10085308e7ba877463693e46e0ea3e7bbdb6ad25da4cc0d7da2b5609982c32ed72d19ccd6fffbeffe77c86924bcd54d29df59c1611f710e4364292de24103de430097db6628804547187e64fba99d01d214f77a3adfcfa687851741180fa99de8449fb3cdacb0e52ba2e762f7eec0f12ba58e3349aa903945c4f2078cfe54aec2cae833ab70a312459ea3e082b7c859a1dce15e398ade801c9f5287cf2bac9b8a96e2967863279f165b1f2dbee378cafe27291b7805973b2e96a0661364e1cae139bd281ef3cf577acb6908f9f1be761272e88c0fea6124473bebdf88d8f3054eb3694fa4b1bdacab64ff828e6a488bb0ca0d632ca4ad545df547ce25977b4503102039e3b1340bce4295b21a391d918ca955a7a4ccdd29fe7098ad26d81274a34c0479825c8a054bbb6cfb0c622c898be2785529c9afd89f4bd7cd697cce57446547d9a6ca2711f517516fd7a9900242ec59b29f977073fd1a04f5bc814e66683a987fbc6d3e5fd722d09893ae99f6e8eadf3769f3f66be7612c44e7c4228e1aae2f82a447ebb6bea6b2718ec2f70cb4c12d00928ab6c048c1a45012990e5d79f170d548890532b51c091f977540eeb311aae2e8dcccbd60bc991ee02de8fd992f1237509914717b9c58581cd4ba665124a283e1960ae5e42cb6024e0954c1e3ee3b681bd11e56d10f8f4cc4acd016acf0f2d7416c148c742e0aa9160faf3ddd78243db79b4bb5ec9b52fead5817f0fb50add2f0fb93ea8229c9e9e5555fbde846eb17503cba2b110c4a52bbd192e12ed7dfc198b9073007688fc675d078ffbbd5053573c5d3c008eb5a7159c3b80e498591f04abc89bd660c5945016bdc8102c71ce72e470eb6a991fe73035f680a41d20cf523897bbb028c826a1b57dd702401b6b53764e2f5e3b0cb5101bc114b6e747091a215552e1ae8d394b292a03a0c4c9c942913cffdd9c725a0fab09ae072716caab418308cb8cc5e222f4013293352c4778e99c2f860471f910da01e14a327635ce2e0d25a366ea3e55670837c303a584df385a85084880c39b91662f59dc54c74f3f9523af623965e7770485aad8f866a3b680c2ae8945cc88d8fd9ad6506939c434ed77a4c8d0265638f23f92ab879cbc5c0520db5ec32c2dba3cb7230d1d2fa01b1600267fcebd32aafd7e194982784725666b29506ea1d30bd5b29cac83832d9201930b650ba8008d408bb1e6abe74a27ec858fffcbf737e1efc682b576fc1b30c700c27413e254b15d40b56464b8e51ae8ec7776e878fcc48e068539c57e07ee63d8141ba7e34cecf1456b0b64e165bca274b456c57ab3e4295e32665fe3b2b9986cd17debce1214916031a0af02818f37707af8865f1d1c837fb13128a2d6b8505aa5a8d8c06562f2f39c2d3aa07a3cd969100e8df32a74d7c373d5e3aebd7a946f11129d91fd2c874dce70d9b94fdf82c0756ff432dd4b85ffb6c58726f4707256ce681b23df6768d73dd783ee33558c05316a5e51f3a1df6751ecc3c5b62cfa6373a6cee80cc2f65af606b39edcc20083211f649af7ffbc684d1877068f086e2dbe19fb0012cdffb39a1ee06efce25d606cc084e68d820c5040ccc3caf6f35694a81c9e5a4c9dedce5ae166fbffd6e3781187294faf6def703e33507e44858df952f0735fc6045479b3e59d2cba552a7456d9b2cd7f886dd5edb41a698d3e5878e579fb158161ac497aa424d2d823a502f5e1651c041895358d6260014b193af799432f38049ae395bfdc9c7c1924d7be85a25de8ec3677b9dad32644c1df9fc") (async) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000080)={"b40613c0de158a319a40d520c408b2f6c1ba8a3b8fbe9926af761a2fe00a202a", 0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000100)={"811171715e709e7e0445bfa9cebf8c9c0aba793bae0a749c1a2465babc6e1264", r5}) (async) ioctl$SYNC_IOC_MERGE(r5, 0xc0303e03, &(0x7f0000000140)={"14c2bf9feb000000fe56a855c020c756731458f2abd1fcb8ca6f3e683d91068d"}) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:21 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, 0x0) ioctl$mixer_OSS_GETVERSION(r1, 0x80044d76, &(0x7f0000000200)) ioctl$mixer_OSS_GETVERSION(r1, 0x80044d76, &(0x7f0000000080)) (async) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000e40), 0x0, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f0000000e80)) (async) read$usbmon(r2, &(0x7f00000000c0)=""/248, 0xf8) (async) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000680)=ANY=[@ANYRESDEC=r1, @ANYBLOB="b1f83ec11fc85f56ddf5d601eb64534fd17db024f1b84e18c8841867cc5bf490c3b02a6e71108c4037d78ddd26ecfc77a144188be646df4d5eb9f3d9335de07331a61f40c947ad95df22d997566bf97730e35948f9ca2ed0724c6c50e2117e6d6d6942b0211432c78dab1d69be178253c00f176c99cdf98680e00b96755d3c62d28dd6cb03a0af88ae71a8e15b4444df8647d2772bd95018e40b6f9c62e8167e08db9fa280128b93f6cc28eb7bb9a44e86f7ef940e539978a09ead280978fd111ba96fdc4fde589f51eaf72d0d3bd821e2ae027aa7c0c1edb573387f0ba787da40bd3f1fd4ac356cdd712871089c1ae59ef4c3ee9ebc327d0670993e", @ANYBLOB="2c726f6f746d6f64653d303030303028de3030303030313430b74a0077f83c14bb5f69643d0000000000b43896f95991665bad449f9abcb5318fb82d9bdbe149f2cecf0c9e88d4b2a86fff8aac70413efca252f5772713619f50d37c52602878a7d671699a7d2ed2", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES8=r3, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000040)) 22:45:21 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:21 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:21 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 23) 22:45:21 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000280)={0x2b, 0x4, 0x0, {0x7, 0x1, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@loopback, @in=@multicast1}}, {{@in=@private}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) [ 899.208416] FAULT_INJECTION: forcing a failure. [ 899.208416] name failslab, interval 1, probability 0, space 0, times 0 [ 899.227085] CPU: 0 PID: 15277 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 899.235166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 899.244605] Call Trace: [ 899.247196] dump_stack+0x1b2/0x281 [ 899.250834] should_fail.cold+0x10a/0x149 22:45:21 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 899.255080] should_failslab+0xd6/0x130 [ 899.259065] __kmalloc+0x2c1/0x400 [ 899.262604] ? match_strdup+0x58/0xa0 [ 899.266408] ? map_id_down+0xe9/0x180 [ 899.270217] match_strdup+0x58/0xa0 [ 899.273854] fuse_fill_super+0x21d/0x15c0 [ 899.278004] ? fuse_get_root_inode+0xc0/0xc0 [ 899.282417] ? up_write+0x17/0x60 [ 899.285869] ? register_shrinker+0x15f/0x220 [ 899.290274] ? sget_userns+0x768/0xc10 [ 899.294167] ? get_anon_bdev+0x1c0/0x1c0 [ 899.298224] ? sget+0xd9/0x110 [ 899.301420] ? fuse_get_root_inode+0xc0/0xc0 22:45:21 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 899.305836] mount_nodev+0x4c/0xf0 [ 899.309379] mount_fs+0x92/0x2a0 [ 899.312747] vfs_kern_mount.part.0+0x5b/0x470 [ 899.317247] do_mount+0xe65/0x2a30 [ 899.320792] ? __do_page_fault+0x159/0xad0 [ 899.325028] ? retint_kernel+0x2d/0x2d [ 899.328922] ? copy_mount_string+0x40/0x40 [ 899.333160] ? memset+0x20/0x40 [ 899.336445] ? copy_mount_options+0x1fa/0x2f0 [ 899.340939] ? copy_mnt_ns+0xa30/0xa30 [ 899.344825] SyS_mount+0xa8/0x120 [ 899.348279] ? copy_mnt_ns+0xa30/0xa30 [ 899.352167] do_syscall_64+0x1d5/0x640 22:45:21 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:21 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000280)={0x2b, 0x4, 0x0, {0x7, 0x1, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@loopback, @in=@multicast1}}, {{@in=@private}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) [ 899.356057] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 899.361242] RIP: 0033:0x7f8e2a1775fa [ 899.364971] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 899.372681] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 899.379951] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 899.387221] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 899.394494] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 899.401768] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:21 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:21 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:22 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x8, 0x3c5643) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f00000000c0)=""/54) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',se=#}B,mei\x00'], 0x0, 0x0, 0x0) 22:45:22 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, 0x0) ioctl$mixer_OSS_GETVERSION(r1, 0x80044d76, &(0x7f0000000200)) (async) ioctl$mixer_OSS_GETVERSION(r1, 0x80044d76, &(0x7f0000000080)) (async) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) (async) r2 = syz_open_dev$usbmon(&(0x7f0000000e40), 0x0, 0x0) ioctl$MON_IOCG_STATS(r2, 0x80089203, &(0x7f0000000e80)) (async, rerun: 32) read$usbmon(r2, &(0x7f00000000c0)=""/248, 0xf8) (async, rerun: 32) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000680)=ANY=[@ANYRESDEC=r1, @ANYBLOB="b1f83ec11fc85f56ddf5d601eb64534fd17db024f1b84e18c8841867cc5bf490c3b02a6e71108c4037d78ddd26ecfc77a144188be646df4d5eb9f3d9335de07331a61f40c947ad95df22d997566bf97730e35948f9ca2ed0724c6c50e2117e6d6d6942b0211432c78dab1d69be178253c00f176c99cdf98680e00b96755d3c62d28dd6cb03a0af88ae71a8e15b4444df8647d2772bd95018e40b6f9c62e8167e08db9fa280128b93f6cc28eb7bb9a44e86f7ef940e539978a09ead280978fd111ba96fdc4fde589f51eaf72d0d3bd821e2ae027aa7c0c1edb573387f0ba787da40bd3f1fd4ac356cdd712871089c1ae59ef4c3ee9ebc327d0670993e", @ANYBLOB="2c726f6f746d6f64653d303030303028de3030303030313430b74a0077f83c14bb5f69643d0000000000b43896f95991665bad449f9abcb5318fb82d9bdbe149f2cecf0c9e88d4b2a86fff8aac70413efca252f5772713619f50d37c52602878a7d671699a7d2ed2", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES8=r3, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async, rerun: 32) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000040)) (rerun: 32) 22:45:22 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 24) 22:45:22 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:22 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/64, 0x40) ioctl$SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, &(0x7f0000000000)) 22:45:22 executing program 3: mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:22 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x8, 0x3c5643) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f00000000c0)=""/54) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',se=#}B,mei\x00'], 0x0, 0x0, 0x0) 22:45:22 executing program 3: mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) [ 900.184471] FAULT_INJECTION: forcing a failure. [ 900.184471] name failslab, interval 1, probability 0, space 0, times 0 [ 900.210128] CPU: 0 PID: 15340 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 900.218039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 900.227393] Call Trace: [ 900.229986] dump_stack+0x1b2/0x281 22:45:22 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 900.233625] should_fail.cold+0x10a/0x149 [ 900.237783] should_failslab+0xd6/0x130 [ 900.241774] kmem_cache_alloc_trace+0x29a/0x3d0 [ 900.246469] fuse_fill_super+0x74f/0x15c0 [ 900.250624] ? fuse_get_root_inode+0xc0/0xc0 [ 900.255035] ? up_write+0x17/0x60 [ 900.258490] ? register_shrinker+0x15f/0x220 [ 900.262901] ? sget_userns+0x768/0xc10 [ 900.266798] ? get_anon_bdev+0x1c0/0x1c0 [ 900.270858] ? sget+0xd9/0x110 [ 900.274053] ? fuse_get_root_inode+0xc0/0xc0 [ 900.278467] mount_nodev+0x4c/0xf0 [ 900.282016] mount_fs+0x92/0x2a0 [ 900.285392] vfs_kern_mount.part.0+0x5b/0x470 [ 900.289895] do_mount+0xe65/0x2a30 [ 900.293445] ? __do_page_fault+0x159/0xad0 [ 900.297681] ? retint_kernel+0x2d/0x2d [ 900.301578] ? copy_mount_string+0x40/0x40 [ 900.305822] ? memset+0x20/0x40 [ 900.309102] ? copy_mount_options+0x1fa/0x2f0 [ 900.313596] ? copy_mnt_ns+0xa30/0xa30 [ 900.317486] SyS_mount+0xa8/0x120 [ 900.320941] ? copy_mnt_ns+0xa30/0xa30 [ 900.324834] do_syscall_64+0x1d5/0x640 [ 900.328734] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 22:45:22 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:22 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="0c67726f75705f696403", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)=0x0) getresuid(&(0x7f0000000280), &(0x7f00000002c0)=0x0, &(0x7f0000000300)) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x94, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}], [{@fsmagic={'fsmagic', 0x3d, 0x80000000000}}, {@uid_gt={'uid>', 0xee01}}, {@permit_directio}, {@obj_role={'obj_role', 0x3d, '#}^'}}, {@uid_eq={'uid', 0x3d, r3}}]}}) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f00000000c0)={0x26, 0x3, 0x0, {0x5, 0x5, 0x0, 'fuse\x00'}}, 0x26) 22:45:22 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x8, 0x3c5643) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f00000000c0)=""/54) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',se=#}B,mei\x00'], 0x0, 0x0, 0x0) [ 900.333926] RIP: 0033:0x7f8e2a1775fa [ 900.337642] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 900.345356] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 900.352624] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 900.359894] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 900.367176] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 900.374446] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:22 executing program 3: mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:22 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000440)={0x675e}, 0x4) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in=@private, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000180)=0xe8) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@allow_other}, {}, {@allow_other}], [{@fowner_lt={'fowner<', r2}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20048804) 22:45:22 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 25) 22:45:22 executing program 3: syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) [ 900.605001] FAULT_INJECTION: forcing a failure. [ 900.605001] name failslab, interval 1, probability 0, space 0, times 0 [ 900.626366] CPU: 0 PID: 15391 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 900.634275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 900.643638] Call Trace: [ 900.646250] dump_stack+0x1b2/0x281 [ 900.649903] should_fail.cold+0x10a/0x149 [ 900.654055] should_failslab+0xd6/0x130 [ 900.658039] __kmalloc+0x2c1/0x400 [ 900.661581] ? match_number+0x9d/0x200 [ 900.665477] match_number+0x9d/0x200 [ 900.669193] ? match_strdup+0xa0/0xa0 [ 900.672996] ? map_id_down+0xe9/0x180 [ 900.676807] fuse_fill_super+0x1d0/0x15c0 [ 900.680970] ? fuse_get_root_inode+0xc0/0xc0 [ 900.685379] ? up_write+0x17/0x60 [ 900.688813] ? register_shrinker+0x15f/0x220 [ 900.693196] ? sget_userns+0x768/0xc10 [ 900.697069] ? get_anon_bdev+0x1c0/0x1c0 [ 900.701105] ? sget+0xd9/0x110 [ 900.704277] ? fuse_get_root_inode+0xc0/0xc0 [ 900.708664] mount_nodev+0x4c/0xf0 [ 900.712184] mount_fs+0x92/0x2a0 [ 900.715527] vfs_kern_mount.part.0+0x5b/0x470 [ 900.719998] do_mount+0xe65/0x2a30 [ 900.723519] ? __do_page_fault+0x159/0xad0 [ 900.727729] ? retint_kernel+0x2d/0x2d [ 900.731594] ? copy_mount_string+0x40/0x40 [ 900.735812] ? memset+0x20/0x40 [ 900.739073] ? copy_mount_options+0x1fa/0x2f0 [ 900.743548] ? copy_mnt_ns+0xa30/0xa30 [ 900.747416] SyS_mount+0xa8/0x120 [ 900.750847] ? copy_mnt_ns+0xa30/0xa30 [ 900.754713] do_syscall_64+0x1d5/0x640 [ 900.758589] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 900.763758] RIP: 0033:0x7f8e2a1775fa [ 900.767445] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 900.775129] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 900.782376] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 900.789625] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 900.796873] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 900.804120] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:23 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/64, 0x40) (async, rerun: 64) ioctl$SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, &(0x7f0000000000)) (rerun: 64) 22:45:23 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:23 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="0c67726f75705f696403", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)=0x0) getresuid(&(0x7f0000000280), &(0x7f00000002c0)=0x0, &(0x7f0000000300)) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x94, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}], [{@fsmagic={'fsmagic', 0x3d, 0x80000000000}}, {@uid_gt={'uid>', 0xee01}}, {@permit_directio}, {@obj_role={'obj_role', 0x3d, '#}^'}}, {@uid_eq={'uid', 0x3d, r3}}]}}) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f00000000c0)={0x26, 0x3, 0x0, {0x5, 0x5, 0x0, 'fuse\x00'}}, 0x26) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="0c67726f75705f696403", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)) (async) getresuid(&(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300)) (async) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x94, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}], [{@fsmagic={'fsmagic', 0x3d, 0x80000000000}}, {@uid_gt={'uid>', 0xee01}}, {@permit_directio}, {@obj_role={'obj_role', 0x3d, '#}^'}}, {@uid_eq={'uid', 0x3d, r3}}]}}) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f00000000c0)={0x26, 0x3, 0x0, {0x5, 0x5, 0x0, 'fuse\x00'}}, 0x26) (async) 22:45:23 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000440)={0x675e}, 0x4) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in=@private, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000180)=0xe8) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@allow_other}, {}, {@allow_other}], [{@fowner_lt={'fowner<', r2}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20048804) 22:45:23 executing program 3: syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:23 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 26) 22:45:23 executing program 3: syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:23 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="0c67726f75705f696403", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)=0x0) getresuid(&(0x7f0000000280), &(0x7f00000002c0)=0x0, &(0x7f0000000300)) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x94, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xa00}}, {@blksize={'blksize', 0x3d, 0x600}}, {@allow_other}], [{@fsmagic={'fsmagic', 0x3d, 0x80000000000}}, {@uid_gt={'uid>', 0xee01}}, {@permit_directio}, {@obj_role={'obj_role', 0x3d, '#}^'}}, {@uid_eq={'uid', 0x3d, r3}}]}}) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f00000000c0)={0x26, 0x3, 0x0, {0x5, 0x5, 0x0, 'fuse\x00'}}, 0x26) 22:45:23 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 901.154332] FAULT_INJECTION: forcing a failure. [ 901.154332] name failslab, interval 1, probability 0, space 0, times 0 22:45:23 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000440)={0x675e}, 0x4) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in=@private, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000180)=0xe8) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@allow_other}, {}, {@allow_other}], [{@fowner_lt={'fowner<', r2}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20048804) socket$inet6(0xa, 0x3, 0x4) (async) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000440)={0x675e}, 0x4) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in=@private, @in=@dev}}, {{@in=@broadcast}, 0x0, @in6=@mcast1}}, &(0x7f0000000180)=0xe8) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0xa00}}, {@allow_other}, {@allow_other}, {}, {@allow_other}], [{@fowner_lt={'fowner<', r2}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20048804) (async) [ 901.207211] CPU: 0 PID: 15407 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 901.215236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 901.224592] Call Trace: [ 901.227183] dump_stack+0x1b2/0x281 [ 901.230822] should_fail.cold+0x10a/0x149 [ 901.234978] should_failslab+0xd6/0x130 [ 901.238958] kmem_cache_alloc_trace+0x29a/0x3d0 [ 901.243637] fuse_fill_super+0x74f/0x15c0 [ 901.247792] ? fuse_get_root_inode+0xc0/0xc0 [ 901.252201] ? up_write+0x17/0x60 [ 901.255654] ? register_shrinker+0x15f/0x220 [ 901.260062] ? sget_userns+0x768/0xc10 [ 901.263959] ? get_anon_bdev+0x1c0/0x1c0 [ 901.268017] ? sget+0xd9/0x110 [ 901.271211] ? fuse_get_root_inode+0xc0/0xc0 [ 901.275621] mount_nodev+0x4c/0xf0 [ 901.279166] mount_fs+0x92/0x2a0 [ 901.282542] vfs_kern_mount.part.0+0x5b/0x470 [ 901.287045] do_mount+0xe65/0x2a30 [ 901.290590] ? __do_page_fault+0x159/0xad0 [ 901.294825] ? retint_kernel+0x2d/0x2d [ 901.298716] ? copy_mount_string+0x40/0x40 [ 901.302959] ? memset+0x20/0x40 22:45:23 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 901.306239] ? copy_mount_options+0x1fa/0x2f0 [ 901.310742] ? copy_mnt_ns+0xa30/0xa30 [ 901.314631] SyS_mount+0xa8/0x120 [ 901.318082] ? copy_mnt_ns+0xa30/0xa30 [ 901.321969] do_syscall_64+0x1d5/0x640 [ 901.325862] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 901.331053] RIP: 0033:0x7f8e2a1775fa [ 901.334760] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 901.342467] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 901.349741] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 901.357011] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 901.364284] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 901.371557] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:23 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:24 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) read$char_usb(0xffffffffffffffff, &(0x7f0000000040)=""/64, 0x40) ioctl$SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, &(0x7f0000000000)) 22:45:24 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 27) 22:45:24 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705fe9643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 22:45:24 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:24 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:24 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:24 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 902.085926] FAULT_INJECTION: forcing a failure. [ 902.085926] name failslab, interval 1, probability 0, space 0, times 0 22:45:24 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async, rerun: 32) socket$inet6_udp(0xa, 0x2, 0x0) (rerun: 32) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:24 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) [ 902.139320] CPU: 1 PID: 15468 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 902.147232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 902.156586] Call Trace: [ 902.159355] dump_stack+0x1b2/0x281 [ 902.162988] should_fail.cold+0x10a/0x149 [ 902.167149] should_failslab+0xd6/0x130 [ 902.171139] __kmalloc+0x2c1/0x400 [ 902.174687] ? match_number+0x9d/0x200 [ 902.178582] match_number+0x9d/0x200 [ 902.182301] ? match_strdup+0xa0/0xa0 [ 902.186101] ? map_id_down+0xe9/0x180 [ 902.189903] fuse_fill_super+0x1d0/0x15c0 [ 902.194052] ? fuse_get_root_inode+0xc0/0xc0 [ 902.198461] ? up_write+0x17/0x60 [ 902.201913] ? register_shrinker+0x15f/0x220 [ 902.206327] ? sget_userns+0x768/0xc10 [ 902.210226] ? get_anon_bdev+0x1c0/0x1c0 [ 902.214288] ? sget+0xd9/0x110 [ 902.217483] ? fuse_get_root_inode+0xc0/0xc0 [ 902.221892] mount_nodev+0x4c/0xf0 [ 902.225431] mount_fs+0x92/0x2a0 [ 902.228800] vfs_kern_mount.part.0+0x5b/0x470 [ 902.233297] do_mount+0xe65/0x2a30 [ 902.236841] ? __do_page_fault+0x159/0xad0 [ 902.241074] ? retint_kernel+0x2d/0x2d [ 902.244962] ? copy_mount_string+0x40/0x40 [ 902.249199] ? memset+0x20/0x40 [ 902.252485] ? copy_mount_options+0x1fa/0x2f0 [ 902.256981] ? copy_mnt_ns+0xa30/0xa30 [ 902.260868] SyS_mount+0xa8/0x120 [ 902.264320] ? copy_mnt_ns+0xa30/0xa30 [ 902.268210] do_syscall_64+0x1d5/0x640 [ 902.272104] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 902.277289] RIP: 0033:0x7f8e2a1775fa [ 902.280993] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 22:45:24 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:24 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705fe9643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) [ 902.288702] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 902.295976] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 902.303247] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 902.310517] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 902.317786] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:24 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 28) [ 902.467298] FAULT_INJECTION: forcing a failure. [ 902.467298] name failslab, interval 1, probability 0, space 0, times 0 [ 902.479844] CPU: 1 PID: 15501 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 902.487745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 902.497109] Call Trace: [ 902.499701] dump_stack+0x1b2/0x281 [ 902.503347] should_fail.cold+0x10a/0x149 [ 902.507506] should_failslab+0xd6/0x130 [ 902.511489] kmem_cache_alloc_trace+0x29a/0x3d0 [ 902.516167] fuse_dev_alloc+0x4b/0x310 [ 902.520059] ? task_active_pid_ns+0xa1/0xc0 [ 902.524389] fuse_fill_super+0x79d/0x15c0 [ 902.528546] ? fuse_get_root_inode+0xc0/0xc0 [ 902.532962] ? up_write+0x17/0x60 [ 902.536419] ? register_shrinker+0x15f/0x220 [ 902.540824] ? sget_userns+0x768/0xc10 [ 902.544700] ? get_anon_bdev+0x1c0/0x1c0 [ 902.548739] ? sget+0xd9/0x110 [ 902.551913] ? fuse_get_root_inode+0xc0/0xc0 [ 902.556305] mount_nodev+0x4c/0xf0 [ 902.559832] mount_fs+0x92/0x2a0 [ 902.563183] vfs_kern_mount.part.0+0x5b/0x470 [ 902.567661] do_mount+0xe65/0x2a30 [ 902.571184] ? __do_page_fault+0x159/0xad0 [ 902.575406] ? retint_kernel+0x2d/0x2d [ 902.579282] ? copy_mount_string+0x40/0x40 [ 902.583504] ? memset+0x20/0x40 [ 902.586777] ? copy_mount_options+0x1fa/0x2f0 [ 902.591255] ? copy_mnt_ns+0xa30/0xa30 [ 902.595129] SyS_mount+0xa8/0x120 [ 902.598568] ? copy_mnt_ns+0xa30/0xa30 [ 902.602433] do_syscall_64+0x1d5/0x640 [ 902.606305] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 902.611480] RIP: 0033:0x7f8e2a1775fa [ 902.615171] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 902.622870] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 902.630119] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 902.637381] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 902.644642] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 902.651898] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:25 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) 22:45:25 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:25 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0) 22:45:25 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705fe9643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 22:45:25 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:25 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 29) 22:45:25 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 903.070994] FAULT_INJECTION: forcing a failure. [ 903.070994] name failslab, interval 1, probability 0, space 0, times 0 [ 903.088190] CPU: 1 PID: 15515 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 903.096098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 903.105458] Call Trace: [ 903.108055] dump_stack+0x1b2/0x281 [ 903.111700] should_fail.cold+0x10a/0x149 [ 903.115860] should_failslab+0xd6/0x130 [ 903.119848] kmem_cache_alloc_trace+0x29a/0x3d0 [ 903.124529] wb_congested_get_create+0x15b/0x360 [ 903.129296] wb_init+0x4f6/0x7c0 [ 903.132679] ? __raw_spin_lock_init+0x28/0x100 [ 903.137267] cgwb_bdi_init+0xe2/0x1e0 [ 903.141076] bdi_alloc_node+0x224/0x2e0 [ 903.145060] super_setup_bdi_name+0x8b/0x220 [ 903.149463] ? kill_block_super+0xe0/0xe0 [ 903.153602] ? __lockdep_init_map+0x100/0x560 [ 903.158128] ? do_raw_spin_unlock+0x164/0x220 [ 903.162642] fuse_fill_super+0x937/0x15c0 [ 903.166804] ? fuse_get_root_inode+0xc0/0xc0 [ 903.171220] ? up_write+0x17/0x60 [ 903.174678] ? register_shrinker+0x15f/0x220 [ 903.179103] ? sget_userns+0x768/0xc10 [ 903.183006] ? get_anon_bdev+0x1c0/0x1c0 [ 903.187069] ? sget+0xd9/0x110 [ 903.190268] ? fuse_get_root_inode+0xc0/0xc0 [ 903.194681] mount_nodev+0x4c/0xf0 [ 903.198220] mount_fs+0x92/0x2a0 [ 903.201585] vfs_kern_mount.part.0+0x5b/0x470 [ 903.206087] do_mount+0xe65/0x2a30 [ 903.209631] ? __do_page_fault+0x159/0xad0 [ 903.213863] ? retint_kernel+0x2d/0x2d 22:45:25 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) [ 903.217755] ? copy_mount_string+0x40/0x40 [ 903.221995] ? memset+0x20/0x40 [ 903.225276] ? copy_mount_options+0x1fa/0x2f0 [ 903.229783] ? copy_mnt_ns+0xa30/0xa30 [ 903.233675] SyS_mount+0xa8/0x120 [ 903.237132] ? copy_mnt_ns+0xa30/0xa30 [ 903.241018] do_syscall_64+0x1d5/0x640 [ 903.244911] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 903.250101] RIP: 0033:0x7f8e2a1775fa [ 903.253809] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 903.261517] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa 22:45:25 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0, 0x0) 22:45:25 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:25 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 30) [ 903.268789] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 903.276060] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 903.283328] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 903.290598] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:25 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}], [{@euid_eq={'euid', 0x3d, 0xee01}}, {@pcr={'pcr', 0x3d, 0x13}}]}}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303134a6a5a83767d2f75ce351adea919530302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) [ 903.455785] FAULT_INJECTION: forcing a failure. [ 903.455785] name failslab, interval 1, probability 0, space 0, times 0 [ 903.470461] CPU: 1 PID: 15552 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 903.478359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 903.487711] Call Trace: [ 903.490306] dump_stack+0x1b2/0x281 [ 903.493942] should_fail.cold+0x10a/0x149 [ 903.498101] should_failslab+0xd6/0x130 [ 903.502087] kmem_cache_alloc_trace+0x29a/0x3d0 [ 903.506761] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 903.511879] device_create_groups_vargs+0x7b/0x250 [ 903.516903] device_create_vargs+0x3a/0x50 [ 903.521137] bdi_register_va.part.0+0x35/0x650 [ 903.525708] bdi_register_va+0x63/0x80 [ 903.529577] super_setup_bdi_name+0x123/0x220 [ 903.534081] ? kill_block_super+0xe0/0xe0 [ 903.538210] ? do_raw_spin_unlock+0x164/0x220 [ 903.542693] fuse_fill_super+0x937/0x15c0 [ 903.546823] ? fuse_get_root_inode+0xc0/0xc0 [ 903.551211] ? up_write+0x17/0x60 [ 903.554648] ? register_shrinker+0x15f/0x220 [ 903.559033] ? sget_userns+0x768/0xc10 [ 903.562905] ? get_anon_bdev+0x1c0/0x1c0 [ 903.566945] ? sget+0xd9/0x110 [ 903.570122] ? fuse_get_root_inode+0xc0/0xc0 [ 903.574511] mount_nodev+0x4c/0xf0 [ 903.578029] mount_fs+0x92/0x2a0 [ 903.581379] vfs_kern_mount.part.0+0x5b/0x470 [ 903.585856] do_mount+0xe65/0x2a30 [ 903.589385] ? __do_page_fault+0x159/0xad0 [ 903.593610] ? retint_kernel+0x2d/0x2d [ 903.597481] ? copy_mount_string+0x40/0x40 [ 903.601699] ? memset+0x20/0x40 [ 903.604964] ? copy_mount_options+0x1fa/0x2f0 [ 903.609446] ? copy_mnt_ns+0xa30/0xa30 [ 903.613314] SyS_mount+0xa8/0x120 [ 903.616746] ? copy_mnt_ns+0xa30/0xa30 [ 903.620615] do_syscall_64+0x1d5/0x640 [ 903.624487] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 903.629655] RIP: 0033:0x7f8e2a1775fa [ 903.633343] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 903.641044] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 903.648300] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 903.655550] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 903.662803] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 903.670054] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:26 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) socket$nl_generic(0x10, 0x3, 0x10) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) (async) 22:45:26 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) 22:45:26 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0, 0x0) 22:45:26 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:26 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}], [{@euid_eq={'euid', 0x3d, 0xee01}}, {@pcr={'pcr', 0x3d, 0x13}}]}}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303134a6a5a83767d2f75ce351adea919530302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}], [{@euid_eq={'euid', 0x3d, 0xee01}}, {@pcr={'pcr', 0x3d, 0x13}}]}}) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303134a6a5a83767d2f75ce351adea919530302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) 22:45:26 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 31) 22:45:26 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:26 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)=""/116) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r3 = gettid() get_robust_list(r3, &(0x7f0000000b80)=0x0, &(0x7f0000000bc0)) write$FUSE_LK(r2, &(0x7f0000000240)={0x28, 0x0, 0x0, {{0x101, 0x1, 0x2, r3}}}, 0x28) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r5, 0x0, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r6, 0x0, 0x0) read$FUSE(r1, &(0x7f0000004980)={0x2020, 0x0, 0x0}, 0xfffffffffffffe4d) write$FUSE_INTERRUPT(r4, &(0x7f0000002900)={0x10, 0x0, r7}, 0x10) getresgid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=0x0) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000580)={0x220, 0x0, r7, [{{0x0, 0x3, 0x0, 0xb9e6, 0x7, 0x4, {0x4, 0xb2d, 0xd602, 0x3, 0x7, 0xffffffff, 0x9, 0x4, 0x0, 0x6000, 0x80000201, 0xee00, r8, 0x8, 0x20}}, {0x1, 0x201, 0x6e, 0x3e, '\xefO\x84\x0f\xb5{\xb4+*\xe4\xfb\xca\xd61X\xdb4\x90n\x84\xbf\"A\v[PJu\xa3\xa8|\'\x99;\x9e\xc7\xd7o\x96\x9f\x8b\xa6\xcew\x1eW\x14?\x10xu\xec\xb4\xff\xe2\xdb\xd5U\x87y\x17Pw\xb9\x90\x02\xbc\x1e\x01\x95\xbcv\x11\xea[\x97\xef\x95\xef\xff\x13t\xdbm\xc7\xf4a\xb8T@\xc6\xfbC8vq\xa6c\ft\x146\x19\xc6\x0f\xbe\x06`v\xd2'}}, {{0x5, 0x0, 0xee, 0xffffffffffffd017, 0x3d, 0x30e5, {0x0, 0x4, 0x7fffffffffffffff, 0x3, 0x6, 0x7fff, 0x4, 0x2, 0x50ac, 0xa000, 0x9, r9, 0xee00, 0x1, 0x2}}, {0x4, 0x6, 0x6a, 0x8, 'n\'&#(!\x12/\xf8\x10\x83\x00\x10\x00\x00\x00\x00\x00\x00\xf1A\xa4\xd7\xb5\xbf\x8d\xb4\xa7\xcb\x00\x84\x86E[?\xa6V\xb3\nG\x8d\x81\xaa\xe7\xf2\x8f\xffO\a\xff\xff\xff\x8b\na1\x90\xf99\\\xd4\x8f\x97\xbc\xb6\xea@\x1c|E\x1d\xcc\xcf*\x01\xbd\xa6}Pe`\x01\x83\xed\xdd\xff5\xbc\x90\xaa|\x00R.\x8es\x03`\x00\x00\x00\x00\x00\x00\x00\x00'}}]}, 0x220) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r10) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:26 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) mount$fuseblk(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x400}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}], [{@euid_eq={'euid', 0x3d, 0xee01}}, {@pcr={'pcr', 0x3d, 0x13}}]}}) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303134a6a5a83767d2f75ce351adea919530302c757365725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:26 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0, 0x0) [ 904.126369] FAULT_INJECTION: forcing a failure. [ 904.126369] name failslab, interval 1, probability 0, space 0, times 0 [ 904.175135] CPU: 0 PID: 15579 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 904.183048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 904.192401] Call Trace: [ 904.194990] dump_stack+0x1b2/0x281 [ 904.198629] should_fail.cold+0x10a/0x149 [ 904.202782] should_failslab+0xd6/0x130 [ 904.206760] kmem_cache_alloc_trace+0x29a/0x3d0 [ 904.211434] device_add+0xd72/0x15c0 [ 904.215153] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 904.220613] ? kfree_const+0x33/0x40 [ 904.224333] ? device_is_dependent+0x2a0/0x2a0 [ 904.228924] ? kfree+0x1f0/0x250 [ 904.232304] device_create_groups_vargs+0x1dc/0x250 [ 904.237329] device_create_vargs+0x3a/0x50 [ 904.241572] bdi_register_va.part.0+0x35/0x650 [ 904.246163] bdi_register_va+0x63/0x80 [ 904.250052] super_setup_bdi_name+0x123/0x220 [ 904.254553] ? kill_block_super+0xe0/0xe0 [ 904.258701] ? do_raw_spin_unlock+0x164/0x220 [ 904.263204] fuse_fill_super+0x937/0x15c0 [ 904.267356] ? fuse_get_root_inode+0xc0/0xc0 [ 904.271771] ? up_write+0x17/0x60 [ 904.275224] ? register_shrinker+0x15f/0x220 [ 904.279636] ? sget_userns+0x768/0xc10 [ 904.283534] ? get_anon_bdev+0x1c0/0x1c0 [ 904.287597] ? sget+0xd9/0x110 [ 904.290792] ? fuse_get_root_inode+0xc0/0xc0 [ 904.295205] mount_nodev+0x4c/0xf0 [ 904.298745] mount_fs+0x92/0x2a0 [ 904.302115] vfs_kern_mount.part.0+0x5b/0x470 [ 904.306614] do_mount+0xe65/0x2a30 [ 904.310158] ? __do_page_fault+0x159/0xad0 [ 904.314393] ? retint_kernel+0x2d/0x2d [ 904.318289] ? copy_mount_string+0x40/0x40 [ 904.322535] ? memset+0x20/0x40 22:45:26 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:26 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 904.325814] ? copy_mount_options+0x1fa/0x2f0 [ 904.330312] ? copy_mnt_ns+0xa30/0xa30 [ 904.334208] SyS_mount+0xa8/0x120 [ 904.337658] ? copy_mnt_ns+0xa30/0xa30 [ 904.341547] do_syscall_64+0x1d5/0x640 [ 904.345439] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 904.350624] RIP: 0033:0x7f8e2a1775fa [ 904.354327] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 904.362031] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 904.369307] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 904.376575] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 904.383847] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 904.391117] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:27 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) 22:45:27 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:27 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 22:45:27 executing program 2: getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000080)=""/74, &(0x7f0000000100)=0x4a) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x90000, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5ea5a701fe6ce00ffc521dd771c86577a2aea901dc35d9fa24a0ae0e14f47a2825dd98305e37d65aabeaf351967c3762d0a1b22f37acd61115f9e42c6d6561737572652c000000000000000000000000cea51991ed732b426c4e059696ca5f59b3d03d763a825b34f66822fd8f90c7a5948f97bc03b7960ef0ae40fa0ed90507decd95a5612dea6b4ded590603d99f3679d562b5b894366bb418d9c87bced1e1d08b561504801913a8ff32106c9f082912158c9876d45196b2b815e875bf7717e99126123723ca2226c4df3792bbb323d037c412e2aa98c05f9038f2e7d776c32a966f20863d1863133dc3639c0b894b55162d30fa9a807774"], 0x1, 0x0, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000140)=""/129) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) write$FUSE_GETXATTR(r0, &(0x7f0000000200)={0x18, 0xfffffffffffffff5, r3, {0x9}}, 0x18) 22:45:27 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 32) 22:45:27 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)=""/116) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r3 = gettid() get_robust_list(r3, &(0x7f0000000b80)=0x0, &(0x7f0000000bc0)) write$FUSE_LK(r2, &(0x7f0000000240)={0x28, 0x0, 0x0, {{0x101, 0x1, 0x2, r3}}}, 0x28) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r5, 0x0, 0x0) (async) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r6, 0x0, 0x0) (async) read$FUSE(r1, &(0x7f0000004980)={0x2020, 0x0, 0x0}, 0xfffffffffffffe4d) write$FUSE_INTERRUPT(r4, &(0x7f0000002900)={0x10, 0x0, r7}, 0x10) (async) getresgid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=0x0) (async) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000580)={0x220, 0x0, r7, [{{0x0, 0x3, 0x0, 0xb9e6, 0x7, 0x4, {0x4, 0xb2d, 0xd602, 0x3, 0x7, 0xffffffff, 0x9, 0x4, 0x0, 0x6000, 0x80000201, 0xee00, r8, 0x8, 0x20}}, {0x1, 0x201, 0x6e, 0x3e, '\xefO\x84\x0f\xb5{\xb4+*\xe4\xfb\xca\xd61X\xdb4\x90n\x84\xbf\"A\v[PJu\xa3\xa8|\'\x99;\x9e\xc7\xd7o\x96\x9f\x8b\xa6\xcew\x1eW\x14?\x10xu\xec\xb4\xff\xe2\xdb\xd5U\x87y\x17Pw\xb9\x90\x02\xbc\x1e\x01\x95\xbcv\x11\xea[\x97\xef\x95\xef\xff\x13t\xdbm\xc7\xf4a\xb8T@\xc6\xfbC8vq\xa6c\ft\x146\x19\xc6\x0f\xbe\x06`v\xd2'}}, {{0x5, 0x0, 0xee, 0xffffffffffffd017, 0x3d, 0x30e5, {0x0, 0x4, 0x7fffffffffffffff, 0x3, 0x6, 0x7fff, 0x4, 0x2, 0x50ac, 0xa000, 0x9, r9, 0xee00, 0x1, 0x2}}, {0x4, 0x6, 0x6a, 0x8, 'n\'&#(!\x12/\xf8\x10\x83\x00\x10\x00\x00\x00\x00\x00\x00\xf1A\xa4\xd7\xb5\xbf\x8d\xb4\xa7\xcb\x00\x84\x86E[?\xa6V\xb3\nG\x8d\x81\xaa\xe7\xf2\x8f\xffO\a\xff\xff\xff\x8b\na1\x90\xf99\\\xd4\x8f\x97\xbc\xb6\xea@\x1c|E\x1d\xcc\xcf*\x01\xbd\xa6}Pe`\x01\x83\xed\xdd\xff5\xbc\x90\xaa|\x00R.\x8es\x03`\x00\x00\x00\x00\x00\x00\x00\x00'}}]}, 0x220) (async) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r10) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:27 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:27 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 22:45:27 executing program 2: getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000080)=""/74, &(0x7f0000000100)=0x4a) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x90000, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5ea5a701fe6ce00ffc521dd771c86577a2aea901dc35d9fa24a0ae0e14f47a2825dd98305e37d65aabeaf351967c3762d0a1b22f37acd61115f9e42c6d6561737572652c000000000000000000000000cea51991ed732b426c4e059696ca5f59b3d03d763a825b34f66822fd8f90c7a5948f97bc03b7960ef0ae40fa0ed90507decd95a5612dea6b4ded590603d99f3679d562b5b894366bb418d9c87bced1e1d08b561504801913a8ff32106c9f082912158c9876d45196b2b815e875bf7717e99126123723ca2226c4df3792bbb323d037c412e2aa98c05f9038f2e7d776c32a966f20863d1863133dc3639c0b894b55162d30fa9a807774"], 0x1, 0x0, 0x0) (async) syz_init_net_socket$x25(0x9, 0x5, 0x0) (async) ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000140)=""/129) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) (async) write$FUSE_GETXATTR(r0, &(0x7f0000000200)={0x18, 0xfffffffffffffff5, r3, {0x9}}, 0x18) 22:45:27 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, 0xffffffffffffffff, 0x0, &(0x7f00000002c0)=""/116) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async) r3 = gettid() get_robust_list(r3, &(0x7f0000000b80)=0x0, &(0x7f0000000bc0)) (async) write$FUSE_LK(r2, &(0x7f0000000240)={0x28, 0x0, 0x0, {{0x101, 0x1, 0x2, r3}}}, 0x28) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r5, 0x0, 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r6, 0x0, 0x0) (async) read$FUSE(r1, &(0x7f0000004980)={0x2020, 0x0, 0x0}, 0xfffffffffffffe4d) write$FUSE_INTERRUPT(r4, &(0x7f0000002900)={0x10, 0x0, r7}, 0x10) (async) getresgid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)=0x0) (async) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000580)={0x220, 0x0, r7, [{{0x0, 0x3, 0x0, 0xb9e6, 0x7, 0x4, {0x4, 0xb2d, 0xd602, 0x3, 0x7, 0xffffffff, 0x9, 0x4, 0x0, 0x6000, 0x80000201, 0xee00, r8, 0x8, 0x20}}, {0x1, 0x201, 0x6e, 0x3e, '\xefO\x84\x0f\xb5{\xb4+*\xe4\xfb\xca\xd61X\xdb4\x90n\x84\xbf\"A\v[PJu\xa3\xa8|\'\x99;\x9e\xc7\xd7o\x96\x9f\x8b\xa6\xcew\x1eW\x14?\x10xu\xec\xb4\xff\xe2\xdb\xd5U\x87y\x17Pw\xb9\x90\x02\xbc\x1e\x01\x95\xbcv\x11\xea[\x97\xef\x95\xef\xff\x13t\xdbm\xc7\xf4a\xb8T@\xc6\xfbC8vq\xa6c\ft\x146\x19\xc6\x0f\xbe\x06`v\xd2'}}, {{0x5, 0x0, 0xee, 0xffffffffffffd017, 0x3d, 0x30e5, {0x0, 0x4, 0x7fffffffffffffff, 0x3, 0x6, 0x7fff, 0x4, 0x2, 0x50ac, 0xa000, 0x9, r9, 0xee00, 0x1, 0x2}}, {0x4, 0x6, 0x6a, 0x8, 'n\'&#(!\x12/\xf8\x10\x83\x00\x10\x00\x00\x00\x00\x00\x00\xf1A\xa4\xd7\xb5\xbf\x8d\xb4\xa7\xcb\x00\x84\x86E[?\xa6V\xb3\nG\x8d\x81\xaa\xe7\xf2\x8f\xffO\a\xff\xff\xff\x8b\na1\x90\xf99\\\xd4\x8f\x97\xbc\xb6\xea@\x1c|E\x1d\xcc\xcf*\x01\xbd\xa6}Pe`\x01\x83\xed\xdd\xff5\xbc\x90\xaa|\x00R.\x8es\x03`\x00\x00\x00\x00\x00\x00\x00\x00'}}]}, 0x220) (async) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r10) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 904.998688] FAULT_INJECTION: forcing a failure. [ 904.998688] name failslab, interval 1, probability 0, space 0, times 0 [ 905.075958] CPU: 0 PID: 15637 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 905.083869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 905.093221] Call Trace: [ 905.095812] dump_stack+0x1b2/0x281 [ 905.099443] should_fail.cold+0x10a/0x149 [ 905.103592] should_failslab+0xd6/0x130 [ 905.107572] kmem_cache_alloc_trace+0x29a/0x3d0 [ 905.112253] device_add+0xd72/0x15c0 [ 905.115977] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 905.122216] ? kfree_const+0x33/0x40 22:45:27 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 905.125931] ? device_is_dependent+0x2a0/0x2a0 [ 905.130515] ? kfree+0x1f0/0x250 [ 905.133888] device_create_groups_vargs+0x1dc/0x250 [ 905.138927] device_create_vargs+0x3a/0x50 [ 905.143169] bdi_register_va.part.0+0x35/0x650 [ 905.147751] bdi_register_va+0x63/0x80 [ 905.151639] super_setup_bdi_name+0x123/0x220 [ 905.156138] ? kill_block_super+0xe0/0xe0 [ 905.160292] ? do_raw_spin_unlock+0x164/0x220 [ 905.164798] fuse_fill_super+0x937/0x15c0 [ 905.168953] ? fuse_get_root_inode+0xc0/0xc0 [ 905.173364] ? up_write+0x17/0x60 [ 905.176820] ? register_shrinker+0x15f/0x220 [ 905.181234] ? sget_userns+0x768/0xc10 [ 905.185132] ? get_anon_bdev+0x1c0/0x1c0 [ 905.189191] ? sget+0xd9/0x110 [ 905.192386] ? fuse_get_root_inode+0xc0/0xc0 [ 905.196879] mount_nodev+0x4c/0xf0 [ 905.200429] mount_fs+0x92/0x2a0 [ 905.203799] vfs_kern_mount.part.0+0x5b/0x470 [ 905.208308] do_mount+0xe65/0x2a30 [ 905.211849] ? __do_page_fault+0x159/0xad0 [ 905.216085] ? retint_kernel+0x2d/0x2d [ 905.219993] ? copy_mount_string+0x40/0x40 [ 905.224236] ? memset+0x20/0x40 [ 905.227514] ? copy_mount_options+0x1fa/0x2f0 [ 905.232014] ? copy_mnt_ns+0xa30/0xa30 [ 905.235901] SyS_mount+0xa8/0x120 [ 905.239354] ? copy_mnt_ns+0xa30/0xa30 [ 905.243242] do_syscall_64+0x1d5/0x640 [ 905.247138] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 905.252323] RIP: 0033:0x7f8e2a1775fa [ 905.256026] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 905.263819] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa 22:45:27 executing program 2: getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000080)=""/74, &(0x7f0000000100)=0x4a) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x90000, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5ea5a701fe6ce00ffc521dd771c86577a2aea901dc35d9fa24a0ae0e14f47a2825dd98305e37d65aabeaf351967c3762d0a1b22f37acd61115f9e42c6d6561737572652c000000000000000000000000cea51991ed732b426c4e059696ca5f59b3d03d763a825b34f66822fd8f90c7a5948f97bc03b7960ef0ae40fa0ed90507decd95a5612dea6b4ded590603d99f3679d562b5b894366bb418d9c87bced1e1d08b561504801913a8ff32106c9f082912158c9876d45196b2b815e875bf7717e99126123723ca2226c4df3792bbb323d037c412e2aa98c05f9038f2e7d776c32a966f20863d1863133dc3639c0b894b55162d30fa9a807774"], 0x1, 0x0, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000140)=""/129) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r1, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) write$FUSE_GETXATTR(r0, &(0x7f0000000200)={0x18, 0xfffffffffffffff5, r3, {0x9}}, 0x18) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000080)=""/74, &(0x7f0000000100)=0x4a) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x90000, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5ea5a701fe6ce00ffc521dd771c86577a2aea901dc35d9fa24a0ae0e14f47a2825dd98305e37d65aabeaf351967c3762d0a1b22f37acd61115f9e42c6d6561737572652c000000000000000000000000cea51991ed732b426c4e059696ca5f59b3d03d763a825b34f66822fd8f90c7a5948f97bc03b7960ef0ae40fa0ed90507decd95a5612dea6b4ded590603d99f3679d562b5b894366bb418d9c87bced1e1d08b561504801913a8ff32106c9f082912158c9876d45196b2b815e875bf7717e99126123723ca2226c4df3792bbb323d037c412e2aa98c05f9038f2e7d776c32a966f20863d1863133dc3639c0b894b55162d30fa9a807774"], 0x1, 0x0, 0x0) (async) syz_init_net_socket$x25(0x9, 0x5, 0x0) (async) ioctl$EVIOCGREP(0xffffffffffffffff, 0x80084503, &(0x7f0000000140)=""/129) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r2, &(0x7f0000002900)={0x10, 0x0, r3}, 0x10) (async) write$FUSE_GETXATTR(r0, &(0x7f0000000200)={0x18, 0xfffffffffffffff5, r3, {0x9}}, 0x18) (async) [ 905.271083] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 905.278350] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 905.285614] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 905.292881] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:28 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 22:45:28 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:28 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000080)) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:28 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 33) 22:45:28 executing program 2: r0 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000080)={0x200000dc, 0x9, 0x0, 0x8, 0x10002, 0x5}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:28 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0xfffffffffffffffe, r0, {{0x9, 0x6, 0x4, 0xffffffffffffffff}}}, 0x28) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x4) read$char_usb(r3, &(0x7f00000001c0)=""/173, 0xad) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffff572f) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000022c0)={0x2020, 0x0, 0x0}, 0x2020) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000004300)={{{@in, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000180)=0xe8) getresuid(&(0x7f0000004400), &(0x7f0000004440)=0x0, &(0x7f0000004480)) write$FUSE_DIRENTPLUS(r5, &(0x7f00000044c0)={0x290, 0x0, r6, [{{0x4, 0x2, 0xf99, 0x3, 0x6, 0x1, {0x5, 0x3ff, 0xb47, 0x7fffffffffffffff, 0x1, 0x9, 0x7ff, 0x4, 0xc00000, 0x6000, 0x4, r7, r2, 0x77, 0x7}}, {0x5, 0xc5, 0x1, 0x8, '\\'}}, {{0x3, 0x2, 0x7, 0x0, 0x7f, 0x3d7, {0x1, 0x1, 0x8000000000000001, 0x9, 0x2, 0x80000001, 0x0, 0x80000000, 0x8001, 0x1000, 0x3f, r1, r2, 0x0, 0x462d}}, {0x4, 0x2, 0x1, 0x1, '!'}}, {{0x4, 0x0, 0x7fff, 0x2, 0x80000000, 0x3f, {0x4, 0x200, 0x8000000000000001, 0x5, 0x80000000, 0x1, 0x3f4, 0xffc00, 0x3f, 0xdc40b0fc160eb9b3, 0x75762c47, 0x0, 0xee01, 0x0, 0x1}}, {0x6, 0x8, 0x2, 0x19, '&]'}}, {{0x0, 0x3, 0x0, 0x80, 0x0, 0x81, {0x4, 0x5, 0x2f, 0x4, 0x100, 0x4, 0x6, 0x9, 0x0, 0x1000, 0x1, r8, r2, 0x7fff, 0x4}}, {0x1, 0x82, 0x1, 0x3, '%'}}]}, 0x290) write$char_usb(r4, &(0x7f0000000080)="f452d50946ec3544dc86fc8968682062539411933b0e629117efb73fd35b81933982bccaba0dfb0d7acf102b29356254bcf446a09e098414341b0236ecda25", 0x3f) r9 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r9, 0x29, 0xd4, &(0x7f0000000000), 0x4) setsockopt$MRT6_ASSERT(r9, 0x29, 0xcf, &(0x7f0000000100)=0x1, 0x4) write$char_usb(r4, &(0x7f0000000000)="a3f827acd10b7e667563a71fbbb65bd8d0e13f2c42a73622b1b610dba021f562c5f160a4ba18f481b153cc6dc1f744206036a12bbfbfa4c889d383249333cb47cdd26a1490f66859cd59c501027e4ac12e9ea377cf6dd10d", 0x58) 22:45:28 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 905.963005] FAULT_INJECTION: forcing a failure. [ 905.963005] name failslab, interval 1, probability 0, space 0, times 0 [ 905.995642] CPU: 1 PID: 15706 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 906.003555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 906.012919] Call Trace: [ 906.015507] dump_stack+0x1b2/0x281 [ 906.019144] should_fail.cold+0x10a/0x149 [ 906.023299] should_failslab+0xd6/0x130 [ 906.027281] __kmalloc_track_caller+0x2bc/0x400 [ 906.031954] ? kstrdup_const+0x35/0x60 [ 906.035847] kstrdup+0x36/0x70 [ 906.039038] kstrdup_const+0x35/0x60 [ 906.042754] __kernfs_new_node+0x2e/0x470 [ 906.046909] kernfs_create_dir_ns+0x8c/0x200 [ 906.051334] sysfs_create_dir_ns+0xb7/0x1d0 [ 906.055660] kobject_add_internal+0x28b/0x930 [ 906.060159] kobject_add+0x11f/0x180 [ 906.063874] ? kset_create_and_add+0x190/0x190 [ 906.068585] device_add+0x33f/0x15c0 [ 906.072322] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 906.077788] ? kfree_const+0x33/0x40 [ 906.081506] ? device_is_dependent+0x2a0/0x2a0 [ 906.086091] ? kfree+0x1f0/0x250 [ 906.089475] device_create_groups_vargs+0x1dc/0x250 [ 906.094499] device_create_vargs+0x3a/0x50 [ 906.098739] bdi_register_va.part.0+0x35/0x650 [ 906.103328] bdi_register_va+0x63/0x80 [ 906.107226] super_setup_bdi_name+0x123/0x220 [ 906.111732] ? kill_block_super+0xe0/0xe0 [ 906.115880] ? do_raw_spin_unlock+0x164/0x220 [ 906.120384] fuse_fill_super+0x937/0x15c0 [ 906.124539] ? fuse_get_root_inode+0xc0/0xc0 [ 906.128953] ? up_write+0x17/0x60 [ 906.132403] ? register_shrinker+0x15f/0x220 [ 906.136812] ? sget_userns+0x768/0xc10 [ 906.140714] ? get_anon_bdev+0x1c0/0x1c0 [ 906.144778] ? sget+0xd9/0x110 [ 906.147974] ? fuse_get_root_inode+0xc0/0xc0 [ 906.152386] mount_nodev+0x4c/0xf0 [ 906.155930] mount_fs+0x92/0x2a0 [ 906.159298] vfs_kern_mount.part.0+0x5b/0x470 22:45:28 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0xfffffffffffffffe, r0, {{0x9, 0x6, 0x4, 0xffffffffffffffff}}}, 0x28) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x4) read$char_usb(r3, &(0x7f00000001c0)=""/173, 0xad) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffff572f) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000022c0)={0x2020, 0x0, 0x0}, 0x2020) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000004300)={{{@in, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000180)=0xe8) getresuid(&(0x7f0000004400), &(0x7f0000004440)=0x0, &(0x7f0000004480)) write$FUSE_DIRENTPLUS(r5, &(0x7f00000044c0)={0x290, 0x0, r6, [{{0x4, 0x2, 0xf99, 0x3, 0x6, 0x1, {0x5, 0x3ff, 0xb47, 0x7fffffffffffffff, 0x1, 0x9, 0x7ff, 0x4, 0xc00000, 0x6000, 0x4, r7, r2, 0x77, 0x7}}, {0x5, 0xc5, 0x1, 0x8, '\\'}}, {{0x3, 0x2, 0x7, 0x0, 0x7f, 0x3d7, {0x1, 0x1, 0x8000000000000001, 0x9, 0x2, 0x80000001, 0x0, 0x80000000, 0x8001, 0x1000, 0x3f, r1, r2, 0x0, 0x462d}}, {0x4, 0x2, 0x1, 0x1, '!'}}, {{0x4, 0x0, 0x7fff, 0x2, 0x80000000, 0x3f, {0x4, 0x200, 0x8000000000000001, 0x5, 0x80000000, 0x1, 0x3f4, 0xffc00, 0x3f, 0xdc40b0fc160eb9b3, 0x75762c47, 0x0, 0xee01, 0x0, 0x1}}, {0x6, 0x8, 0x2, 0x19, '&]'}}, {{0x0, 0x3, 0x0, 0x80, 0x0, 0x81, {0x4, 0x5, 0x2f, 0x4, 0x100, 0x4, 0x6, 0x9, 0x0, 0x1000, 0x1, r8, r2, 0x7fff, 0x4}}, {0x1, 0x82, 0x1, 0x3, '%'}}]}, 0x290) write$char_usb(r4, &(0x7f0000000080)="f452d50946ec3544dc86fc8968682062539411933b0e629117efb73fd35b81933982bccaba0dfb0d7acf102b29356254bcf446a09e098414341b0236ecda25", 0x3f) r9 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r9, 0x29, 0xd4, &(0x7f0000000000), 0x4) setsockopt$MRT6_ASSERT(r9, 0x29, 0xcf, &(0x7f0000000100)=0x1, 0x4) write$char_usb(r4, &(0x7f0000000000)="a3f827acd10b7e667563a71fbbb65bd8d0e13f2c42a73622b1b610dba021f562c5f160a4ba18f481b153cc6dc1f744206036a12bbfbfa4c889d383249333cb47cdd26a1490f66859cd59c501027e4ac12e9ea377cf6dd10d", 0x58) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020}, 0x2020) (async) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0xfffffffffffffffe, r0, {{0x9, 0x6, 0x4, 0xffffffffffffffff}}}, 0x28) (async) syz_open_dev$char_usb(0xc, 0xb4, 0x4) (async) read$char_usb(r3, &(0x7f00000001c0)=""/173, 0xad) (async) syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffff572f) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000022c0)={0x2020}, 0x2020) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000004300)={{{@in, @in=@private}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000180)=0xe8) (async) getresuid(&(0x7f0000004400), &(0x7f0000004440), &(0x7f0000004480)) (async) write$FUSE_DIRENTPLUS(r5, &(0x7f00000044c0)={0x290, 0x0, r6, [{{0x4, 0x2, 0xf99, 0x3, 0x6, 0x1, {0x5, 0x3ff, 0xb47, 0x7fffffffffffffff, 0x1, 0x9, 0x7ff, 0x4, 0xc00000, 0x6000, 0x4, r7, r2, 0x77, 0x7}}, {0x5, 0xc5, 0x1, 0x8, '\\'}}, {{0x3, 0x2, 0x7, 0x0, 0x7f, 0x3d7, {0x1, 0x1, 0x8000000000000001, 0x9, 0x2, 0x80000001, 0x0, 0x80000000, 0x8001, 0x1000, 0x3f, r1, r2, 0x0, 0x462d}}, {0x4, 0x2, 0x1, 0x1, '!'}}, {{0x4, 0x0, 0x7fff, 0x2, 0x80000000, 0x3f, {0x4, 0x200, 0x8000000000000001, 0x5, 0x80000000, 0x1, 0x3f4, 0xffc00, 0x3f, 0xdc40b0fc160eb9b3, 0x75762c47, 0x0, 0xee01, 0x0, 0x1}}, {0x6, 0x8, 0x2, 0x19, '&]'}}, {{0x0, 0x3, 0x0, 0x80, 0x0, 0x81, {0x4, 0x5, 0x2f, 0x4, 0x100, 0x4, 0x6, 0x9, 0x0, 0x1000, 0x1, r8, r2, 0x7fff, 0x4}}, {0x1, 0x82, 0x1, 0x3, '%'}}]}, 0x290) (async) write$char_usb(r4, &(0x7f0000000080)="f452d50946ec3544dc86fc8968682062539411933b0e629117efb73fd35b81933982bccaba0dfb0d7acf102b29356254bcf446a09e098414341b0236ecda25", 0x3f) (async) socket$igmp6(0xa, 0x3, 0x2) (async) setsockopt$MRT6_FLUSH(r9, 0x29, 0xd4, &(0x7f0000000000), 0x4) (async) setsockopt$MRT6_ASSERT(r9, 0x29, 0xcf, &(0x7f0000000100)=0x1, 0x4) (async) write$char_usb(r4, &(0x7f0000000000)="a3f827acd10b7e667563a71fbbb65bd8d0e13f2c42a73622b1b610dba021f562c5f160a4ba18f481b153cc6dc1f744206036a12bbfbfa4c889d383249333cb47cdd26a1490f66859cd59c501027e4ac12e9ea377cf6dd10d", 0x58) (async) [ 906.163797] do_mount+0xe65/0x2a30 [ 906.167335] ? __do_page_fault+0x159/0xad0 [ 906.171568] ? retint_kernel+0x2d/0x2d [ 906.175452] ? copy_mount_string+0x40/0x40 [ 906.179699] ? memset+0x20/0x40 [ 906.182974] ? copy_mount_options+0x1fa/0x2f0 [ 906.187473] ? copy_mnt_ns+0xa30/0xa30 [ 906.191365] SyS_mount+0xa8/0x120 [ 906.194839] ? copy_mnt_ns+0xa30/0xa30 [ 906.198727] do_syscall_64+0x1d5/0x640 [ 906.202643] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 906.207829] RIP: 0033:0x7f8e2a1775fa 22:45:28 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0xfffffffffffffffe, r0, {{0x9, 0x6, 0x4, 0xffffffffffffffff}}}, 0x28) (async) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x4) read$char_usb(r3, &(0x7f00000001c0)=""/173, 0xad) (async) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0xffffffffffff572f) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000022c0)={0x2020, 0x0, 0x0}, 0x2020) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000004300)={{{@in, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000180)=0xe8) (async) getresuid(&(0x7f0000004400), &(0x7f0000004440)=0x0, &(0x7f0000004480)) write$FUSE_DIRENTPLUS(r5, &(0x7f00000044c0)={0x290, 0x0, r6, [{{0x4, 0x2, 0xf99, 0x3, 0x6, 0x1, {0x5, 0x3ff, 0xb47, 0x7fffffffffffffff, 0x1, 0x9, 0x7ff, 0x4, 0xc00000, 0x6000, 0x4, r7, r2, 0x77, 0x7}}, {0x5, 0xc5, 0x1, 0x8, '\\'}}, {{0x3, 0x2, 0x7, 0x0, 0x7f, 0x3d7, {0x1, 0x1, 0x8000000000000001, 0x9, 0x2, 0x80000001, 0x0, 0x80000000, 0x8001, 0x1000, 0x3f, r1, r2, 0x0, 0x462d}}, {0x4, 0x2, 0x1, 0x1, '!'}}, {{0x4, 0x0, 0x7fff, 0x2, 0x80000000, 0x3f, {0x4, 0x200, 0x8000000000000001, 0x5, 0x80000000, 0x1, 0x3f4, 0xffc00, 0x3f, 0xdc40b0fc160eb9b3, 0x75762c47, 0x0, 0xee01, 0x0, 0x1}}, {0x6, 0x8, 0x2, 0x19, '&]'}}, {{0x0, 0x3, 0x0, 0x80, 0x0, 0x81, {0x4, 0x5, 0x2f, 0x4, 0x100, 0x4, 0x6, 0x9, 0x0, 0x1000, 0x1, r8, r2, 0x7fff, 0x4}}, {0x1, 0x82, 0x1, 0x3, '%'}}]}, 0x290) write$char_usb(r4, &(0x7f0000000080)="f452d50946ec3544dc86fc8968682062539411933b0e629117efb73fd35b81933982bccaba0dfb0d7acf102b29356254bcf446a09e098414341b0236ecda25", 0x3f) (async) r9 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r9, 0x29, 0xd4, &(0x7f0000000000), 0x4) (async) setsockopt$MRT6_ASSERT(r9, 0x29, 0xcf, &(0x7f0000000100)=0x1, 0x4) write$char_usb(r4, &(0x7f0000000000)="a3f827acd10b7e667563a71fbbb65bd8d0e13f2c42a73622b1b610dba021f562c5f160a4ba18f481b153cc6dc1f744206036a12bbfbfa4c889d383249333cb47cdd26a1490f66859cd59c501027e4ac12e9ea377cf6dd10d", 0x58) 22:45:28 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:28 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, 0x0) (async, rerun: 64) ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000080)) (async, rerun: 64) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:28 executing program 2: r0 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, 0x0) (async, rerun: 32) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (rerun: 32) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000080)={0x200000dc, 0x9, 0x0, 0x8, 0x10002, 0x5}) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:28 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 906.211531] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 906.219236] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 906.226501] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 906.233765] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 906.241033] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 906.248304] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:28 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 34) [ 906.306980] kobject_add_internal failed for 0:59 (error: -12 parent: bdi) 22:45:28 executing program 0: ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = syz_open_dev$rtc(&(0x7f0000000000), 0x7, 0x8080) ioctl$RTC_WIE_OFF(r1, 0x7010) 22:45:28 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:28 executing program 1: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, 0x0) (async) ioctl$SOUND_MIXER_READ_RECSRC(r0, 0x80044dff, &(0x7f0000000080)) (async, rerun: 64) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 64) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:28 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:28 executing program 2: r0 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000080)={0x200000dc, 0x9, 0x0, 0x8, 0x10002, 0x5}) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:28 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 906.570997] FAULT_INJECTION: forcing a failure. [ 906.570997] name failslab, interval 1, probability 0, space 0, times 0 [ 906.582785] CPU: 1 PID: 15777 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 906.590665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 906.600011] Call Trace: [ 906.602578] dump_stack+0x1b2/0x281 [ 906.606185] should_fail.cold+0x10a/0x149 [ 906.610310] should_failslab+0xd6/0x130 [ 906.614262] kmem_cache_alloc+0x40/0x3c0 [ 906.618337] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 906.623935] idr_get_free_cmn+0x595/0x8d0 [ 906.628062] idr_alloc_cmn+0xe8/0x1e0 [ 906.631837] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 906.636651] ? fs_reclaim_release+0xd0/0x110 [ 906.641033] ? fs_reclaim_release+0xd0/0x110 [ 906.645417] idr_alloc_cyclic+0xc2/0x1d0 [ 906.649453] ? idr_alloc_cmn+0x1e0/0x1e0 [ 906.653491] ? __radix_tree_preload+0x1c3/0x250 [ 906.658137] __kernfs_new_node+0xaf/0x470 [ 906.662281] kernfs_create_dir_ns+0x8c/0x200 [ 906.666664] sysfs_create_dir_ns+0xb7/0x1d0 [ 906.670962] kobject_add_internal+0x28b/0x930 [ 906.675433] kobject_add+0x11f/0x180 [ 906.679121] ? kset_create_and_add+0x190/0x190 [ 906.683683] device_add+0x33f/0x15c0 [ 906.687373] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 906.692796] ? kfree_const+0x33/0x40 [ 906.696484] ? device_is_dependent+0x2a0/0x2a0 [ 906.701038] ? kfree+0x1f0/0x250 [ 906.704384] device_create_groups_vargs+0x1dc/0x250 [ 906.709379] device_create_vargs+0x3a/0x50 [ 906.713593] bdi_register_va.part.0+0x35/0x650 [ 906.718153] bdi_register_va+0x63/0x80 [ 906.722026] super_setup_bdi_name+0x123/0x220 [ 906.726500] ? kill_block_super+0xe0/0xe0 [ 906.730623] ? do_raw_spin_unlock+0x164/0x220 [ 906.735096] fuse_fill_super+0x937/0x15c0 [ 906.739223] ? fuse_get_root_inode+0xc0/0xc0 [ 906.743607] ? up_write+0x17/0x60 [ 906.747035] ? register_shrinker+0x15f/0x220 [ 906.751418] ? sget_userns+0x768/0xc10 [ 906.755283] ? get_anon_bdev+0x1c0/0x1c0 [ 906.759315] ? sget+0xd9/0x110 [ 906.762483] ? fuse_get_root_inode+0xc0/0xc0 [ 906.766888] mount_nodev+0x4c/0xf0 [ 906.770403] mount_fs+0x92/0x2a0 [ 906.773749] vfs_kern_mount.part.0+0x5b/0x470 [ 906.778221] do_mount+0xe65/0x2a30 [ 906.781747] ? __do_page_fault+0x159/0xad0 [ 906.785961] ? retint_kernel+0x2d/0x2d [ 906.789824] ? copy_mount_string+0x40/0x40 [ 906.794033] ? memset+0x20/0x40 [ 906.797287] ? copy_mount_options+0x1fa/0x2f0 [ 906.801753] ? copy_mnt_ns+0xa30/0xa30 [ 906.805617] SyS_mount+0xa8/0x120 [ 906.809043] ? copy_mnt_ns+0xa30/0xa30 [ 906.812904] do_syscall_64+0x1d5/0x640 [ 906.816779] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 906.821944] RIP: 0033:0x7f8e2a1775fa [ 906.825627] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 906.833308] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 906.840549] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 906.847885] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 906.855128] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 906.862369] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:29 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 22:45:29 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000080)=[0x8, 0x8]) 22:45:29 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:29 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 35) 22:45:29 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000080)={0x200000dc, 0x9, 0x0, 0x8, 0x10002, 0x5}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:29 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000080)=[0x8, 0x8]) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (async) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000080)=[0x8, 0x8]) (async) [ 907.218338] FAULT_INJECTION: forcing a failure. [ 907.218338] name failslab, interval 1, probability 0, space 0, times 0 [ 907.240988] CPU: 1 PID: 15825 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 907.248905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 907.258261] Call Trace: [ 907.260863] dump_stack+0x1b2/0x281 [ 907.264497] should_fail.cold+0x10a/0x149 [ 907.268649] should_failslab+0xd6/0x130 [ 907.272629] kmem_cache_alloc+0x28e/0x3c0 [ 907.276786] __kernfs_new_node+0x6f/0x470 [ 907.280947] kernfs_new_node+0x7b/0xe0 [ 907.284840] __kernfs_create_file+0x3d/0x320 [ 907.289257] sysfs_add_file_mode_ns+0x1e1/0x450 [ 907.293934] device_create_file+0xc8/0x100 [ 907.298178] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 907.303462] device_add+0x37a/0x15c0 [ 907.307180] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 907.312633] ? kfree_const+0x33/0x40 [ 907.316334] ? device_is_dependent+0x2a0/0x2a0 [ 907.320891] ? kfree+0x1f0/0x250 [ 907.324235] device_create_groups_vargs+0x1dc/0x250 [ 907.329239] device_create_vargs+0x3a/0x50 [ 907.333452] bdi_register_va.part.0+0x35/0x650 [ 907.338021] bdi_register_va+0x63/0x80 [ 907.341885] super_setup_bdi_name+0x123/0x220 [ 907.346365] ? kill_block_super+0xe0/0xe0 [ 907.350497] ? do_raw_spin_unlock+0x164/0x220 [ 907.354972] fuse_fill_super+0x937/0x15c0 [ 907.359101] ? fuse_get_root_inode+0xc0/0xc0 [ 907.363485] ? up_write+0x17/0x60 [ 907.366930] ? register_shrinker+0x15f/0x220 [ 907.371322] ? sget_userns+0x768/0xc10 [ 907.375190] ? get_anon_bdev+0x1c0/0x1c0 [ 907.379227] ? sget+0xd9/0x110 [ 907.382399] ? fuse_get_root_inode+0xc0/0xc0 [ 907.386790] mount_nodev+0x4c/0xf0 [ 907.390313] mount_fs+0x92/0x2a0 [ 907.393665] vfs_kern_mount.part.0+0x5b/0x470 [ 907.398144] do_mount+0xe65/0x2a30 [ 907.401662] ? __do_page_fault+0x159/0xad0 [ 907.405880] ? retint_kernel+0x2d/0x2d [ 907.409757] ? copy_mount_string+0x40/0x40 [ 907.413971] ? memset+0x20/0x40 [ 907.417249] ? copy_mount_options+0x1fa/0x2f0 [ 907.421732] ? copy_mnt_ns+0xa30/0xa30 [ 907.425612] SyS_mount+0xa8/0x120 [ 907.429052] ? copy_mnt_ns+0xa30/0xa30 [ 907.432920] do_syscall_64+0x1d5/0x640 [ 907.436790] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 907.441957] RIP: 0033:0x7f8e2a1775fa [ 907.445653] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 907.453349] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 907.460600] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 22:45:29 executing program 0: ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f0000000040)) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r1 = syz_open_dev$rtc(&(0x7f0000000000), 0x7, 0x8080) ioctl$RTC_WIE_OFF(r1, 0x7010) 22:45:29 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 22:45:29 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:29 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:29 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000080)=[0x8, 0x8]) 22:45:29 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 36) [ 907.467860] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 907.475118] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 907.482376] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:29 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="febf3167a2733562d7f5df1c1d2e2fab3dff2f", @ANYBLOB="9a4fdf3907f2766c005003f4ae91ecb4bb47016409c4ec6c4502f2b45d20c14d2c8a5d548cdf550649c51149aa95f019d2b4a88c2db54cb05d534314cbc6bf7a5f830864941815f5a1aa92808db22db8821708b76f669904baf0b3ab3157ddc4ffcdedc6af9610d7acec9ec6f942e37206d020350528d7a41ec8b86adb9676bd197664cc6bb2f19028f57502e5cf7109955d74b6699a8924327a14d87f919b59b8", @ANYBLOB="2c726f6f746d5464653d30303030303030303030303030303018013134303130302c757365725f69643d", @ANYRESDEC=0x0, @ANYRESOCT=r0, @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745ff065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c73c6626a5f747970653d237d5e2c00"], 0x0, 0x0, 0x0) 22:45:29 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) 22:45:29 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 22:45:29 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) [ 907.686814] FAULT_INJECTION: forcing a failure. [ 907.686814] name failslab, interval 1, probability 0, space 0, times 0 [ 907.740580] CPU: 0 PID: 15861 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 907.748489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 907.757849] Call Trace: [ 907.760437] dump_stack+0x1b2/0x281 [ 907.764072] should_fail.cold+0x10a/0x149 [ 907.768222] should_failslab+0xd6/0x130 [ 907.772199] kmem_cache_alloc+0x28e/0x3c0 [ 907.776352] __kernfs_new_node+0x6f/0x470 [ 907.780591] kernfs_new_node+0x7b/0xe0 [ 907.784493] __kernfs_create_file+0x3d/0x320 [ 907.788910] sysfs_add_file_mode_ns+0x1e1/0x450 [ 907.793587] device_create_file+0xc8/0x100 [ 907.797822] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 907.803103] device_add+0x37a/0x15c0 [ 907.806828] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 907.812283] ? kfree_const+0x33/0x40 [ 907.815999] ? device_is_dependent+0x2a0/0x2a0 [ 907.820587] ? kfree+0x1f0/0x250 [ 907.823961] device_create_groups_vargs+0x1dc/0x250 [ 907.828988] device_create_vargs+0x3a/0x50 [ 907.833229] bdi_register_va.part.0+0x35/0x650 [ 907.837816] bdi_register_va+0x63/0x80 [ 907.841706] super_setup_bdi_name+0x123/0x220 [ 907.846205] ? kill_block_super+0xe0/0xe0 [ 907.850361] ? do_raw_spin_unlock+0x164/0x220 [ 907.854868] fuse_fill_super+0x937/0x15c0 [ 907.859017] ? fuse_get_root_inode+0xc0/0xc0 [ 907.863596] ? up_write+0x17/0x60 [ 907.867055] ? register_shrinker+0x15f/0x220 [ 907.871457] ? sget_userns+0x768/0xc10 [ 907.875347] ? get_anon_bdev+0x1c0/0x1c0 [ 907.879405] ? sget+0xd9/0x110 [ 907.882601] ? fuse_get_root_inode+0xc0/0xc0 [ 907.887014] mount_nodev+0x4c/0xf0 [ 907.890550] mount_fs+0x92/0x2a0 [ 907.893925] vfs_kern_mount.part.0+0x5b/0x470 [ 907.898413] do_mount+0xe65/0x2a30 [ 907.901957] ? __do_page_fault+0x159/0xad0 [ 907.906174] ? retint_kernel+0x2d/0x2d [ 907.910040] ? copy_mount_string+0x40/0x40 [ 907.914266] ? memset+0x20/0x40 [ 907.917530] ? copy_mount_options+0x1fa/0x2f0 [ 907.922002] ? copy_mnt_ns+0xa30/0xa30 [ 907.925866] SyS_mount+0xa8/0x120 [ 907.929300] ? copy_mnt_ns+0xa30/0xa30 [ 907.933174] do_syscall_64+0x1d5/0x640 22:45:30 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="febf3167a2733562d7f5df1c1d2e2fab3dff2f", @ANYBLOB="9a4fdf3907f2766c005003f4ae91ecb4bb47016409c4ec6c4502f2b45d20c14d2c8a5d548cdf550649c51149aa95f019d2b4a88c2db54cb05d534314cbc6bf7a5f830864941815f5a1aa92808db22db8821708b76f669904baf0b3ab3157ddc4ffcdedc6af9610d7acec9ec6f942e37206d020350528d7a41ec8b86adb9676bd197664cc6bb2f19028f57502e5cf7109955d74b6699a8924327a14d87f919b59b8", @ANYBLOB="2c726f6f746d5464653d30303030303030303030303030303018013134303130302c757365725f69643d", @ANYRESDEC=0x0, @ANYRESOCT=r0, @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745ff065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c73c6626a5f747970653d237d5e2c00"], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="febf3167a2733562d7f5df1c1d2e2fab3dff2f", @ANYBLOB="9a4fdf3907f2766c005003f4ae91ecb4bb47016409c4ec6c4502f2b45d20c14d2c8a5d548cdf550649c51149aa95f019d2b4a88c2db54cb05d534314cbc6bf7a5f830864941815f5a1aa92808db22db8821708b76f669904baf0b3ab3157ddc4ffcdedc6af9610d7acec9ec6f942e37206d020350528d7a41ec8b86adb9676bd197664cc6bb2f19028f57502e5cf7109955d74b6699a8924327a14d87f919b59b8", @ANYBLOB="2c726f6f746d5464653d30303030303030303030303030303018013134303130302c757365725f69643d", @ANYRESDEC=0x0, @ANYRESOCT=r0, @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745ff065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c73c6626a5f747970653d237d5e2c00"], 0x0, 0x0, 0x0) (async) [ 907.937049] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 907.942214] RIP: 0033:0x7f8e2a1775fa [ 907.945900] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 907.953591] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 907.960936] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 907.968191] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 907.975469] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 907.982885] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:30 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) 22:45:30 executing program 0: ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f0000000040)) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r1 = syz_open_dev$rtc(&(0x7f0000000000), 0x7, 0x8080) ioctl$RTC_WIE_OFF(r1, 0x7010) 22:45:30 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(0x0, &(0x7f0000000480)) 22:45:30 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="febf3167a2733562d7f5df1c1d2e2fab3dff2f", @ANYBLOB="9a4fdf3907f2766c005003f4ae91ecb4bb47016409c4ec6c4502f2b45d20c14d2c8a5d548cdf550649c51149aa95f019d2b4a88c2db54cb05d534314cbc6bf7a5f830864941815f5a1aa92808db22db8821708b76f669904baf0b3ab3157ddc4ffcdedc6af9610d7acec9ec6f942e37206d020350528d7a41ec8b86adb9676bd197664cc6bb2f19028f57502e5cf7109955d74b6699a8924327a14d87f919b59b8", @ANYBLOB="2c726f6f746d5464653d30303030303030303030303030303018013134303130302c757365725f69643d", @ANYRESDEC=0x0, @ANYRESOCT=r0, @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745ff065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c73c6626a5f747970653d237d5e2c00"], 0x0, 0x0, 0x0) 22:45:30 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d656173757265c348"], 0x0, 0x0, 0x0) 22:45:30 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 37) 22:45:30 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:30 executing program 1: lookup_dcookie(0xe62, &(0x7f0000000040)=""/56, 0x38) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x26f400000000000}}, {@max_read={'max_read', 0x3d, 0x9ffc}}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x7fff}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20, 0x0, r4, {0x5, 0xc, 0x3, 0x2}}, 0x20) [ 908.604136] FAULT_INJECTION: forcing a failure. [ 908.604136] name failslab, interval 1, probability 0, space 0, times 0 [ 908.619215] CPU: 0 PID: 15928 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 908.627133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 908.636487] Call Trace: [ 908.639085] dump_stack+0x1b2/0x281 [ 908.642716] should_fail.cold+0x10a/0x149 [ 908.646879] should_failslab+0xd6/0x130 [ 908.650948] kmem_cache_alloc+0x28e/0x3c0 [ 908.655099] __kernfs_new_node+0x6f/0x470 [ 908.659258] kernfs_new_node+0x7b/0xe0 [ 908.663162] __kernfs_create_file+0x3d/0x320 [ 908.667569] sysfs_add_file_mode_ns+0x1e1/0x450 [ 908.672249] device_create_file+0xc8/0x100 [ 908.676495] ? acpi_platform_notify_remove+0x1f0/0x1f0 [ 908.681772] device_add+0x37a/0x15c0 [ 908.685501] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 908.690965] ? kfree_const+0x33/0x40 [ 908.694679] ? device_is_dependent+0x2a0/0x2a0 [ 908.699282] ? kfree+0x1f0/0x250 [ 908.702654] device_create_groups_vargs+0x1dc/0x250 [ 908.707678] device_create_vargs+0x3a/0x50 [ 908.711946] bdi_register_va.part.0+0x35/0x650 [ 908.716536] bdi_register_va+0x63/0x80 [ 908.720449] super_setup_bdi_name+0x123/0x220 [ 908.724949] ? kill_block_super+0xe0/0xe0 [ 908.729111] ? do_raw_spin_unlock+0x164/0x220 [ 908.733700] fuse_fill_super+0x937/0x15c0 [ 908.737863] ? fuse_get_root_inode+0xc0/0xc0 [ 908.742310] ? up_write+0x17/0x60 [ 908.745815] ? register_shrinker+0x15f/0x220 [ 908.750233] ? sget_userns+0x768/0xc10 [ 908.754349] ? get_anon_bdev+0x1c0/0x1c0 [ 908.758413] ? sget+0xd9/0x110 [ 908.761613] ? fuse_get_root_inode+0xc0/0xc0 [ 908.766024] mount_nodev+0x4c/0xf0 [ 908.769570] mount_fs+0x92/0x2a0 [ 908.772943] vfs_kern_mount.part.0+0x5b/0x470 [ 908.777448] do_mount+0xe65/0x2a30 [ 908.780991] ? __do_page_fault+0x159/0xad0 [ 908.785225] ? retint_kernel+0x2d/0x2d [ 908.789121] ? copy_mount_string+0x40/0x40 [ 908.793361] ? memset+0x20/0x40 [ 908.796644] ? copy_mount_options+0x1fa/0x2f0 [ 908.801230] ? copy_mnt_ns+0xa30/0xa30 22:45:30 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:30 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(0x0, &(0x7f0000000480)) 22:45:30 executing program 1: lookup_dcookie(0xe62, &(0x7f0000000040)=""/56, 0x38) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x26f400000000000}}, {@max_read={'max_read', 0x3d, 0x9ffc}}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x7fff}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async, rerun: 32) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20, 0x0, r4, {0x5, 0xc, 0x3, 0x2}}, 0x20) (rerun: 32) [ 908.805119] SyS_mount+0xa8/0x120 [ 908.808570] ? copy_mnt_ns+0xa30/0xa30 [ 908.812464] do_syscall_64+0x1d5/0x640 [ 908.816354] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 908.821624] RIP: 0033:0x7f8e2a1775fa [ 908.825328] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 908.833043] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 908.840316] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 908.847581] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 22:45:31 executing program 1: lookup_dcookie(0xe62, &(0x7f0000000040)=""/56, 0x38) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x26f400000000000}}, {@max_read={'max_read', 0x3d, 0x9ffc}}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x7fff}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async, rerun: 32) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (rerun: 32) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) write$FUSE_IOCTL(r1, &(0x7f0000000100)={0x20, 0x0, r4, {0x5, 0xc, 0x3, 0x2}}, 0x20) 22:45:31 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d656173757265c348"], 0x0, 0x0, 0x0) [ 908.854851] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 908.862122] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:31 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d656173757265c348"], 0x0, 0x0, 0x0) 22:45:31 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:31 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(0x0, &(0x7f0000000480)) 22:45:31 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:31 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 38) 22:45:31 executing program 2: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000300)={0x15, 0xc9, &(0x7f0000000200)="d0d2e5ae9f9087b5b95bb097e77f65e8f520754b53563ad362ab86dcc2f6cdeb675aec781117ebc16654b9eaaa1c64f3f114c0071b89b5aa6d39a900175c74cf2f7bbb863328518dd34956f31a17d4bde694138f3e2f7aa39d4ba24f7e1633929c067e4ef3f10d583fc420fadddeeea5b41fd3bd0a59be39ea3cc7e6b6592bee7170b467f8fb19ac98d10da3c3cfcb823fd76150edd072d0bc5d46d42fa71dcfd2770c0536b67a57d4786d8ceb87ff20e037cf890e9bf4eee7f4b790db13a01942d349e8ed4a74a9c9"}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRES16=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d86394a400de0f16b0c18935c7a183fae3ecabba813b77e231999548447c3ea61af7462b5c200a3da9dd683bd641155aa77d1ebb2f1e0eb75dfe56811a55a4805604b5b7ee2cfa953038353f1ac53810d0315580e848781b108c90b50a6", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002a40)={0x14}, 0x14}}, 0x0) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x40, r2, 0x101, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xc}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040810}, 0x24000000) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) [ 909.517641] FAULT_INJECTION: forcing a failure. [ 909.517641] name failslab, interval 1, probability 0, space 0, times 0 [ 909.531609] CPU: 0 PID: 15991 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 909.539527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 909.548883] Call Trace: [ 909.551471] dump_stack+0x1b2/0x281 [ 909.555101] should_fail.cold+0x10a/0x149 [ 909.559263] should_failslab+0xd6/0x130 [ 909.563243] kmem_cache_alloc+0x28e/0x3c0 22:45:31 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) [ 909.567407] __kernfs_new_node+0x6f/0x470 [ 909.571557] kernfs_new_node+0x7b/0xe0 [ 909.575445] kernfs_create_link+0x27/0x160 [ 909.579681] sysfs_do_create_link_sd+0x90/0x120 [ 909.588266] sysfs_create_link+0x5f/0xc0 [ 909.592332] device_add+0x749/0x15c0 [ 909.596138] ? kfree_const+0x33/0x40 [ 909.599853] ? device_is_dependent+0x2a0/0x2a0 [ 909.604433] ? kfree+0x1f0/0x250 [ 909.607803] device_create_groups_vargs+0x1dc/0x250 [ 909.612831] device_create_vargs+0x3a/0x50 22:45:31 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) (async) socket$l2tp6(0xa, 0x2, 0x73) (async) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) (async) [ 909.617069] bdi_register_va.part.0+0x35/0x650 [ 909.621672] bdi_register_va+0x63/0x80 [ 909.625558] super_setup_bdi_name+0x123/0x220 [ 909.630070] ? kill_block_super+0xe0/0xe0 [ 909.634220] ? do_raw_spin_unlock+0x164/0x220 [ 909.638734] fuse_fill_super+0x937/0x15c0 [ 909.642886] ? fuse_get_root_inode+0xc0/0xc0 [ 909.647310] ? up_write+0x17/0x60 [ 909.650856] ? register_shrinker+0x15f/0x220 [ 909.655288] ? sget_userns+0x768/0xc10 [ 909.659184] ? get_anon_bdev+0x1c0/0x1c0 [ 909.663245] ? sget+0xd9/0x110 [ 909.666455] ? fuse_get_root_inode+0xc0/0xc0 [ 909.670865] mount_nodev+0x4c/0xf0 [ 909.674415] mount_fs+0x92/0x2a0 [ 909.677783] vfs_kern_mount.part.0+0x5b/0x470 [ 909.682277] do_mount+0xe65/0x2a30 [ 909.685819] ? __do_page_fault+0x159/0xad0 [ 909.690051] ? retint_kernel+0x2d/0x2d [ 909.693938] ? copy_mount_string+0x40/0x40 [ 909.698177] ? memset+0x20/0x40 [ 909.701459] ? copy_mount_options+0x1fa/0x2f0 [ 909.705952] ? copy_mnt_ns+0xa30/0xa30 [ 909.709837] SyS_mount+0xa8/0x120 [ 909.713392] ? copy_mnt_ns+0xa30/0xa30 22:45:31 executing program 1: munlockall() r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4119}}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x100000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 909.717287] do_syscall_64+0x1d5/0x640 [ 909.721178] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 909.726363] RIP: 0033:0x7f8e2a1775fa [ 909.730067] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 909.737769] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 909.745037] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 909.752310] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 909.759586] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 22:45:32 executing program 2: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async, rerun: 64) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 64) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) (async, rerun: 64) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (rerun: 64) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000300)={0x15, 0xc9, &(0x7f0000000200)="d0d2e5ae9f9087b5b95bb097e77f65e8f520754b53563ad362ab86dcc2f6cdeb675aec781117ebc16654b9eaaa1c64f3f114c0071b89b5aa6d39a900175c74cf2f7bbb863328518dd34956f31a17d4bde694138f3e2f7aa39d4ba24f7e1633929c067e4ef3f10d583fc420fadddeeea5b41fd3bd0a59be39ea3cc7e6b6592bee7170b467f8fb19ac98d10da3c3cfcb823fd76150edd072d0bc5d46d42fa71dcfd2770c0536b67a57d4786d8ceb87ff20e037cf890e9bf4eee7f4b790db13a01942d349e8ed4a74a9c9"}) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRES16=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d86394a400de0f16b0c18935c7a183fae3ecabba813b77e231999548447c3ea61af7462b5c200a3da9dd683bd641155aa77d1ebb2f1e0eb75dfe56811a55a4805604b5b7ee2cfa953038353f1ac53810d0315580e848781b108c90b50a6", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:32 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', 0x0) [ 909.766858] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:32 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:32 executing program 2: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000300)={0x15, 0xc9, &(0x7f0000000200)="d0d2e5ae9f9087b5b95bb097e77f65e8f520754b53563ad362ab86dcc2f6cdeb675aec781117ebc16654b9eaaa1c64f3f114c0071b89b5aa6d39a900175c74cf2f7bbb863328518dd34956f31a17d4bde694138f3e2f7aa39d4ba24f7e1633929c067e4ef3f10d583fc420fadddeeea5b41fd3bd0a59be39ea3cc7e6b6592bee7170b467f8fb19ac98d10da3c3cfcb823fd76150edd072d0bc5d46d42fa71dcfd2770c0536b67a57d4786d8ceb87ff20e037cf890e9bf4eee7f4b790db13a01942d349e8ed4a74a9c9"}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRES16=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643d86394a400de0f16b0c18935c7a183fae3ecabba813b77e231999548447c3ea61af7462b5c200a3da9dd683bd641155aa77d1ebb2f1e0eb75dfe56811a55a4805604b5b7ee2cfa953038353f1ac53810d0315580e848781b108c90b50a6", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:32 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:32 executing program 1: munlockall() r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4119}}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x100000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) munlockall() (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4119}}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x100000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) 22:45:32 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 39) 22:45:32 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', 0x0) [ 910.181887] FAULT_INJECTION: forcing a failure. [ 910.181887] name failslab, interval 1, probability 0, space 0, times 0 [ 910.194750] CPU: 1 PID: 16066 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 910.202644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 910.212121] Call Trace: [ 910.214694] dump_stack+0x1b2/0x281 [ 910.218306] should_fail.cold+0x10a/0x149 [ 910.222437] should_failslab+0xd6/0x130 [ 910.226393] kmem_cache_alloc+0x28e/0x3c0 [ 910.230531] __kernfs_new_node+0x6f/0x470 [ 910.234665] kernfs_new_node+0x7b/0xe0 [ 910.238529] kernfs_create_link+0x27/0x160 [ 910.242743] sysfs_do_create_link_sd+0x90/0x120 [ 910.247405] sysfs_create_link+0x5f/0xc0 [ 910.251565] device_add+0x749/0x15c0 [ 910.255284] ? kfree_const+0x33/0x40 [ 910.258989] ? device_is_dependent+0x2a0/0x2a0 [ 910.263562] ? kfree+0x1f0/0x250 [ 910.266925] device_create_groups_vargs+0x1dc/0x250 [ 910.271929] device_create_vargs+0x3a/0x50 [ 910.276157] bdi_register_va.part.0+0x35/0x650 [ 910.280742] bdi_register_va+0x63/0x80 [ 910.284608] super_setup_bdi_name+0x123/0x220 [ 910.289083] ? kill_block_super+0xe0/0xe0 [ 910.293210] ? do_raw_spin_unlock+0x164/0x220 [ 910.297711] fuse_fill_super+0x937/0x15c0 [ 910.301848] ? fuse_get_root_inode+0xc0/0xc0 [ 910.306249] ? up_write+0x17/0x60 [ 910.309683] ? register_shrinker+0x15f/0x220 [ 910.314067] ? sget_userns+0x768/0xc10 [ 910.317934] ? get_anon_bdev+0x1c0/0x1c0 [ 910.321971] ? sget+0xd9/0x110 [ 910.325141] ? fuse_get_root_inode+0xc0/0xc0 [ 910.329717] mount_nodev+0x4c/0xf0 [ 910.333239] mount_fs+0x92/0x2a0 [ 910.336679] vfs_kern_mount.part.0+0x5b/0x470 [ 910.341154] do_mount+0xe65/0x2a30 [ 910.344676] ? __do_page_fault+0x159/0xad0 [ 910.348894] ? retint_kernel+0x2d/0x2d [ 910.352767] ? copy_mount_string+0x40/0x40 [ 910.356980] ? memset+0x20/0x40 [ 910.360235] ? copy_mount_options+0x1fa/0x2f0 [ 910.364704] ? copy_mnt_ns+0xa30/0xa30 [ 910.368571] SyS_mount+0xa8/0x120 [ 910.372008] ? copy_mnt_ns+0xa30/0xa30 [ 910.375891] do_syscall_64+0x1d5/0x640 22:45:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002a40)={0x14}, 0x14}}, 0x0) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x40, r2, 0x101, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xc}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040810}, 0x24000000) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002a40)={0x14}, 0x14}}, 0x0) (async) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0) (async) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x40, r2, 0x101, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xc}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040810}, 0x24000000) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) 22:45:32 executing program 1: munlockall() (async, rerun: 64) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 64) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x4119}}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x100000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:32 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, r2, {0x6c5}}, 0x18) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0x68, 0xfffffffffffffffe, r1, [{0x1, 0x2, 0x0, 0x7ca}, {0x6, 0x0, 0x5, 0x80, 'fuse\x00'}, {0x4, 0x8, 0x5, 0x80000000, '+\'-,\x00'}]}, 0x68) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006480)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x24012, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0x7}}], [{@fsname}, {@subj_role={'subj_role', 0x3d, '/'}}, {@obj_type={'obj_type', 0x3d, '%\\\\'}}, {@dont_hash}, {@uid_eq={'uid', 0x3d, r5}}, {@seclabel}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '+-./&:(-**-^,$(}!}\x00'}}]}}) 22:45:32 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:32 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', 0x0) [ 910.379789] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 910.384981] RIP: 0033:0x7f8e2a1775fa [ 910.388687] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 910.396482] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 910.403751] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 910.411027] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 910.418309] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 910.425570] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:32 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 40) 22:45:32 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000002a40)={0x14}, 0x14}}, 0x0) (async) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x40, r2, 0x101, 0x70bd2b, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x7}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xc}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040810}, 0x24000000) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:32 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:32 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c72526f746d6f64653d303030303030303030303024d1303030303134303030302c757f65725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:32 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', 0x0) 22:45:32 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, r2, {0x6c5}}, 0x18) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0x68, 0xfffffffffffffffe, r1, [{0x1, 0x2, 0x0, 0x7ca}, {0x6, 0x0, 0x5, 0x80, 'fuse\x00'}, {0x4, 0x8, 0x5, 0x80000000, '+\'-,\x00'}]}, 0x68) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006480)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x24012, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0x7}}], [{@fsname}, {@subj_role={'subj_role', 0x3d, '/'}}, {@obj_type={'obj_type', 0x3d, '%\\\\'}}, {@dont_hash}, {@uid_eq={'uid', 0x3d, r5}}, {@seclabel}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '+-./&:(-**-^,$(}!}\x00'}}]}}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) (async) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, r2, {0x6c5}}, 0x18) (async) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0x68, 0xfffffffffffffffe, r1, [{0x1, 0x2, 0x0, 0x7ca}, {0x6, 0x0, 0x5, 0x80, 'fuse\x00'}, {0x4, 0x8, 0x5, 0x80000000, '+\'-,\x00'}]}, 0x68) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000006480)={0x2020}, 0x2020) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x24012, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0x7}}], [{@fsname}, {@subj_role={'subj_role', 0x3d, '/'}}, {@obj_type={'obj_type', 0x3d, '%\\\\'}}, {@dont_hash}, {@uid_eq={'uid', 0x3d, r5}}, {@seclabel}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '+-./&:(-**-^,$(}!}\x00'}}]}}) (async) [ 910.681569] FAULT_INJECTION: forcing a failure. [ 910.681569] name failslab, interval 1, probability 0, space 0, times 0 [ 910.727215] CPU: 1 PID: 16107 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 910.735135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 910.744500] Call Trace: [ 910.747091] dump_stack+0x1b2/0x281 [ 910.750725] should_fail.cold+0x10a/0x149 [ 910.754878] should_failslab+0xd6/0x130 [ 910.758862] kmem_cache_alloc+0x28e/0x3c0 [ 910.763020] __kernfs_new_node+0x6f/0x470 [ 910.767176] kernfs_new_node+0x7b/0xe0 [ 910.771068] __kernfs_create_file+0x3d/0x320 [ 910.775484] sysfs_add_file_mode_ns+0x1e1/0x450 [ 910.780255] internal_create_group+0x22b/0x710 [ 910.784935] sysfs_create_groups+0x92/0x130 [ 910.789260] device_add+0x7e5/0x15c0 [ 910.792984] ? kfree_const+0x33/0x40 [ 910.796702] ? device_is_dependent+0x2a0/0x2a0 [ 910.801289] ? kfree+0x1f0/0x250 [ 910.804684] device_create_groups_vargs+0x1dc/0x250 [ 910.809710] device_create_vargs+0x3a/0x50 [ 910.813958] bdi_register_va.part.0+0x35/0x650 [ 910.818547] bdi_register_va+0x63/0x80 [ 910.822456] super_setup_bdi_name+0x123/0x220 [ 910.826953] ? kill_block_super+0xe0/0xe0 [ 910.831107] ? do_raw_spin_unlock+0x164/0x220 [ 910.835623] fuse_fill_super+0x937/0x15c0 [ 910.839896] ? fuse_get_root_inode+0xc0/0xc0 [ 910.844308] ? up_write+0x17/0x60 [ 910.847765] ? register_shrinker+0x15f/0x220 [ 910.852185] ? sget_userns+0x768/0xc10 [ 910.856082] ? get_anon_bdev+0x1c0/0x1c0 [ 910.860145] ? sget+0xd9/0x110 [ 910.863353] ? fuse_get_root_inode+0xc0/0xc0 [ 910.867768] mount_nodev+0x4c/0xf0 [ 910.871338] mount_fs+0x92/0x2a0 22:45:33 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:33 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) [ 910.874710] vfs_kern_mount.part.0+0x5b/0x470 [ 910.879212] do_mount+0xe65/0x2a30 [ 910.882771] ? __do_page_fault+0x159/0xad0 [ 910.887013] ? retint_kernel+0x2d/0x2d [ 910.890917] ? copy_mount_string+0x40/0x40 [ 910.895164] ? memset+0x20/0x40 [ 910.898621] ? copy_mount_options+0x1fa/0x2f0 [ 910.903117] ? copy_mnt_ns+0xa30/0xa30 [ 910.907013] SyS_mount+0xa8/0x120 [ 910.910469] ? copy_mnt_ns+0xa30/0xa30 [ 910.914358] do_syscall_64+0x1d5/0x640 [ 910.918249] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 910.923440] RIP: 0033:0x7f8e2a1775fa 22:45:33 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c72526f746d6f64653d303030303030303030303024d1303030303134303030302c757f65725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:33 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, r2, {0x6c5}}, 0x18) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0x68, 0xfffffffffffffffe, r1, [{0x1, 0x2, 0x0, 0x7ca}, {0x6, 0x0, 0x5, 0x80, 'fuse\x00'}, {0x4, 0x8, 0x5, 0x80000000, '+\'-,\x00'}]}, 0x68) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000006480)={0x2020, 0x0, 0x0, 0x0}, 0x2020) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x24012, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0x7}}], [{@fsname}, {@subj_role={'subj_role', 0x3d, '/'}}, {@obj_type={'obj_type', 0x3d, '%\\\\'}}, {@dont_hash}, {@uid_eq={'uid', 0x3d, r5}}, {@seclabel}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '+-./&:(-**-^,$(}!}\x00'}}]}}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) (async) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, r2, {0x6c5}}, 0x18) (async) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0x68, 0xfffffffffffffffe, r1, [{0x1, 0x2, 0x0, 0x7ca}, {0x6, 0x0, 0x5, 0x80, 'fuse\x00'}, {0x4, 0x8, 0x5, 0x80000000, '+\'-,\x00'}]}, 0x68) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000006480)={0x2020}, 0x2020) (async) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)) (async) mount$fuseblk(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x24012, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@default_permissions}, {@max_read={'max_read', 0x3d, 0x7}}], [{@fsname}, {@subj_role={'subj_role', 0x3d, '/'}}, {@obj_type={'obj_type', 0x3d, '%\\\\'}}, {@dont_hash}, {@uid_eq={'uid', 0x3d, r5}}, {@seclabel}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '+-./&:(-**-^,$(}!}\x00'}}]}}) (async) [ 910.927145] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 910.934870] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 910.942224] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 910.949505] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 910.956771] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 910.964041] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:33 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:33 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:33 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 41) [ 911.265993] FAULT_INJECTION: forcing a failure. [ 911.265993] name failslab, interval 1, probability 0, space 0, times 0 [ 911.277485] CPU: 0 PID: 16179 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 911.285361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 911.294785] Call Trace: [ 911.297367] dump_stack+0x1b2/0x281 [ 911.300983] should_fail.cold+0x10a/0x149 [ 911.305130] should_failslab+0xd6/0x130 [ 911.309093] kmem_cache_alloc+0x28e/0x3c0 [ 911.313226] __kernfs_new_node+0x6f/0x470 [ 911.317374] kernfs_new_node+0x7b/0xe0 [ 911.321262] __kernfs_create_file+0x3d/0x320 [ 911.325656] sysfs_add_file_mode_ns+0x1e1/0x450 [ 911.330312] internal_create_group+0x22b/0x710 [ 911.334887] sysfs_create_groups+0x92/0x130 [ 911.339305] device_add+0x7e5/0x15c0 [ 911.343112] ? kfree_const+0x33/0x40 [ 911.346808] ? device_is_dependent+0x2a0/0x2a0 [ 911.351368] ? kfree+0x1f0/0x250 [ 911.354729] device_create_groups_vargs+0x1dc/0x250 [ 911.359740] device_create_vargs+0x3a/0x50 [ 911.363958] bdi_register_va.part.0+0x35/0x650 [ 911.368532] bdi_register_va+0x63/0x80 [ 911.372409] super_setup_bdi_name+0x123/0x220 [ 911.376893] ? kill_block_super+0xe0/0xe0 [ 911.381035] ? do_raw_spin_unlock+0x164/0x220 [ 911.385513] fuse_fill_super+0x937/0x15c0 [ 911.389651] ? fuse_get_root_inode+0xc0/0xc0 [ 911.394039] ? up_write+0x17/0x60 [ 911.397483] ? register_shrinker+0x15f/0x220 [ 911.401876] ? sget_userns+0x768/0xc10 [ 911.405744] ? get_anon_bdev+0x1c0/0x1c0 [ 911.409778] ? sget+0xd9/0x110 [ 911.412949] ? fuse_get_root_inode+0xc0/0xc0 [ 911.417360] mount_nodev+0x4c/0xf0 [ 911.420954] mount_fs+0x92/0x2a0 [ 911.424317] vfs_kern_mount.part.0+0x5b/0x470 [ 911.428795] do_mount+0xe65/0x2a30 [ 911.432319] ? __do_page_fault+0x159/0xad0 [ 911.436537] ? retint_kernel+0x2d/0x2d [ 911.440415] ? copy_mount_string+0x40/0x40 [ 911.444636] ? memset+0x20/0x40 [ 911.447899] ? copy_mount_options+0x1fa/0x2f0 [ 911.452395] ? copy_mnt_ns+0xa30/0xa30 [ 911.456273] SyS_mount+0xa8/0x120 [ 911.459737] ? copy_mnt_ns+0xa30/0xa30 [ 911.463606] do_syscall_64+0x1d5/0x640 [ 911.467473] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 911.472661] RIP: 0033:0x7f8e2a1775fa [ 911.476356] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 911.484050] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 911.491303] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 911.498551] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 911.505808] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 22:45:33 executing program 0: read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) 22:45:33 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:33 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c72526f746d6f64653d303030303030303030303024d1303030303134303030302c757f65725f69643d", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:33 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000080)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 22:45:33 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:33 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 42) [ 911.513087] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:33 executing program 0: read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) (async) 22:45:33 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:33 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {}, 0x2c, {[], [{@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}, 0x0, 0x0, 0x0) 22:45:33 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000080)) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 22:45:33 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000080)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) [ 911.741839] FAULT_INJECTION: forcing a failure. [ 911.741839] name failslab, interval 1, probability 0, space 0, times 0 22:45:34 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) [ 911.791308] CPU: 1 PID: 16195 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 911.799222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 911.808578] Call Trace: [ 911.811185] dump_stack+0x1b2/0x281 [ 911.814823] should_fail.cold+0x10a/0x149 [ 911.818976] should_failslab+0xd6/0x130 [ 911.822959] kmem_cache_alloc+0x28e/0x3c0 [ 911.827126] __kernfs_new_node+0x6f/0x470 [ 911.831282] kernfs_new_node+0x7b/0xe0 [ 911.835183] __kernfs_create_file+0x3d/0x320 22:45:34 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 911.839597] sysfs_add_file_mode_ns+0x1e1/0x450 [ 911.844303] internal_create_group+0x22b/0x710 [ 911.848896] sysfs_create_groups+0x92/0x130 [ 911.853219] device_add+0x7e5/0x15c0 [ 911.856940] ? kfree_const+0x33/0x40 [ 911.860663] ? device_is_dependent+0x2a0/0x2a0 [ 911.865258] ? kfree+0x1f0/0x250 [ 911.868627] device_create_groups_vargs+0x1dc/0x250 [ 911.873657] device_create_vargs+0x3a/0x50 [ 911.877890] bdi_register_va.part.0+0x35/0x650 [ 911.882473] bdi_register_va+0x63/0x80 [ 911.886358] super_setup_bdi_name+0x123/0x220 [ 911.890850] ? kill_block_super+0xe0/0xe0 [ 911.894996] ? do_raw_spin_unlock+0x164/0x220 [ 911.899497] fuse_fill_super+0x937/0x15c0 [ 911.903651] ? fuse_get_root_inode+0xc0/0xc0 [ 911.908154] ? up_write+0x17/0x60 [ 911.911609] ? register_shrinker+0x15f/0x220 [ 911.916018] ? sget_userns+0x768/0xc10 [ 911.919917] ? get_anon_bdev+0x1c0/0x1c0 [ 911.923985] ? sget+0xd9/0x110 [ 911.927195] ? fuse_get_root_inode+0xc0/0xc0 [ 911.931607] mount_nodev+0x4c/0xf0 [ 911.935150] mount_fs+0x92/0x2a0 22:45:34 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 911.938527] vfs_kern_mount.part.0+0x5b/0x470 [ 911.943037] do_mount+0xe65/0x2a30 [ 911.946590] ? __do_page_fault+0x159/0xad0 [ 911.950829] ? retint_kernel+0x2d/0x2d [ 911.954717] ? copy_mount_string+0x40/0x40 [ 911.958951] ? memset+0x20/0x40 [ 911.962247] ? copy_mount_options+0x1fa/0x2f0 [ 911.966742] ? copy_mnt_ns+0xa30/0xa30 [ 911.970634] SyS_mount+0xa8/0x120 [ 911.974088] ? copy_mnt_ns+0xa30/0xa30 [ 911.981456] do_syscall_64+0x1d5/0x640 [ 911.985353] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 22:45:34 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:45:34 executing program 0: read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) (async) 22:45:34 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {}, 0x2c, {[], [{@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {}, 0x2c, {[], [{@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}, 0x0, 0x0, 0x0) (async) [ 911.990539] RIP: 0033:0x7f8e2a1775fa [ 911.994244] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 912.001952] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 912.009226] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 912.016501] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 912.023766] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 912.031040] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:34 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 43) 22:45:34 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000080)) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 22:45:34 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:45:34 executing program 0: ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x23, 0x3, 0x700) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004001) 22:45:34 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:34 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {}, 0x2c, {[], [{@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}, 0x0, 0x0, 0x0) 22:45:34 executing program 0: ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x23, 0x3, 0x700) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004001) ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) (async) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x23, 0x3, 0x700) (async) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004001) (async) 22:45:34 executing program 2: ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000080)) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:34 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}]}}, 0x0, 0x0, 0x0) [ 912.394505] FAULT_INJECTION: forcing a failure. [ 912.394505] name failslab, interval 1, probability 0, space 0, times 0 [ 912.447346] CPU: 0 PID: 16261 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 912.455252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 912.464601] Call Trace: [ 912.467186] dump_stack+0x1b2/0x281 [ 912.470812] should_fail.cold+0x10a/0x149 [ 912.474968] should_failslab+0xd6/0x130 [ 912.478944] kmem_cache_alloc+0x28e/0x3c0 [ 912.483105] __kernfs_new_node+0x6f/0x470 [ 912.487258] kernfs_new_node+0x7b/0xe0 [ 912.491170] __kernfs_create_file+0x3d/0x320 [ 912.495586] sysfs_add_file_mode_ns+0x1e1/0x450 [ 912.500266] internal_create_group+0x22b/0x710 [ 912.504866] sysfs_create_groups+0x92/0x130 [ 912.509278] device_add+0x7e5/0x15c0 [ 912.513082] ? kfree_const+0x33/0x40 [ 912.516800] ? device_is_dependent+0x2a0/0x2a0 [ 912.521471] ? kfree+0x1f0/0x250 [ 912.524862] device_create_groups_vargs+0x1dc/0x250 [ 912.529928] device_create_vargs+0x3a/0x50 [ 912.534171] bdi_register_va.part.0+0x35/0x650 [ 912.538761] bdi_register_va+0x63/0x80 [ 912.542648] super_setup_bdi_name+0x123/0x220 [ 912.547150] ? kill_block_super+0xe0/0xe0 [ 912.551306] ? do_raw_spin_unlock+0x164/0x220 [ 912.555813] fuse_fill_super+0x937/0x15c0 [ 912.559987] ? fuse_get_root_inode+0xc0/0xc0 [ 912.564407] ? up_write+0x17/0x60 [ 912.567874] ? register_shrinker+0x15f/0x220 [ 912.572372] ? sget_userns+0x768/0xc10 [ 912.576265] ? get_anon_bdev+0x1c0/0x1c0 [ 912.580321] ? sget+0xd9/0x110 [ 912.583515] ? fuse_get_root_inode+0xc0/0xc0 [ 912.587930] mount_nodev+0x4c/0xf0 [ 912.591485] mount_fs+0x92/0x2a0 [ 912.594857] vfs_kern_mount.part.0+0x5b/0x470 [ 912.599355] do_mount+0xe65/0x2a30 [ 912.603243] ? __do_page_fault+0x159/0xad0 [ 912.607479] ? retint_kernel+0x2d/0x2d [ 912.611364] ? copy_mount_string+0x40/0x40 [ 912.615601] ? memset+0x20/0x40 [ 912.618903] ? copy_mount_options+0x1fa/0x2f0 [ 912.623396] ? copy_mnt_ns+0xa30/0xa30 [ 912.627286] SyS_mount+0xa8/0x120 [ 912.630749] ? copy_mnt_ns+0xa30/0xa30 [ 912.634665] do_syscall_64+0x1d5/0x640 [ 912.638600] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 912.643968] RIP: 0033:0x7f8e2a1775fa 22:45:34 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}]}}, 0x0, 0x0, 0x0) 22:45:34 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x7, 0x60}}, 0x30) syz_mount_image$fuse(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x120000, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x14042370}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x1f}}, {@max_read={'max_read', 0x3d, 0x21}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:34 executing program 0: ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r0 = socket(0x23, 0x3, 0x700) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004001) [ 912.647666] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 912.655370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 912.662639] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 912.669910] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 912.677183] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 912.684462] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:34 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 44) 22:45:34 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(0x0, &(0x7f0000000480)) 22:45:34 executing program 2: ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000080)) (async) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:35 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}]}}, 0x0, 0x0, 0x0) 22:45:35 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x7, 0x60}}, 0x30) syz_mount_image$fuse(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x120000, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x14042370}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x1f}}, {@max_read={'max_read', 0x3d, 0x21}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 912.908531] FAULT_INJECTION: forcing a failure. [ 912.908531] name failslab, interval 1, probability 0, space 0, times 0 [ 912.935326] CPU: 1 PID: 16315 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 912.943242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 912.952590] Call Trace: [ 912.955182] dump_stack+0x1b2/0x281 [ 912.958818] should_fail.cold+0x10a/0x149 [ 912.962974] should_failslab+0xd6/0x130 [ 912.966959] kmem_cache_alloc+0x28e/0x3c0 [ 912.971114] __kernfs_new_node+0x6f/0x470 [ 912.975276] kernfs_new_node+0x7b/0xe0 [ 912.979257] __kernfs_create_file+0x3d/0x320 [ 912.983672] sysfs_add_file_mode_ns+0x1e1/0x450 [ 912.988353] internal_create_group+0x22b/0x710 [ 912.992952] sysfs_create_groups+0x92/0x130 [ 912.997290] device_add+0x7e5/0x15c0 [ 913.001014] ? kfree_const+0x33/0x40 22:45:35 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x0, 0x7, 0x60}}, 0x30) (async) syz_mount_image$fuse(&(0x7f0000000100), &(0x7f0000000040)='./file0\x00', 0x120000, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x14042370}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x1f}}, {@max_read={'max_read', 0x3d, 0x21}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x5, 0x4, 0x7) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000001400)=""/185, &(0x7f00000014c0)=0xb9) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6tnl0\x00', r6, 0x2f, 0x0, 0x81, 0x8, 0x21, @loopback, @empty, 0x20, 0x707, 0x81}}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'ip6_vti0\x00', r5, 0x29, 0xe8, 0xff, 0x214, 0x6, @dev={0xfe, 0x80, '\x00', 0x14}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x7, 0x1f, 0x401}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'ip6gre0\x00', &(0x7f0000000500)={'syztnl0\x00', r6, 0x29, 0x3, 0xf9, 0x1fe0, 0x14, @remote, @mcast2, 0xf819a442848b055a, 0x40, 0xb6, 0x1c000000}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl2\x00', r7, 0x2f, 0x18, 0x0, 0x1ff, 0x55, @empty, @local, 0x7800, 0x1, 0x2, 0x7}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000700)={'syztnl1\x00', &(0x7f0000000680)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x20, 0xfffffffc, 0x1a, @mcast2, @remote, 0x20, 0x700, 0x9}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000007c0)={'syztnl1\x00', &(0x7f0000000740)={'syztnl2\x00', r12, 0x29, 0x7, 0xfe, 0x9, 0x40, @private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1, 0x8, 0x624, 0x7}}) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000800)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000000840)={0xbc0, 0x0, 0x0, 0x0, 0x0, {}, [{{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffb}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0xc0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x83}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r3}, {0x214, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x7, 0x1b, 0x20, 0x4}, {0x717, 0x18, 0x4, 0x8}, {0x48, 0x8, 0x0, 0x1a}]}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x6f, 0x80, 0x80, 0x42d31925}, {0xc4bf, 0x6, 0x2, 0xff}, {0xa21d, 0xe1, 0x3f, 0xae}]}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb27c}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r6}, {0x1c8, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r7}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x4, 0x0, 0x7, 0x1}, {0x43, 0x0, 0x6, 0x1ff}, {0x2, 0x4, 0x4, 0xbbfc}, {0xf001, 0x20, 0x3f, 0xffff}, {0x86d, 0x0, 0xdc, 0x9}, {0x400, 0x6, 0x8, 0x8}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r8}, {0x1fc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xc0f}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xffff, 0x2, 0x3f, 0x29}, {0x5, 0xff, 0x5a, 0x1ff}, {0xfffe, 0x9, 0x6, 0x1ff}, {0x3, 0x9, 0xf}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r11}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0xffff, 0x9, 0x4, 0xf4e}, {0xff70, 0x0, 0x4, 0x401}, {0x400, 0x68, 0x7f, 0x6}, {0x0, 0x80, 0xf5, 0xfffffffd}, {0x3, 0x1, 0x5, 0xca44}, {0x7, 0x6, 0x2, 0x8001}, {0x1, 0x80, 0x40, 0x4}, {0x7, 0xfd, 0x9, 0xffff0000}, {0x9, 0x5, 0x40, 0x10000}, {0x4, 0x2b, 0x9, 0x272c}]}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r11}, {0x104, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffd}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8, 0x1, r9}, {0x1dc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x549}}, {0x8, 0x6, r15}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x0, 0x1, 0x72, 0x80}, {0xa691, 0x2, 0x77, 0x1}, {0x6, 0x0, 0x6, 0x4}, {0x2, 0x9, 0xc, 0x7}, {0x2, 0x8, 0x81, 0x10001}, {0x1, 0xff, 0x0, 0xd80c}]}}}]}}, {{0x8, 0x1, r16}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}]}}]}, 0xbc0}}, 0x0) r17 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r0) sendmsg$L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r17, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x2}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x81}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @dev={0xac, 0x14, 0x14, 0x44}}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x2}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfff9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x810}, 0x0) [ 913.004733] ? device_is_dependent+0x2a0/0x2a0 [ 913.009321] ? kfree+0x1f0/0x250 [ 913.012707] device_create_groups_vargs+0x1dc/0x250 [ 913.017735] device_create_vargs+0x3a/0x50 [ 913.021986] bdi_register_va.part.0+0x35/0x650 [ 913.026580] bdi_register_va+0x63/0x80 [ 913.030481] super_setup_bdi_name+0x123/0x220 [ 913.034994] ? kill_block_super+0xe0/0xe0 [ 913.039158] ? do_raw_spin_unlock+0x164/0x220 [ 913.043666] fuse_fill_super+0x937/0x15c0 [ 913.047835] ? fuse_get_root_inode+0xc0/0xc0 [ 913.052251] ? up_write+0x17/0x60 [ 913.055886] ? register_shrinker+0x15f/0x220 [ 913.060296] ? sget_userns+0x768/0xc10 [ 913.064217] ? get_anon_bdev+0x1c0/0x1c0 [ 913.068292] ? sget+0xd9/0x110 [ 913.071481] ? fuse_get_root_inode+0xc0/0xc0 [ 913.075886] mount_nodev+0x4c/0xf0 [ 913.079431] mount_fs+0x92/0x2a0 [ 913.082793] vfs_kern_mount.part.0+0x5b/0x470 [ 913.087289] do_mount+0xe65/0x2a30 [ 913.090826] ? __do_page_fault+0x159/0xad0 [ 913.095231] ? retint_kernel+0x2d/0x2d [ 913.099130] ? copy_mount_string+0x40/0x40 [ 913.103375] ? memset+0x20/0x40 [ 913.106657] ? copy_mount_options+0x1fa/0x2f0 [ 913.111153] ? copy_mnt_ns+0xa30/0xa30 [ 913.115049] SyS_mount+0xa8/0x120 [ 913.118523] ? copy_mnt_ns+0xa30/0xa30 [ 913.122426] do_syscall_64+0x1d5/0x640 [ 913.126328] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 913.131519] RIP: 0033:0x7f8e2a1775fa [ 913.135229] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 913.142947] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 913.150222] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 22:45:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x5, 0x4, 0x7) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000001400)=""/185, &(0x7f00000014c0)=0xb9) (async) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6tnl0\x00', r6, 0x2f, 0x0, 0x81, 0x8, 0x21, @loopback, @empty, 0x20, 0x707, 0x81}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'ip6_vti0\x00', r5, 0x29, 0xe8, 0xff, 0x214, 0x6, @dev={0xfe, 0x80, '\x00', 0x14}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x7, 0x1f, 0x401}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'ip6gre0\x00', &(0x7f0000000500)={'syztnl0\x00', r6, 0x29, 0x3, 0xf9, 0x1fe0, 0x14, @remote, @mcast2, 0xf819a442848b055a, 0x40, 0xb6, 0x1c000000}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl2\x00', r7, 0x2f, 0x18, 0x0, 0x1ff, 0x55, @empty, @local, 0x7800, 0x1, 0x2, 0x7}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000700)={'syztnl1\x00', &(0x7f0000000680)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x20, 0xfffffffc, 0x1a, @mcast2, @remote, 0x20, 0x700, 0x9}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000007c0)={'syztnl1\x00', &(0x7f0000000740)={'syztnl2\x00', r12, 0x29, 0x7, 0xfe, 0x9, 0x40, @private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1, 0x8, 0x624, 0x7}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000800)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000000840)={0xbc0, 0x0, 0x0, 0x0, 0x0, {}, [{{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffb}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0xc0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x83}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r3}, {0x214, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x7, 0x1b, 0x20, 0x4}, {0x717, 0x18, 0x4, 0x8}, {0x48, 0x8, 0x0, 0x1a}]}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x6f, 0x80, 0x80, 0x42d31925}, {0xc4bf, 0x6, 0x2, 0xff}, {0xa21d, 0xe1, 0x3f, 0xae}]}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb27c}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r6}, {0x1c8, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r7}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x4, 0x0, 0x7, 0x1}, {0x43, 0x0, 0x6, 0x1ff}, {0x2, 0x4, 0x4, 0xbbfc}, {0xf001, 0x20, 0x3f, 0xffff}, {0x86d, 0x0, 0xdc, 0x9}, {0x400, 0x6, 0x8, 0x8}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r8}, {0x1fc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xc0f}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xffff, 0x2, 0x3f, 0x29}, {0x5, 0xff, 0x5a, 0x1ff}, {0xfffe, 0x9, 0x6, 0x1ff}, {0x3, 0x9, 0xf}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r11}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0xffff, 0x9, 0x4, 0xf4e}, {0xff70, 0x0, 0x4, 0x401}, {0x400, 0x68, 0x7f, 0x6}, {0x0, 0x80, 0xf5, 0xfffffffd}, {0x3, 0x1, 0x5, 0xca44}, {0x7, 0x6, 0x2, 0x8001}, {0x1, 0x80, 0x40, 0x4}, {0x7, 0xfd, 0x9, 0xffff0000}, {0x9, 0x5, 0x40, 0x10000}, {0x4, 0x2b, 0x9, 0x272c}]}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r11}, {0x104, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffd}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8, 0x1, r9}, {0x1dc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x549}}, {0x8, 0x6, r15}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x0, 0x1, 0x72, 0x80}, {0xa691, 0x2, 0x77, 0x1}, {0x6, 0x0, 0x6, 0x4}, {0x2, 0x9, 0xc, 0x7}, {0x2, 0x8, 0x81, 0x10001}, {0x1, 0xff, 0x0, 0xd80c}]}}}]}}, {{0x8, 0x1, r16}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}]}}]}, 0xbc0}}, 0x0) (async) r17 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r0) sendmsg$L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r17, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x2}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x81}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @dev={0xac, 0x14, 0x14, 0x44}}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x2}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfff9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x810}, 0x0) 22:45:35 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="67726f83c08782655a4e305cbd2c5cc800045f69643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000080)={0x23, 0x3, 0x0, {0x4, 0x2, 0x0, 'fd'}}, 0x23) [ 913.157490] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 913.164760] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 913.172027] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:35 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(0x0, &(0x7f0000000480)) 22:45:35 executing program 2: ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000080)) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000080)) (async) ioctl$RTC_PIE_ON(0xffffffffffffffff, 0x7005) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) 22:45:35 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}]}}, 0x0, 0x0, 0x0) 22:45:35 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 45) 22:45:35 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="67726f83c08782655a4e305cbd2c5cc800045f69643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000080)={0x23, 0x3, 0x0, {0x4, 0x2, 0x0, 'fd'}}, 0x23) 22:45:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x5, 0x4, 0x7) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000001400)=""/185, &(0x7f00000014c0)=0xb9) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000200)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f0000000300)={'ip6tnl0\x00', r6, 0x2f, 0x0, 0x81, 0x8, 0x21, @loopback, @empty, 0x20, 0x707, 0x81}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'ip6_vti0\x00', r5, 0x29, 0xe8, 0xff, 0x214, 0x6, @dev={0xfe, 0x80, '\x00', 0x14}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8000, 0x7, 0x1f, 0x401}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'ip6gre0\x00', &(0x7f0000000500)={'syztnl0\x00', r6, 0x29, 0x3, 0xf9, 0x1fe0, 0x14, @remote, @mcast2, 0xf819a442848b055a, 0x40, 0xb6, 0x1c000000}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl2\x00', r7, 0x2f, 0x18, 0x0, 0x1ff, 0x55, @empty, @local, 0x7800, 0x1, 0x2, 0x7}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000700)={'syztnl1\x00', &(0x7f0000000680)={'syztnl1\x00', 0x0, 0x4, 0x0, 0x20, 0xfffffffc, 0x1a, @mcast2, @remote, 0x20, 0x700, 0x9}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000007c0)={'syztnl1\x00', &(0x7f0000000740)={'syztnl2\x00', r12, 0x29, 0x7, 0xfe, 0x9, 0x40, @private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x1, 0x8, 0x624, 0x7}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000800)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000002d80)={&(0x7f00000027c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000002d40)={&(0x7f0000000840)={0xbc0, 0x0, 0x0, 0x0, 0x0, {}, [{{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffb}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0xc0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x83}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r3}, {0x214, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x7, 0x1b, 0x20, 0x4}, {0x717, 0x18, 0x4, 0x8}, {0x48, 0x8, 0x0, 0x1a}]}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x6f, 0x80, 0x80, 0x42d31925}, {0xc4bf, 0x6, 0x2, 0xff}, {0xa21d, 0xe1, 0x3f, 0xae}]}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb27c}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r6}, {0x1c8, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r7}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x4, 0x0, 0x7, 0x1}, {0x43, 0x0, 0x6, 0x1ff}, {0x2, 0x4, 0x4, 0xbbfc}, {0xf001, 0x20, 0x3f, 0xffff}, {0x86d, 0x0, 0xdc, 0x9}, {0x400, 0x6, 0x8, 0x8}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r8}, {0x1fc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xc0f}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xffff, 0x2, 0x3f, 0x29}, {0x5, 0xff, 0x5a, 0x1ff}, {0xfffe, 0x9, 0x6, 0x1ff}, {0x3, 0x9, 0xf}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r11}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0xffff, 0x9, 0x4, 0xf4e}, {0xff70, 0x0, 0x4, 0x401}, {0x400, 0x68, 0x7f, 0x6}, {0x0, 0x80, 0xf5, 0xfffffffd}, {0x3, 0x1, 0x5, 0xca44}, {0x7, 0x6, 0x2, 0x8001}, {0x1, 0x80, 0x40, 0x4}, {0x7, 0xfd, 0x9, 0xffff0000}, {0x9, 0x5, 0x40, 0x10000}, {0x4, 0x2b, 0x9, 0x272c}]}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r11}, {0x104, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffffd}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8, 0x1, r9}, {0x1dc, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x549}}, {0x8, 0x6, r15}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x0, 0x1, 0x72, 0x80}, {0xa691, 0x2, 0x77, 0x1}, {0x6, 0x0, 0x6, 0x4}, {0x2, 0x9, 0xc, 0x7}, {0x2, 0x8, 0x81, 0x10001}, {0x1, 0xff, 0x0, 0xd80c}]}}}]}}, {{0x8, 0x1, r16}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}]}}]}, 0xbc0}}, 0x0) (async) r17 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r0) sendmsg$L2TP_CMD_SESSION_CREATE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r17, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_FD={0x8}, @L2TP_ATTR_L2SPEC_LEN={0x5, 0x6, 0x2}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x81}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @dev={0xac, 0x14, 0x14, 0x44}}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x2}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfff9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x810}, 0x0) 22:45:35 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(0x0, &(0x7f0000000480)) 22:45:35 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}]}}, 0x0, 0x0, 0x0) 22:45:35 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="661f7e8a5f6d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x300000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@default_permissions}], [{@obj_role={'obj_role', 0x3d, 'measure'}}, {@euid_lt={'euid<', 0xee00}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@dont_hash}]}}) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f00000000c0)={0x24, 0x3, 0x0, {0x1, 0x3, 0x0, '#}^'}}, 0x24) 22:45:35 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}, 0x0, 0x0, 0x0) 22:45:35 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="67726f83c08782655a4e305cbd2c5cc800045f69643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000080)={0x23, 0x3, 0x0, {0x4, 0x2, 0x0, 'fd'}}, 0x23) 22:45:35 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="661f7e8a5f6d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x300000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@default_permissions}], [{@obj_role={'obj_role', 0x3d, 'measure'}}, {@euid_lt={'euid<', 0xee00}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@dont_hash}]}}) (async) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f00000000c0)={0x24, 0x3, 0x0, {0x1, 0x3, 0x0, '#}^'}}, 0x24) 22:45:35 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:35 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0), 0x0, 0x0, 0x0) [ 913.550337] FAULT_INJECTION: forcing a failure. [ 913.550337] name failslab, interval 1, probability 0, space 0, times 0 [ 913.616933] CPU: 0 PID: 16385 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 913.625102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 913.634454] Call Trace: [ 913.637154] dump_stack+0x1b2/0x281 [ 913.640796] should_fail.cold+0x10a/0x149 [ 913.645100] should_failslab+0xd6/0x130 [ 913.649083] kmem_cache_alloc+0x28e/0x3c0 [ 913.653240] __kernfs_new_node+0x6f/0x470 [ 913.657395] kernfs_create_dir_ns+0x8c/0x200 [ 913.661822] internal_create_group+0xe9/0x710 [ 913.666327] dpm_sysfs_add+0x21/0x1c0 [ 913.670157] device_add+0x977/0x15c0 [ 913.673880] ? device_is_dependent+0x2a0/0x2a0 [ 913.678496] ? kfree+0x1f0/0x250 [ 913.681940] device_create_groups_vargs+0x1dc/0x250 [ 913.686962] device_create_vargs+0x3a/0x50 [ 913.691203] bdi_register_va.part.0+0x35/0x650 [ 913.695816] bdi_register_va+0x63/0x80 [ 913.699723] super_setup_bdi_name+0x123/0x220 [ 913.704241] ? kill_block_super+0xe0/0xe0 [ 913.708395] ? do_raw_spin_unlock+0x164/0x220 [ 913.712912] fuse_fill_super+0x937/0x15c0 [ 913.717063] ? fuse_get_root_inode+0xc0/0xc0 [ 913.721482] ? up_write+0x17/0x60 [ 913.724936] ? register_shrinker+0x15f/0x220 [ 913.729350] ? sget_userns+0x768/0xc10 [ 913.733240] ? get_anon_bdev+0x1c0/0x1c0 [ 913.737283] ? sget+0xd9/0x110 [ 913.740455] ? fuse_get_root_inode+0xc0/0xc0 [ 913.744860] mount_nodev+0x4c/0xf0 [ 913.748403] mount_fs+0x92/0x2a0 [ 913.751755] vfs_kern_mount.part.0+0x5b/0x470 [ 913.756234] do_mount+0xe65/0x2a30 [ 913.759753] ? __do_page_fault+0x159/0xad0 [ 913.763969] ? retint_kernel+0x2d/0x2d [ 913.767845] ? copy_mount_string+0x40/0x40 [ 913.772065] ? memset+0x20/0x40 [ 913.775327] ? copy_mount_options+0x1fa/0x2f0 [ 913.779803] ? copy_mnt_ns+0xa30/0xa30 [ 913.783672] SyS_mount+0xa8/0x120 [ 913.787138] ? copy_mnt_ns+0xa30/0xa30 [ 913.791117] do_syscall_64+0x1d5/0x640 [ 913.795001] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 913.800175] RIP: 0033:0x7f8e2a1775fa [ 913.804071] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 22:45:36 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="661f7e8a5f6d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x300000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@default_permissions}], [{@obj_role={'obj_role', 0x3d, 'measure'}}, {@euid_lt={'euid<', 0xee00}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@dont_hash}]}}) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f00000000c0)={0x24, 0x3, 0x0, {0x1, 0x3, 0x0, '#}^'}}, 0x24) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="661f7e8a5f6d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)) (async) mount$fuseblk(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x300000, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@default_permissions}], [{@obj_role={'obj_role', 0x3d, 'measure'}}, {@euid_lt={'euid<', 0xee00}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@dont_hash}]}}) (async) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r2, &(0x7f00000000c0)={0x24, 0x3, 0x0, {0x1, 0x3, 0x0, '#}^'}}, 0x24) (async) 22:45:36 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 46) 22:45:36 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$char_usb(0xc, 0xb4, 0xd0db) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0xfff) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:36 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xc0030, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@smackfsroot={'smackfsroot', 0x3d, '!^{]'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', 0x0, 0x2f, 0x2, 0x1, 0x4, 0x0, @mcast2, @private2, 0x1, 0x1, 0x6fb, 0xffff}}) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_GETXATTR(r1, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x3}}, 0x18) 22:45:36 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) [ 913.811815] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 913.819088] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 913.826447] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 913.833805] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 913.841056] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:36 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$char_usb(0xc, 0xb4, 0xd0db) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0xfff) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:36 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) lstat(0x0, &(0x7f0000000480)) 22:45:36 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xc0030, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@smackfsroot={'smackfsroot', 0x3d, '!^{]'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', 0x0, 0x2f, 0x2, 0x1, 0x4, 0x0, @mcast2, @private2, 0x1, 0x1, 0x6fb, 0xffff}}) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) write$FUSE_GETXATTR(r1, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x3}}, 0x18) 22:45:36 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, r1, {0x7, 0x26, 0x2, 0x40000, 0x36, 0x200, 0x81, 0x2}}, 0x50) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000006480)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10, 0x0, r3}, 0x10) write$FUSE_OPEN(r0, &(0x7f0000000080)={0x20, 0xfffffffffffffffe, r2, {0x0, 0x13}}, 0x20) 22:45:36 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:36 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$char_usb(0xc, 0xb4, 0xd0db) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0xfff) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_open_dev$char_usb(0xc, 0xb4, 0xd0db) (async) syz_open_dev$char_usb(0xc, 0xb4, 0xfff) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) [ 913.937969] FAULT_INJECTION: forcing a failure. [ 913.937969] name failslab, interval 1, probability 0, space 0, times 0 [ 913.986895] CPU: 0 PID: 16430 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 913.994808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 914.004158] Call Trace: [ 914.006749] dump_stack+0x1b2/0x281 [ 914.010385] should_fail.cold+0x10a/0x149 [ 914.014546] should_failslab+0xd6/0x130 [ 914.018530] kmem_cache_alloc+0x28e/0x3c0 [ 914.022687] __kernfs_new_node+0x6f/0x470 [ 914.026847] kernfs_new_node+0x7b/0xe0 [ 914.030740] __kernfs_create_file+0x3d/0x320 [ 914.035157] sysfs_add_file_mode_ns+0x1e1/0x450 [ 914.039951] sysfs_merge_group+0xdc/0x200 [ 914.044904] dpm_sysfs_add+0x122/0x1c0 [ 914.048797] device_add+0x977/0x15c0 [ 914.052510] ? device_is_dependent+0x2a0/0x2a0 [ 914.057102] ? kfree+0x1f0/0x250 [ 914.060472] device_create_groups_vargs+0x1dc/0x250 [ 914.065489] device_create_vargs+0x3a/0x50 [ 914.069731] bdi_register_va.part.0+0x35/0x650 [ 914.074319] bdi_register_va+0x63/0x80 [ 914.078208] super_setup_bdi_name+0x123/0x220 [ 914.082710] ? kill_block_super+0xe0/0xe0 [ 914.086871] ? do_raw_spin_unlock+0x164/0x220 [ 914.091380] fuse_fill_super+0x937/0x15c0 [ 914.095546] ? fuse_get_root_inode+0xc0/0xc0 [ 914.099954] ? up_write+0x17/0x60 [ 914.103750] ? register_shrinker+0x15f/0x220 [ 914.108166] ? sget_userns+0x768/0xc10 [ 914.112057] ? get_anon_bdev+0x1c0/0x1c0 [ 914.116113] ? sget+0xd9/0x110 [ 914.119307] ? fuse_get_root_inode+0xc0/0xc0 [ 914.123718] mount_nodev+0x4c/0xf0 [ 914.127261] mount_fs+0x92/0x2a0 [ 914.130634] vfs_kern_mount.part.0+0x5b/0x470 [ 914.135944] do_mount+0xe65/0x2a30 [ 914.139598] ? __do_page_fault+0x159/0xad0 [ 914.143843] ? retint_kernel+0x2d/0x2d [ 914.147744] ? copy_mount_string+0x40/0x40 [ 914.152086] ? memset+0x20/0x40 [ 914.155381] ? copy_mount_options+0x1fa/0x2f0 [ 914.159883] ? copy_mnt_ns+0xa30/0xa30 [ 914.163775] SyS_mount+0xa8/0x120 [ 914.167345] ? copy_mnt_ns+0xa30/0xa30 [ 914.171458] do_syscall_64+0x1d5/0x640 [ 914.175362] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 914.180645] RIP: 0033:0x7f8e2a1775fa 22:45:36 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, 0x0) ioctl$SOUND_MIXER_READ_RECMASK(r1, 0x80044dfd, &(0x7f0000000000)) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000040)) 22:45:36 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) [ 914.184457] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 914.192275] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 914.199719] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 914.206989] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 914.214258] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 914.221528] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:36 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 47) 22:45:36 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, r1, {0x7, 0x26, 0x2, 0x40000, 0x36, 0x200, 0x81, 0x2}}, 0x50) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000006480)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10, 0x0, r3}, 0x10) write$FUSE_OPEN(r0, &(0x7f0000000080)={0x20, 0xfffffffffffffffe, r2, {0x0, 0x13}}, 0x20) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) (async) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, r1, {0x7, 0x26, 0x2, 0x40000, 0x36, 0x200, 0x81, 0x2}}, 0x50) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000006480)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10, 0x0, r3}, 0x10) (async) write$FUSE_OPEN(r0, &(0x7f0000000080)={0x20, 0xfffffffffffffffe, r2, {0x0, 0x13}}, 0x20) (async) 22:45:36 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0xc0030, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@smackfsroot={'smackfsroot', 0x3d, '!^{]'}}]}}, 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f00000001c0)={'ip6tnl0\x00', 0x0, 0x2f, 0x2, 0x1, 0x4, 0x0, @mcast2, @private2, 0x1, 0x1, 0x6fb, 0xffff}}) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) write$FUSE_GETXATTR(r1, &(0x7f0000000180)={0x18, 0x0, 0x0, {0x3}}, 0x18) 22:45:36 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d656173757265c348"], 0x0, 0x0, 0x0) 22:45:36 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:36 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7375626a5f747970653d237d5e2c6d656173757265c348"], 0x0, 0x0, 0x0) 22:45:36 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:36 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1089004, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}Z\x10mm\xae\\\xf1\xa5kRk\xa9\xbb\xd3$'}}]}}, 0x0, 0x0, 0x0) 22:45:36 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000004440)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, r1, {0x7, 0x26, 0x2, 0x40000, 0x36, 0x200, 0x81, 0x2}}, 0x50) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000006480)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10, 0x0, r3}, 0x10) write$FUSE_OPEN(r0, &(0x7f0000000080)={0x20, 0xfffffffffffffffe, r2, {0x0, 0x13}}, 0x20) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000004440)={0x2020}, 0x2020) (async) write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, r1, {0x7, 0x26, 0x2, 0x40000, 0x36, 0x200, 0x81, 0x2}}, 0x50) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) read$FUSE(r0, &(0x7f0000006480)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r0, &(0x7f0000000140)={0x10, 0x0, r3}, 0x10) (async) write$FUSE_OPEN(r0, &(0x7f0000000080)={0x20, 0xfffffffffffffffe, r2, {0x0, 0x13}}, 0x20) (async) [ 914.332528] FAULT_INJECTION: forcing a failure. [ 914.332528] name failslab, interval 1, probability 0, space 0, times 0 [ 914.351839] CPU: 1 PID: 16489 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 914.359749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 914.369104] Call Trace: [ 914.371698] dump_stack+0x1b2/0x281 [ 914.375426] should_fail.cold+0x10a/0x149 [ 914.379582] should_failslab+0xd6/0x130 [ 914.383563] kmem_cache_alloc+0x28e/0x3c0 [ 914.387722] __kernfs_new_node+0x6f/0x470 [ 914.391884] kernfs_new_node+0x7b/0xe0 [ 914.395779] __kernfs_create_file+0x3d/0x320 [ 914.400219] sysfs_add_file_mode_ns+0x1e1/0x450 [ 914.404899] sysfs_merge_group+0xdc/0x200 [ 914.409053] dpm_sysfs_add+0x122/0x1c0 [ 914.412945] device_add+0x977/0x15c0 [ 914.416753] ? device_is_dependent+0x2a0/0x2a0 [ 914.421336] ? kfree+0x1f0/0x250 [ 914.424728] device_create_groups_vargs+0x1dc/0x250 [ 914.429754] device_create_vargs+0x3a/0x50 [ 914.433999] bdi_register_va.part.0+0x35/0x650 [ 914.438589] bdi_register_va+0x63/0x80 [ 914.442484] super_setup_bdi_name+0x123/0x220 [ 914.446993] ? kill_block_super+0xe0/0xe0 [ 914.451167] ? do_raw_spin_unlock+0x164/0x220 [ 914.455681] fuse_fill_super+0x937/0x15c0 [ 914.459842] ? fuse_get_root_inode+0xc0/0xc0 [ 914.464259] ? up_write+0x17/0x60 [ 914.467718] ? register_shrinker+0x15f/0x220 [ 914.472128] ? sget_userns+0x768/0xc10 [ 914.476112] ? get_anon_bdev+0x1c0/0x1c0 [ 914.480189] ? sget+0xd9/0x110 [ 914.483396] ? fuse_get_root_inode+0xc0/0xc0 [ 914.487812] mount_nodev+0x4c/0xf0 [ 914.491364] mount_fs+0x92/0x2a0 [ 914.494737] vfs_kern_mount.part.0+0x5b/0x470 [ 914.499243] do_mount+0xe65/0x2a30 [ 914.502795] ? __do_page_fault+0x159/0xad0 [ 914.507215] ? retint_kernel+0x2d/0x2d [ 914.511124] ? copy_mount_string+0x40/0x40 [ 914.515372] ? memset+0x20/0x40 [ 914.518746] ? copy_mount_options+0x1fa/0x2f0 [ 914.523258] ? copy_mnt_ns+0xa30/0xa30 [ 914.527161] SyS_mount+0xa8/0x120 22:45:36 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1089004, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}Z\x10mm\xae\\\xf1\xa5kRk\xa9\xbb\xd3$'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1089004, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}Z\x10mm\xae\\\xf1\xa5kRk\xa9\xbb\xd3$'}}]}}, 0x0, 0x0, 0x0) (async) [ 914.530892] ? copy_mnt_ns+0xa30/0xa30 [ 914.534788] do_syscall_64+0x1d5/0x640 [ 914.538703] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 914.543909] RIP: 0033:0x7f8e2a1775fa [ 914.547635] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 914.555345] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 914.562613] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 914.569991] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 914.578477] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 914.585838] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:37 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, 0x0) ioctl$SOUND_MIXER_READ_RECMASK(r1, 0x80044dfd, &(0x7f0000000000)) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000040)) 22:45:37 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1089004, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}Z\x10mm\xae\\\xf1\xa5kRk\xa9\xbb\xd3$'}}]}}, 0x0, 0x0, 0x0) 22:45:37 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)) 22:45:37 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = getuid() syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x3d26}}, {@default_permissions}, {@default_permissions}, {}], [{@fowner_eq}, {@pcr={'pcr', 0x3d, 0x2b}}, {@fowner_eq={'fowner', 0x3d, r1}}]}}, 0x0, 0x0, 0x0) 22:45:37 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f77f2b01bf5825f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746821722c64656661756c745f7065726d697373696f6e732c6d61785f726504003d3078303030303030303030303030303030302c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00dc93de362c2e0508a6a3143b96f27f4d506fc97fc59b04a803e55b1d3d29c616d5cd35b69dc784b39d305049b7d8d4f30c8554519b7f1f1a230ec23a0f1718b1c4b9111f0999bd27ca67fda94a64da629d0e9ca84af470ef533def0adcc9d4af6121ddc285f6bbf225c963b91f6346040dc2f05d325c361779de5bc56382fc330e97147d13379072fa60d719ccd8e62f1bdbd9927477b43a491cabf8554e75e797bf726a479f0e5239e2faa30f83117112fc370ad8fd98c969085747f52b06daba74193bb9a71f2e8f24c04015ecf71d42d30a8d8ed1f4789394873c89eed07fd68b7debb98d869724798b3447c46fa47fe9b8d2f7b6afe6ab2e82499fc7abbdb19ea63c38a96bc2072c3f3472b585102c49306552f4b045d85d16991d6d7a30e02c679b062c"], 0x0, 0x0, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r1, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:37 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 48) 22:45:37 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0x0, 0x0, {0x0, 0x4}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 915.087936] FAULT_INJECTION: forcing a failure. [ 915.087936] name failslab, interval 1, probability 0, space 0, times 0 [ 915.109291] CPU: 1 PID: 16552 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 915.117194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 915.126543] Call Trace: [ 915.129130] dump_stack+0x1b2/0x281 [ 915.132761] should_fail.cold+0x10a/0x149 22:45:37 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$fuseblk(&(0x7f0000000080), 0x0, &(0x7f0000000100), 0x0, 0x0) [ 915.136916] should_failslab+0xd6/0x130 [ 915.141604] kmem_cache_alloc+0x28e/0x3c0 [ 915.145760] __kernfs_new_node+0x6f/0x470 [ 915.149928] kernfs_new_node+0x7b/0xe0 [ 915.153825] __kernfs_create_file+0x3d/0x320 [ 915.158239] sysfs_add_file_mode_ns+0x1e1/0x450 [ 915.162922] sysfs_merge_group+0xdc/0x200 [ 915.167080] dpm_sysfs_add+0x122/0x1c0 [ 915.170976] device_add+0x977/0x15c0 [ 915.174698] ? device_is_dependent+0x2a0/0x2a0 [ 915.179368] ? kfree+0x1f0/0x250 [ 915.182820] device_create_groups_vargs+0x1dc/0x250 22:45:37 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 915.187865] device_create_vargs+0x3a/0x50 [ 915.192115] bdi_register_va.part.0+0x35/0x650 [ 915.196716] bdi_register_va+0x63/0x80 [ 915.200628] super_setup_bdi_name+0x123/0x220 [ 915.205140] ? kill_block_super+0xe0/0xe0 [ 915.209292] ? do_raw_spin_unlock+0x164/0x220 [ 915.213805] fuse_fill_super+0x937/0x15c0 [ 915.217961] ? fuse_get_root_inode+0xc0/0xc0 [ 915.222377] ? up_write+0x17/0x60 [ 915.225829] ? register_shrinker+0x15f/0x220 [ 915.230244] ? sget_userns+0x768/0xc10 [ 915.234139] ? get_anon_bdev+0x1c0/0x1c0 22:45:37 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = getuid() syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x3d26}}, {@default_permissions}, {@default_permissions}, {}], [{@fowner_eq}, {@pcr={'pcr', 0x3d, 0x2b}}, {@fowner_eq={'fowner', 0x3d, r1}}]}}, 0x0, 0x0, 0x0) [ 915.238203] ? sget+0xd9/0x110 [ 915.241396] ? fuse_get_root_inode+0xc0/0xc0 [ 915.245810] mount_nodev+0x4c/0xf0 [ 915.249365] mount_fs+0x92/0x2a0 [ 915.252757] vfs_kern_mount.part.0+0x5b/0x470 [ 915.257256] do_mount+0xe65/0x2a30 [ 915.260812] ? __do_page_fault+0x159/0xad0 [ 915.265062] ? retint_kernel+0x2d/0x2d [ 915.268959] ? copy_mount_string+0x40/0x40 [ 915.273208] ? memset+0x20/0x40 [ 915.276497] ? copy_mount_options+0x1fa/0x2f0 [ 915.280996] ? copy_mnt_ns+0xa30/0xa30 [ 915.284900] SyS_mount+0xa8/0x120 22:45:37 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 915.288360] ? copy_mnt_ns+0xa30/0xa30 [ 915.292257] do_syscall_64+0x1d5/0x640 [ 915.296258] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 915.301462] RIP: 0033:0x7f8e2a1775fa [ 915.305170] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 915.312965] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 915.320235] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 915.327514] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 22:45:37 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$mixer_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f0000000140)) r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) [ 915.334781] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 915.342227] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:38 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, 0x0) ioctl$SOUND_MIXER_READ_RECMASK(r1, 0x80044dfd, &(0x7f0000000000)) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) (async) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, 0x0) (async) ioctl$SOUND_MIXER_READ_RECMASK(r1, 0x80044dfd, &(0x7f0000000000)) (async) ioctl$SOUND_MIXER_READ_STEREODEVS(r1, 0x80044dfb, &(0x7f0000000040)) (async) 22:45:38 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = getuid() syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x3d26}}, {@default_permissions}, {@default_permissions}, {}], [{@fowner_eq}, {@pcr={'pcr', 0x3d, 0x2b}}, {@fowner_eq={'fowner', 0x3d, r1}}]}}, 0x0, 0x0, 0x0) 22:45:38 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0x0, 0x0, {0x0, 0x4}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:38 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:38 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r1, &(0x7f00000000c0)={0x60, 0x0, r2, {{0x8, 0x553bf17e, 0x9, 0x8, 0xfffffffffffffffd, 0xbc, 0x7, 0x6}}}, 0x60) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:38 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 49) 22:45:38 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:38 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20, 0x0, 0x0, {0x0, 0x4}}, 0x20) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:38 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0xb0, 0xfffffffffffffff5, r1, [{0x0, 0xfffffffffffffffd, 0x2, 0x0, 'R$'}, {0x1, 0x0, 0x7, 0x8, '\\-@+-\\*'}, {0x6, 0xfffffffffffffffd, 0x8, 0x772, 'rootmode'}, {0x6, 0x7c70, 0x5, 0x3, 'fuse\x00'}, {0x2, 0xc000000000000000, 0x8, 0x4, 'group_id'}]}, 0xb0) 22:45:38 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 915.998531] FAULT_INJECTION: forcing a failure. [ 915.998531] name failslab, interval 1, probability 0, space 0, times 0 22:45:38 executing program 4: socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) [ 916.080637] CPU: 1 PID: 16608 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 916.088546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 916.097900] Call Trace: [ 916.100488] dump_stack+0x1b2/0x281 [ 916.104146] should_fail.cold+0x10a/0x149 [ 916.108296] should_failslab+0xd6/0x130 [ 916.113363] kmem_cache_alloc+0x28e/0x3c0 [ 916.117519] __kernfs_new_node+0x6f/0x470 [ 916.121674] kernfs_new_node+0x7b/0xe0 [ 916.125565] __kernfs_create_file+0x3d/0x320 [ 916.129982] sysfs_add_file_mode_ns+0x1e1/0x450 [ 916.134658] sysfs_merge_group+0xdc/0x200 [ 916.138820] dpm_sysfs_add+0x122/0x1c0 [ 916.142720] device_add+0x977/0x15c0 [ 916.146439] ? device_is_dependent+0x2a0/0x2a0 [ 916.151028] ? kfree+0x1f0/0x250 [ 916.154403] device_create_groups_vargs+0x1dc/0x250 [ 916.159423] device_create_vargs+0x3a/0x50 [ 916.163677] bdi_register_va.part.0+0x35/0x650 [ 916.168274] bdi_register_va+0x63/0x80 [ 916.172176] super_setup_bdi_name+0x123/0x220 [ 916.176785] ? kill_block_super+0xe0/0xe0 [ 916.180938] ? do_raw_spin_unlock+0x164/0x220 [ 916.185708] fuse_fill_super+0x937/0x15c0 [ 916.189865] ? fuse_get_root_inode+0xc0/0xc0 [ 916.194286] ? up_write+0x17/0x60 [ 916.197746] ? register_shrinker+0x15f/0x220 [ 916.202157] ? sget_userns+0x768/0xc10 [ 916.206045] ? get_anon_bdev+0x1c0/0x1c0 [ 916.210084] ? sget+0xd9/0x110 [ 916.213259] ? fuse_get_root_inode+0xc0/0xc0 [ 916.217775] mount_nodev+0x4c/0xf0 [ 916.221311] mount_fs+0x92/0x2a0 [ 916.224669] vfs_kern_mount.part.0+0x5b/0x470 [ 916.229149] do_mount+0xe65/0x2a30 [ 916.232674] ? __do_page_fault+0x159/0xad0 [ 916.236890] ? retint_kernel+0x2d/0x2d [ 916.240757] ? copy_mount_string+0x40/0x40 [ 916.245015] ? memset+0x20/0x40 [ 916.248311] ? copy_mount_options+0x1fa/0x2f0 [ 916.252880] ? copy_mnt_ns+0xa30/0xa30 [ 916.256763] SyS_mount+0xa8/0x120 [ 916.260516] ? copy_mnt_ns+0xa30/0xa30 [ 916.264404] do_syscall_64+0x1d5/0x640 [ 916.268304] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 916.273473] RIP: 0033:0x7f8e2a1775fa 22:45:38 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000020000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000100000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) 22:45:38 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000040)=0xffff) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x9, 0x1) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f00000000c0)=""/3) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r2) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/183, 0xcb) 22:45:38 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0xb0, 0xfffffffffffffff5, r1, [{0x0, 0xfffffffffffffffd, 0x2, 0x0, 'R$'}, {0x1, 0x0, 0x7, 0x8, '\\-@+-\\*'}, {0x6, 0xfffffffffffffffd, 0x8, 0x772, 'rootmode'}, {0x6, 0x7c70, 0x5, 0x3, 'fuse\x00'}, {0x2, 0xc000000000000000, 0x8, 0x4, 'group_id'}]}, 0xb0) [ 916.277162] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 916.285382] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 916.292631] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 916.299879] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 916.307133] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 916.314558] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:38 executing program 4: socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:38 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 50) 22:45:38 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:38 executing program 4: socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a3ddbc893fdf3dc7a07763416cd4aedd780faccb867ec2012aa16284fae905553a18c4dda401a9c30a7b74a183ac7a0aec6b86430d561f813bdc0dbcd352c2de6634e390c8cb1b1b04c56f8b1c0b69ce801d865a9b76ce47b6bff49fefc2f6a8178d081446ba92b70ac0d68861868faad", 0xe1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:38 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000020000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000100000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000020000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000100000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) (async) 22:45:38 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000040)=0xffff) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x9, 0x1) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f00000000c0)=""/3) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r2) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/183, 0xcb) syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (async) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000040)=0xffff) (async) syz_open_dev$evdev(&(0x7f0000000080), 0x9, 0x1) (async) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f00000000c0)=""/3) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r2) (async) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/183, 0xcb) (async) 22:45:38 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:38 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r0, &(0x7f0000000080)={0xb0, 0xfffffffffffffff5, r1, [{0x0, 0xfffffffffffffffd, 0x2, 0x0, 'R$'}, {0x1, 0x0, 0x7, 0x8, '\\-@+-\\*'}, {0x6, 0xfffffffffffffffd, 0x8, 0x772, 'rootmode'}, {0x6, 0x7c70, 0x5, 0x3, 'fuse\x00'}, {0x2, 0xc000000000000000, 0x8, 0x4, 'group_id'}]}, 0xb0) 22:45:38 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) [ 916.459333] FAULT_INJECTION: forcing a failure. [ 916.459333] name failslab, interval 1, probability 0, space 0, times 0 [ 916.488767] CPU: 1 PID: 16670 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 916.496684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 916.506046] Call Trace: 22:45:38 executing program 0: r0 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000040)=0xffff) (async) r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x9, 0x1) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f00000000c0)=""/3) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r2) (async) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/183, 0xcb) [ 916.508633] dump_stack+0x1b2/0x281 [ 916.512269] should_fail.cold+0x10a/0x149 [ 916.516440] should_failslab+0xd6/0x130 [ 916.520423] kmem_cache_alloc_trace+0x29a/0x3d0 [ 916.525110] ? dev_uevent_filter+0xd0/0xd0 [ 916.529357] kobject_uevent_env+0x20c/0xf30 [ 916.533690] ? wait_for_completion_io+0x10/0x10 [ 916.538372] device_add+0xa47/0x15c0 [ 916.542115] ? device_is_dependent+0x2a0/0x2a0 [ 916.546700] ? kfree+0x1f0/0x250 [ 916.550075] device_create_groups_vargs+0x1dc/0x250 [ 916.555108] device_create_vargs+0x3a/0x50 [ 916.559351] bdi_register_va.part.0+0x35/0x650 [ 916.563945] bdi_register_va+0x63/0x80 [ 916.567843] super_setup_bdi_name+0x123/0x220 [ 916.572344] ? kill_block_super+0xe0/0xe0 [ 916.576497] ? do_raw_spin_unlock+0x164/0x220 [ 916.580999] fuse_fill_super+0x937/0x15c0 [ 916.585155] ? fuse_get_root_inode+0xc0/0xc0 [ 916.589564] ? up_write+0x17/0x60 [ 916.593019] ? register_shrinker+0x15f/0x220 [ 916.597427] ? sget_userns+0x768/0xc10 [ 916.601343] ? get_anon_bdev+0x1c0/0x1c0 [ 916.605419] ? sget+0xd9/0x110 [ 916.608615] ? fuse_get_root_inode+0xc0/0xc0 [ 916.613027] mount_nodev+0x4c/0xf0 [ 916.616569] mount_fs+0x92/0x2a0 [ 916.619956] vfs_kern_mount.part.0+0x5b/0x470 [ 916.624462] do_mount+0xe65/0x2a30 [ 916.628010] ? __do_page_fault+0x159/0xad0 [ 916.632249] ? retint_kernel+0x2d/0x2d [ 916.636143] ? copy_mount_string+0x40/0x40 [ 916.640386] ? memset+0x20/0x40 [ 916.643760] ? copy_mount_options+0x1fa/0x2f0 [ 916.648269] ? copy_mnt_ns+0xa30/0xa30 [ 916.652158] SyS_mount+0xa8/0x120 [ 916.655616] ? copy_mnt_ns+0xa30/0xa30 [ 916.659508] do_syscall_64+0x1d5/0x640 [ 916.663403] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 916.668597] RIP: 0033:0x7f8e2a1775fa [ 916.672302] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 916.680016] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 916.687283] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 916.694556] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 916.701826] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 22:45:38 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c15d4423c3867726f75f37a56f6a820d7cba9d6184b8534d91abec5c732cf1ec18f4a5d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,max_read=0x0000000000000001,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,pcr=00000000000000000042,\x00'], 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000080)) 22:45:38 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:38 executing program 1: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, 0x0, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000020000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000100000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) [ 916.709091] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:39 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 51) 22:45:39 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:39 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c15d4423c3867726f75f37a56f6a820d7cba9d6184b8534d91abec5c732cf1ec18f4a5d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,max_read=0x0000000000000001,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,pcr=00000000000000000042,\x00'], 0x0, 0x0, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000080)) 22:45:39 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x4, 0x9, 0x97, 0x80000001, 0x20, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x700, 0x10, 0x8, 0x9c}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0xfc, 0x3a2557e3, 0x41, @private1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x7, 0x74, 0x4}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0x6, 0x40, 0x2, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, 0x8, 0x1, 0x80000000, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x4, 0xff, 0xc0, 0x800, 0x0, @loopback, @remote, 0x8000, 0x7, 0x2, 0x9}}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000e00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000480)={0x904, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xfff7, 0x2, 0x81, 0x4}, {0x8001, 0x8, 0x0, 0x8}, {0x5, 0x89, 0x9f, 0xe1}, {0x1f, 0x7f, 0x7, 0x4}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xf31}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9efa}}}]}}, {{0x8}, {0x1a8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x9, 0x81, 0xc6, 0x18e}, {0xe839, 0x2, 0x4, 0x2}, {0x7f, 0x6, 0x97, 0x9}, {0x400, 0xff, 0x1f, 0x10000}, {0x6, 0x1, 0x22, 0xc5e}, {0x6, 0x0, 0x3f, 0x254f}, {0x3, 0x47, 0x4, 0x7d}, {0x8, 0x3f, 0x95, 0x80000001}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xd67f}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x0, 0x5, 0xff}, {0x3, 0x0, 0x81, 0x811e}, {0x1, 0x7, 0x80, 0x3b}, {0x2, 0x9, 0x9, 0x7fffffff}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1000, 0x6, 0xa7, 0xffff}, {0x6, 0x3f, 0x7}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}}]}}, {{0x8, 0x1, r3}, {0x248, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x400, 0x0, 0xb7}, {0x9, 0x6, 0x1f, 0x8}, {0x100, 0x53, 0x3, 0x8}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xcae4, 0x9, 0x3, 0x80000000}, {0x3, 0x5, 0x1b, 0x81}]}}}]}}]}, 0x904}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:39 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:39 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:39 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180), 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:39 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:39 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c15d4423c3867726f75f37a56f6a820d7cba9d6184b8534d91abec5c732cf1ec18f4a5d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,max_read=0x0000000000000001,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,pcr=00000000000000000042,\x00'], 0x0, 0x0, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000080)) [ 916.882432] FAULT_INJECTION: forcing a failure. [ 916.882432] name failslab, interval 1, probability 0, space 0, times 0 [ 916.918578] CPU: 0 PID: 16720 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 916.926483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 916.935832] Call Trace: [ 916.938419] dump_stack+0x1b2/0x281 [ 916.942054] should_fail.cold+0x10a/0x149 [ 916.946211] should_failslab+0xd6/0x130 [ 916.950209] kmem_cache_alloc_node+0x263/0x410 [ 916.954797] __alloc_skb+0x5c/0x510 [ 916.958428] kobject_uevent_env+0x882/0xf30 [ 916.962757] device_add+0xa47/0x15c0 [ 916.966474] ? device_is_dependent+0x2a0/0x2a0 [ 916.971054] ? kfree+0x1f0/0x250 [ 916.974419] device_create_groups_vargs+0x1dc/0x250 [ 916.979438] device_create_vargs+0x3a/0x50 [ 916.983676] bdi_register_va.part.0+0x35/0x650 22:45:39 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180), 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:39 executing program 3: syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 916.988269] bdi_register_va+0x63/0x80 [ 916.992160] super_setup_bdi_name+0x123/0x220 [ 916.996658] ? kill_block_super+0xe0/0xe0 [ 917.000808] ? do_raw_spin_unlock+0x164/0x220 [ 917.005308] fuse_fill_super+0x937/0x15c0 [ 917.009466] ? fuse_get_root_inode+0xc0/0xc0 [ 917.013876] ? up_write+0x17/0x60 [ 917.017329] ? register_shrinker+0x15f/0x220 [ 917.021742] ? sget_userns+0x768/0xc10 [ 917.025635] ? get_anon_bdev+0x1c0/0x1c0 [ 917.029688] ? sget+0xd9/0x110 [ 917.032869] ? fuse_get_root_inode+0xc0/0xc0 [ 917.037272] mount_nodev+0x4c/0xf0 [ 917.040796] mount_fs+0x92/0x2a0 [ 917.044142] vfs_kern_mount.part.0+0x5b/0x470 [ 917.048615] do_mount+0xe65/0x2a30 [ 917.052135] ? __do_page_fault+0x159/0xad0 [ 917.056350] ? retint_kernel+0x2d/0x2d [ 917.060212] ? copy_mount_string+0x40/0x40 [ 917.064445] ? memset+0x20/0x40 [ 917.067759] ? copy_mount_options+0x1fa/0x2f0 [ 917.072238] ? copy_mnt_ns+0xa30/0xa30 [ 917.076103] SyS_mount+0xa8/0x120 [ 917.079532] ? copy_mnt_ns+0xa30/0xa30 [ 917.083591] do_syscall_64+0x1d5/0x640 [ 917.087547] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 917.092712] RIP: 0033:0x7f8e2a1775fa [ 917.096401] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 917.104083] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 917.111331] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 917.118577] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 917.125826] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 917.133336] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:39 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 52) 22:45:39 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180), 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:39 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:39 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f00000000c0)=""/211) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x6, 0x2, 0x1, 0x0, [0x0]}}, 0x29) [ 917.227449] FAULT_INJECTION: forcing a failure. [ 917.227449] name failslab, interval 1, probability 0, space 0, times 0 [ 917.241003] CPU: 1 PID: 16756 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 917.248906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 917.258254] Call Trace: [ 917.260829] dump_stack+0x1b2/0x281 [ 917.264438] should_fail.cold+0x10a/0x149 [ 917.268564] should_failslab+0xd6/0x130 [ 917.272543] kmem_cache_alloc_node+0x263/0x410 [ 917.277104] __alloc_skb+0x5c/0x510 [ 917.280710] kobject_uevent_env+0x882/0xf30 [ 917.285011] device_add+0xa47/0x15c0 [ 917.288701] ? device_is_dependent+0x2a0/0x2a0 [ 917.293259] ? kfree+0x1f0/0x250 [ 917.296602] device_create_groups_vargs+0x1dc/0x250 [ 917.301595] device_create_vargs+0x3a/0x50 [ 917.305810] bdi_register_va.part.0+0x35/0x650 [ 917.310370] bdi_register_va+0x63/0x80 [ 917.314233] super_setup_bdi_name+0x123/0x220 [ 917.318706] ? kill_block_super+0xe0/0xe0 [ 917.322829] ? do_raw_spin_unlock+0x164/0x220 [ 917.327364] fuse_fill_super+0x937/0x15c0 [ 917.331522] ? fuse_get_root_inode+0xc0/0xc0 [ 917.335915] ? up_write+0x17/0x60 [ 917.339352] ? register_shrinker+0x15f/0x220 [ 917.343735] ? sget_userns+0x768/0xc10 [ 917.347603] ? get_anon_bdev+0x1c0/0x1c0 [ 917.351651] ? sget+0xd9/0x110 [ 917.354820] ? fuse_get_root_inode+0xc0/0xc0 [ 917.359201] mount_nodev+0x4c/0xf0 [ 917.362715] mount_fs+0x92/0x2a0 [ 917.366062] vfs_kern_mount.part.0+0x5b/0x470 [ 917.370533] do_mount+0xe65/0x2a30 [ 917.374053] ? __do_page_fault+0x159/0xad0 [ 917.378265] ? retint_kernel+0x2d/0x2d [ 917.382129] ? copy_mount_string+0x40/0x40 [ 917.386342] ? memset+0x20/0x40 [ 917.389600] ? copy_mount_options+0x1fa/0x2f0 [ 917.394073] ? copy_mnt_ns+0xa30/0xa30 [ 917.397934] SyS_mount+0xa8/0x120 [ 917.401394] ? copy_mnt_ns+0xa30/0xa30 [ 917.405263] do_syscall_64+0x1d5/0x640 [ 917.409127] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 917.414298] RIP: 0033:0x7f8e2a1775fa [ 917.417989] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 917.425672] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 917.432928] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 917.440193] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 917.447455] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 917.454808] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:39 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x4, 0x9, 0x97, 0x80000001, 0x20, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x700, 0x10, 0x8, 0x9c}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0xfc, 0x3a2557e3, 0x41, @private1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x7, 0x74, 0x4}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0x6, 0x40, 0x2, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, 0x8, 0x1, 0x80000000, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x4, 0xff, 0xc0, 0x800, 0x0, @loopback, @remote, 0x8000, 0x7, 0x2, 0x9}}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000e00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000480)={0x904, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xfff7, 0x2, 0x81, 0x4}, {0x8001, 0x8, 0x0, 0x8}, {0x5, 0x89, 0x9f, 0xe1}, {0x1f, 0x7f, 0x7, 0x4}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xf31}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9efa}}}]}}, {{0x8}, {0x1a8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x9, 0x81, 0xc6, 0x18e}, {0xe839, 0x2, 0x4, 0x2}, {0x7f, 0x6, 0x97, 0x9}, {0x400, 0xff, 0x1f, 0x10000}, {0x6, 0x1, 0x22, 0xc5e}, {0x6, 0x0, 0x3f, 0x254f}, {0x3, 0x47, 0x4, 0x7d}, {0x8, 0x3f, 0x95, 0x80000001}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xd67f}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x0, 0x5, 0xff}, {0x3, 0x0, 0x81, 0x811e}, {0x1, 0x7, 0x80, 0x3b}, {0x2, 0x9, 0x9, 0x7fffffff}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1000, 0x6, 0xa7, 0xffff}, {0x6, 0x3f, 0x7}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}}]}}, {{0x8, 0x1, r3}, {0x248, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x400, 0x0, 0xb7}, {0x9, 0x6, 0x1f, 0x8}, {0x100, 0x53, 0x3, 0x8}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xcae4, 0x9, 0x3, 0x80000000}, {0x3, 0x5, 0x1b, 0x81}]}}}]}}]}, 0x904}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x4, 0x9, 0x97, 0x80000001, 0x20, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x700, 0x10, 0x8, 0x9c}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0xfc, 0x3a2557e3, 0x41, @private1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x7, 0x74, 0x4}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0x6, 0x40, 0x2, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, 0x8, 0x1, 0x80000000, 0x4}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x4, 0xff, 0xc0, 0x800, 0x0, @loopback, @remote, 0x8000, 0x7, 0x2, 0x9}}) (async) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000e00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000480)={0x904, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xfff7, 0x2, 0x81, 0x4}, {0x8001, 0x8, 0x0, 0x8}, {0x5, 0x89, 0x9f, 0xe1}, {0x1f, 0x7f, 0x7, 0x4}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xf31}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9efa}}}]}}, {{0x8}, {0x1a8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x9, 0x81, 0xc6, 0x18e}, {0xe839, 0x2, 0x4, 0x2}, {0x7f, 0x6, 0x97, 0x9}, {0x400, 0xff, 0x1f, 0x10000}, {0x6, 0x1, 0x22, 0xc5e}, {0x6, 0x0, 0x3f, 0x254f}, {0x3, 0x47, 0x4, 0x7d}, {0x8, 0x3f, 0x95, 0x80000001}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xd67f}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x0, 0x5, 0xff}, {0x3, 0x0, 0x81, 0x811e}, {0x1, 0x7, 0x80, 0x3b}, {0x2, 0x9, 0x9, 0x7fffffff}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1000, 0x6, 0xa7, 0xffff}, {0x6, 0x3f, 0x7}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}}]}}, {{0x8, 0x1, r3}, {0x248, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x400, 0x0, 0xb7}, {0x9, 0x6, 0x1f, 0x8}, {0x100, 0x53, 0x3, 0x8}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xcae4, 0x9, 0x3, 0x80000000}, {0x3, 0x5, 0x1b, 0x81}]}}}]}}]}, 0x904}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) 22:45:39 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) 22:45:39 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:39 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f00000000c0)=""/211) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x6, 0x2, 0x1, 0x0, [0x0]}}, 0x29) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (async) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f00000000c0)=""/211) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x6, 0x2, 0x1, 0x0, [0x0]}}, 0x29) (async) 22:45:39 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)="3ee1f928ec818da963409045fb57096b49d162d694323652309d530f95974dc9688323fdfa36d3eb54f3f347ff1e7b648dcccc2344965bddff23f29325cbe86b8585c8e4dce6419d34066eae28431ff0614107b77f2b9d107d7a9a6c0a7e278ac2a110c86e8f64f8b077fc766513f3570a", 0x71, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:39 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 53) 22:45:39 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:39 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 917.768636] FAULT_INJECTION: forcing a failure. [ 917.768636] name failslab, interval 1, probability 0, space 0, times 0 [ 917.792496] CPU: 0 PID: 16785 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 917.800402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 917.809762] Call Trace: [ 917.812354] dump_stack+0x1b2/0x281 [ 917.815987] should_fail.cold+0x10a/0x149 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 917.820152] should_failslab+0xd6/0x130 [ 917.824133] kmem_cache_alloc_node_trace+0x25a/0x400 [ 917.829342] __kmalloc_node_track_caller+0x38/0x70 [ 917.834277] __alloc_skb+0x96/0x510 [ 917.837918] kobject_uevent_env+0x882/0xf30 [ 917.842250] device_add+0xa47/0x15c0 [ 917.846054] ? device_is_dependent+0x2a0/0x2a0 [ 917.850648] ? kfree+0x1f0/0x250 [ 917.854018] device_create_groups_vargs+0x1dc/0x250 [ 917.859125] device_create_vargs+0x3a/0x50 [ 917.863370] bdi_register_va.part.0+0x35/0x650 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 917.867977] bdi_register_va+0x63/0x80 [ 917.871961] super_setup_bdi_name+0x123/0x220 [ 917.876459] ? kill_block_super+0xe0/0xe0 [ 917.880615] ? do_raw_spin_unlock+0x164/0x220 [ 917.885118] fuse_fill_super+0x937/0x15c0 [ 917.889277] ? fuse_get_root_inode+0xc0/0xc0 [ 917.893685] ? up_write+0x17/0x60 [ 917.897135] ? register_shrinker+0x15f/0x220 [ 917.901550] ? sget_userns+0x768/0xc10 [ 917.905538] ? get_anon_bdev+0x1c0/0x1c0 [ 917.909606] ? sget+0xd9/0x110 [ 917.912802] ? fuse_get_root_inode+0xc0/0xc0 [ 917.917231] mount_nodev+0x4c/0xf0 [ 917.920766] mount_fs+0x92/0x2a0 [ 917.924116] vfs_kern_mount.part.0+0x5b/0x470 [ 917.928621] do_mount+0xe65/0x2a30 [ 917.932143] ? __do_page_fault+0x159/0xad0 [ 917.936441] ? retint_kernel+0x2d/0x2d [ 917.940334] ? copy_mount_string+0x40/0x40 [ 917.944561] ? memset+0x20/0x40 [ 917.947912] ? copy_mount_options+0x1fa/0x2f0 [ 917.953261] ? copy_mnt_ns+0xa30/0xa30 [ 917.957145] SyS_mount+0xa8/0x120 [ 917.960588] ? copy_mnt_ns+0xa30/0xa30 [ 917.964470] do_syscall_64+0x1d5/0x640 [ 917.968356] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 917.973701] RIP: 0033:0x7f8e2a1775fa [ 917.977391] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 917.985091] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 917.992349] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 918.000382] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 918.007634] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 918.014886] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x4, 0x9, 0x97, 0x80000001, 0x20, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x700, 0x10, 0x8, 0x9c}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0xfc, 0x3a2557e3, 0x41, @private1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x7, 0x74, 0x4}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0x6, 0x40, 0x2, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, 0x8, 0x1, 0x80000000, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x4, 0xff, 0xc0, 0x800, 0x0, @loopback, @remote, 0x8000, 0x7, 0x2, 0x9}}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000e00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000480)={0x904, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xfff7, 0x2, 0x81, 0x4}, {0x8001, 0x8, 0x0, 0x8}, {0x5, 0x89, 0x9f, 0xe1}, {0x1f, 0x7f, 0x7, 0x4}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xf31}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9efa}}}]}}, {{0x8}, {0x1a8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x9, 0x81, 0xc6, 0x18e}, {0xe839, 0x2, 0x4, 0x2}, {0x7f, 0x6, 0x97, 0x9}, {0x400, 0xff, 0x1f, 0x10000}, {0x6, 0x1, 0x22, 0xc5e}, {0x6, 0x0, 0x3f, 0x254f}, {0x3, 0x47, 0x4, 0x7d}, {0x8, 0x3f, 0x95, 0x80000001}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xd67f}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x0, 0x5, 0xff}, {0x3, 0x0, 0x81, 0x811e}, {0x1, 0x7, 0x80, 0x3b}, {0x2, 0x9, 0x9, 0x7fffffff}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1000, 0x6, 0xa7, 0xffff}, {0x6, 0x3f, 0x7}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}}]}}, {{0x8, 0x1, r3}, {0x248, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x400, 0x0, 0xb7}, {0x9, 0x6, 0x1f, 0x8}, {0x100, 0x53, 0x3, 0x8}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xcae4, 0x9, 0x3, 0x80000000}, {0x3, 0x5, 0x1b, 0x81}]}}}]}}]}, 0x904}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x4, 0x9, 0x97, 0x80000001, 0x20, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x700, 0x10, 0x8, 0x9c}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'syztnl2\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x29, 0x4, 0xfc, 0x3a2557e3, 0x41, @private1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x700, 0x7, 0x74, 0x4}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6gre0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x2f, 0x6, 0x40, 0x2, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast1, 0x8, 0x1, 0x80000000, 0x4}}) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'syztnl0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x4, 0xff, 0xc0, 0x800, 0x0, @loopback, @remote, 0x8000, 0x7, 0x2, 0x9}}) (async) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000e00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000480)={0x904, 0x0, 0x200, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xfff7, 0x2, 0x81, 0x4}, {0x8001, 0x8, 0x0, 0x8}, {0x5, 0x89, 0x9f, 0xe1}, {0x1f, 0x7f, 0x7, 0x4}]}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}]}}, {{0x8}, {0xf8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffff}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xf31}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9efa}}}]}}, {{0x8}, {0x1a8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x9, 0x81, 0xc6, 0x18e}, {0xe839, 0x2, 0x4, 0x2}, {0x7f, 0x6, 0x97, 0x9}, {0x400, 0xff, 0x1f, 0x10000}, {0x6, 0x1, 0x22, 0xc5e}, {0x6, 0x0, 0x3f, 0x254f}, {0x3, 0x47, 0x4, 0x7d}, {0x8, 0x3f, 0x95, 0x80000001}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xd67f}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x114, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x0, 0x5, 0xff}, {0x3, 0x0, 0x81, 0x811e}, {0x1, 0x7, 0x80, 0x3b}, {0x2, 0x9, 0x9, 0x7fffffff}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1000, 0x6, 0xa7, 0xffff}, {0x6, 0x3f, 0x7}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1ff}}}]}}, {{0x8, 0x1, r3}, {0x248, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r4}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x400, 0x0, 0xb7}, {0x9, 0x6, 0x1f, 0x8}, {0x100, 0x53, 0x3, 0x8}]}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0xcae4, 0x9, 0x3, 0x80000000}, {0x3, 0x5, 0x1b, 0x81}]}}}]}}]}, 0x904}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:40 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 54) 22:45:40 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180), 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:40 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:40 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f00000000c0)=""/211) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x6, 0x2, 0x1, 0x0, [0x0]}}, 0x29) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:40 executing program 1: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 918.155233] FAULT_INJECTION: forcing a failure. [ 918.155233] name failslab, interval 1, probability 0, space 0, times 0 [ 918.172009] CPU: 0 PID: 16835 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 918.179928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 918.189278] Call Trace: [ 918.191874] dump_stack+0x1b2/0x281 [ 918.195506] should_fail.cold+0x10a/0x149 [ 918.199665] should_failslab+0xd6/0x130 22:45:40 executing program 1: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) (async) [ 918.203645] kmem_cache_alloc_node_trace+0x25a/0x400 [ 918.208756] __kmalloc_node_track_caller+0x38/0x70 [ 918.213692] __alloc_skb+0x96/0x510 [ 918.217364] kobject_uevent_env+0x882/0xf30 [ 918.221699] device_add+0xa47/0x15c0 [ 918.225435] ? device_is_dependent+0x2a0/0x2a0 [ 918.230021] ? kfree+0x1f0/0x250 [ 918.233393] device_create_groups_vargs+0x1dc/0x250 [ 918.238415] device_create_vargs+0x3a/0x50 [ 918.242660] bdi_register_va.part.0+0x35/0x650 [ 918.247245] bdi_register_va+0x63/0x80 [ 918.251227] super_setup_bdi_name+0x123/0x220 22:45:40 executing program 1: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 918.255727] ? kill_block_super+0xe0/0xe0 [ 918.259877] ? do_raw_spin_unlock+0x164/0x220 [ 918.265115] fuse_fill_super+0x937/0x15c0 [ 918.269281] ? fuse_get_root_inode+0xc0/0xc0 [ 918.273700] ? up_write+0x17/0x60 [ 918.277158] ? register_shrinker+0x15f/0x220 [ 918.281581] ? sget_userns+0x768/0xc10 [ 918.285481] ? get_anon_bdev+0x1c0/0x1c0 [ 918.289554] ? sget+0xd9/0x110 [ 918.292891] ? fuse_get_root_inode+0xc0/0xc0 [ 918.297313] mount_nodev+0x4c/0xf0 [ 918.300855] mount_fs+0x92/0x2a0 [ 918.304237] vfs_kern_mount.part.0+0x5b/0x470 [ 918.308735] do_mount+0xe65/0x2a30 [ 918.312279] ? __do_page_fault+0x159/0xad0 [ 918.316595] ? retint_kernel+0x2d/0x2d [ 918.320485] ? copy_mount_string+0x40/0x40 [ 918.324717] ? memset+0x20/0x40 [ 918.327979] ? copy_mount_options+0x1fa/0x2f0 [ 918.332448] ? copy_mnt_ns+0xa30/0xa30 [ 918.336313] SyS_mount+0xa8/0x120 [ 918.339747] ? copy_mnt_ns+0xa30/0xa30 [ 918.343641] do_syscall_64+0x1d5/0x640 [ 918.347518] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 22:45:40 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1a, 0x4, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r2, 0x80044dfc, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r2, 0x80044dfc, &(0x7f0000000040)) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 918.352686] RIP: 0033:0x7f8e2a1775fa [ 918.356376] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 918.364233] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 918.371483] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 918.378728] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 918.385981] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 918.393234] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:40 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 55) 22:45:40 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75708169643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:40 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180), 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:40 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="52f336aca643aca4acb5f90a646a4135643fbea274378475096e1cec43dd1f651e9c3f6a4af34fbc46538e3b3086510a5abfb9b75cc29381501db431efc94205a0f3bb51c8c02a0cdf0219fd9b46c8118bb8e089d7e53ae47c13b6ce399ac7da059c7227e085ad47b43f2fc286e87a7ed9205a2be24406e0ed08a3db4d57982525845fb0ebcd4b81b407649cbfae45a1f01389169cbc65da229e1ecfaf0d6a0e8db354c5b29e71080dafb7ce34623d33e23204d44d55b4fa9f2f94cd1128736a68ca2febfa5fdfb95f25214f0f21d68ff303e6b2110208aa96249b890f13819358eaf64cbee26a9922dd7ca13062416e3fe9f6", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x102002, &(0x7f0000004400)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}], [{@appraise}, {@seclabel}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x38, 0x34, 0x66, 0x32, 0x66, 0x64], 0x2d, [0x35, 0x39, 0x33, 0x37], 0x2d, [0x39, 0x36, 0x65, 0x65], 0x2d, [0x33, 0x34, 0x61, 0x66], 0x2d, [0x65, 0x32, 0x61, 0x34, 0x33, 0x62, 0x35, 0x62]}}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@subj_user={'subj_user', 0x3d, 'fuse\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x34, 0x34, 0x34, 0x61, 0x62, 0x31, 0x64], 0x2d, [0x31, 0x31, 0x30, 0x62], 0x2d, [0x32, 0x8, 0x0, 0x32], 0x2d, [0x64, 0x35, 0x35], 0x2d, [0x60, 0x33, 0x63, 0x38, 0x3c, 0x33, 0x31, 0x38]}}}, {@context={'context', 0x3d, 'root'}}]}}, 0x1, 0x0, &(0x7f0000004540)="d57912a1896b3c5ce3c026a1987b108d0cd5225a66e0f1e33f1c7ff599c070b337ada15985b82dbfec4cd2b08df4d5463951a66e8a5004b7ff46b92fdaec44b90534f2ebb989ac00fdc1b35fb99153b1e4a907a4f0399fc4edc93704ce07690694bfc3256c301c239e33a263a47af7bac51d26e0b274174b1b19a23ef7964401e0baa0b6093dfeb4ad952e35dc1571a3ff3cdcddc92bd87a989f0138032fe4cbd9098f56ff833f7837964224d91b5e9cc2cb0e7ff111137f28aa5b16c275abfe7b31a88c0e0d41fa56d4fa4402b547f227d67ac0d76fd0efbc3311161d963c7d57f65a7dd21a30d837f25e2a0fef69278c2b8c022eb83357058e029353560993b4069d934a2f9eefdbe11da7b94e51d9ea88ba7025f5619326825e6426ca0e7a5372752940d455045328c2b804fef20a29e656e95cd75d95db8cf5940e93d186754a1789d65b5334fce1d4d7e5d0244bcf8f8904e5ed38a71ff435df6e3aeb1c0eea8f20e9467b37446c53ba10cc9830bbec9260636184d3247e0edf03cf19fadc6fc744fe0076b9851f265dc872a7f98a279c63ac3ee609ef412dd32a05352c436ca66d8eea73099d4616b3b2b3bc2e47fead9249e46294c6fbc8793313c9ae021d44c99de32559cd863e62ba3ce62ab6f873b27ba1cd3e20e6efdd597b79b9333020fb56ac8db40a5aca3a925c6373eb246e53ad304f8a8404afa198c8f1fdd579795d28022dbe2dcd2a2b98c9739ed218c408c738063c8d6aff61ed86d57ccd3fcbdfe7e4d28dc56a90724aafeb6afb183ee8a17ab65ff924d45285d79a5de1428d53e391c218a09b30b2339385e6e068d25f52056c811732b3f1717244fac5e1301270224a1c684695ce5b7ec7f8f23044f600db2abb53c361ec7a8080cfde5d4518199121711ff72e9bd4d816534b82de529403b775003e4e00490c2cad2d7c1356ed593ee4cba2a0e7657eb61ad64a1196a62daf61d2d54be4bb1bba51ee0b231ac3660700c8685e6df32ace8fcb29fef73db42e417370c435f8fe3dc6e556ae7df07a567bd34e1bccf2ca1e78f60f0eea272e2726530b93cd6a77283d7d7b7b6ed6eca98620c62888bcf665b3c9e3f86a6e3b82556989e3eca143c8eed07ba5d31509325c1188af02163478fd524800a24fb7d48ec1d680ae09862c436155951103d152ee51574fe442eeff27886e45bc0c17e8c7a6a32f84083c2739ec7dfc1d8ef0f4486335da6c40c24c2e8280525607d1b5709ec7aabb986af91b6a675a85cb56e07de3157b66ea6d8baab63447a2f07626fcfe148c3d2fa65f8b9d630bb5ade737b357d41533d06d58fb3cb781f94325005dd800820f21509bc504666bfadd2164f3cd25905bb1534b763d806b877c47392c7ed748623d0d24aaff936dfdf8b36eb3609acd8da8a0f7c7ee81ba5abbd68345bc012146d128f761e59c7c9cd59b38c56c69be458126a66f3b2b0dc45238816f82e93f5b9c86a467d10ead954d93954fdca7eb9e29876e7ee6432d2175e34753430165087d8feeac2d7244564fdd6cdfe98b11130a6cfa1867cfa94242525cd6f200f8e8ac33ecd4a001cc6dbf39d61594d1cec84d7bdbf952b185c356952d82b36396c7f2153e1a6e4e5f393bd95e7adb2f39f56b84d4f433a950fbff82b5d9a2b868003e85ca6dec44872a33b28fc7982ec6bfd1b48c3ff46fc25dbb1a694fe60ac686a615671edd6cc9f11b8e4269a36dcedd8de9498df6485d6cd607dcb8b72f120adc31232ad3829985199db95924ad721d3a5360702cdde50200b0286ef1af9b169ad44d254401d8a7b3f9ba4ee85de886c48842cdacf63323c984fc0b9ab84d79603c77947a5f46d02a5a394ad7e15633866a157090cf06ea4a7cd508bfa1dde49d664e53d595c11d9bcb5e1ba15ecd58d39b08e4bc3b5d6c857603bfea7c597b8a32aa7793e33d802febd97d9c1a89b5df11e7b6b8996c3aa8418e3f9e78be6f0c156aab74f7849acc88f23e0b6265acfc6b1290626ef1aff10f681f515cdd427b97c7354ac9bb53cd52700630f19caaef3dac53db310093411c79366ac7b3cffcf8ee79bdf08d504eaf62cd84c0760649f344e99e2fc3d1c2d1fee1304e2967478704b4f550ce29c2b685c0ce3395fc7768dbda5e1a2589fc4099b76eb0eba2c49adffdd3389393ea38637f4307e36c84f3d089dcc5fa1cccb456934f6a6c09d75f4d463418f111452e78c9312a14ffcdacb2b415e6e7c2186487b82120439441ab151404feccfe9eb92f35a38d2e8684942e3cd58ff07cf41f101a1cc3a59f81cafdee8139d83207bd3b7028a9c1daa131a2e5a3a1a790b9b15a5b67dc76263b8479b9c4652ebace3d916be78a16e7f77a9451efa218fa7d14dc353f716ae23cea184003a7c4408c5def51ab626fe8af75af2f04f30cfda62a28620729da48dedc124d54a79ebfcc17320d083990004bd7f1412b42b3e3e57c3215301b87681c880eb238fd69feaa214bda10694395eb1c7c385e454cceab778f27783733d48142d5c81fe545593b8b0832e53470bc5751d9d46d95954ead54884a8a098e8a81eb11aef6a6b616aa0e1dfa011e48faf221ec438f9184c71822e72ff84335f030f1d68537ae6c005fd1beab66943d7ee7a21b41f2e900cdaec72720e53ea3c85ad2ba723ead36a475af6ef877054a6927c398aae5b55da2b603c8d6287623221719c51d45e972d2eaf2fb323cbe0ffc9150f40a89ca4f7936a346510cc56eb34e45ce69e6b0bfb3c5dc2f7e940dc93d7e45cfd57c601349b78f1cd9ce04ddfa1a59ed421242733ce97fa8c57c91deb95ac692cae6c1e247015b57d086c7a89c16b5836638afdd806cd7ba3d7895c784d42f19702029ad5b0e13419c36edacbe2cb252c602199919201b7ec01915e223122e95b1fa1f798775b4c272fa98046cb545cb96c4fae6e4fe10210c0a0010d77dc6d5afdeb97879e7a9ef4e482b869081f7d5e2935eba467d9ee2b5628e3fad580ccc35a05d376841f9892c5c51360218c79fef79867ceb0612476b28c8aa27bb2b5b973739c90359cc42bd63e40e21c8750accc2d6c6a2d02ecdf9013c75f1cfc9cddb032cab8a3772aa1d53805251a7a665f80856c9ed3265d9e9de3b4bf2487d82a3f8d72cb4d3d6f74c4139ad4a087b33510e54921a07f300458290df7e2bbc3f90e4b9d22ced44da0fa1f2b81a3dd37f572f157bb18492c63f5a9dae9f16aa06720851a95b94480cfaaee277046eed6f1c18e5693ab8fd64ecffa6d65b34dce256ba0e173f44497d85eaf35ec100247cea5898df469fa7c2caab8a994f44a786f6d978ddcb613026512792692c5f8c790dad47b8229b338300b78bc071adfe2f3327e02c65be0dc55bed9663c1f02ed5eb1be6b672f4492c6e61cc0e8e53f19b0d840fd42a3f8e5cd175b6532b13ccd9523eee4f741276c744dcacde0143b5b89a5e479edfc4b75ec63d372da6e2a64f0589702c0b5cf51d11b191fe3af3c2e858e2092377b55986be278103a6c403f0c0512f7ba26341cf6f518ba2d40ea02619066bf6491ed0ca28bba5b3f697f1da847a568cbd1fe97717cdb1ee496a32dd08217f8eb254cbe4d304c951fde5e414ed23c8056f37c3c6a0087820f5493ec2eb7d2b2f21cad5d633f1dca0f0b5211ff4992e4b00beec0efa17c9acb88792ee62ab3be0e1a1f67848915426af05c70dbfa6b6f849a31c6e9ee7ef163e5b78fd9a375aa2c636ddd0baee644aed24ffc4314dc0fa4c813ccddf70cfb975f085dfcf0b946d2c27b6bb26076538c4d31e8860086bf4d23a609b67d1858ed1f2e97bb70cb668371d02c4106f633d60f818974cf8188d1c7da76dc0557ce586b3afdbef62c1d86d05e5217963e893160192b161de5ff42a8afcc5af87d1a9bfd2209a28fa1b32d46fa6ff325360ad6b49196ce9efcc0ec778eccacc65319782bf65ccddb025e1c32fca06ca971f0296f0d02be65eea6dc0172eb4c20e50bc997b67880cc4507cd8452e0f07dab5c328717c8fd0400f463614ca1a59c3d05bcbadf4b203ae6b5b384499fbb0eccfe3e98c07ea1d7827ec64746835d3e540f43c5a0b3a161050118c92b0161d815ef3852bcb95157fa0955bc49bc9cf60c4bf7fc906567f4064003e96fec2b8d2ce90ba9a6c6f3768ebdb0cd4e98167b0a1b47c6b5a1461d9e637550360b2c3fa3bb1ed5d6bf729ffc5d8036aa1027c9c30d4ea5e284cbf2c247e4c2943025b56b83ed5b4889bf6d51833ccb7315483457276e7089da03671b28934b9e7cd3a65dafdbd8cac73d8164a8f444b37eadcdf3261f02102b3cb308eabd27fd6b2070393d879280e6a554edd313db94cdbb85b9559f559d8280df08262221a9eeddc4412f6819d6b28d93b40f2df19149e61937c8ad2c99895953c37596407def3d6ff76c6f2bc87792c593b287a22bbb0c861db194d1c6a0f0b9d06d9412f583c3a9c363ed9216ef95dde16bf495058511f96a2543cc3edb71240aec15f309bcebaab00b575a1e8fbefad8b64be2aa4f8d9817f86184c88cf1b7348cc7d034c3213bbd650b9447919ba18d230da7172fe99b311790d665a052e83a28c0fe03b5bf0e0e61df9e9235a99802671ff88f722722a102d2f5a9357a68b43455b8372575ce87e364a0590fea8a26585c394554e9fbff3acf0a60863808e7e81ad4610475a3f1c925a08b94face4beaa2979ed960784e9198b2904fecd16264b3623dac63fa0efac5b880a3a066ce5adec1edf4d75aeedd2c9a1379323f46e1462861947f1c140e8d3eb368185624afed151d1aa580896f9855888652a523afe5745288648e86471091e47506ef60ac7f170e41a4a8a58d0b941aa7bbead5aee057860602bd459cbc6b953bef72287e5d6294bf5928b06cc626a53eca95a08c4a9582655e5a86469131f37a6474260ac40e539201753af13abc57e8f2a0a2a5fc28b889080f8a697a4d9fc6f85cf18fd50aaaa0abbb5a066e7003fa39bfd806507fe4aaff440bbcac79ccacbbf92664f194404da07fd9dfba2a41af2d88ed9bb8924461849da71e1095b9d3163456782ec4e498de38b1307f18254787cd0620ad36c7c48edbfc3bece14c4fad4e64af30268785e0bb117d6b4f82841acb9f61966d4eb19b350acaa5e751510aa6d84b25f9971f52723233009d69f01b1130e1d7da703d8aeece0102194c3deb3078478b8a421e0e2de4159cbe2465441f1592ce1905dc15e5d81d96d256a83b7fea03a081916c1f3a85f2b945e4fe9fa2e7bececb41c22f40951f989eae38045e48383e66508efb7c0c2b2857d2f42434e1ca1dc982273bc4e92893519bfdc6d40ca73af1bdca826224ce35b91900eb03490782dec7865b5bc6a1607cffc2e5026613f90acf6233174c7d317506ce53f075fe35265761795de4e573f1bbdd50aaabeb42cfb23e0cb5b537f486361cbb505d1766227a9396dcaa80df015dceef9a3426292cb8eee72fdedf219626b6b86172ba57675c0d4468ae762db45f7d1e3113eb9aebb228ad9a6fc9c5166d9959e29ef31f970e0cb3443b67d39c3254be56fbd37976a3e0b5c97066c39269290f4da53bb9c936a6081d18a9ce2d51d4cc1269e464ac1ddd26f4c2f4a7ba5b98d78251203c02261088334903217cadfd54c452d4d3dbe5f752a8b02d75111500dd380e3dbc80feb51d71b32cbd0ccce9d394d150d11c1b36cfe151f4ccadf947d89c82fcfec0f7c077c7fed139dae4f8830371967a179e10af0bc88cd805bbca58959eb0b97b601dbcc96dddbf24ef7b428") 22:45:40 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180), 0x0, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:40 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:40 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75708169643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:40 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:40 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="52f336aca643aca4acb5f90a646a4135643fbea274378475096e1cec43dd1f651e9c3f6a4af34fbc46538e3b3086510a5abfb9b75cc29381501db431efc94205a0f3bb51c8c02a0cdf0219fd9b46c8118bb8e089d7e53ae47c13b6ce399ac7da059c7227e085ad47b43f2fc286e87a7ed9205a2be24406e0ed08a3db4d57982525845fb0ebcd4b81b407649cbfae45a1f01389169cbc65da229e1ecfaf0d6a0e8db354c5b29e71080dafb7ce34623d33e23204d44d55b4fa9f2f94cd1128736a68ca2febfa5fdfb95f25214f0f21d68ff303e6b2110208aa96249b890f13819358eaf64cbee26a9922dd7ca13062416e3fe9f6", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x102002, &(0x7f0000004400)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}], [{@appraise}, {@seclabel}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x38, 0x34, 0x66, 0x32, 0x66, 0x64], 0x2d, [0x35, 0x39, 0x33, 0x37], 0x2d, [0x39, 0x36, 0x65, 0x65], 0x2d, [0x33, 0x34, 0x61, 0x66], 0x2d, [0x65, 0x32, 0x61, 0x34, 0x33, 0x62, 0x35, 0x62]}}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@subj_user={'subj_user', 0x3d, 'fuse\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x34, 0x34, 0x34, 0x61, 0x62, 0x31, 0x64], 0x2d, [0x31, 0x31, 0x30, 0x62], 0x2d, [0x32, 0x8, 0x0, 0x32], 0x2d, [0x64, 0x35, 0x35], 0x2d, [0x60, 0x33, 0x63, 0x38, 0x3c, 0x33, 0x31, 0x38]}}}, {@context={'context', 0x3d, 'root'}}]}}, 0x1, 0x0, &(0x7f0000004540)="d57912a1896b3c5ce3c026a1987b108d0cd5225a66e0f1e33f1c7ff599c070b337ada15985b82dbfec4cd2b08df4d5463951a66e8a5004b7ff46b92fdaec44b90534f2ebb989ac00fdc1b35fb99153b1e4a907a4f0399fc4edc93704ce07690694bfc3256c301c239e33a263a47af7bac51d26e0b274174b1b19a23ef7964401e0baa0b6093dfeb4ad952e35dc1571a3ff3cdcddc92bd87a989f0138032fe4cbd9098f56ff833f7837964224d91b5e9cc2cb0e7ff111137f28aa5b16c275abfe7b31a88c0e0d41fa56d4fa4402b547f227d67ac0d76fd0efbc3311161d963c7d57f65a7dd21a30d837f25e2a0fef69278c2b8c022eb83357058e029353560993b4069d934a2f9eefdbe11da7b94e51d9ea88ba7025f5619326825e6426ca0e7a5372752940d455045328c2b804fef20a29e656e95cd75d95db8cf5940e93d186754a1789d65b5334fce1d4d7e5d0244bcf8f8904e5ed38a71ff435df6e3aeb1c0eea8f20e9467b37446c53ba10cc9830bbec9260636184d3247e0edf03cf19fadc6fc744fe0076b9851f265dc872a7f98a279c63ac3ee609ef412dd32a05352c436ca66d8eea73099d4616b3b2b3bc2e47fead9249e46294c6fbc8793313c9ae021d44c99de32559cd863e62ba3ce62ab6f873b27ba1cd3e20e6efdd597b79b9333020fb56ac8db40a5aca3a925c6373eb246e53ad304f8a8404afa198c8f1fdd579795d28022dbe2dcd2a2b98c9739ed218c408c738063c8d6aff61ed86d57ccd3fcbdfe7e4d28dc56a90724aafeb6afb183ee8a17ab65ff924d45285d79a5de1428d53e391c218a09b30b2339385e6e068d25f52056c811732b3f1717244fac5e1301270224a1c684695ce5b7ec7f8f23044f600db2abb53c361ec7a8080cfde5d4518199121711ff72e9bd4d816534b82de529403b775003e4e00490c2cad2d7c1356ed593ee4cba2a0e7657eb61ad64a1196a62daf61d2d54be4bb1bba51ee0b231ac3660700c8685e6df32ace8fcb29fef73db42e417370c435f8fe3dc6e556ae7df07a567bd34e1bccf2ca1e78f60f0eea272e2726530b93cd6a77283d7d7b7b6ed6eca98620c62888bcf665b3c9e3f86a6e3b82556989e3eca143c8eed07ba5d31509325c1188af02163478fd524800a24fb7d48ec1d680ae09862c436155951103d152ee51574fe442eeff27886e45bc0c17e8c7a6a32f84083c2739ec7dfc1d8ef0f4486335da6c40c24c2e8280525607d1b5709ec7aabb986af91b6a675a85cb56e07de3157b66ea6d8baab63447a2f07626fcfe148c3d2fa65f8b9d630bb5ade737b357d41533d06d58fb3cb781f94325005dd800820f21509bc504666bfadd2164f3cd25905bb1534b763d806b877c47392c7ed748623d0d24aaff936dfdf8b36eb3609acd8da8a0f7c7ee81ba5abbd68345bc012146d128f761e59c7c9cd59b38c56c69be458126a66f3b2b0dc45238816f82e93f5b9c86a467d10ead954d93954fdca7eb9e29876e7ee6432d2175e34753430165087d8feeac2d7244564fdd6cdfe98b11130a6cfa1867cfa94242525cd6f200f8e8ac33ecd4a001cc6dbf39d61594d1cec84d7bdbf952b185c356952d82b36396c7f2153e1a6e4e5f393bd95e7adb2f39f56b84d4f433a950fbff82b5d9a2b868003e85ca6dec44872a33b28fc7982ec6bfd1b48c3ff46fc25dbb1a694fe60ac686a615671edd6cc9f11b8e4269a36dcedd8de9498df6485d6cd607dcb8b72f120adc31232ad3829985199db95924ad721d3a5360702cdde50200b0286ef1af9b169ad44d254401d8a7b3f9ba4ee85de886c48842cdacf63323c984fc0b9ab84d79603c77947a5f46d02a5a394ad7e15633866a157090cf06ea4a7cd508bfa1dde49d664e53d595c11d9bcb5e1ba15ecd58d39b08e4bc3b5d6c857603bfea7c597b8a32aa7793e33d802febd97d9c1a89b5df11e7b6b8996c3aa8418e3f9e78be6f0c156aab74f7849acc88f23e0b6265acfc6b1290626ef1aff10f681f515cdd427b97c7354ac9bb53cd52700630f19caaef3dac53db310093411c79366ac7b3cffcf8ee79bdf08d504eaf62cd84c0760649f344e99e2fc3d1c2d1fee1304e2967478704b4f550ce29c2b685c0ce3395fc7768dbda5e1a2589fc4099b76eb0eba2c49adffdd3389393ea38637f4307e36c84f3d089dcc5fa1cccb456934f6a6c09d75f4d463418f111452e78c9312a14ffcdacb2b415e6e7c2186487b82120439441ab151404feccfe9eb92f35a38d2e8684942e3cd58ff07cf41f101a1cc3a59f81cafdee8139d83207bd3b7028a9c1daa131a2e5a3a1a790b9b15a5b67dc76263b8479b9c4652ebace3d916be78a16e7f77a9451efa218fa7d14dc353f716ae23cea184003a7c4408c5def51ab626fe8af75af2f04f30cfda62a28620729da48dedc124d54a79ebfcc17320d083990004bd7f1412b42b3e3e57c3215301b87681c880eb238fd69feaa214bda10694395eb1c7c385e454cceab778f27783733d48142d5c81fe545593b8b0832e53470bc5751d9d46d95954ead54884a8a098e8a81eb11aef6a6b616aa0e1dfa011e48faf221ec438f9184c71822e72ff84335f030f1d68537ae6c005fd1beab66943d7ee7a21b41f2e900cdaec72720e53ea3c85ad2ba723ead36a475af6ef877054a6927c398aae5b55da2b603c8d6287623221719c51d45e972d2eaf2fb323cbe0ffc9150f40a89ca4f7936a346510cc56eb34e45ce69e6b0bfb3c5dc2f7e940dc93d7e45cfd57c601349b78f1cd9ce04ddfa1a59ed421242733ce97fa8c57c91deb95ac692cae6c1e247015b57d086c7a89c16b5836638afdd806cd7ba3d7895c784d42f19702029ad5b0e13419c36edacbe2cb252c602199919201b7ec01915e223122e95b1fa1f798775b4c272fa98046cb545cb96c4fae6e4fe10210c0a0010d77dc6d5afdeb97879e7a9ef4e482b869081f7d5e2935eba467d9ee2b5628e3fad580ccc35a05d376841f9892c5c51360218c79fef79867ceb0612476b28c8aa27bb2b5b973739c90359cc42bd63e40e21c8750accc2d6c6a2d02ecdf9013c75f1cfc9cddb032cab8a3772aa1d53805251a7a665f80856c9ed3265d9e9de3b4bf2487d82a3f8d72cb4d3d6f74c4139ad4a087b33510e54921a07f300458290df7e2bbc3f90e4b9d22ced44da0fa1f2b81a3dd37f572f157bb18492c63f5a9dae9f16aa06720851a95b94480cfaaee277046eed6f1c18e5693ab8fd64ecffa6d65b34dce256ba0e173f44497d85eaf35ec100247cea5898df469fa7c2caab8a994f44a786f6d978ddcb613026512792692c5f8c790dad47b8229b338300b78bc071adfe2f3327e02c65be0dc55bed9663c1f02ed5eb1be6b672f4492c6e61cc0e8e53f19b0d840fd42a3f8e5cd175b6532b13ccd9523eee4f741276c744dcacde0143b5b89a5e479edfc4b75ec63d372da6e2a64f0589702c0b5cf51d11b191fe3af3c2e858e2092377b55986be278103a6c403f0c0512f7ba26341cf6f518ba2d40ea02619066bf6491ed0ca28bba5b3f697f1da847a568cbd1fe97717cdb1ee496a32dd08217f8eb254cbe4d304c951fde5e414ed23c8056f37c3c6a0087820f5493ec2eb7d2b2f21cad5d633f1dca0f0b5211ff4992e4b00beec0efa17c9acb88792ee62ab3be0e1a1f67848915426af05c70dbfa6b6f849a31c6e9ee7ef163e5b78fd9a375aa2c636ddd0baee644aed24ffc4314dc0fa4c813ccddf70cfb975f085dfcf0b946d2c27b6bb26076538c4d31e8860086bf4d23a609b67d1858ed1f2e97bb70cb668371d02c4106f633d60f818974cf8188d1c7da76dc0557ce586b3afdbef62c1d86d05e5217963e893160192b161de5ff42a8afcc5af87d1a9bfd2209a28fa1b32d46fa6ff325360ad6b49196ce9efcc0ec778eccacc65319782bf65ccddb025e1c32fca06ca971f0296f0d02be65eea6dc0172eb4c20e50bc997b67880cc4507cd8452e0f07dab5c328717c8fd0400f463614ca1a59c3d05bcbadf4b203ae6b5b384499fbb0eccfe3e98c07ea1d7827ec64746835d3e540f43c5a0b3a161050118c92b0161d815ef3852bcb95157fa0955bc49bc9cf60c4bf7fc906567f4064003e96fec2b8d2ce90ba9a6c6f3768ebdb0cd4e98167b0a1b47c6b5a1461d9e637550360b2c3fa3bb1ed5d6bf729ffc5d8036aa1027c9c30d4ea5e284cbf2c247e4c2943025b56b83ed5b4889bf6d51833ccb7315483457276e7089da03671b28934b9e7cd3a65dafdbd8cac73d8164a8f444b37eadcdf3261f02102b3cb308eabd27fd6b2070393d879280e6a554edd313db94cdbb85b9559f559d8280df08262221a9eeddc4412f6819d6b28d93b40f2df19149e61937c8ad2c99895953c37596407def3d6ff76c6f2bc87792c593b287a22bbb0c861db194d1c6a0f0b9d06d9412f583c3a9c363ed9216ef95dde16bf495058511f96a2543cc3edb71240aec15f309bcebaab00b575a1e8fbefad8b64be2aa4f8d9817f86184c88cf1b7348cc7d034c3213bbd650b9447919ba18d230da7172fe99b311790d665a052e83a28c0fe03b5bf0e0e61df9e9235a99802671ff88f722722a102d2f5a9357a68b43455b8372575ce87e364a0590fea8a26585c394554e9fbff3acf0a60863808e7e81ad4610475a3f1c925a08b94face4beaa2979ed960784e9198b2904fecd16264b3623dac63fa0efac5b880a3a066ce5adec1edf4d75aeedd2c9a1379323f46e1462861947f1c140e8d3eb368185624afed151d1aa580896f9855888652a523afe5745288648e86471091e47506ef60ac7f170e41a4a8a58d0b941aa7bbead5aee057860602bd459cbc6b953bef72287e5d6294bf5928b06cc626a53eca95a08c4a9582655e5a86469131f37a6474260ac40e539201753af13abc57e8f2a0a2a5fc28b889080f8a697a4d9fc6f85cf18fd50aaaa0abbb5a066e7003fa39bfd806507fe4aaff440bbcac79ccacbbf92664f194404da07fd9dfba2a41af2d88ed9bb8924461849da71e1095b9d3163456782ec4e498de38b1307f18254787cd0620ad36c7c48edbfc3bece14c4fad4e64af30268785e0bb117d6b4f82841acb9f61966d4eb19b350acaa5e751510aa6d84b25f9971f52723233009d69f01b1130e1d7da703d8aeece0102194c3deb3078478b8a421e0e2de4159cbe2465441f1592ce1905dc15e5d81d96d256a83b7fea03a081916c1f3a85f2b945e4fe9fa2e7bececb41c22f40951f989eae38045e48383e66508efb7c0c2b2857d2f42434e1ca1dc982273bc4e92893519bfdc6d40ca73af1bdca826224ce35b91900eb03490782dec7865b5bc6a1607cffc2e5026613f90acf6233174c7d317506ce53f075fe35265761795de4e573f1bbdd50aaabeb42cfb23e0cb5b537f486361cbb505d1766227a9396dcaa80df015dceef9a3426292cb8eee72fdedf219626b6b86172ba57675c0d4468ae762db45f7d1e3113eb9aebb228ad9a6fc9c5166d9959e29ef31f970e0cb3443b67d39c3254be56fbd37976a3e0b5c97066c39269290f4da53bb9c936a6081d18a9ce2d51d4cc1269e464ac1ddd26f4c2f4a7ba5b98d78251203c02261088334903217cadfd54c452d4d3dbe5f752a8b02d75111500dd380e3dbc80feb51d71b32cbd0ccce9d394d150d11c1b36cfe151f4ccadf947d89c82fcfec0f7c077c7fed139dae4f8830371967a179e10af0bc88cd805bbca58959eb0b97b601dbcc96dddbf24ef7b428") openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="52f336aca643aca4acb5f90a646a4135643fbea274378475096e1cec43dd1f651e9c3f6a4af34fbc46538e3b3086510a5abfb9b75cc29381501db431efc94205a0f3bb51c8c02a0cdf0219fd9b46c8118bb8e089d7e53ae47c13b6ce399ac7da059c7227e085ad47b43f2fc286e87a7ed9205a2be24406e0ed08a3db4d57982525845fb0ebcd4b81b407649cbfae45a1f01389169cbc65da229e1ecfaf0d6a0e8db354c5b29e71080dafb7ce34623d33e23204d44d55b4fa9f2f94cd1128736a68ca2febfa5fdfb95f25214f0f21d68ff303e6b2110208aa96249b890f13819358eaf64cbee26a9922dd7ca13062416e3fe9f6", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000380)={0x2020}, 0x2020) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f00000023c0)={0x2020}, 0x2020) (async) syz_mount_image$fuse(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x102002, &(0x7f0000004400)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}], [{@appraise}, {@seclabel}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x38, 0x34, 0x66, 0x32, 0x66, 0x64], 0x2d, [0x35, 0x39, 0x33, 0x37], 0x2d, [0x39, 0x36, 0x65, 0x65], 0x2d, [0x33, 0x34, 0x61, 0x66], 0x2d, [0x65, 0x32, 0x61, 0x34, 0x33, 0x62, 0x35, 0x62]}}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@subj_user={'subj_user', 0x3d, 'fuse\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x34, 0x34, 0x34, 0x61, 0x62, 0x31, 0x64], 0x2d, [0x31, 0x31, 0x30, 0x62], 0x2d, [0x32, 0x8, 0x0, 0x32], 0x2d, [0x64, 0x35, 0x35], 0x2d, [0x60, 0x33, 0x63, 0x38, 0x3c, 0x33, 0x31, 0x38]}}}, {@context={'context', 0x3d, 'root'}}]}}, 0x1, 0x0, &(0x7f0000004540)="d57912a1896b3c5ce3c026a1987b108d0cd5225a66e0f1e33f1c7ff599c070b337ada15985b82dbfec4cd2b08df4d5463951a66e8a5004b7ff46b92fdaec44b90534f2ebb989ac00fdc1b35fb99153b1e4a907a4f0399fc4edc93704ce07690694bfc3256c301c239e33a263a47af7bac51d26e0b274174b1b19a23ef7964401e0baa0b6093dfeb4ad952e35dc1571a3ff3cdcddc92bd87a989f0138032fe4cbd9098f56ff833f7837964224d91b5e9cc2cb0e7ff111137f28aa5b16c275abfe7b31a88c0e0d41fa56d4fa4402b547f227d67ac0d76fd0efbc3311161d963c7d57f65a7dd21a30d837f25e2a0fef69278c2b8c022eb83357058e029353560993b4069d934a2f9eefdbe11da7b94e51d9ea88ba7025f5619326825e6426ca0e7a5372752940d455045328c2b804fef20a29e656e95cd75d95db8cf5940e93d186754a1789d65b5334fce1d4d7e5d0244bcf8f8904e5ed38a71ff435df6e3aeb1c0eea8f20e9467b37446c53ba10cc9830bbec9260636184d3247e0edf03cf19fadc6fc744fe0076b9851f265dc872a7f98a279c63ac3ee609ef412dd32a05352c436ca66d8eea73099d4616b3b2b3bc2e47fead9249e46294c6fbc8793313c9ae021d44c99de32559cd863e62ba3ce62ab6f873b27ba1cd3e20e6efdd597b79b9333020fb56ac8db40a5aca3a925c6373eb246e53ad304f8a8404afa198c8f1fdd579795d28022dbe2dcd2a2b98c9739ed218c408c738063c8d6aff61ed86d57ccd3fcbdfe7e4d28dc56a90724aafeb6afb183ee8a17ab65ff924d45285d79a5de1428d53e391c218a09b30b2339385e6e068d25f52056c811732b3f1717244fac5e1301270224a1c684695ce5b7ec7f8f23044f600db2abb53c361ec7a8080cfde5d4518199121711ff72e9bd4d816534b82de529403b775003e4e00490c2cad2d7c1356ed593ee4cba2a0e7657eb61ad64a1196a62daf61d2d54be4bb1bba51ee0b231ac3660700c8685e6df32ace8fcb29fef73db42e417370c435f8fe3dc6e556ae7df07a567bd34e1bccf2ca1e78f60f0eea272e2726530b93cd6a77283d7d7b7b6ed6eca98620c62888bcf665b3c9e3f86a6e3b82556989e3eca143c8eed07ba5d31509325c1188af02163478fd524800a24fb7d48ec1d680ae09862c436155951103d152ee51574fe442eeff27886e45bc0c17e8c7a6a32f84083c2739ec7dfc1d8ef0f4486335da6c40c24c2e8280525607d1b5709ec7aabb986af91b6a675a85cb56e07de3157b66ea6d8baab63447a2f07626fcfe148c3d2fa65f8b9d630bb5ade737b357d41533d06d58fb3cb781f94325005dd800820f21509bc504666bfadd2164f3cd25905bb1534b763d806b877c47392c7ed748623d0d24aaff936dfdf8b36eb3609acd8da8a0f7c7ee81ba5abbd68345bc012146d128f761e59c7c9cd59b38c56c69be458126a66f3b2b0dc45238816f82e93f5b9c86a467d10ead954d93954fdca7eb9e29876e7ee6432d2175e34753430165087d8feeac2d7244564fdd6cdfe98b11130a6cfa1867cfa94242525cd6f200f8e8ac33ecd4a001cc6dbf39d61594d1cec84d7bdbf952b185c356952d82b36396c7f2153e1a6e4e5f393bd95e7adb2f39f56b84d4f433a950fbff82b5d9a2b868003e85ca6dec44872a33b28fc7982ec6bfd1b48c3ff46fc25dbb1a694fe60ac686a615671edd6cc9f11b8e4269a36dcedd8de9498df6485d6cd607dcb8b72f120adc31232ad3829985199db95924ad721d3a5360702cdde50200b0286ef1af9b169ad44d254401d8a7b3f9ba4ee85de886c48842cdacf63323c984fc0b9ab84d79603c77947a5f46d02a5a394ad7e15633866a157090cf06ea4a7cd508bfa1dde49d664e53d595c11d9bcb5e1ba15ecd58d39b08e4bc3b5d6c857603bfea7c597b8a32aa7793e33d802febd97d9c1a89b5df11e7b6b8996c3aa8418e3f9e78be6f0c156aab74f7849acc88f23e0b6265acfc6b1290626ef1aff10f681f515cdd427b97c7354ac9bb53cd52700630f19caaef3dac53db310093411c79366ac7b3cffcf8ee79bdf08d504eaf62cd84c0760649f344e99e2fc3d1c2d1fee1304e2967478704b4f550ce29c2b685c0ce3395fc7768dbda5e1a2589fc4099b76eb0eba2c49adffdd3389393ea38637f4307e36c84f3d089dcc5fa1cccb456934f6a6c09d75f4d463418f111452e78c9312a14ffcdacb2b415e6e7c2186487b82120439441ab151404feccfe9eb92f35a38d2e8684942e3cd58ff07cf41f101a1cc3a59f81cafdee8139d83207bd3b7028a9c1daa131a2e5a3a1a790b9b15a5b67dc76263b8479b9c4652ebace3d916be78a16e7f77a9451efa218fa7d14dc353f716ae23cea184003a7c4408c5def51ab626fe8af75af2f04f30cfda62a28620729da48dedc124d54a79ebfcc17320d083990004bd7f1412b42b3e3e57c3215301b87681c880eb238fd69feaa214bda10694395eb1c7c385e454cceab778f27783733d48142d5c81fe545593b8b0832e53470bc5751d9d46d95954ead54884a8a098e8a81eb11aef6a6b616aa0e1dfa011e48faf221ec438f9184c71822e72ff84335f030f1d68537ae6c005fd1beab66943d7ee7a21b41f2e900cdaec72720e53ea3c85ad2ba723ead36a475af6ef877054a6927c398aae5b55da2b603c8d6287623221719c51d45e972d2eaf2fb323cbe0ffc9150f40a89ca4f7936a346510cc56eb34e45ce69e6b0bfb3c5dc2f7e940dc93d7e45cfd57c601349b78f1cd9ce04ddfa1a59ed421242733ce97fa8c57c91deb95ac692cae6c1e247015b57d086c7a89c16b5836638afdd806cd7ba3d7895c784d42f19702029ad5b0e13419c36edacbe2cb252c602199919201b7ec01915e223122e95b1fa1f798775b4c272fa98046cb545cb96c4fae6e4fe10210c0a0010d77dc6d5afdeb97879e7a9ef4e482b869081f7d5e2935eba467d9ee2b5628e3fad580ccc35a05d376841f9892c5c51360218c79fef79867ceb0612476b28c8aa27bb2b5b973739c90359cc42bd63e40e21c8750accc2d6c6a2d02ecdf9013c75f1cfc9cddb032cab8a3772aa1d53805251a7a665f80856c9ed3265d9e9de3b4bf2487d82a3f8d72cb4d3d6f74c4139ad4a087b33510e54921a07f300458290df7e2bbc3f90e4b9d22ced44da0fa1f2b81a3dd37f572f157bb18492c63f5a9dae9f16aa06720851a95b94480cfaaee277046eed6f1c18e5693ab8fd64ecffa6d65b34dce256ba0e173f44497d85eaf35ec100247cea5898df469fa7c2caab8a994f44a786f6d978ddcb613026512792692c5f8c790dad47b8229b338300b78bc071adfe2f3327e02c65be0dc55bed9663c1f02ed5eb1be6b672f4492c6e61cc0e8e53f19b0d840fd42a3f8e5cd175b6532b13ccd9523eee4f741276c744dcacde0143b5b89a5e479edfc4b75ec63d372da6e2a64f0589702c0b5cf51d11b191fe3af3c2e858e2092377b55986be278103a6c403f0c0512f7ba26341cf6f518ba2d40ea02619066bf6491ed0ca28bba5b3f697f1da847a568cbd1fe97717cdb1ee496a32dd08217f8eb254cbe4d304c951fde5e414ed23c8056f37c3c6a0087820f5493ec2eb7d2b2f21cad5d633f1dca0f0b5211ff4992e4b00beec0efa17c9acb88792ee62ab3be0e1a1f67848915426af05c70dbfa6b6f849a31c6e9ee7ef163e5b78fd9a375aa2c636ddd0baee644aed24ffc4314dc0fa4c813ccddf70cfb975f085dfcf0b946d2c27b6bb26076538c4d31e8860086bf4d23a609b67d1858ed1f2e97bb70cb668371d02c4106f633d60f818974cf8188d1c7da76dc0557ce586b3afdbef62c1d86d05e5217963e893160192b161de5ff42a8afcc5af87d1a9bfd2209a28fa1b32d46fa6ff325360ad6b49196ce9efcc0ec778eccacc65319782bf65ccddb025e1c32fca06ca971f0296f0d02be65eea6dc0172eb4c20e50bc997b67880cc4507cd8452e0f07dab5c328717c8fd0400f463614ca1a59c3d05bcbadf4b203ae6b5b384499fbb0eccfe3e98c07ea1d7827ec64746835d3e540f43c5a0b3a161050118c92b0161d815ef3852bcb95157fa0955bc49bc9cf60c4bf7fc906567f4064003e96fec2b8d2ce90ba9a6c6f3768ebdb0cd4e98167b0a1b47c6b5a1461d9e637550360b2c3fa3bb1ed5d6bf729ffc5d8036aa1027c9c30d4ea5e284cbf2c247e4c2943025b56b83ed5b4889bf6d51833ccb7315483457276e7089da03671b28934b9e7cd3a65dafdbd8cac73d8164a8f444b37eadcdf3261f02102b3cb308eabd27fd6b2070393d879280e6a554edd313db94cdbb85b9559f559d8280df08262221a9eeddc4412f6819d6b28d93b40f2df19149e61937c8ad2c99895953c37596407def3d6ff76c6f2bc87792c593b287a22bbb0c861db194d1c6a0f0b9d06d9412f583c3a9c363ed9216ef95dde16bf495058511f96a2543cc3edb71240aec15f309bcebaab00b575a1e8fbefad8b64be2aa4f8d9817f86184c88cf1b7348cc7d034c3213bbd650b9447919ba18d230da7172fe99b311790d665a052e83a28c0fe03b5bf0e0e61df9e9235a99802671ff88f722722a102d2f5a9357a68b43455b8372575ce87e364a0590fea8a26585c394554e9fbff3acf0a60863808e7e81ad4610475a3f1c925a08b94face4beaa2979ed960784e9198b2904fecd16264b3623dac63fa0efac5b880a3a066ce5adec1edf4d75aeedd2c9a1379323f46e1462861947f1c140e8d3eb368185624afed151d1aa580896f9855888652a523afe5745288648e86471091e47506ef60ac7f170e41a4a8a58d0b941aa7bbead5aee057860602bd459cbc6b953bef72287e5d6294bf5928b06cc626a53eca95a08c4a9582655e5a86469131f37a6474260ac40e539201753af13abc57e8f2a0a2a5fc28b889080f8a697a4d9fc6f85cf18fd50aaaa0abbb5a066e7003fa39bfd806507fe4aaff440bbcac79ccacbbf92664f194404da07fd9dfba2a41af2d88ed9bb8924461849da71e1095b9d3163456782ec4e498de38b1307f18254787cd0620ad36c7c48edbfc3bece14c4fad4e64af30268785e0bb117d6b4f82841acb9f61966d4eb19b350acaa5e751510aa6d84b25f9971f52723233009d69f01b1130e1d7da703d8aeece0102194c3deb3078478b8a421e0e2de4159cbe2465441f1592ce1905dc15e5d81d96d256a83b7fea03a081916c1f3a85f2b945e4fe9fa2e7bececb41c22f40951f989eae38045e48383e66508efb7c0c2b2857d2f42434e1ca1dc982273bc4e92893519bfdc6d40ca73af1bdca826224ce35b91900eb03490782dec7865b5bc6a1607cffc2e5026613f90acf6233174c7d317506ce53f075fe35265761795de4e573f1bbdd50aaabeb42cfb23e0cb5b537f486361cbb505d1766227a9396dcaa80df015dceef9a3426292cb8eee72fdedf219626b6b86172ba57675c0d4468ae762db45f7d1e3113eb9aebb228ad9a6fc9c5166d9959e29ef31f970e0cb3443b67d39c3254be56fbd37976a3e0b5c97066c39269290f4da53bb9c936a6081d18a9ce2d51d4cc1269e464ac1ddd26f4c2f4a7ba5b98d78251203c02261088334903217cadfd54c452d4d3dbe5f752a8b02d75111500dd380e3dbc80feb51d71b32cbd0ccce9d394d150d11c1b36cfe151f4ccadf947d89c82fcfec0f7c077c7fed139dae4f8830371967a179e10af0bc88cd805bbca58959eb0b97b601dbcc96dddbf24ef7b428") (async) [ 918.546950] FAULT_INJECTION: forcing a failure. [ 918.546950] name failslab, interval 1, probability 0, space 0, times 0 [ 918.582843] CPU: 0 PID: 16884 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 22:45:40 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75708169643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75708169643d", @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) [ 918.590748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 918.600102] Call Trace: [ 918.602689] dump_stack+0x1b2/0x281 [ 918.606321] should_fail.cold+0x10a/0x149 [ 918.610475] should_failslab+0xd6/0x130 [ 918.614456] kmem_cache_alloc_node_trace+0x25a/0x400 [ 918.619566] __kmalloc_node_track_caller+0x38/0x70 [ 918.624496] __alloc_skb+0x96/0x510 [ 918.628128] kobject_uevent_env+0x882/0xf30 [ 918.632456] device_add+0xa47/0x15c0 [ 918.636175] ? device_is_dependent+0x2a0/0x2a0 [ 918.640763] ? kfree+0x1f0/0x250 [ 918.644138] device_create_groups_vargs+0x1dc/0x250 [ 918.649159] device_create_vargs+0x3a/0x50 [ 918.653401] bdi_register_va.part.0+0x35/0x650 [ 918.657988] bdi_register_va+0x63/0x80 [ 918.661886] super_setup_bdi_name+0x123/0x220 [ 918.666385] ? kill_block_super+0xe0/0xe0 [ 918.670536] ? do_raw_spin_unlock+0x164/0x220 [ 918.675042] fuse_fill_super+0x937/0x15c0 [ 918.679181] ? fuse_get_root_inode+0xc0/0xc0 [ 918.683570] ? up_write+0x17/0x60 [ 918.687010] ? register_shrinker+0x15f/0x220 [ 918.691413] ? sget_userns+0x768/0xc10 [ 918.695297] ? get_anon_bdev+0x1c0/0x1c0 [ 918.699338] ? sget+0xd9/0x110 [ 918.702510] ? fuse_get_root_inode+0xc0/0xc0 [ 918.706892] mount_nodev+0x4c/0xf0 [ 918.710411] mount_fs+0x92/0x2a0 [ 918.713755] vfs_kern_mount.part.0+0x5b/0x470 [ 918.718232] do_mount+0xe65/0x2a30 [ 918.721766] ? __do_page_fault+0x159/0xad0 [ 918.726002] ? retint_kernel+0x2d/0x2d [ 918.729877] ? copy_mount_string+0x40/0x40 [ 918.734092] ? memset+0x20/0x40 [ 918.737351] ? copy_mount_options+0x1fa/0x2f0 [ 918.741821] ? copy_mnt_ns+0xa30/0xa30 [ 918.745685] SyS_mount+0xa8/0x120 [ 918.749114] ? copy_mnt_ns+0xa30/0xa30 [ 918.752984] do_syscall_64+0x1d5/0x640 [ 918.756861] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 918.762032] RIP: 0033:0x7f8e2a1775fa [ 918.765716] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 918.773400] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 918.780642] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 918.787887] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 918.795133] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 918.802379] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:41 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1a, 0x4, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r2, 0x80044dfc, 0x0) (async) ioctl$SOUND_MIXER_READ_CAPS(r2, 0x80044dfc, &(0x7f0000000040)) 22:45:41 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r1, &(0x7f00000023c0)={0x2020}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x9}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f0000004400)={0x2020}, 0x2020) 22:45:41 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="52f336aca643aca4acb5f90a646a4135643fbea274378475096e1cec43dd1f651e9c3f6a4af34fbc46538e3b3086510a5abfb9b75cc29381501db431efc94205a0f3bb51c8c02a0cdf0219fd9b46c8118bb8e089d7e53ae47c13b6ce399ac7da059c7227e085ad47b43f2fc286e87a7ed9205a2be24406e0ed08a3db4d57982525845fb0ebcd4b81b407649cbfae45a1f01389169cbc65da229e1ecfaf0d6a0e8db354c5b29e71080dafb7ce34623d33e23204d44d55b4fa9f2f94cd1128736a68ca2febfa5fdfb95f25214f0f21d68ff303e6b2110208aa96249b890f13819358eaf64cbee26a9922dd7ca13062416e3fe9f6", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f00000002c0), &(0x7f0000000300)='./file0\x00', 0x102002, &(0x7f0000004400)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}], [{@appraise}, {@seclabel}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x38, 0x34, 0x66, 0x32, 0x66, 0x64], 0x2d, [0x35, 0x39, 0x33, 0x37], 0x2d, [0x39, 0x36, 0x65, 0x65], 0x2d, [0x33, 0x34, 0x61, 0x66], 0x2d, [0x65, 0x32, 0x61, 0x34, 0x33, 0x62, 0x35, 0x62]}}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@subj_user={'subj_user', 0x3d, 'fuse\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x34, 0x34, 0x34, 0x61, 0x62, 0x31, 0x64], 0x2d, [0x31, 0x31, 0x30, 0x62], 0x2d, [0x32, 0x8, 0x0, 0x32], 0x2d, [0x64, 0x35, 0x35], 0x2d, [0x60, 0x33, 0x63, 0x38, 0x3c, 0x33, 0x31, 0x38]}}}, {@context={'context', 0x3d, 'root'}}]}}, 0x1, 0x0, &(0x7f0000004540)="d57912a1896b3c5ce3c026a1987b108d0cd5225a66e0f1e33f1c7ff599c070b337ada15985b82dbfec4cd2b08df4d5463951a66e8a5004b7ff46b92fdaec44b90534f2ebb989ac00fdc1b35fb99153b1e4a907a4f0399fc4edc93704ce07690694bfc3256c301c239e33a263a47af7bac51d26e0b274174b1b19a23ef7964401e0baa0b6093dfeb4ad952e35dc1571a3ff3cdcddc92bd87a989f0138032fe4cbd9098f56ff833f7837964224d91b5e9cc2cb0e7ff111137f28aa5b16c275abfe7b31a88c0e0d41fa56d4fa4402b547f227d67ac0d76fd0efbc3311161d963c7d57f65a7dd21a30d837f25e2a0fef69278c2b8c022eb83357058e029353560993b4069d934a2f9eefdbe11da7b94e51d9ea88ba7025f5619326825e6426ca0e7a5372752940d455045328c2b804fef20a29e656e95cd75d95db8cf5940e93d186754a1789d65b5334fce1d4d7e5d0244bcf8f8904e5ed38a71ff435df6e3aeb1c0eea8f20e9467b37446c53ba10cc9830bbec9260636184d3247e0edf03cf19fadc6fc744fe0076b9851f265dc872a7f98a279c63ac3ee609ef412dd32a05352c436ca66d8eea73099d4616b3b2b3bc2e47fead9249e46294c6fbc8793313c9ae021d44c99de32559cd863e62ba3ce62ab6f873b27ba1cd3e20e6efdd597b79b9333020fb56ac8db40a5aca3a925c6373eb246e53ad304f8a8404afa198c8f1fdd579795d28022dbe2dcd2a2b98c9739ed218c408c738063c8d6aff61ed86d57ccd3fcbdfe7e4d28dc56a90724aafeb6afb183ee8a17ab65ff924d45285d79a5de1428d53e391c218a09b30b2339385e6e068d25f52056c811732b3f1717244fac5e1301270224a1c684695ce5b7ec7f8f23044f600db2abb53c361ec7a8080cfde5d4518199121711ff72e9bd4d816534b82de529403b775003e4e00490c2cad2d7c1356ed593ee4cba2a0e7657eb61ad64a1196a62daf61d2d54be4bb1bba51ee0b231ac3660700c8685e6df32ace8fcb29fef73db42e417370c435f8fe3dc6e556ae7df07a567bd34e1bccf2ca1e78f60f0eea272e2726530b93cd6a77283d7d7b7b6ed6eca98620c62888bcf665b3c9e3f86a6e3b82556989e3eca143c8eed07ba5d31509325c1188af02163478fd524800a24fb7d48ec1d680ae09862c436155951103d152ee51574fe442eeff27886e45bc0c17e8c7a6a32f84083c2739ec7dfc1d8ef0f4486335da6c40c24c2e8280525607d1b5709ec7aabb986af91b6a675a85cb56e07de3157b66ea6d8baab63447a2f07626fcfe148c3d2fa65f8b9d630bb5ade737b357d41533d06d58fb3cb781f94325005dd800820f21509bc504666bfadd2164f3cd25905bb1534b763d806b877c47392c7ed748623d0d24aaff936dfdf8b36eb3609acd8da8a0f7c7ee81ba5abbd68345bc012146d128f761e59c7c9cd59b38c56c69be458126a66f3b2b0dc45238816f82e93f5b9c86a467d10ead954d93954fdca7eb9e29876e7ee6432d2175e34753430165087d8feeac2d7244564fdd6cdfe98b11130a6cfa1867cfa94242525cd6f200f8e8ac33ecd4a001cc6dbf39d61594d1cec84d7bdbf952b185c356952d82b36396c7f2153e1a6e4e5f393bd95e7adb2f39f56b84d4f433a950fbff82b5d9a2b868003e85ca6dec44872a33b28fc7982ec6bfd1b48c3ff46fc25dbb1a694fe60ac686a615671edd6cc9f11b8e4269a36dcedd8de9498df6485d6cd607dcb8b72f120adc31232ad3829985199db95924ad721d3a5360702cdde50200b0286ef1af9b169ad44d254401d8a7b3f9ba4ee85de886c48842cdacf63323c984fc0b9ab84d79603c77947a5f46d02a5a394ad7e15633866a157090cf06ea4a7cd508bfa1dde49d664e53d595c11d9bcb5e1ba15ecd58d39b08e4bc3b5d6c857603bfea7c597b8a32aa7793e33d802febd97d9c1a89b5df11e7b6b8996c3aa8418e3f9e78be6f0c156aab74f7849acc88f23e0b6265acfc6b1290626ef1aff10f681f515cdd427b97c7354ac9bb53cd52700630f19caaef3dac53db310093411c79366ac7b3cffcf8ee79bdf08d504eaf62cd84c0760649f344e99e2fc3d1c2d1fee1304e2967478704b4f550ce29c2b685c0ce3395fc7768dbda5e1a2589fc4099b76eb0eba2c49adffdd3389393ea38637f4307e36c84f3d089dcc5fa1cccb456934f6a6c09d75f4d463418f111452e78c9312a14ffcdacb2b415e6e7c2186487b82120439441ab151404feccfe9eb92f35a38d2e8684942e3cd58ff07cf41f101a1cc3a59f81cafdee8139d83207bd3b7028a9c1daa131a2e5a3a1a790b9b15a5b67dc76263b8479b9c4652ebace3d916be78a16e7f77a9451efa218fa7d14dc353f716ae23cea184003a7c4408c5def51ab626fe8af75af2f04f30cfda62a28620729da48dedc124d54a79ebfcc17320d083990004bd7f1412b42b3e3e57c3215301b87681c880eb238fd69feaa214bda10694395eb1c7c385e454cceab778f27783733d48142d5c81fe545593b8b0832e53470bc5751d9d46d95954ead54884a8a098e8a81eb11aef6a6b616aa0e1dfa011e48faf221ec438f9184c71822e72ff84335f030f1d68537ae6c005fd1beab66943d7ee7a21b41f2e900cdaec72720e53ea3c85ad2ba723ead36a475af6ef877054a6927c398aae5b55da2b603c8d6287623221719c51d45e972d2eaf2fb323cbe0ffc9150f40a89ca4f7936a346510cc56eb34e45ce69e6b0bfb3c5dc2f7e940dc93d7e45cfd57c601349b78f1cd9ce04ddfa1a59ed421242733ce97fa8c57c91deb95ac692cae6c1e247015b57d086c7a89c16b5836638afdd806cd7ba3d7895c784d42f19702029ad5b0e13419c36edacbe2cb252c602199919201b7ec01915e223122e95b1fa1f798775b4c272fa98046cb545cb96c4fae6e4fe10210c0a0010d77dc6d5afdeb97879e7a9ef4e482b869081f7d5e2935eba467d9ee2b5628e3fad580ccc35a05d376841f9892c5c51360218c79fef79867ceb0612476b28c8aa27bb2b5b973739c90359cc42bd63e40e21c8750accc2d6c6a2d02ecdf9013c75f1cfc9cddb032cab8a3772aa1d53805251a7a665f80856c9ed3265d9e9de3b4bf2487d82a3f8d72cb4d3d6f74c4139ad4a087b33510e54921a07f300458290df7e2bbc3f90e4b9d22ced44da0fa1f2b81a3dd37f572f157bb18492c63f5a9dae9f16aa06720851a95b94480cfaaee277046eed6f1c18e5693ab8fd64ecffa6d65b34dce256ba0e173f44497d85eaf35ec100247cea5898df469fa7c2caab8a994f44a786f6d978ddcb613026512792692c5f8c790dad47b8229b338300b78bc071adfe2f3327e02c65be0dc55bed9663c1f02ed5eb1be6b672f4492c6e61cc0e8e53f19b0d840fd42a3f8e5cd175b6532b13ccd9523eee4f741276c744dcacde0143b5b89a5e479edfc4b75ec63d372da6e2a64f0589702c0b5cf51d11b191fe3af3c2e858e2092377b55986be278103a6c403f0c0512f7ba26341cf6f518ba2d40ea02619066bf6491ed0ca28bba5b3f697f1da847a568cbd1fe97717cdb1ee496a32dd08217f8eb254cbe4d304c951fde5e414ed23c8056f37c3c6a0087820f5493ec2eb7d2b2f21cad5d633f1dca0f0b5211ff4992e4b00beec0efa17c9acb88792ee62ab3be0e1a1f67848915426af05c70dbfa6b6f849a31c6e9ee7ef163e5b78fd9a375aa2c636ddd0baee644aed24ffc4314dc0fa4c813ccddf70cfb975f085dfcf0b946d2c27b6bb26076538c4d31e8860086bf4d23a609b67d1858ed1f2e97bb70cb668371d02c4106f633d60f818974cf8188d1c7da76dc0557ce586b3afdbef62c1d86d05e5217963e893160192b161de5ff42a8afcc5af87d1a9bfd2209a28fa1b32d46fa6ff325360ad6b49196ce9efcc0ec778eccacc65319782bf65ccddb025e1c32fca06ca971f0296f0d02be65eea6dc0172eb4c20e50bc997b67880cc4507cd8452e0f07dab5c328717c8fd0400f463614ca1a59c3d05bcbadf4b203ae6b5b384499fbb0eccfe3e98c07ea1d7827ec64746835d3e540f43c5a0b3a161050118c92b0161d815ef3852bcb95157fa0955bc49bc9cf60c4bf7fc906567f4064003e96fec2b8d2ce90ba9a6c6f3768ebdb0cd4e98167b0a1b47c6b5a1461d9e637550360b2c3fa3bb1ed5d6bf729ffc5d8036aa1027c9c30d4ea5e284cbf2c247e4c2943025b56b83ed5b4889bf6d51833ccb7315483457276e7089da03671b28934b9e7cd3a65dafdbd8cac73d8164a8f444b37eadcdf3261f02102b3cb308eabd27fd6b2070393d879280e6a554edd313db94cdbb85b9559f559d8280df08262221a9eeddc4412f6819d6b28d93b40f2df19149e61937c8ad2c99895953c37596407def3d6ff76c6f2bc87792c593b287a22bbb0c861db194d1c6a0f0b9d06d9412f583c3a9c363ed9216ef95dde16bf495058511f96a2543cc3edb71240aec15f309bcebaab00b575a1e8fbefad8b64be2aa4f8d9817f86184c88cf1b7348cc7d034c3213bbd650b9447919ba18d230da7172fe99b311790d665a052e83a28c0fe03b5bf0e0e61df9e9235a99802671ff88f722722a102d2f5a9357a68b43455b8372575ce87e364a0590fea8a26585c394554e9fbff3acf0a60863808e7e81ad4610475a3f1c925a08b94face4beaa2979ed960784e9198b2904fecd16264b3623dac63fa0efac5b880a3a066ce5adec1edf4d75aeedd2c9a1379323f46e1462861947f1c140e8d3eb368185624afed151d1aa580896f9855888652a523afe5745288648e86471091e47506ef60ac7f170e41a4a8a58d0b941aa7bbead5aee057860602bd459cbc6b953bef72287e5d6294bf5928b06cc626a53eca95a08c4a9582655e5a86469131f37a6474260ac40e539201753af13abc57e8f2a0a2a5fc28b889080f8a697a4d9fc6f85cf18fd50aaaa0abbb5a066e7003fa39bfd806507fe4aaff440bbcac79ccacbbf92664f194404da07fd9dfba2a41af2d88ed9bb8924461849da71e1095b9d3163456782ec4e498de38b1307f18254787cd0620ad36c7c48edbfc3bece14c4fad4e64af30268785e0bb117d6b4f82841acb9f61966d4eb19b350acaa5e751510aa6d84b25f9971f52723233009d69f01b1130e1d7da703d8aeece0102194c3deb3078478b8a421e0e2de4159cbe2465441f1592ce1905dc15e5d81d96d256a83b7fea03a081916c1f3a85f2b945e4fe9fa2e7bececb41c22f40951f989eae38045e48383e66508efb7c0c2b2857d2f42434e1ca1dc982273bc4e92893519bfdc6d40ca73af1bdca826224ce35b91900eb03490782dec7865b5bc6a1607cffc2e5026613f90acf6233174c7d317506ce53f075fe35265761795de4e573f1bbdd50aaabeb42cfb23e0cb5b537f486361cbb505d1766227a9396dcaa80df015dceef9a3426292cb8eee72fdedf219626b6b86172ba57675c0d4468ae762db45f7d1e3113eb9aebb228ad9a6fc9c5166d9959e29ef31f970e0cb3443b67d39c3254be56fbd37976a3e0b5c97066c39269290f4da53bb9c936a6081d18a9ce2d51d4cc1269e464ac1ddd26f4c2f4a7ba5b98d78251203c02261088334903217cadfd54c452d4d3dbe5f752a8b02d75111500dd380e3dbc80feb51d71b32cbd0ccce9d394d150d11c1b36cfe151f4ccadf947d89c82fcfec0f7c077c7fed139dae4f8830371967a179e10af0bc88cd805bbca58959eb0b97b601dbcc96dddbf24ef7b428") 22:45:41 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:41 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:41 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 56) [ 919.332035] FAULT_INJECTION: forcing a failure. [ 919.332035] name failslab, interval 1, probability 0, space 0, times 0 22:45:41 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:41 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:41 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00'/10, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) [ 919.375930] CPU: 0 PID: 16922 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 919.383838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 919.393190] Call Trace: [ 919.395777] dump_stack+0x1b2/0x281 [ 919.399411] should_fail.cold+0x10a/0x149 [ 919.403564] should_failslab+0xd6/0x130 [ 919.407543] kmem_cache_alloc_node_trace+0x25a/0x400 [ 919.412656] __kmalloc_node_track_caller+0x38/0x70 [ 919.417588] __alloc_skb+0x96/0x510 [ 919.421231] kobject_uevent_env+0x882/0xf30 22:45:41 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00'/10, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00'/10, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) 22:45:41 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 919.425562] device_add+0xa47/0x15c0 [ 919.429284] ? device_is_dependent+0x2a0/0x2a0 [ 919.433867] ? kfree+0x1f0/0x250 [ 919.437236] device_create_groups_vargs+0x1dc/0x250 [ 919.442255] device_create_vargs+0x3a/0x50 [ 919.446504] bdi_register_va.part.0+0x35/0x650 [ 919.451106] bdi_register_va+0x63/0x80 [ 919.455011] super_setup_bdi_name+0x123/0x220 [ 919.459517] ? kill_block_super+0xe0/0xe0 [ 919.463669] ? do_raw_spin_unlock+0x164/0x220 [ 919.468177] fuse_fill_super+0x937/0x15c0 22:45:41 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00'/10, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) [ 919.472331] ? fuse_get_root_inode+0xc0/0xc0 [ 919.476755] ? up_write+0x17/0x60 [ 919.480211] ? register_shrinker+0x15f/0x220 [ 919.484620] ? sget_userns+0x768/0xc10 [ 919.488521] ? get_anon_bdev+0x1c0/0x1c0 [ 919.492588] ? sget+0xd9/0x110 [ 919.495784] ? fuse_get_root_inode+0xc0/0xc0 [ 919.500190] mount_nodev+0x4c/0xf0 [ 919.503738] mount_fs+0x92/0x2a0 [ 919.507113] vfs_kern_mount.part.0+0x5b/0x470 [ 919.511613] do_mount+0xe65/0x2a30 [ 919.515158] ? __do_page_fault+0x159/0xad0 [ 919.519393] ? retint_kernel+0x2d/0x2d [ 919.523294] ? copy_mount_string+0x40/0x40 [ 919.527539] ? memset+0x20/0x40 [ 919.530830] ? copy_mount_options+0x1fa/0x2f0 [ 919.535336] ? copy_mnt_ns+0xa30/0xa30 [ 919.539238] SyS_mount+0xa8/0x120 [ 919.542690] ? copy_mnt_ns+0xa30/0xa30 [ 919.546584] do_syscall_64+0x1d5/0x640 [ 919.550486] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 919.555668] RIP: 0033:0x7f8e2a1775fa [ 919.559376] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 919.567084] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 919.574327] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 919.581576] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 919.588828] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 919.596097] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:42 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1a, 0x4, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000640), 0x200040, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r2, 0x80044dfc, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r2, 0x80044dfc, &(0x7f0000000040)) 22:45:42 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x400000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:42 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,default_permissions,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7372652c00000000d2b6dd35aae094232830dd3aafa645c5b7a459bbde086f1d3bf6405cc8f0f6afd05d8a372a14bf38b2364d7835864573cdfbf8c02e351f69d5551f3c3ccc0c026ad26907380b67c05a806076dd368e1cb1c49ef7ef6ecb80f3b568e79d62ea83ae2853d0749d1cd24cc4669f9030510152db574c29c645fdd65c2aa2d150b73571ddca908e09f0d817afd649c9d8904bd154e9534700a7ce167ca58894690fed86cf266c73e63c12e5bd09ef8b1a9257605407ca7dd83fe76faf0c62f231bc4a4584c49d7b24233b1ea6071be548f1bd9f191ea637477ccb"], 0x0, 0x0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$FUSE_DIRENT(r5, &(0x7f0000000280)={0x78, 0xfffffffffffffffe, r4, [{0x2, 0xddc5, 0x1, 0x0, '%'}, {0x1, 0x101, 0x1, 0xffff, '\x85'}, {0x2, 0x6, 0xa, 0x7, '/dev/cuse\x00'}]}, 0x78) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0x0, r4}, 0x20) 22:45:42 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0xc854, 0x0, 0x0) 22:45:42 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 57) 22:45:42 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r1, &(0x7f00000023c0)={0x2020}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x9}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f0000004400)={0x2020}, 0x2020) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r1, &(0x7f00000023c0)={0x2020}, 0x2020) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x9}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r1, &(0x7f0000004400)={0x2020}, 0x2020) (async) 22:45:42 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0xc854, 0x0, 0x0) 22:45:42 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:42 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,default_permissions,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7372652c00000000d2b6dd35aae094232830dd3aafa645c5b7a459bbde086f1d3bf6405cc8f0f6afd05d8a372a14bf38b2364d7835864573cdfbf8c02e351f69d5551f3c3ccc0c026ad26907380b67c05a806076dd368e1cb1c49ef7ef6ecb80f3b568e79d62ea83ae2853d0749d1cd24cc4669f9030510152db574c29c645fdd65c2aa2d150b73571ddca908e09f0d817afd649c9d8904bd154e9534700a7ce167ca58894690fed86cf266c73e63c12e5bd09ef8b1a9257605407ca7dd83fe76faf0c62f231bc4a4584c49d7b24233b1ea6071be548f1bd9f191ea637477ccb"], 0x0, 0x0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$FUSE_DIRENT(r5, &(0x7f0000000280)={0x78, 0xfffffffffffffffe, r4, [{0x2, 0xddc5, 0x1, 0x0, '%'}, {0x1, 0x101, 0x1, 0xffff, '\x85'}, {0x2, 0x6, 0xa, 0x7, '/dev/cuse\x00'}]}, 0x78) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0x0, r4}, 0x20) [ 920.297931] FAULT_INJECTION: forcing a failure. [ 920.297931] name failslab, interval 1, probability 0, space 0, times 0 [ 920.318529] CPU: 0 PID: 16978 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 920.326526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 920.336150] Call Trace: [ 920.338863] dump_stack+0x1b2/0x281 [ 920.342508] should_fail.cold+0x10a/0x149 [ 920.346666] should_failslab+0xd6/0x130 [ 920.350643] kmem_cache_alloc_node+0x263/0x410 [ 920.355228] __alloc_skb+0x5c/0x510 [ 920.358869] kobject_uevent_env+0x882/0xf30 [ 920.363203] device_add+0xa47/0x15c0 [ 920.366931] ? device_is_dependent+0x2a0/0x2a0 [ 920.371519] ? kfree+0x1f0/0x250 [ 920.374892] device_create_groups_vargs+0x1dc/0x250 [ 920.379908] device_create_vargs+0x3a/0x50 [ 920.384154] bdi_register_va.part.0+0x35/0x650 [ 920.388745] bdi_register_va+0x63/0x80 [ 920.392639] super_setup_bdi_name+0x123/0x220 22:45:42 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 920.397136] ? kill_block_super+0xe0/0xe0 [ 920.401290] ? do_raw_spin_unlock+0x164/0x220 [ 920.405798] fuse_fill_super+0x937/0x15c0 [ 920.409953] ? fuse_get_root_inode+0xc0/0xc0 [ 920.414360] ? up_write+0x17/0x60 [ 920.417804] ? register_shrinker+0x15f/0x220 [ 920.422207] ? sget_userns+0x768/0xc10 [ 920.426101] ? get_anon_bdev+0x1c0/0x1c0 [ 920.430155] ? sget+0xd9/0x110 [ 920.433344] ? fuse_get_root_inode+0xc0/0xc0 [ 920.437749] mount_nodev+0x4c/0xf0 [ 920.441288] mount_fs+0x92/0x2a0 [ 920.444659] vfs_kern_mount.part.0+0x5b/0x470 22:45:42 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0xc854, 0x0, 0x0) 22:45:42 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 920.449156] do_mount+0xe65/0x2a30 [ 920.452703] ? __do_page_fault+0x159/0xad0 [ 920.456938] ? retint_kernel+0x2d/0x2d [ 920.460836] ? copy_mount_string+0x40/0x40 [ 920.465082] ? memset+0x20/0x40 [ 920.468359] ? copy_mount_options+0x1fa/0x2f0 [ 920.472851] ? copy_mnt_ns+0xa30/0xa30 [ 920.476745] SyS_mount+0xa8/0x120 [ 920.480240] ? copy_mnt_ns+0xa30/0xa30 [ 920.484132] do_syscall_64+0x1d5/0x640 [ 920.488113] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 920.493295] RIP: 0033:0x7f8e2a1775fa [ 920.496992] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 920.504711] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 920.512239] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 920.519508] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 920.526773] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 920.534041] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:43 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x400000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:43 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast1, 0x8001, 0x1}, 0x20) 22:45:43 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r1, &(0x7f00000023c0)={0x2020}, 0x2020) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x9}}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r1, &(0x7f0000004400)={0x2020}, 0x2020) 22:45:43 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 58) 22:45:43 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,default_permissions,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7372652c00000000d2b6dd35aae094232830dd3aafa645c5b7a459bbde086f1d3bf6405cc8f0f6afd05d8a372a14bf38b2364d7835864573cdfbf8c02e351f69d5551f3c3ccc0c026ad26907380b67c05a806076dd368e1cb1c49ef7ef6ecb80f3b568e79d62ea83ae2853d0749d1cd24cc4669f9030510152db574c29c645fdd65c2aa2d150b73571ddca908e09f0d817afd649c9d8904bd154e9534700a7ce167ca58894690fed86cf266c73e63c12e5bd09ef8b1a9257605407ca7dd83fe76faf0c62f231bc4a4584c49d7b24233b1ea6071be548f1bd9f191ea637477ccb"], 0x0, 0x0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$FUSE_DIRENT(r5, &(0x7f0000000280)={0x78, 0xfffffffffffffffe, r4, [{0x2, 0xddc5, 0x1, 0x0, '%'}, {0x1, 0x101, 0x1, 0xffff, '\x85'}, {0x2, 0x6, 0xa, 0x7, '/dev/cuse\x00'}]}, 0x78) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0x0, r4}, 0x20) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,default_permissions,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7372652c00000000d2b6dd35aae094232830dd3aafa645c5b7a459bbde086f1d3bf6405cc8f0f6afd05d8a372a14bf38b2364d7835864573cdfbf8c02e351f69d5551f3c3ccc0c026ad26907380b67c05a806076dd368e1cb1c49ef7ef6ecb80f3b568e79d62ea83ae2853d0749d1cd24cc4669f9030510152db574c29c645fdd65c2aa2d150b73571ddca908e09f0d817afd649c9d8904bd154e9534700a7ce167ca58894690fed86cf266c73e63c12e5bd09ef8b1a9257605407ca7dd83fe76faf0c62f231bc4a4584c49d7b24233b1ea6071be548f1bd9f191ea637477ccb"], 0x0, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) (async) write$FUSE_DIRENT(r5, &(0x7f0000000280)={0x78, 0xfffffffffffffffe, r4, [{0x2, 0xddc5, 0x1, 0x0, '%'}, {0x1, 0x101, 0x1, 0xffff, '\x85'}, {0x2, 0x6, 0xa, 0x7, '/dev/cuse\x00'}]}, 0x78) (async) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0x0, r4}, 0x20) (async) 22:45:43 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/162, 0x8a) 22:45:43 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:43 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast1, 0x0, 0x1}, 0x20) 22:45:43 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/162, 0x8a) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) (async) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/162, 0x8a) (async) 22:45:43 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0xc854, &(0x7f0000000280)={0xa, 0x0, 0x0, @mcast1}, 0x20) 22:45:43 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 921.224879] FAULT_INJECTION: forcing a failure. [ 921.224879] name failslab, interval 1, probability 0, space 0, times 0 [ 921.283323] CPU: 1 PID: 17045 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 921.291232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 921.300588] Call Trace: [ 921.303176] dump_stack+0x1b2/0x281 [ 921.306816] should_fail.cold+0x10a/0x149 [ 921.310975] should_failslab+0xd6/0x130 [ 921.314962] kmem_cache_alloc_node+0x263/0x410 [ 921.319663] __alloc_skb+0x5c/0x510 [ 921.323308] kobject_uevent_env+0x882/0xf30 [ 921.327645] device_add+0xa47/0x15c0 22:45:43 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:43 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x400000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 921.331366] ? device_is_dependent+0x2a0/0x2a0 [ 921.335958] ? kfree+0x1f0/0x250 [ 921.339333] device_create_groups_vargs+0x1dc/0x250 [ 921.344460] device_create_vargs+0x3a/0x50 [ 921.348718] bdi_register_va.part.0+0x35/0x650 [ 921.353314] bdi_register_va+0x63/0x80 [ 921.357210] super_setup_bdi_name+0x123/0x220 [ 921.361712] ? kill_block_super+0xe0/0xe0 [ 921.365860] ? do_raw_spin_unlock+0x164/0x220 [ 921.370369] fuse_fill_super+0x937/0x15c0 [ 921.374527] ? fuse_get_root_inode+0xc0/0xc0 [ 921.378948] ? up_write+0x17/0x60 [ 921.382406] ? register_shrinker+0x15f/0x220 [ 921.386813] ? sget_userns+0x768/0xc10 [ 921.390704] ? get_anon_bdev+0x1c0/0x1c0 [ 921.394756] ? sget+0xd9/0x110 [ 921.397965] ? fuse_get_root_inode+0xc0/0xc0 [ 921.402362] mount_nodev+0x4c/0xf0 [ 921.405880] mount_fs+0x92/0x2a0 [ 921.409246] vfs_kern_mount.part.0+0x5b/0x470 [ 921.413740] do_mount+0xe65/0x2a30 [ 921.417268] ? __do_page_fault+0x159/0xad0 [ 921.421504] ? retint_kernel+0x2d/0x2d [ 921.425372] ? copy_mount_string+0x40/0x40 [ 921.429610] ? memset+0x20/0x40 [ 921.432895] ? copy_mount_options+0x1fa/0x2f0 [ 921.437403] ? copy_mnt_ns+0xa30/0xa30 [ 921.441273] SyS_mount+0xa8/0x120 [ 921.444704] ? copy_mnt_ns+0xa30/0xa30 [ 921.448572] do_syscall_64+0x1d5/0x640 [ 921.452440] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 921.457615] RIP: 0033:0x7f8e2a1775fa [ 921.461308] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 921.469027] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 921.476280] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 22:45:43 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) (rerun: 32) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/162, 0x8a) [ 921.483535] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 921.490787] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 921.498137] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:44 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 59) 22:45:44 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:44 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x29, 0x50, 0x1f, 0x1ff, 0x10, @empty, @local, 0x1, 0x10, 0x200, 0xffff}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008080) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x29, 0x8, 0x6, 0x5, 0x0, @remote, @empty, 0x80, 0x8000, 0x0, 0xdba8}}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xd4, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}, @MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}]}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6e}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0xd4}, 0x1, 0x0, 0x0, 0x2}, 0x40000) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x100010, &(0x7f00000005c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}], [{@subj_type}, {@permit_directio}]}}, 0x1, 0x0, &(0x7f0000000680)="a66649c704f20fb3f9c5f4aad4266c6a493a24ec5317f23ac0e9fa61c7131545ac9c866bd9aff5783d90e84daaeb59c8a05d079f2b9192c591bc0f89f0a30b6fc2654e00f629f0a9a95bed9c4ef2c37059b7bc114c071e6aa257ceffb835ad19bbd3a3fb5c668d69701afa5568c5eea95d7244f21d195d6e929623af225f47d7b9f276a5bcd70a59145dc82005a776ce65e9b7c07874babbfce9b1d8758e3427200de46dc2b2") syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r3, 0x80404521, 0x0) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000180)={0x14, 0xcc, &(0x7f0000000280)="e34d7c1f61c06d7bbe37d0c3433419a84196f9a29d9ef8cfce4bba80fb6beb655f7a2495558791d8ab4ec227252cbb368326f247749ed0d7b546e9e5d9571d9b5dd76d38de23f234aed781138acaa534b3a36e3fd6dc45d6affad98cd1321a7b11a5812640028f3f62701f8c09da3ef7a87e68c94750aa3715f766b7c1e1860c4cf2708e280bf4093467bc5910c5e76f01e5a80f1c18fd04b955fe0ab9e451a16003a54d07b7e2e1580057301eb0c52b9e85038c6981c04b733b7b334496598a1cae4ac6a734ba1fbde5c5ab"}) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x499e4bf4afcfa579, 0x0, 0x0, {}, [@L2TP_ATTR_DEBUG={0x8}]}, 0x1c}}, 0x0) sendmsg$L2TP_CMD_SESSION_CREATE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, r2, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @dev={0xac, 0x14, 0x14, 0x24}}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x3}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x39}}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8d0) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), r0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000400)={'ip6tnl0\x00', 0x0, 0x4, 0x1f, 0x0, 0x4, 0x50, @mcast1, @empty, 0x40, 0x7800, 0x80000000, 0xfffffffa}}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x5c, r4, 0x8, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000011}, 0x1) 22:45:44 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) read$FUSE(r8, &(0x7f0000002940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r13, &(0x7f0000000780)=ANY=[@ANYBLOB="70000000edffffff", @ANYRES64=r14, @ANYBLOB="0200000000000000000000000000000008000000fdffffff6d61785f72656164020000000000000003000000000000000300000004000000215b2c00000000000200000000000000040000000000000005000000080000005c282d5e27000000"], 0x70) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 922.108896] FAULT_INJECTION: forcing a failure. [ 922.108896] name failslab, interval 1, probability 0, space 0, times 0 [ 922.143223] CPU: 1 PID: 17133 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 922.151133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 922.160485] Call Trace: [ 922.163078] dump_stack+0x1b2/0x281 [ 922.166719] should_fail.cold+0x10a/0x149 [ 922.170883] should_failslab+0xd6/0x130 [ 922.174864] kmem_cache_alloc_node+0x263/0x410 [ 922.179451] __alloc_skb+0x5c/0x510 [ 922.183085] kobject_uevent_env+0x882/0xf30 [ 922.187423] device_add+0xa47/0x15c0 [ 922.191142] ? device_is_dependent+0x2a0/0x2a0 [ 922.195744] ? kfree+0x1f0/0x250 [ 922.199110] device_create_groups_vargs+0x1dc/0x250 [ 922.204132] device_create_vargs+0x3a/0x50 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x400000000000}}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 922.208377] bdi_register_va.part.0+0x35/0x650 [ 922.213050] bdi_register_va+0x63/0x80 [ 922.216936] super_setup_bdi_name+0x123/0x220 [ 922.221426] ? kill_block_super+0xe0/0xe0 [ 922.225573] ? do_raw_spin_unlock+0x164/0x220 [ 922.230077] fuse_fill_super+0x937/0x15c0 [ 922.234236] ? fuse_get_root_inode+0xc0/0xc0 [ 922.238655] ? up_write+0x17/0x60 [ 922.242112] ? register_shrinker+0x15f/0x220 [ 922.246527] ? sget_userns+0x768/0xc10 [ 922.250415] ? get_anon_bdev+0x1c0/0x1c0 [ 922.254465] ? sget+0xd9/0x110 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 922.257655] ? fuse_get_root_inode+0xc0/0xc0 [ 922.262065] mount_nodev+0x4c/0xf0 [ 922.265604] mount_fs+0x92/0x2a0 [ 922.268974] vfs_kern_mount.part.0+0x5b/0x470 [ 922.273478] do_mount+0xe65/0x2a30 [ 922.277022] ? __do_page_fault+0x159/0xad0 [ 922.281259] ? retint_kernel+0x2d/0x2d [ 922.285162] ? copy_mount_string+0x40/0x40 [ 922.289404] ? memset+0x20/0x40 [ 922.292680] ? copy_mount_options+0x1fa/0x2f0 [ 922.297186] ? copy_mnt_ns+0xa30/0xa30 [ 922.301087] SyS_mount+0xa8/0x120 [ 922.304541] ? copy_mnt_ns+0xa30/0xa30 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 922.308432] do_syscall_64+0x1d5/0x640 [ 922.312360] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 922.317550] RIP: 0033:0x7f8e2a1775fa [ 922.321258] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 922.329182] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 922.336456] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 922.343813] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 922.351084] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 922.358354] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:44 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 60) 22:45:44 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,default_permissions,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c7372652c00000000d2b6dd35aae094232830dd3aafa645c5b7a459bbde086f1d3bf6405cc8f0f6afd05d8a372a14bf38b2364d7835864573cdfbf8c02e351f69d5551f3c3ccc0c026ad26907380b67c05a806076dd368e1cb1c49ef7ef6ecb80f3b568e79d62ea83ae2853d0749d1cd24cc4669f9030510152db574c29c645fdd65c2aa2d150b73571ddca908e09f0d817afd649c9d8904bd154e9534700a7ce167ca58894690fed86cf266c73e63c12e5bd09ef8b1a9257605407ca7dd83fe76faf0c62f231bc4a4584c49d7b24233b1ea6071be548f1bd9f191ea637477ccb"], 0x0, 0x0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$FUSE_DIRENT(r5, &(0x7f0000000280)={0x78, 0xfffffffffffffffe, r4, [{0x2, 0xddc5, 0x1, 0x0, '%'}, {0x1, 0x101, 0x1, 0xffff, '\x85'}, {0x2, 0x6, 0xa, 0x7, '/dev/cuse\x00'}]}, 0x78) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0x0, r4}, 0x20) 22:45:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r3, 0x80404521, 0x0) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000180)={0x14, 0xcc, &(0x7f0000000280)="e34d7c1f61c06d7bbe37d0c3433419a84196f9a29d9ef8cfce4bba80fb6beb655f7a2495558791d8ab4ec227252cbb368326f247749ed0d7b546e9e5d9571d9b5dd76d38de23f234aed781138acaa534b3a36e3fd6dc45d6affad98cd1321a7b11a5812640028f3f62701f8c09da3ef7a87e68c94750aa3715f766b7c1e1860c4cf2708e280bf4093467bc5910c5e76f01e5a80f1c18fd04b955fe0ab9e451a16003a54d07b7e2e1580057301eb0c52b9e85038c6981c04b733b7b334496598a1cae4ac6a734ba1fbde5c5ab"}) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x499e4bf4afcfa579, 0x0, 0x0, {}, [@L2TP_ATTR_DEBUG={0x8}]}, 0x1c}}, 0x0) sendmsg$L2TP_CMD_SESSION_CREATE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, r2, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @dev={0xac, 0x14, 0x14, 0x24}}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x3}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x39}}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8d0) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), r0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000400)={'ip6tnl0\x00', 0x0, 0x4, 0x1f, 0x0, 0x4, 0x50, @mcast1, @empty, 0x40, 0x7800, 0x80000000, 0xfffffffa}}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x5c, r4, 0x8, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000011}, 0x1) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) (async) syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (async) ioctl$EVIOCGBITKEY(r3, 0x80404521, 0x0) (async) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000180)={0x14, 0xcc, &(0x7f0000000280)="e34d7c1f61c06d7bbe37d0c3433419a84196f9a29d9ef8cfce4bba80fb6beb655f7a2495558791d8ab4ec227252cbb368326f247749ed0d7b546e9e5d9571d9b5dd76d38de23f234aed781138acaa534b3a36e3fd6dc45d6affad98cd1321a7b11a5812640028f3f62701f8c09da3ef7a87e68c94750aa3715f766b7c1e1860c4cf2708e280bf4093467bc5910c5e76f01e5a80f1c18fd04b955fe0ab9e451a16003a54d07b7e2e1580057301eb0c52b9e85038c6981c04b733b7b334496598a1cae4ac6a734ba1fbde5c5ab"}) (async) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x499e4bf4afcfa579, 0x0, 0x0, {}, [@L2TP_ATTR_DEBUG={0x8}]}, 0x1c}}, 0x0) (async) sendmsg$L2TP_CMD_SESSION_CREATE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, r2, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @dev={0xac, 0x14, 0x14, 0x24}}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x3}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x39}}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8d0) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), r0) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000400)={'ip6tnl0\x00', 0x0, 0x4, 0x1f, 0x0, 0x4, 0x50, @mcast1, @empty, 0x40, 0x7800, 0x80000000, 0xfffffffa}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)) (async) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x5c, r4, 0x8, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000011}, 0x1) (async) 22:45:44 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) (async) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) (async) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) (async) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) (async) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) (async) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) (async) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) (async) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) (async) r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async) read$FUSE(r8, &(0x7f0000002940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r13, &(0x7f0000000780)=ANY=[@ANYBLOB="70000000edffffff", @ANYRES64=r14, @ANYBLOB="0200000000000000000000000000000008000000fdffffff6d61785f72656164020000000000000003000000000000000300000004000000215b2c00000000000200000000000000040000000000000005000000080000005c282d5e27000000"], 0x70) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:44 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x29, 0x50, 0x1f, 0x1ff, 0x10, @empty, @local, 0x1, 0x10, 0x200, 0xffff}}) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008080) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x29, 0x8, 0x6, 0x5, 0x0, @remote, @empty, 0x80, 0x8000, 0x0, 0xdba8}}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xd4, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}, @MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}]}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6e}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0xd4}, 0x1, 0x0, 0x0, 0x2}, 0x40000) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x100010, &(0x7f00000005c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}], [{@subj_type}, {@permit_directio}]}}, 0x1, 0x0, &(0x7f0000000680)="a66649c704f20fb3f9c5f4aad4266c6a493a24ec5317f23ac0e9fa61c7131545ac9c866bd9aff5783d90e84daaeb59c8a05d079f2b9192c591bc0f89f0a30b6fc2654e00f629f0a9a95bed9c4ef2c37059b7bc114c071e6aa257ceffb835ad19bbd3a3fb5c668d69701afa5568c5eea95d7244f21d195d6e929623af225f47d7b9f276a5bcd70a59145dc82005a776ce65e9b7c07874babbfce9b1d8758e3427200de46dc2b2") syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:44 executing program 3: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x400000000000}}]}}, 0x0, 0x0, 0x0) [ 922.527219] FAULT_INJECTION: forcing a failure. [ 922.527219] name failslab, interval 1, probability 0, space 0, times 0 [ 922.546964] CPU: 0 PID: 17178 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 922.554868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 922.564222] Call Trace: [ 922.566811] dump_stack+0x1b2/0x281 [ 922.570438] should_fail.cold+0x10a/0x149 22:45:44 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) read$FUSE(r8, &(0x7f0000002940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r13, &(0x7f0000000780)=ANY=[@ANYBLOB="70000000edffffff", @ANYRES64=r14, @ANYBLOB="0200000000000000000000000000000008000000fdffffff6d61785f72656164020000000000000003000000000000000300000004000000215b2c00000000000200000000000000040000000000000005000000080000005c282d5e27000000"], 0x70) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 922.574608] should_failslab+0xd6/0x130 [ 922.578590] kmem_cache_alloc_node+0x263/0x410 [ 922.583166] __alloc_skb+0x5c/0x510 [ 922.586795] kobject_uevent_env+0x882/0xf30 [ 922.591129] device_add+0xa47/0x15c0 [ 922.594845] ? device_is_dependent+0x2a0/0x2a0 [ 922.599419] ? kfree+0x1f0/0x250 [ 922.602787] device_create_groups_vargs+0x1dc/0x250 [ 922.607806] device_create_vargs+0x3a/0x50 [ 922.612061] bdi_register_va.part.0+0x35/0x650 [ 922.616648] bdi_register_va+0x63/0x80 [ 922.620554] super_setup_bdi_name+0x123/0x220 [ 922.625048] ? kill_block_super+0xe0/0xe0 [ 922.629180] ? do_raw_spin_unlock+0x164/0x220 [ 922.633670] fuse_fill_super+0x937/0x15c0 [ 922.637893] ? fuse_get_root_inode+0xc0/0xc0 [ 922.642277] ? up_write+0x17/0x60 [ 922.645792] ? register_shrinker+0x15f/0x220 [ 922.650177] ? sget_userns+0x768/0xc10 [ 922.654060] ? get_anon_bdev+0x1c0/0x1c0 [ 922.658106] ? sget+0xd9/0x110 [ 922.661277] ? fuse_get_root_inode+0xc0/0xc0 [ 922.665662] mount_nodev+0x4c/0xf0 [ 922.669179] mount_fs+0x92/0x2a0 [ 922.672526] vfs_kern_mount.part.0+0x5b/0x470 [ 922.677013] do_mount+0xe65/0x2a30 [ 922.680552] ? __do_page_fault+0x159/0xad0 [ 922.684764] ? retint_kernel+0x2d/0x2d [ 922.688636] ? copy_mount_string+0x40/0x40 [ 922.692849] ? memset+0x20/0x40 [ 922.696117] ? copy_mount_options+0x1fa/0x2f0 [ 922.700615] ? copy_mnt_ns+0xa30/0xa30 [ 922.704487] SyS_mount+0xa8/0x120 [ 922.707922] ? copy_mnt_ns+0xa30/0xa30 [ 922.711789] do_syscall_64+0x1d5/0x640 [ 922.715668] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 922.720841] RIP: 0033:0x7f8e2a1775fa 22:45:44 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r3, 0x80404521, 0x0) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000180)={0x14, 0xcc, &(0x7f0000000280)="e34d7c1f61c06d7bbe37d0c3433419a84196f9a29d9ef8cfce4bba80fb6beb655f7a2495558791d8ab4ec227252cbb368326f247749ed0d7b546e9e5d9571d9b5dd76d38de23f234aed781138acaa534b3a36e3fd6dc45d6affad98cd1321a7b11a5812640028f3f62701f8c09da3ef7a87e68c94750aa3715f766b7c1e1860c4cf2708e280bf4093467bc5910c5e76f01e5a80f1c18fd04b955fe0ab9e451a16003a54d07b7e2e1580057301eb0c52b9e85038c6981c04b733b7b334496598a1cae4ac6a734ba1fbde5c5ab"}) (async) sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r2, 0x499e4bf4afcfa579, 0x0, 0x0, {}, [@L2TP_ATTR_DEBUG={0x8}]}, 0x1c}}, 0x0) sendmsg$L2TP_CMD_SESSION_CREATE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, r2, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @dev={0xac, 0x14, 0x14, 0x24}}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x3}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @dev={0xfe, 0x80, '\x00', 0x39}}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xb}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8d0) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), r0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'ip6tnl0\x00', &(0x7f0000000400)={'ip6tnl0\x00', 0x0, 0x4, 0x1f, 0x0, 0x4, 0x50, @mcast1, @empty, 0x40, 0x7800, 0x80000000, 0xfffffffa}}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f00000005c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x5c, r4, 0x8, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r5}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000011}, 0x1) 22:45:45 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) (async, rerun: 32) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) (async, rerun: 32) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) (async, rerun: 64) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) (rerun: 64) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) (async) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) (async) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async, rerun: 64) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 64) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async, rerun: 32) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) (rerun: 32) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) (async) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) (async) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) (async) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) (async) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) (async) r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) read$FUSE(r8, &(0x7f0000002940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r13, &(0x7f0000000780)=ANY=[@ANYBLOB="70000000edffffff", @ANYRES64=r14, @ANYBLOB="0200000000000000000000000000000008000000fdffffff6d61785f72656164020000000000000003000000000000000300000004000000215b2c00000000000200000000000000040000000000000005000000080000005c282d5e27000000"], 0x70) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 922.724570] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 922.732275] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 922.739538] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 922.746879] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 922.754234] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 922.761490] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:45 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000280)={'ip6_vti0\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x29, 0x50, 0x1f, 0x1ff, 0x10, @empty, @local, 0x1, 0x10, 0x200, 0xffff}}) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20008080) (async, rerun: 32) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'ip6_vti0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x29, 0x8, 0x6, 0x5, 0x0, @remote, @empty, 0x80, 0x8000, 0x0, 0xdba8}}) (rerun: 32) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0xd4, 0x0, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r1}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}, @MPTCP_PM_ADDR_ATTR_ID={0x5}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}]}, @MPTCP_PM_ATTR_ADDR={0x48, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x6e}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}]}, 0xd4}, 0x1, 0x0, 0x0, 0x2}, 0x40000) (async, rerun: 64) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 64) syz_mount_image$fuse(&(0x7f0000000540), &(0x7f0000000580)='./file0\x00', 0x100010, &(0x7f00000005c0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}], [{@subj_type}, {@permit_directio}]}}, 0x1, 0x0, &(0x7f0000000680)="a66649c704f20fb3f9c5f4aad4266c6a493a24ec5317f23ac0e9fa61c7131545ac9c866bd9aff5783d90e84daaeb59c8a05d079f2b9192c591bc0f89f0a30b6fc2654e00f629f0a9a95bed9c4ef2c37059b7bc114c071e6aa257ceffb835ad19bbd3a3fb5c668d69701afa5568c5eea95d7244f21d195d6e929623af225f47d7b9f276a5bcd70a59145dc82005a776ce65e9b7c07874babbfce9b1d8758e3427200de46dc2b2") syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@default_permissions}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:45 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, &(0x7f0000000180)='>', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x7, @mcast1, 0x8001, 0x1}, 0x20) 22:45:45 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 61) 22:45:45 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) read$FUSE(r8, &(0x7f0000002940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r13, &(0x7f0000000780)=ANY=[@ANYBLOB="70000000edffffff", @ANYRES64=r14, @ANYBLOB="0200000000000000000000000000000008000000fdffffff6d61785f72656164020000000000000003000000000000000300000004000000215b2c00000000000200000000000000040000000000000005000000080000005c282d5e27000000"], 0x70) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:45 executing program 0: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:45 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 922.909514] FAULT_INJECTION: forcing a failure. [ 922.909514] name failslab, interval 1, probability 0, space 0, times 0 [ 922.957956] CPU: 0 PID: 17227 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 922.965869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 922.975226] Call Trace: [ 922.977813] dump_stack+0x1b2/0x281 [ 922.981443] should_fail.cold+0x10a/0x149 [ 922.985844] should_failslab+0xd6/0x130 [ 922.989831] kmem_cache_alloc_node+0x263/0x410 [ 922.994422] __alloc_skb+0x5c/0x510 [ 922.998172] kobject_uevent_env+0x882/0xf30 [ 923.002600] device_add+0xa47/0x15c0 22:45:45 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 923.006539] ? device_is_dependent+0x2a0/0x2a0 [ 923.011132] ? kfree+0x1f0/0x250 [ 923.014519] device_create_groups_vargs+0x1dc/0x250 [ 923.019571] device_create_vargs+0x3a/0x50 [ 923.023818] bdi_register_va.part.0+0x35/0x650 [ 923.028408] bdi_register_va+0x63/0x80 [ 923.032304] super_setup_bdi_name+0x123/0x220 [ 923.036803] ? kill_block_super+0xe0/0xe0 [ 923.040958] ? do_raw_spin_unlock+0x164/0x220 [ 923.045461] fuse_fill_super+0x937/0x15c0 [ 923.050394] ? fuse_get_root_inode+0xc0/0xc0 [ 923.054801] ? up_write+0x17/0x60 22:45:45 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) ioctl$EVIOCGBITSW(r1, 0x80404525, &(0x7f00000000c0)=""/211) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x29, 0x4, 0x0, {0x6, 0x2, 0x1, 0x0, [0x0]}}, 0x29) [ 923.058256] ? register_shrinker+0x15f/0x220 [ 923.062663] ? sget_userns+0x768/0xc10 [ 923.066644] ? get_anon_bdev+0x1c0/0x1c0 [ 923.070704] ? sget+0xd9/0x110 [ 923.073903] ? fuse_get_root_inode+0xc0/0xc0 [ 923.078317] mount_nodev+0x4c/0xf0 [ 923.082759] mount_fs+0x92/0x2a0 [ 923.086160] vfs_kern_mount.part.0+0x5b/0x470 [ 923.090927] do_mount+0xe65/0x2a30 [ 923.094475] ? __do_page_fault+0x159/0xad0 [ 923.098716] ? retint_kernel+0x2d/0x2d [ 923.102615] ? copy_mount_string+0x40/0x40 [ 923.106859] ? memset+0x20/0x40 [ 923.110144] ? copy_mount_options+0x1fa/0x2f0 [ 923.114642] ? copy_mnt_ns+0xa30/0xa30 [ 923.118526] SyS_mount+0xa8/0x120 [ 923.121976] ? copy_mnt_ns+0xa30/0xa30 [ 923.125867] do_syscall_64+0x1d5/0x640 [ 923.129757] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 923.134949] RIP: 0033:0x7f8e2a1775fa [ 923.138649] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 923.146356] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 923.153619] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 923.161072] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 923.168324] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 923.175574] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:45 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 62) 22:45:45 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10, 0x0, r4}, 0x10) 22:45:45 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) read$FUSE(r8, &(0x7f0000002940)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r13, &(0x7f0000000780)=ANY=[@ANYBLOB="70000000edffffff", @ANYRES64=r14, @ANYBLOB="0200000000000000000000000000000008000000fdffffff6d61785f72656164020000000000000003000000000000000300000004000000215b2c00000000000200000000000000040000000000000005000000080000005c282d5e27000000"], 0x70) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:45 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:45 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000140)={0xfffffffffffffe8e, 0x4, 0x0, {0x2080000005, 0x6, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x14800a, &(0x7f00000001c0)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}}, 0xfe, 0x0, 0x0) [ 923.353190] FAULT_INJECTION: forcing a failure. [ 923.353190] name failslab, interval 1, probability 0, space 0, times 0 [ 923.368656] CPU: 0 PID: 17267 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 923.376559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 923.385918] Call Trace: [ 923.388491] dump_stack+0x1b2/0x281 [ 923.392105] should_fail.cold+0x10a/0x149 [ 923.396252] should_failslab+0xd6/0x130 22:45:45 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000140)={0xfffffffffffffe8e, 0x4, 0x0, {0x2080000005, 0x6, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) (async) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x14800a, &(0x7f00000001c0)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}}, 0xfe, 0x0, 0x0) [ 923.400237] kmem_cache_alloc_node+0x263/0x410 [ 923.404826] __alloc_skb+0x5c/0x510 [ 923.408484] kobject_uevent_env+0x882/0xf30 [ 923.412803] device_add+0xa47/0x15c0 [ 923.416551] ? device_is_dependent+0x2a0/0x2a0 [ 923.421139] ? kfree+0x1f0/0x250 [ 923.424502] device_create_groups_vargs+0x1dc/0x250 [ 923.429519] device_create_vargs+0x3a/0x50 [ 923.433759] bdi_register_va.part.0+0x35/0x650 [ 923.438340] bdi_register_va+0x63/0x80 [ 923.442228] super_setup_bdi_name+0x123/0x220 [ 923.446727] ? kill_block_super+0xe0/0xe0 22:45:45 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000140)={0xfffffffffffffe8e, 0x4, 0x0, {0x2080000005, 0x6, 0x2, 0x0, [0x0, 0x0]}}, 0x2a) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x14800a, &(0x7f00000001c0)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}}, 0xfe, 0x0, 0x0) [ 923.450865] ? do_raw_spin_unlock+0x164/0x220 [ 923.455349] fuse_fill_super+0x937/0x15c0 [ 923.459500] ? fuse_get_root_inode+0xc0/0xc0 [ 923.463907] ? up_write+0x17/0x60 [ 923.467638] ? register_shrinker+0x15f/0x220 [ 923.472051] ? sget_userns+0x768/0xc10 [ 923.475944] ? get_anon_bdev+0x1c0/0x1c0 [ 923.480002] ? sget+0xd9/0x110 [ 923.483192] ? fuse_get_root_inode+0xc0/0xc0 [ 923.487608] mount_nodev+0x4c/0xf0 [ 923.491149] mount_fs+0x92/0x2a0 [ 923.494513] vfs_kern_mount.part.0+0x5b/0x470 [ 923.499006] do_mount+0xe65/0x2a30 22:45:45 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d30783030303030303030ea3d1684acf164092c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, &(0x7f0000000080)={0x53, 0x101, 0x1f, 0x800, 0x20, 0x9, 0x8}) [ 923.502543] ? __do_page_fault+0x159/0xad0 [ 923.506774] ? retint_kernel+0x2d/0x2d [ 923.510659] ? copy_mount_string+0x40/0x40 [ 923.514904] ? memset+0x20/0x40 [ 923.518183] ? copy_mount_options+0x1fa/0x2f0 [ 923.522674] ? copy_mnt_ns+0xa30/0xa30 [ 923.526560] SyS_mount+0xa8/0x120 [ 923.530005] ? copy_mnt_ns+0xa30/0xa30 [ 923.533908] do_syscall_64+0x1d5/0x640 [ 923.537795] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 923.543070] RIP: 0033:0x7f8e2a1775fa [ 923.546787] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 923.554495] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 923.561762] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 923.569840] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 923.577285] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 923.584537] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:46 executing program 0: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) (async, rerun: 64) r0 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:46 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d30783030303030303030ea3d1684acf164092c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, &(0x7f0000000080)={0x53, 0x101, 0x1f, 0x800, 0x20, 0x9, 0x8}) 22:45:46 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10, 0x0, r4}, 0x10) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10, 0x0, r4}, 0x10) (async) 22:45:46 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:46 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) read$FUSE(r8, &(0x7f0000002940)={0x2020}, 0x2020) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:46 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 63) 22:45:46 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d30783030303030303030ea3d1684acf164092c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, &(0x7f0000000080)={0x53, 0x101, 0x1f, 0x800, 0x20, 0x9, 0x8}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d30783030303030303030ea3d1684acf164092c6d61785f726561643d3078303030303030303030303030303030302c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, &(0x7f0000000080)={0x53, 0x101, 0x1f, 0x800, 0x20, 0x9, 0x8}) (async) [ 923.914483] FAULT_INJECTION: forcing a failure. [ 923.914483] name failslab, interval 1, probability 0, space 0, times 0 [ 923.934841] CPU: 1 PID: 17306 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 923.942745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 923.952096] Call Trace: [ 923.954687] dump_stack+0x1b2/0x281 [ 923.958324] should_fail.cold+0x10a/0x149 22:45:46 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x60000, 0x0) ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f00000000c0)) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) [ 923.962485] should_failslab+0xd6/0x130 [ 923.966469] kmem_cache_alloc_node_trace+0x25a/0x400 [ 923.971580] __kmalloc_node_track_caller+0x38/0x70 [ 923.976516] __alloc_skb+0x96/0x510 [ 923.980167] kobject_uevent_env+0x882/0xf30 [ 923.984508] device_add+0xa47/0x15c0 [ 923.988225] ? device_is_dependent+0x2a0/0x2a0 [ 923.992800] ? kfree+0x1f0/0x250 [ 923.996172] device_create_groups_vargs+0x1dc/0x250 [ 924.001184] device_create_vargs+0x3a/0x50 [ 924.005409] bdi_register_va.part.0+0x35/0x650 [ 924.009980] bdi_register_va+0x63/0x80 [ 924.013853] super_setup_bdi_name+0x123/0x220 [ 924.018339] ? kill_block_super+0xe0/0xe0 [ 924.022476] ? do_raw_spin_unlock+0x164/0x220 [ 924.026952] fuse_fill_super+0x937/0x15c0 [ 924.031081] ? fuse_get_root_inode+0xc0/0xc0 [ 924.035464] ? up_write+0x17/0x60 [ 924.038902] ? register_shrinker+0x15f/0x220 [ 924.043303] ? sget_userns+0x768/0xc10 [ 924.047191] ? get_anon_bdev+0x1c0/0x1c0 [ 924.051238] ? sget+0xd9/0x110 [ 924.054417] ? fuse_get_root_inode+0xc0/0xc0 [ 924.058982] mount_nodev+0x4c/0xf0 [ 924.062497] mount_fs+0x92/0x2a0 [ 924.065847] vfs_kern_mount.part.0+0x5b/0x470 [ 924.070324] do_mount+0xe65/0x2a30 [ 924.073854] ? __do_page_fault+0x159/0xad0 [ 924.078188] ? retint_kernel+0x2d/0x2d [ 924.082071] ? copy_mount_string+0x40/0x40 [ 924.086294] ? memset+0x20/0x40 [ 924.089553] ? copy_mount_options+0x1fa/0x2f0 [ 924.094023] ? copy_mnt_ns+0xa30/0xa30 [ 924.097891] SyS_mount+0xa8/0x120 [ 924.101328] ? copy_mnt_ns+0xa30/0xa30 [ 924.105198] do_syscall_64+0x1d5/0x640 [ 924.109076] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 22:45:46 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 924.114246] RIP: 0033:0x7f8e2a1775fa [ 924.117932] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 924.127002] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 924.134259] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 924.141510] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 924.148763] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 924.156096] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:46 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 64) 22:45:46 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:46 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x60000, 0x0) ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f00000000c0)) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) [ 924.353125] FAULT_INJECTION: forcing a failure. [ 924.353125] name failslab, interval 1, probability 0, space 0, times 0 [ 924.364642] CPU: 1 PID: 17359 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 924.372529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 924.381874] Call Trace: [ 924.384455] dump_stack+0x1b2/0x281 [ 924.388061] should_fail.cold+0x10a/0x149 [ 924.392187] should_failslab+0xd6/0x130 [ 924.396139] kmem_cache_alloc_node_trace+0x25a/0x400 [ 924.401224] __kmalloc_node_track_caller+0x38/0x70 [ 924.406140] __alloc_skb+0x96/0x510 [ 924.409761] kobject_uevent_env+0x882/0xf30 [ 924.414088] device_add+0xa47/0x15c0 [ 924.417788] ? device_is_dependent+0x2a0/0x2a0 [ 924.422348] ? kfree+0x1f0/0x250 [ 924.425693] device_create_groups_vargs+0x1dc/0x250 [ 924.430693] device_create_vargs+0x3a/0x50 [ 924.434928] bdi_register_va.part.0+0x35/0x650 [ 924.439532] bdi_register_va+0x63/0x80 [ 924.443402] super_setup_bdi_name+0x123/0x220 [ 924.447874] ? kill_block_super+0xe0/0xe0 [ 924.451997] ? do_raw_spin_unlock+0x164/0x220 [ 924.456473] fuse_fill_super+0x937/0x15c0 [ 924.460600] ? fuse_get_root_inode+0xc0/0xc0 [ 924.464985] ? up_write+0x17/0x60 [ 924.468412] ? register_shrinker+0x15f/0x220 [ 924.472802] ? sget_userns+0x768/0xc10 [ 924.476668] ? get_anon_bdev+0x1c0/0x1c0 [ 924.480830] ? sget+0xd9/0x110 [ 924.484014] ? fuse_get_root_inode+0xc0/0xc0 [ 924.488402] mount_nodev+0x4c/0xf0 [ 924.491931] mount_fs+0x92/0x2a0 [ 924.495283] vfs_kern_mount.part.0+0x5b/0x470 [ 924.499757] do_mount+0xe65/0x2a30 [ 924.503275] ? __do_page_fault+0x159/0xad0 [ 924.507497] ? retint_kernel+0x2d/0x2d [ 924.511361] ? copy_mount_string+0x40/0x40 [ 924.515579] ? memset+0x20/0x40 [ 924.518921] ? copy_mount_options+0x1fa/0x2f0 [ 924.524171] ? copy_mnt_ns+0xa30/0xa30 [ 924.528034] SyS_mount+0xa8/0x120 [ 924.531460] ? copy_mnt_ns+0xa30/0xa30 [ 924.535330] do_syscall_64+0x1d5/0x640 [ 924.539196] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 924.544360] RIP: 0033:0x7f8e2a1775fa [ 924.548044] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 924.555727] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 924.563022] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 924.570266] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 924.577695] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 924.584947] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:46 executing program 0: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) 22:45:46 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10, 0x0, r4}, 0x10) 22:45:46 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) openat$fuse(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:46 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:46 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x60000, 0x0) ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f00000000c0)) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x60000, 0x0) (async) ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f00000000c0)) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) 22:45:46 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 65) 22:45:47 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) [ 924.892513] FAULT_INJECTION: forcing a failure. [ 924.892513] name failslab, interval 1, probability 0, space 0, times 0 [ 924.920065] CPU: 1 PID: 17398 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 924.927973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 924.937323] Call Trace: [ 924.939922] dump_stack+0x1b2/0x281 [ 924.943561] should_fail.cold+0x10a/0x149 [ 924.947707] should_failslab+0xd6/0x130 [ 924.951674] kmem_cache_alloc_node+0x263/0x410 [ 924.956251] __alloc_skb+0x5c/0x510 [ 924.959878] kobject_uevent_env+0x882/0xf30 [ 924.964202] device_add+0xa47/0x15c0 [ 924.967907] ? device_is_dependent+0x2a0/0x2a0 [ 924.972481] ? kfree+0x1f0/0x250 [ 924.975856] device_create_groups_vargs+0x1dc/0x250 [ 924.980876] device_create_vargs+0x3a/0x50 [ 924.985114] bdi_register_va.part.0+0x35/0x650 [ 924.989702] bdi_register_va+0x63/0x80 [ 924.993594] super_setup_bdi_name+0x123/0x220 [ 924.998084] ? kill_block_super+0xe0/0xe0 [ 925.002219] ? do_raw_spin_unlock+0x164/0x220 [ 925.006699] fuse_fill_super+0x937/0x15c0 [ 925.010825] ? fuse_get_root_inode+0xc0/0xc0 [ 925.015232] ? up_write+0x17/0x60 [ 925.018672] ? register_shrinker+0x15f/0x220 [ 925.023065] ? sget_userns+0x768/0xc10 [ 925.026937] ? get_anon_bdev+0x1c0/0x1c0 [ 925.030973] ? sget+0xd9/0x110 [ 925.034142] ? fuse_get_root_inode+0xc0/0xc0 [ 925.038536] mount_nodev+0x4c/0xf0 [ 925.042059] mount_fs+0x92/0x2a0 [ 925.045415] vfs_kern_mount.part.0+0x5b/0x470 [ 925.049894] do_mount+0xe65/0x2a30 [ 925.053413] ? __do_page_fault+0x159/0xad0 [ 925.057627] ? retint_kernel+0x2d/0x2d [ 925.061489] ? copy_mount_string+0x40/0x40 [ 925.065701] ? memset+0x20/0x40 [ 925.068956] ? copy_mount_options+0x1fa/0x2f0 [ 925.073429] ? copy_mnt_ns+0xa30/0xa30 [ 925.077297] SyS_mount+0xa8/0x120 [ 925.080730] ? copy_mnt_ns+0xa30/0xa30 [ 925.084601] do_syscall_64+0x1d5/0x640 [ 925.088479] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 22:45:47 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:47 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_DIRENT(r1, &(0x7f00000000c0)={0x48, 0xffffffffffffffda, r4, [{0x4, 0x8, 0x4, 0xfffffffd, ')[-/'}, {0x3, 0x5, 0x0, 0x8}]}, 0x48) read$FUSE(0xffffffffffffffff, &(0x7f0000002940)={0x2020}, 0x2020) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2f, 0x4, 0x0, {0x6, 0x2, 0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2f) [ 925.093642] RIP: 0033:0x7f8e2a1775fa [ 925.097422] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 925.105114] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 925.112365] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 925.119628] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 925.126879] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 925.134136] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:47 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:47 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 66) 22:45:47 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) [ 925.331875] FAULT_INJECTION: forcing a failure. [ 925.331875] name failslab, interval 1, probability 0, space 0, times 0 [ 925.352286] CPU: 1 PID: 17428 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 925.360181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 925.369533] Call Trace: [ 925.372122] dump_stack+0x1b2/0x281 [ 925.375753] should_fail.cold+0x10a/0x149 [ 925.379902] should_failslab+0xd6/0x130 [ 925.383876] kmem_cache_alloc_trace+0x29a/0x3d0 [ 925.388547] ? kobj_ns_drop+0x80/0x80 [ 925.392358] call_usermodehelper_setup+0x73/0x2e0 [ 925.397205] kobject_uevent_env+0xc21/0xf30 [ 925.401534] device_add+0xa47/0x15c0 [ 925.405254] ? device_is_dependent+0x2a0/0x2a0 [ 925.409835] ? kfree+0x1f0/0x250 [ 925.413211] device_create_groups_vargs+0x1dc/0x250 [ 925.418235] device_create_vargs+0x3a/0x50 [ 925.422477] bdi_register_va.part.0+0x35/0x650 [ 925.427064] bdi_register_va+0x63/0x80 [ 925.430957] super_setup_bdi_name+0x123/0x220 [ 925.435457] ? kill_block_super+0xe0/0xe0 [ 925.439615] ? do_raw_spin_unlock+0x164/0x220 [ 925.444123] fuse_fill_super+0x937/0x15c0 [ 925.448285] ? fuse_get_root_inode+0xc0/0xc0 [ 925.452706] ? up_write+0x17/0x60 [ 925.456175] ? register_shrinker+0x15f/0x220 [ 925.460587] ? sget_userns+0x768/0xc10 [ 925.464483] ? get_anon_bdev+0x1c0/0x1c0 [ 925.468623] ? sget+0xd9/0x110 [ 925.471796] ? fuse_get_root_inode+0xc0/0xc0 [ 925.476180] mount_nodev+0x4c/0xf0 [ 925.479703] mount_fs+0x92/0x2a0 [ 925.483057] vfs_kern_mount.part.0+0x5b/0x470 [ 925.487534] do_mount+0xe65/0x2a30 [ 925.491222] ? __do_page_fault+0x159/0xad0 [ 925.495449] ? retint_kernel+0x2d/0x2d [ 925.499328] ? copy_mount_string+0x40/0x40 [ 925.503558] ? memset+0x20/0x40 [ 925.506843] ? copy_mount_options+0x1fa/0x2f0 [ 925.511345] ? copy_mnt_ns+0xa30/0xa30 [ 925.515218] SyS_mount+0xa8/0x120 [ 925.518648] ? copy_mnt_ns+0xa30/0xa30 [ 925.522517] do_syscall_64+0x1d5/0x640 [ 925.526397] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 925.531564] RIP: 0033:0x7f8e2a1775fa [ 925.535251] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 925.542953] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 925.550218] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 925.557496] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 925.564830] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 925.572085] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:47 executing program 0: read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xfd6f) r0 = getuid() mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2048082, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x400}}, {@allow_other}, {@allow_other}], [{@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}}) 22:45:47 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) write$FUSE_DIRENT(r1, &(0x7f00000000c0)={0x48, 0xffffffffffffffda, r4, [{0x4, 0x8, 0x4, 0xfffffffd, ')[-/'}, {0x3, 0x5, 0x0, 0x8}]}, 0x48) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000002940)={0x2020}, 0x2020) (async) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2f, 0x4, 0x0, {0x6, 0x2, 0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2f) 22:45:47 executing program 4: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:47 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="b234fac2987b21efff03010000007500000800000000000000"], 0x29) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:47 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) (async) 22:45:47 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 67) 22:45:48 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x2, 0x4, 0xb91}}, 0x30) 22:45:48 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:48 executing program 0: read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xfd6f) (async) r0 = getuid() mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2048082, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x400}}, {@allow_other}, {@allow_other}], [{@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}}) [ 925.813326] FAULT_INJECTION: forcing a failure. [ 925.813326] name failslab, interval 1, probability 0, space 0, times 0 [ 925.840150] CPU: 0 PID: 17453 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 925.848063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 925.857414] Call Trace: [ 925.860001] dump_stack+0x1b2/0x281 [ 925.863644] should_fail.cold+0x10a/0x149 [ 925.867811] should_failslab+0xd6/0x130 [ 925.871794] kmem_cache_alloc_node_trace+0x25a/0x400 [ 925.876906] __kmalloc_node_track_caller+0x38/0x70 [ 925.881838] __alloc_skb+0x96/0x510 [ 925.885473] kobject_uevent_env+0x882/0xf30 [ 925.889802] device_add+0xa47/0x15c0 [ 925.893538] ? device_is_dependent+0x2a0/0x2a0 [ 925.898122] ? kfree+0x1f0/0x250 [ 925.901492] device_create_groups_vargs+0x1dc/0x250 [ 925.906511] device_create_vargs+0x3a/0x50 22:45:48 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:48 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 925.910752] bdi_register_va.part.0+0x35/0x650 [ 925.915335] bdi_register_va+0x63/0x80 [ 925.919227] super_setup_bdi_name+0x123/0x220 [ 925.923719] ? kill_block_super+0xe0/0xe0 [ 925.927868] ? do_raw_spin_unlock+0x164/0x220 [ 925.932371] fuse_fill_super+0x937/0x15c0 [ 925.936527] ? fuse_get_root_inode+0xc0/0xc0 [ 925.940950] ? up_write+0x17/0x60 [ 925.944402] ? register_shrinker+0x15f/0x220 [ 925.948814] ? sget_userns+0x768/0xc10 [ 925.952704] ? get_anon_bdev+0x1c0/0x1c0 [ 925.956754] ? sget+0xd9/0x110 [ 925.959940] ? fuse_get_root_inode+0xc0/0xc0 [ 925.964345] mount_nodev+0x4c/0xf0 [ 925.967876] mount_fs+0x92/0x2a0 [ 925.971229] vfs_kern_mount.part.0+0x5b/0x470 [ 925.975703] do_mount+0xe65/0x2a30 [ 925.979237] ? __do_page_fault+0x159/0xad0 [ 925.983457] ? retint_kernel+0x2d/0x2d [ 925.987327] ? copy_mount_string+0x40/0x40 [ 925.991542] ? memset+0x20/0x40 [ 925.994799] ? copy_mount_options+0x1fa/0x2f0 [ 925.999271] ? copy_mnt_ns+0xa30/0xa30 [ 926.003139] SyS_mount+0xa8/0x120 [ 926.006573] ? copy_mnt_ns+0xa30/0xa30 [ 926.010539] do_syscall_64+0x1d5/0x640 [ 926.014414] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 926.019600] RIP: 0033:0x7f8e2a1775fa [ 926.023396] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 926.031098] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 926.038389] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 926.045635] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 926.052879] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 22:45:48 executing program 0: read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xfd6f) r0 = getuid() mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2048082, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x400}}, {@allow_other}, {@allow_other}], [{@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}}) read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xfd6f) (async) getuid() (async) mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2048082, &(0x7f00000000c0)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x400}}, {@allow_other}, {@allow_other}], [{@uid_lt={'uid<', 0xffffffffffffffff}}, {@seclabel}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}}) (async) 22:45:48 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 926.060126] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:48 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_DIRENT(r1, &(0x7f00000000c0)={0x48, 0xffffffffffffffda, r4, [{0x4, 0x8, 0x4, 0xfffffffd, ')[-/'}, {0x3, 0x5, 0x0, 0x8}]}, 0x48) read$FUSE(0xffffffffffffffff, &(0x7f0000002940)={0x2020}, 0x2020) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2f, 0x4, 0x0, {0x6, 0x2, 0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2f) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020}, 0x2020) (async) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) write$FUSE_DIRENT(r1, &(0x7f00000000c0)={0x48, 0xffffffffffffffda, r4, [{0x4, 0x8, 0x4, 0xfffffffd, ')[-/'}, {0x3, 0x5, 0x0, 0x8}]}, 0x48) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000002940)={0x2020}, 0x2020) (async) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000080)={0x2f, 0x4, 0x0, {0x6, 0x2, 0x7, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x2f) (async) 22:45:48 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 68) 22:45:48 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x2, 0x4, 0xb91}}, 0x30) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x2, 0x4, 0xb91}}, 0x30) (async) 22:45:48 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:48 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f0000000000)=""/176, 0xb0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x80, 0x280000) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000100)={0x2, 0x8, 0x8000617, 0x8, 0x1f, 0x545}) 22:45:48 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:48 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@smackfshat={'smackfshat', 0x3d, '-)-{}]+%@$\\!+-'}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}, {@subj_type={'subj_type', 0x3d, 'fuse\x00'}}, {@obj_role={'obj_role', 0x3d, 'fowner'}}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0xffffffffffffffda, r1, {{0x6, 0x3b6, 0x5, 0x5, 0x6, 0xff, 0x2}}}, 0x60) [ 926.285050] FAULT_INJECTION: forcing a failure. [ 926.285050] name failslab, interval 1, probability 0, space 0, times 0 [ 926.325494] CPU: 1 PID: 17510 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 926.333401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 926.342749] Call Trace: [ 926.345336] dump_stack+0x1b2/0x281 [ 926.348964] should_fail.cold+0x10a/0x149 [ 926.353111] should_failslab+0xd6/0x130 [ 926.357090] kmem_cache_alloc+0x28e/0x3c0 [ 926.361249] alloc_inode+0xa0/0x170 [ 926.364884] new_inode+0x1d/0xf0 [ 926.368251] debugfs_get_inode+0x1a/0x130 [ 926.372412] __debugfs_create_file+0x93/0x440 [ 926.376907] ? debugfs_create_file+0x37/0x60 [ 926.381320] bdi_register_va.part.0+0x1f4/0x650 [ 926.385995] bdi_register_va+0x63/0x80 [ 926.389886] super_setup_bdi_name+0x123/0x220 [ 926.394386] ? kill_block_super+0xe0/0xe0 [ 926.398534] ? do_raw_spin_unlock+0x164/0x220 [ 926.403039] fuse_fill_super+0x937/0x15c0 [ 926.407191] ? fuse_get_root_inode+0xc0/0xc0 [ 926.411599] ? up_write+0x17/0x60 [ 926.415052] ? register_shrinker+0x15f/0x220 [ 926.419461] ? sget_userns+0x768/0xc10 [ 926.423357] ? get_anon_bdev+0x1c0/0x1c0 [ 926.427411] ? sget+0xd9/0x110 [ 926.430604] ? fuse_get_root_inode+0xc0/0xc0 [ 926.435016] mount_nodev+0x4c/0xf0 [ 926.438557] mount_fs+0x92/0x2a0 [ 926.441923] vfs_kern_mount.part.0+0x5b/0x470 [ 926.446420] do_mount+0xe65/0x2a30 [ 926.449961] ? __do_page_fault+0x159/0xad0 [ 926.454210] ? retint_kernel+0x2d/0x2d [ 926.458107] ? copy_mount_string+0x40/0x40 [ 926.462354] ? memset+0x20/0x40 [ 926.465641] ? copy_mount_options+0x1fa/0x2f0 [ 926.470137] ? copy_mnt_ns+0xa30/0xa30 [ 926.474025] SyS_mount+0xa8/0x120 [ 926.477490] ? copy_mnt_ns+0xa30/0xa30 [ 926.481383] do_syscall_64+0x1d5/0x640 [ 926.485278] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 926.490465] RIP: 0033:0x7f8e2a1775fa [ 926.494178] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 926.501890] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 926.509169] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 926.516452] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 22:45:48 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:48 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x2, 0x4, 0xb91}}, 0x30) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x2, 0x4, 0xb91}}, 0x30) (async) [ 926.523721] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 926.530989] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:48 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:48 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@smackfshat={'smackfshat', 0x3d, '-)-{}]+%@$\\!+-'}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}, {@subj_type={'subj_type', 0x3d, 'fuse\x00'}}, {@obj_role={'obj_role', 0x3d, 'fowner'}}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000000380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0xffffffffffffffda, r1, {{0x6, 0x3b6, 0x5, 0x5, 0x6, 0xff, 0x2}}}, 0x60) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@smackfshat={'smackfshat', 0x3d, '-)-{}]+%@$\\!+-'}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}, {@subj_type={'subj_type', 0x3d, 'fuse\x00'}}, {@obj_role={'obj_role', 0x3d, 'fowner'}}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000380)={0x2020}, 0x2020) (async) write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0xffffffffffffffda, r1, {{0x6, 0x3b6, 0x5, 0x5, 0x6, 0xff, 0x2}}}, 0x60) (async) 22:45:48 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 69) 22:45:48 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00'/10, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:48 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:48 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@smackfshat={'smackfshat', 0x3d, '-)-{}]+%@$\\!+-'}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}, {@subj_type={'subj_type', 0x3d, 'fuse\x00'}}, {@obj_role={'obj_role', 0x3d, 'fowner'}}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000000380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r0, &(0x7f00000001c0)={0x60, 0xffffffffffffffda, r1, {{0x6, 0x3b6, 0x5, 0x5, 0x6, 0xff, 0x2}}}, 0x60) 22:45:48 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 926.735970] FAULT_INJECTION: forcing a failure. [ 926.735970] name failslab, interval 1, probability 0, space 0, times 0 [ 926.787962] CPU: 1 PID: 17577 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 926.797606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 926.806961] Call Trace: [ 926.809551] dump_stack+0x1b2/0x281 [ 926.813181] should_fail.cold+0x10a/0x149 [ 926.817331] should_failslab+0xd6/0x130 [ 926.821308] kmem_cache_alloc_trace+0x29a/0x3d0 [ 926.825980] ? kobj_ns_drop+0x80/0x80 [ 926.829780] call_usermodehelper_setup+0x73/0x2e0 [ 926.834627] kobject_uevent_env+0xc21/0xf30 [ 926.838958] device_add+0xa47/0x15c0 [ 926.842684] ? device_is_dependent+0x2a0/0x2a0 [ 926.847273] ? kfree+0x1f0/0x250 [ 926.850642] device_create_groups_vargs+0x1dc/0x250 [ 926.855661] device_create_vargs+0x3a/0x50 [ 926.859898] bdi_register_va.part.0+0x35/0x650 [ 926.864483] bdi_register_va+0x63/0x80 [ 926.868373] super_setup_bdi_name+0x123/0x220 [ 926.872870] ? kill_block_super+0xe0/0xe0 [ 926.877020] ? do_raw_spin_unlock+0x164/0x220 [ 926.881521] fuse_fill_super+0x937/0x15c0 [ 926.885675] ? fuse_get_root_inode+0xc0/0xc0 [ 926.890082] ? up_write+0x17/0x60 [ 926.893535] ? register_shrinker+0x15f/0x220 [ 926.898031] ? sget_userns+0x768/0xc10 [ 926.902130] ? get_anon_bdev+0x1c0/0x1c0 [ 926.906195] ? sget+0xd9/0x110 [ 926.909392] ? fuse_get_root_inode+0xc0/0xc0 [ 926.913803] mount_nodev+0x4c/0xf0 [ 926.917346] mount_fs+0x92/0x2a0 [ 926.920717] vfs_kern_mount.part.0+0x5b/0x470 [ 926.925219] do_mount+0xe65/0x2a30 [ 926.928765] ? __do_page_fault+0x159/0xad0 [ 926.933002] ? retint_kernel+0x2d/0x2d [ 926.936905] ? copy_mount_string+0x40/0x40 [ 926.941148] ? memset+0x20/0x40 [ 926.944449] ? copy_mount_options+0x1fa/0x2f0 [ 926.948949] ? copy_mnt_ns+0xa30/0xa30 [ 926.952842] SyS_mount+0xa8/0x120 [ 926.956299] ? copy_mnt_ns+0xa30/0xa30 [ 926.960191] do_syscall_64+0x1d5/0x640 [ 926.964078] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 926.969262] RIP: 0033:0x7f8e2a1775fa [ 926.972947] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 926.980645] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 926.987897] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 926.995149] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 927.002399] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 927.009654] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:49 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f0000000000)=""/176, 0xb0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x80, 0x280000) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000100)={0x2, 0x8, 0x8000617, 0x8, 0x1f, 0x545}) socket$nl_generic(0x10, 0x3, 0x10) (async) read$char_usb(r0, &(0x7f0000000000)=""/176, 0xb0) (async) syz_open_dev$evdev(&(0x7f00000000c0), 0x80, 0x280000) (async) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000100)={0x2, 0x8, 0x8000617, 0x8, 0x1f, 0x545}) (async) 22:45:49 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:49 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00'/10, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:49 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:49 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 70) 22:45:49 executing program 2: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0) write$FUSE_LK(r1, &(0x7f0000000840)={0x28, 0x0, 0x0, {{0x5, 0x88f, 0x1}}}, 0x28) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) getresuid(&(0x7f0000000380)=0x0, &(0x7f00000003c0), &(0x7f0000000400)) stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)={0x208, 0xfffffffffffffffe, 0x0, [{{0x1, 0x3, 0x8, 0x0, 0x3f, 0x5, {0x4, 0x1, 0x92, 0x3, 0x10001, 0x240000000, 0x13f751d6, 0x9, 0xffffffff, 0x6000, 0x400, r3, 0xffffffffffffffff, 0x7f, 0x63}}, {0x5, 0x4fa, 0x12, 0x3ff, '{#.[.]\\,[%*\\.@%(%&'}}, {{0x6, 0x0, 0x0, 0x4, 0x401, 0x9, {0x0, 0xfffffffffffffff8, 0x4, 0xebd4, 0x94, 0x6, 0x5, 0x3f, 0x80000000, 0x8000, 0x1ff, r4, 0xee01, 0x7, 0xe81a}}, {0x4, 0x8, 0xc, 0x8, 'smackfsfloor'}}, {{0x1, 0x1, 0x80000001, 0x7, 0x4, 0x40, {0x2, 0xad, 0xfff, 0x8, 0x9, 0x2, 0x9, 0x3, 0x0, 0x4000, 0xfffffffd, r5, 0xee01, 0x8, 0x6}}, {0x5, 0x7fffffffffffffff, 0x3, 0x3, ')!.'}}]}, 0x208) write$FUSE_DIRENT(r0, &(0x7f0000000200)={0xc8, 0x0, 0x0, [{0x6, 0x8000000000000001, 0x1, 0x400, '-'}, {0x0, 0xfffffffffffffffd, 0x8, 0x9, 'max_read'}, {0x2, 0xfd3, 0x0, 0x7}, {0x5, 0x7fffffffffffffff, 0x7, 0x0, 'blksize'}, {0x6, 0x5, 0x1, 0x5, '!'}, {0x6, 0x4, 0x1, 0x3, '@'}]}, 0xc8) 22:45:49 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='\x00'/10, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:49 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), 0x0, 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:49 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:49 executing program 2: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0) write$FUSE_LK(r1, &(0x7f0000000840)={0x28, 0x0, 0x0, {{0x5, 0x88f, 0x1}}}, 0x28) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) getresuid(&(0x7f0000000380)=0x0, &(0x7f00000003c0), &(0x7f0000000400)) stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)={0x208, 0xfffffffffffffffe, 0x0, [{{0x1, 0x3, 0x8, 0x0, 0x3f, 0x5, {0x4, 0x1, 0x92, 0x3, 0x10001, 0x240000000, 0x13f751d6, 0x9, 0xffffffff, 0x6000, 0x400, r3, 0xffffffffffffffff, 0x7f, 0x63}}, {0x5, 0x4fa, 0x12, 0x3ff, '{#.[.]\\,[%*\\.@%(%&'}}, {{0x6, 0x0, 0x0, 0x4, 0x401, 0x9, {0x0, 0xfffffffffffffff8, 0x4, 0xebd4, 0x94, 0x6, 0x5, 0x3f, 0x80000000, 0x8000, 0x1ff, r4, 0xee01, 0x7, 0xe81a}}, {0x4, 0x8, 0xc, 0x8, 'smackfsfloor'}}, {{0x1, 0x1, 0x80000001, 0x7, 0x4, 0x40, {0x2, 0xad, 0xfff, 0x8, 0x9, 0x2, 0x9, 0x3, 0x0, 0x4000, 0xfffffffd, r5, 0xee01, 0x8, 0x6}}, {0x5, 0x7fffffffffffffff, 0x3, 0x3, ')!.'}}]}, 0x208) write$FUSE_DIRENT(r0, &(0x7f0000000200)={0xc8, 0x0, 0x0, [{0x6, 0x8000000000000001, 0x1, 0x400, '-'}, {0x0, 0xfffffffffffffffd, 0x8, 0x9, 'max_read'}, {0x2, 0xfd3, 0x0, 0x7}, {0x5, 0x7fffffffffffffff, 0x7, 0x0, 'blksize'}, {0x6, 0x5, 0x1, 0x5, '!'}, {0x6, 0x4, 0x1, 0x3, '@'}]}, 0xc8) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0) (async) write$FUSE_LK(r1, &(0x7f0000000840)={0x28, 0x0, 0x0, {{0x5, 0x88f, 0x1}}}, 0x28) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (async) getresuid(&(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)) (async) stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)) (async) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)) (async) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)={0x208, 0xfffffffffffffffe, 0x0, [{{0x1, 0x3, 0x8, 0x0, 0x3f, 0x5, {0x4, 0x1, 0x92, 0x3, 0x10001, 0x240000000, 0x13f751d6, 0x9, 0xffffffff, 0x6000, 0x400, r3, 0xffffffffffffffff, 0x7f, 0x63}}, {0x5, 0x4fa, 0x12, 0x3ff, '{#.[.]\\,[%*\\.@%(%&'}}, {{0x6, 0x0, 0x0, 0x4, 0x401, 0x9, {0x0, 0xfffffffffffffff8, 0x4, 0xebd4, 0x94, 0x6, 0x5, 0x3f, 0x80000000, 0x8000, 0x1ff, r4, 0xee01, 0x7, 0xe81a}}, {0x4, 0x8, 0xc, 0x8, 'smackfsfloor'}}, {{0x1, 0x1, 0x80000001, 0x7, 0x4, 0x40, {0x2, 0xad, 0xfff, 0x8, 0x9, 0x2, 0x9, 0x3, 0x0, 0x4000, 0xfffffffd, r5, 0xee01, 0x8, 0x6}}, {0x5, 0x7fffffffffffffff, 0x3, 0x3, ')!.'}}]}, 0x208) (async) write$FUSE_DIRENT(r0, &(0x7f0000000200)={0xc8, 0x0, 0x0, [{0x6, 0x8000000000000001, 0x1, 0x400, '-'}, {0x0, 0xfffffffffffffffd, 0x8, 0x9, 'max_read'}, {0x2, 0xfd3, 0x0, 0x7}, {0x5, 0x7fffffffffffffff, 0x7, 0x0, 'blksize'}, {0x6, 0x5, 0x1, 0x5, '!'}, {0x6, 0x4, 0x1, 0x3, '@'}]}, 0xc8) (async) 22:45:49 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 927.287870] FAULT_INJECTION: forcing a failure. [ 927.287870] name failslab, interval 1, probability 0, space 0, times 0 22:45:49 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 927.356161] CPU: 1 PID: 17628 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 927.364053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 927.373491] Call Trace: [ 927.376074] dump_stack+0x1b2/0x281 [ 927.379700] should_fail.cold+0x10a/0x149 [ 927.383852] should_failslab+0xd6/0x130 [ 927.387847] kmem_cache_alloc+0x28e/0x3c0 [ 927.392004] ? fuse_kill_sb_anon+0x50/0x50 [ 927.396242] ? fuse_init_file_inode+0x70/0x70 [ 927.400741] fuse_alloc_inode+0x1d/0x3f0 [ 927.404803] ? do_raw_spin_unlock+0x164/0x220 [ 927.409301] ? fuse_kill_sb_anon+0x50/0x50 [ 927.413539] alloc_inode+0x5d/0x170 [ 927.417161] iget5_locked+0x169/0x450 [ 927.420965] ? trace_hardirqs_on+0x10/0x10 [ 927.425202] ? fuse_inode_eq+0x70/0x70 [ 927.429098] fuse_iget+0x1b5/0x790 [ 927.432672] ? fuse_change_attributes+0x4d0/0x4d0 [ 927.437524] fuse_get_root_inode+0x99/0xc0 [ 927.441778] ? fuse_iget+0x790/0x790 [ 927.445502] ? __local_bh_enable_ip+0xc1/0x170 [ 927.450093] ? bdi_set_max_ratio+0xe5/0x120 [ 927.454420] fuse_fill_super+0xc18/0x15c0 [ 927.458573] ? fuse_get_root_inode+0xc0/0xc0 [ 927.462985] ? up_write+0x17/0x60 [ 927.466530] ? register_shrinker+0x15f/0x220 [ 927.470939] ? sget_userns+0x768/0xc10 [ 927.474838] ? get_anon_bdev+0x1c0/0x1c0 [ 927.478898] ? sget+0xd9/0x110 [ 927.482091] ? fuse_get_root_inode+0xc0/0xc0 [ 927.486499] mount_nodev+0x4c/0xf0 [ 927.490043] mount_fs+0x92/0x2a0 [ 927.493410] vfs_kern_mount.part.0+0x5b/0x470 [ 927.497897] do_mount+0xe65/0x2a30 [ 927.501435] ? __do_page_fault+0x159/0xad0 [ 927.505671] ? retint_kernel+0x2d/0x2d [ 927.509561] ? copy_mount_string+0x40/0x40 [ 927.513802] ? memset+0x20/0x40 [ 927.517097] ? copy_mount_options+0x1fa/0x2f0 [ 927.521590] ? copy_mnt_ns+0xa30/0xa30 [ 927.525478] SyS_mount+0xa8/0x120 [ 927.528929] ? copy_mnt_ns+0xa30/0xa30 [ 927.532816] do_syscall_64+0x1d5/0x640 [ 927.536707] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 927.541889] RIP: 0033:0x7f8e2a1775fa [ 927.545596] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 927.553296] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 927.560565] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 927.567812] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 927.575064] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 927.582336] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:50 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f0000000000)=""/176, 0xb0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x80, 0x280000) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000100)={0x2, 0x8, 0x8000617, 0x8, 0x1f, 0x545}) socket$nl_generic(0x10, 0x3, 0x10) (async) read$char_usb(r0, &(0x7f0000000000)=""/176, 0xb0) (async) syz_open_dev$evdev(&(0x7f00000000c0), 0x80, 0x280000) (async) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000100)={0x2, 0x8, 0x8000617, 0x8, 0x1f, 0x545}) (async) 22:45:50 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66649316219948135c3d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:50 executing program 2: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000800), 0x2, 0x0) write$FUSE_LK(r1, &(0x7f0000000840)={0x28, 0x0, 0x0, {{0x5, 0x88f, 0x1}}}, 0x28) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) getresuid(&(0x7f0000000380)=0x0, &(0x7f00000003c0), &(0x7f0000000400)) (async) stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)={0x208, 0xfffffffffffffffe, 0x0, [{{0x1, 0x3, 0x8, 0x0, 0x3f, 0x5, {0x4, 0x1, 0x92, 0x3, 0x10001, 0x240000000, 0x13f751d6, 0x9, 0xffffffff, 0x6000, 0x400, r3, 0xffffffffffffffff, 0x7f, 0x63}}, {0x5, 0x4fa, 0x12, 0x3ff, '{#.[.]\\,[%*\\.@%(%&'}}, {{0x6, 0x0, 0x0, 0x4, 0x401, 0x9, {0x0, 0xfffffffffffffff8, 0x4, 0xebd4, 0x94, 0x6, 0x5, 0x3f, 0x80000000, 0x8000, 0x1ff, r4, 0xee01, 0x7, 0xe81a}}, {0x4, 0x8, 0xc, 0x8, 'smackfsfloor'}}, {{0x1, 0x1, 0x80000001, 0x7, 0x4, 0x40, {0x2, 0xad, 0xfff, 0x8, 0x9, 0x2, 0x9, 0x3, 0x0, 0x4000, 0xfffffffd, r5, 0xee01, 0x8, 0x6}}, {0x5, 0x7fffffffffffffff, 0x3, 0x3, ')!.'}}]}, 0x208) (async) write$FUSE_DIRENT(r0, &(0x7f0000000200)={0xc8, 0x0, 0x0, [{0x6, 0x8000000000000001, 0x1, 0x400, '-'}, {0x0, 0xfffffffffffffffd, 0x8, 0x9, 'max_read'}, {0x2, 0xfd3, 0x0, 0x7}, {0x5, 0x7fffffffffffffff, 0x7, 0x0, 'blksize'}, {0x6, 0x5, 0x1, 0x5, '!'}, {0x6, 0x4, 0x1, 0x3, '@'}]}, 0xc8) 22:45:50 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:45:50 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r11 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r11, &(0x7f0000002900)={0x10, 0x0, r12}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r12, {{0x5, 0x3, 0x2, r10}}}, 0x28) write$FUSE_INTERRUPT(r8, &(0x7f0000002900)={0x10, 0x0, r9}, 0x10) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r9, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:50 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 71) 22:45:50 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000180)={0x26, 0x3, 0x0, {0x0, 0x5, 0x0, 'fuse\x00'}}, 0x26) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="66e43dec749d8f", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616e6c6f775f6f74d5d66142cccf5ece775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d307830303030303030303030303030303010316da75e302c6d61785f726561643d3078303030303130303030303030303030302c666f", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x7, 0x9}}, 0x30) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r4, {0x7, 0x26, 0x1ff, 0x100, 0x1, 0xaaa, 0x20, 0xffffffff}}, 0x50) 22:45:50 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66649316219948135c3d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66649316219948135c3d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) 22:45:50 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 22:45:50 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r10, &(0x7f0000002900)={0x10, 0x0, r11}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r11, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 928.221812] FAULT_INJECTION: forcing a failure. [ 928.221812] name failslab, interval 1, probability 0, space 0, times 0 [ 928.260265] CPU: 0 PID: 17691 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 928.268336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 928.277690] Call Trace: [ 928.280315] dump_stack+0x1b2/0x281 [ 928.283951] should_fail.cold+0x10a/0x149 [ 928.288115] should_failslab+0xd6/0x130 [ 928.292088] kmem_cache_alloc+0x28e/0x3c0 [ 928.296257] ? fuse_kill_sb_anon+0x50/0x50 [ 928.300491] ? fuse_init_file_inode+0x70/0x70 [ 928.305007] fuse_alloc_inode+0x1d/0x3f0 [ 928.309073] ? do_raw_spin_unlock+0x164/0x220 [ 928.313579] ? fuse_kill_sb_anon+0x50/0x50 [ 928.317815] alloc_inode+0x5d/0x170 22:45:50 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 928.321443] iget5_locked+0x169/0x450 [ 928.325246] ? trace_hardirqs_on+0x10/0x10 [ 928.329481] ? fuse_inode_eq+0x70/0x70 [ 928.333370] fuse_iget+0x1b5/0x790 [ 928.336916] ? fuse_change_attributes+0x4d0/0x4d0 [ 928.341761] fuse_get_root_inode+0x99/0xc0 [ 928.345994] ? fuse_iget+0x790/0x790 [ 928.349713] ? __local_bh_enable_ip+0xc1/0x170 [ 928.354291] ? bdi_set_max_ratio+0xe5/0x120 [ 928.358617] fuse_fill_super+0xc18/0x15c0 [ 928.362798] ? fuse_get_root_inode+0xc0/0xc0 [ 928.367209] ? up_write+0x17/0x60 22:45:50 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 928.370665] ? register_shrinker+0x15f/0x220 [ 928.375071] ? sget_userns+0x768/0xc10 [ 928.378966] ? get_anon_bdev+0x1c0/0x1c0 [ 928.383022] ? sget+0xd9/0x110 [ 928.386219] ? fuse_get_root_inode+0xc0/0xc0 [ 928.390625] mount_nodev+0x4c/0xf0 [ 928.394172] mount_fs+0x92/0x2a0 [ 928.397587] vfs_kern_mount.part.0+0x5b/0x470 [ 928.402082] do_mount+0xe65/0x2a30 [ 928.405630] ? __do_page_fault+0x159/0xad0 [ 928.409866] ? retint_kernel+0x2d/0x2d [ 928.413759] ? copy_mount_string+0x40/0x40 [ 928.417998] ? memset+0x20/0x40 [ 928.421278] ? copy_mount_options+0x1fa/0x2f0 [ 928.425773] ? copy_mnt_ns+0xa30/0xa30 [ 928.429665] SyS_mount+0xa8/0x120 [ 928.433117] ? copy_mnt_ns+0xa30/0xa30 [ 928.437006] do_syscall_64+0x1d5/0x640 [ 928.440987] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 928.446174] RIP: 0033:0x7f8e2a1775fa [ 928.449881] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 928.457589] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 928.464855] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 928.472127] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 928.479394] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 928.486664] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000180)={0x26, 0x3, 0x0, {0x0, 0x5, 0x0, 'fuse\x00'}}, 0x26) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="66e43dec749d8f", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616e6c6f775f6f74d5d66142cccf5ece775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d307830303030303030303030303030303010316da75e302c6d61785f726561643d3078303030303130303030303030303030302c666f", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x7, 0x9}}, 0x30) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async, rerun: 64) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r4, {0x7, 0x26, 0x1ff, 0x100, 0x1, 0xaaa, 0x20, 0xffffffff}}, 0x50) (rerun: 64) 22:45:51 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="66649316219948135c3d", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:51 executing program 4: openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:51 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) r9 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r9, &(0x7f0000002900)={0x10, 0x0, r10}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:51 executing program 0: bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040), 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000)=0x1, 0x4) setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000000), 0x4) 22:45:51 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 72) 22:45:51 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000180)={0x26, 0x3, 0x0, {0x0, 0x5, 0x0, 'fuse\x00'}}, 0x26) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="66e43dec749d8f", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616e6c6f775f6f74d5d66142cccf5ece775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d307830303030303030303030303030303010316da75e302c6d61785f726561643d3078303030303130303030303030303030302c666f", @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x7, 0x9}}, 0x30) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async, rerun: 64) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) (rerun: 64) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, r4, {0x7, 0x26, 0x1ff, 0x100, 0x1, 0xaaa, 0x20, 0xffffffff}}, 0x50) 22:45:51 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f675f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785fff000000000000003030303030303030303030303030302c7375626a5f747970653d237d5e2c00b02567eff9f09a7149b0e41e78a9600c79e35456a8793ec701e003d5bed05fba6d24dd3c5aa2c8241499eb8bbdc6ec01d7d3833926d4b0dd818b97a93f0535a49d779fe2f99e852c91fdcac630a472efc94eaa72731e0074a6df8ad307584ba84b91fa251c9a6983e8168a2947feb172dfd7cd3f20e8324b9ea3e7294bd5deb4d9dd470a1cbcbaaf1a50310b65dab34985f976a411985500439a9e498a1de9c5020610ed4081cd9c89227adea9a9cb21046a753063de381f34dc4894aa7a6e272dc60b4398f3b6a4698f1ea426dfe13edefd195e462cbe20686d6ca7fe5f3eda709b64b6a9cd5445503040fb69"], 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'ip6tnl0\x00', 0x0, 0x4, 0x3, 0x8, 0x6, 0x5a, @mcast1, @mcast2, 0x20, 0x10, 0x1}}) setsockopt$MRT6_DEL_MIF(r1, 0x29, 0xcb, &(0x7f0000000140)={0x1, 0x1, 0xe3, r2, 0x3}, 0xc) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$RTC_VL_CLR(r3, 0x7014) 22:45:51 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:51 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) r9 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r9, &(0x7f0000002900)={0x10, 0x0, r10}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 929.200356] FAULT_INJECTION: forcing a failure. [ 929.200356] name failslab, interval 1, probability 0, space 0, times 0 [ 929.245138] CPU: 0 PID: 17747 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 929.253136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 929.262491] Call Trace: [ 929.265082] dump_stack+0x1b2/0x281 [ 929.268717] should_fail.cold+0x10a/0x149 [ 929.272864] should_failslab+0xd6/0x130 [ 929.276849] kmem_cache_alloc+0x28e/0x3c0 [ 929.281013] __d_alloc+0x2a/0xa20 [ 929.284475] d_make_root+0x3e/0xc0 [ 929.288026] fuse_fill_super+0xc49/0x15c0 [ 929.292200] ? fuse_get_root_inode+0xc0/0xc0 [ 929.296708] ? up_write+0x17/0x60 [ 929.300174] ? register_shrinker+0x15f/0x220 [ 929.304588] ? sget_userns+0x768/0xc10 [ 929.308489] ? get_anon_bdev+0x1c0/0x1c0 [ 929.312552] ? sget+0xd9/0x110 [ 929.315752] ? fuse_get_root_inode+0xc0/0xc0 [ 929.320165] mount_nodev+0x4c/0xf0 [ 929.323706] mount_fs+0x92/0x2a0 [ 929.327082] vfs_kern_mount.part.0+0x5b/0x470 [ 929.331588] do_mount+0xe65/0x2a30 [ 929.335144] ? __do_page_fault+0x159/0xad0 [ 929.339383] ? retint_kernel+0x2d/0x2d [ 929.343374] ? copy_mount_string+0x40/0x40 [ 929.347625] ? memset+0x20/0x40 [ 929.350907] ? copy_mount_options+0x1fa/0x2f0 [ 929.355406] ? copy_mnt_ns+0xa30/0xa30 [ 929.359293] SyS_mount+0xa8/0x120 [ 929.362744] ? copy_mnt_ns+0xa30/0xa30 [ 929.366631] do_syscall_64+0x1d5/0x640 [ 929.370521] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 929.375712] RIP: 0033:0x7f8e2a1775fa [ 929.379418] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 929.387118] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa 22:45:51 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) r9 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r9, &(0x7f0000002900)={0x10, 0x0, r10}, 0x10) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:51 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f675f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785fff000000000000003030303030303030303030303030302c7375626a5f747970653d237d5e2c00b02567eff9f09a7149b0e41e78a9600c79e35456a8793ec701e003d5bed05fba6d24dd3c5aa2c8241499eb8bbdc6ec01d7d3833926d4b0dd818b97a93f0535a49d779fe2f99e852c91fdcac630a472efc94eaa72731e0074a6df8ad307584ba84b91fa251c9a6983e8168a2947feb172dfd7cd3f20e8324b9ea3e7294bd5deb4d9dd470a1cbcbaaf1a50310b65dab34985f976a411985500439a9e498a1de9c5020610ed4081cd9c89227adea9a9cb21046a753063de381f34dc4894aa7a6e272dc60b4398f3b6a4698f1ea426dfe13edefd195e462cbe20686d6ca7fe5f3eda709b64b6a9cd5445503040fb69"], 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'ip6tnl0\x00', 0x0, 0x4, 0x3, 0x8, 0x6, 0x5a, @mcast1, @mcast2, 0x20, 0x10, 0x1}}) setsockopt$MRT6_DEL_MIF(r1, 0x29, 0xcb, &(0x7f0000000140)={0x1, 0x1, 0xe3, r2, 0x3}, 0xc) (async) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$RTC_VL_CLR(r3, 0x7014) 22:45:51 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:51 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 73) [ 929.394374] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 929.401717] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 929.408968] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 929.416224] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:51 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f675f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785fff000000000000003030303030303030303030303030302c7375626a5f747970653d237d5e2c00b02567eff9f09a7149b0e41e78a9600c79e35456a8793ec701e003d5bed05fba6d24dd3c5aa2c8241499eb8bbdc6ec01d7d3833926d4b0dd818b97a93f0535a49d779fe2f99e852c91fdcac630a472efc94eaa72731e0074a6df8ad307584ba84b91fa251c9a6983e8168a2947feb172dfd7cd3f20e8324b9ea3e7294bd5deb4d9dd470a1cbcbaaf1a50310b65dab34985f976a411985500439a9e498a1de9c5020610ed4081cd9c89227adea9a9cb21046a753063de381f34dc4894aa7a6e272dc60b4398f3b6a4698f1ea426dfe13edefd195e462cbe20686d6ca7fe5f3eda709b64b6a9cd5445503040fb69"], 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'syztnl0\x00', &(0x7f0000000080)={'ip6tnl0\x00', 0x0, 0x4, 0x3, 0x8, 0x6, 0x5a, @mcast1, @mcast2, 0x20, 0x10, 0x1}}) setsockopt$MRT6_DEL_MIF(r1, 0x29, 0xcb, &(0x7f0000000140)={0x1, 0x1, 0xe3, r2, 0x3}, 0xc) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) (async) ioctl$RTC_VL_CLR(r3, 0x7014) 22:45:51 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 929.628334] FAULT_INJECTION: forcing a failure. [ 929.628334] name failslab, interval 1, probability 0, space 0, times 0 [ 929.659247] CPU: 1 PID: 17784 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 929.667152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 929.676509] Call Trace: [ 929.679111] dump_stack+0x1b2/0x281 [ 929.682746] should_fail.cold+0x10a/0x149 [ 929.686897] should_failslab+0xd6/0x130 [ 929.690886] kmem_cache_alloc+0x28e/0x3c0 [ 929.695035] __d_alloc+0x2a/0xa20 [ 929.698497] d_make_root+0x3e/0xc0 [ 929.702040] fuse_fill_super+0xc49/0x15c0 [ 929.706194] ? fuse_get_root_inode+0xc0/0xc0 [ 929.710613] ? up_write+0x17/0x60 [ 929.714056] ? register_shrinker+0x15f/0x220 [ 929.718446] ? sget_userns+0x768/0xc10 [ 929.722314] ? get_anon_bdev+0x1c0/0x1c0 [ 929.726347] ? sget+0xd9/0x110 [ 929.729516] ? fuse_get_root_inode+0xc0/0xc0 [ 929.733898] mount_nodev+0x4c/0xf0 [ 929.737415] mount_fs+0x92/0x2a0 [ 929.740760] vfs_kern_mount.part.0+0x5b/0x470 [ 929.745238] do_mount+0xe65/0x2a30 [ 929.748768] ? __do_page_fault+0x159/0xad0 [ 929.752985] ? retint_kernel+0x2d/0x2d [ 929.756847] ? copy_mount_string+0x40/0x40 [ 929.761059] ? memset+0x20/0x40 [ 929.764314] ? copy_mount_options+0x1fa/0x2f0 [ 929.768782] ? copy_mnt_ns+0xa30/0xa30 [ 929.772644] SyS_mount+0xa8/0x120 [ 929.776072] ? copy_mnt_ns+0xa30/0xa30 [ 929.780812] do_syscall_64+0x1d5/0x640 [ 929.784683] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 929.789856] RIP: 0033:0x7f8e2a1775fa [ 929.793541] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 929.801235] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 929.808489] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 929.815737] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 929.822986] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 929.830417] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:52 executing program 0: bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040), 0x8) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000)=0x1, 0x4) setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000000), 0x4) 22:45:52 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r10, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:52 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x800014, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x101}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x200000}}], [{@smackfsfloor={'smackfsfloor', 0x3d, '^'}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:52 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:52 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 74) 22:45:52 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303134303030302c757365725f69643d678d92f9078ce9f8effdcaf3892a2bdad41de4eed8b13e468b873920001bd9d935730b2f1d1d6a2b00a75833d4dd74213a093d635ab1159e190bae9284a0da1246ab57d2931a498311c202694e6000a99fab8c5b371f2eb05f0aa18cd63bbcc116c5c1d361d19483dc863b6707c39615444787a00e59bbef869fa231e05b96764e7f7d6b9711873ddcb3bb9ade39c8ec89d26b79465aea8bfdc6318df4715e7d76f811f6f3238b168c72b2a814334dd0b5246e8663e9d9662c191dc1b417b267f4d0b0d39df7b0abe63b53c2ba44ee94ed2ca1bf3e324b861f29274942064258522dc207e5ec4deb8a69", @ANYRESDEC=0x0, @ANYBLOB=',group_\bd=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,blksize=0x0000000000000800,max_read=0x0000000000000000,max_read=0x0000000000000000,smackfshat=$-,\x00'], 0x0, 0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_OPEN(r1, &(0x7f00000005c0)={0x20}, 0x20) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_INTERRUPT(r0, &(0x7f0000000200)={0x10, 0x0, r4}, 0x10) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)) r5 = socket(0x8, 0x4, 0x7) getsockopt$bt_sco_SCO_CONNINFO(r5, 0x11, 0x2, &(0x7f0000000240)=""/245, &(0x7f0000000580)=0xf5) 22:45:52 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r10, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:52 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:52 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303134303030302c757365725f69643d678d92f9078ce9f8effdcaf3892a2bdad41de4eed8b13e468b873920001bd9d935730b2f1d1d6a2b00a75833d4dd74213a093d635ab1159e190bae9284a0da1246ab57d2931a498311c202694e6000a99fab8c5b371f2eb05f0aa18cd63bbcc116c5c1d361d19483dc863b6707c39615444787a00e59bbef869fa231e05b96764e7f7d6b9711873ddcb3bb9ade39c8ec89d26b79465aea8bfdc6318df4715e7d76f811f6f3238b168c72b2a814334dd0b5246e8663e9d9662c191dc1b417b267f4d0b0d39df7b0abe63b53c2ba44ee94ed2ca1bf3e324b861f29274942064258522dc207e5ec4deb8a69", @ANYRESDEC=0x0, @ANYBLOB=',group_\bd=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,blksize=0x0000000000000800,max_read=0x0000000000000000,max_read=0x0000000000000000,smackfshat=$-,\x00'], 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) write$FUSE_OPEN(r1, &(0x7f00000005c0)={0x20}, 0x20) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) (async) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) write$FUSE_INTERRUPT(r0, &(0x7f0000000200)={0x10, 0x0, r4}, 0x10) (async) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)) r5 = socket(0x8, 0x4, 0x7) getsockopt$bt_sco_SCO_CONNINFO(r5, 0x11, 0x2, &(0x7f0000000240)=""/245, &(0x7f0000000580)=0xf5) [ 930.171285] FAULT_INJECTION: forcing a failure. [ 930.171285] name failslab, interval 1, probability 0, space 0, times 0 [ 930.201829] CPU: 1 PID: 17823 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 930.209745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 930.219110] Call Trace: 22:45:52 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303134303030302c757365725f69643d678d92f9078ce9f8effdcaf3892a2bdad41de4eed8b13e468b873920001bd9d935730b2f1d1d6a2b00a75833d4dd74213a093d635ab1159e190bae9284a0da1246ab57d2931a498311c202694e6000a99fab8c5b371f2eb05f0aa18cd63bbcc116c5c1d361d19483dc863b6707c39615444787a00e59bbef869fa231e05b96764e7f7d6b9711873ddcb3bb9ade39c8ec89d26b79465aea8bfdc6318df4715e7d76f811f6f3238b168c72b2a814334dd0b5246e8663e9d9662c191dc1b417b267f4d0b0d39df7b0abe63b53c2ba44ee94ed2ca1bf3e324b861f29274942064258522dc207e5ec4deb8a69", @ANYRESDEC=0x0, @ANYBLOB=',group_\bd=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,blksize=0x0000000000000800,max_read=0x0000000000000000,max_read=0x0000000000000000,smackfshat=$-,\x00'], 0x0, 0x0, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) write$FUSE_OPEN(r1, &(0x7f00000005c0)={0x20}, 0x20) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) (async) read$FUSE(r2, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002900)={0x10, 0x0, r4}, 0x10) (async) write$FUSE_INTERRUPT(r0, &(0x7f0000000200)={0x10, 0x0, r4}, 0x10) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)) (async) r5 = socket(0x8, 0x4, 0x7) getsockopt$bt_sco_SCO_CONNINFO(r5, 0x11, 0x2, &(0x7f0000000240)=""/245, &(0x7f0000000580)=0xf5) [ 930.221706] dump_stack+0x1b2/0x281 [ 930.225339] should_fail.cold+0x10a/0x149 [ 930.229492] should_failslab+0xd6/0x130 [ 930.233477] kmem_cache_alloc+0x28e/0x3c0 [ 930.237634] __d_alloc+0x2a/0xa20 [ 930.241092] d_alloc+0x46/0x240 [ 930.244376] d_alloc_name+0x70/0x80 [ 930.248091] ? d_alloc+0x240/0x240 [ 930.251630] fuse_ctl_add_dentry+0x70/0x410 [ 930.255951] ? __lockdep_init_map+0x100/0x560 [ 930.260449] fuse_ctl_add_conn+0x110/0x250 [ 930.264686] ? fuse_ctl_remove_conn+0x1a0/0x1a0 22:45:52 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0xffffffffffffffda, r2, {0x0, 0x11}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x10080, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_perm=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) [ 930.269360] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 930.273958] fuse_fill_super+0xe0c/0x15c0 [ 930.278898] ? fuse_get_root_inode+0xc0/0xc0 [ 930.283315] ? up_write+0x17/0x60 [ 930.287040] ? register_shrinker+0x15f/0x220 [ 930.291452] ? sget_userns+0x768/0xc10 [ 930.295347] ? get_anon_bdev+0x1c0/0x1c0 [ 930.299444] ? sget+0xd9/0x110 [ 930.302637] ? fuse_get_root_inode+0xc0/0xc0 [ 930.307044] mount_nodev+0x4c/0xf0 [ 930.310613] mount_fs+0x92/0x2a0 [ 930.313988] vfs_kern_mount.part.0+0x5b/0x470 [ 930.318488] do_mount+0xe65/0x2a30 [ 930.322028] ? __do_page_fault+0x159/0xad0 [ 930.326285] ? retint_kernel+0x2d/0x2d [ 930.330183] ? copy_mount_string+0x40/0x40 [ 930.334426] ? memset+0x20/0x40 [ 930.337711] ? copy_mount_options+0x1fa/0x2f0 [ 930.342206] ? copy_mnt_ns+0xa30/0xa30 [ 930.346109] SyS_mount+0xa8/0x120 [ 930.349565] ? copy_mnt_ns+0xa30/0xa30 [ 930.353458] do_syscall_64+0x1d5/0x640 [ 930.357355] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 930.362538] RIP: 0033:0x7f8e2a1775fa 22:45:52 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 930.366231] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 930.373951] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 930.381205] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 930.388461] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 930.395724] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 930.403074] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:53 executing program 0: bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040), 0x8) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000)=0x1, 0x4) (async) setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000000), 0x4) 22:45:53 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 75) 22:45:53 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, r10, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x800014, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x101}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x200000}}], [{@smackfsfloor={'smackfsfloor', 0x3d, '^'}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0xffffffffffffffda, r2, {0x0, 0x11}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x10080, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_perm=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:53 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f00000023c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0xffffffffffffffda, r2, {0x0, 0x11}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x10080, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_perm=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) [ 930.896402] FAULT_INJECTION: forcing a failure. [ 930.896402] name failslab, interval 1, probability 0, space 0, times 0 [ 930.932370] CPU: 1 PID: 17867 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 930.940275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 930.949634] Call Trace: [ 930.952226] dump_stack+0x1b2/0x281 [ 930.955859] should_fail.cold+0x10a/0x149 [ 930.960018] should_failslab+0xd6/0x130 [ 930.963994] kmem_cache_alloc+0x28e/0x3c0 [ 930.968148] __fuse_request_alloc+0x21/0xe0 [ 930.972481] fuse_fill_super+0xc89/0x15c0 [ 930.976636] ? fuse_get_root_inode+0xc0/0xc0 [ 930.981046] ? up_write+0x17/0x60 [ 930.984500] ? register_shrinker+0x15f/0x220 [ 930.988907] ? sget_userns+0x768/0xc10 [ 930.992803] ? get_anon_bdev+0x1c0/0x1c0 [ 930.996862] ? sget+0xd9/0x110 [ 931.000077] ? fuse_get_root_inode+0xc0/0xc0 [ 931.004489] mount_nodev+0x4c/0xf0 [ 931.008029] mount_fs+0x92/0x2a0 [ 931.011397] vfs_kern_mount.part.0+0x5b/0x470 [ 931.015891] do_mount+0xe65/0x2a30 [ 931.019427] ? __do_page_fault+0x159/0xad0 [ 931.023662] ? retint_kernel+0x2d/0x2d [ 931.027551] ? copy_mount_string+0x40/0x40 [ 931.031791] ? memset+0x20/0x40 [ 931.035074] ? copy_mount_options+0x1fa/0x2f0 [ 931.039571] ? copy_mnt_ns+0xa30/0xa30 [ 931.043448] SyS_mount+0xa8/0x120 [ 931.046877] ? copy_mnt_ns+0xa30/0xa30 [ 931.050745] do_syscall_64+0x1d5/0x640 [ 931.054612] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 931.059899] RIP: 0033:0x7f8e2a1775fa [ 931.063596] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 931.071280] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 931.078530] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 931.085777] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 22:45:53 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x800014, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x101}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x200000}}], [{@smackfsfloor={'smackfsfloor', 0x3d, '^'}}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r10, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 931.093034] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 931.100308] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:53 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000), 0x4) setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000240), 0x4) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d307830303030303030303030300900000000000000626a5f747970653d237d5e2c00a5b272e807365e9f2577c0ff646d6d7cfe8866c8e29ba58624e9b907e481a127f4aff27aba65b70d52a694ebe36ed692806a437aece4f995f598fa84702948e33d85f639afc6c11c35ce3cc882e91461dae34fa5b96c7b257b3101081e5cc1ff25abcefa68911aad5f43397183b1901b9cc87d1d697a2e907b76eda371a14cad7be0b68f38724dd64f60466657eec4c416e03be453a731cd4b2a80a205416ffd97fe826733bd05cb07bf14cce0f9a276a5050860de9dd13db7fa62f692"], 0x0, 0x0, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000000), 0x4) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000280), 0x4) 22:45:53 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x1, 0x70, 0x7}}, 0x30) openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r10, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:53 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 76) 22:45:53 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000), 0x4) setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000240), 0x4) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d307830303030303030303030300900000000000000626a5f747970653d237d5e2c00a5b272e807365e9f2577c0ff646d6d7cfe8866c8e29ba58624e9b907e481a127f4aff27aba65b70d52a694ebe36ed692806a437aece4f995f598fa84702948e33d85f639afc6c11c35ce3cc882e91461dae34fa5b96c7b257b3101081e5cc1ff25abcefa68911aad5f43397183b1901b9cc87d1d697a2e907b76eda371a14cad7be0b68f38724dd64f60466657eec4c416e03be453a731cd4b2a80a205416ffd97fe826733bd05cb07bf14cce0f9a276a5050860de9dd13db7fa62f692"], 0x0, 0x0, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000000), 0x4) (async) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000280), 0x4) 22:45:53 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x1, 0x70, 0x7}}, 0x30) openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x1, 0x70, 0x7}}, 0x30) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) 22:45:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010027bd7000fddbdf25020000000c000180060801000a000000"], 0x20}, 0x1, 0x0, 0x0, 0x40804}, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x84, r2, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x24000080}, 0x4040) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x18d9fd0d, 0x0, 0x3, 0x1a20, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x1, 0x3}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x4, 0x2, 0x0, 0x1ff, 0x1100, r4, 0x54, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48) 22:45:54 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 931.812746] FAULT_INJECTION: forcing a failure. [ 931.812746] name failslab, interval 1, probability 0, space 0, times 0 [ 931.853421] CPU: 0 PID: 17927 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 931.861327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 931.870683] Call Trace: [ 931.873274] dump_stack+0x1b2/0x281 [ 931.876915] should_fail.cold+0x10a/0x149 [ 931.881069] should_failslab+0xd6/0x130 [ 931.885044] kmem_cache_alloc+0x28e/0x3c0 [ 931.889196] __d_alloc+0x2a/0xa20 [ 931.892661] d_alloc+0x46/0x240 [ 931.895949] d_alloc_name+0x70/0x80 [ 931.899577] ? d_alloc+0x240/0x240 [ 931.903123] fuse_ctl_add_dentry+0x70/0x410 [ 931.907449] ? __lockdep_init_map+0x100/0x560 [ 931.911955] fuse_ctl_add_conn+0x110/0x250 [ 931.916195] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 931.920870] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 931.925462] fuse_fill_super+0xe0c/0x15c0 [ 931.929616] ? fuse_get_root_inode+0xc0/0xc0 [ 931.934025] ? up_write+0x17/0x60 [ 931.937477] ? register_shrinker+0x15f/0x220 [ 931.941885] ? sget_userns+0x768/0xc10 [ 931.945782] ? get_anon_bdev+0x1c0/0x1c0 [ 931.949839] ? sget+0xd9/0x110 [ 931.953036] ? fuse_get_root_inode+0xc0/0xc0 [ 931.957445] mount_nodev+0x4c/0xf0 [ 931.960986] mount_fs+0x92/0x2a0 [ 931.964367] vfs_kern_mount.part.0+0x5b/0x470 [ 931.968866] do_mount+0xe65/0x2a30 [ 931.972418] ? __do_page_fault+0x159/0xad0 [ 931.976650] ? retint_kernel+0x2d/0x2d [ 931.980541] ? copy_mount_string+0x40/0x40 [ 931.984782] ? memset+0x20/0x40 [ 931.988073] ? copy_mount_options+0x1fa/0x2f0 [ 931.992571] ? copy_mnt_ns+0xa30/0xa30 [ 931.996461] SyS_mount+0xa8/0x120 [ 931.999914] ? copy_mnt_ns+0xa30/0xa30 22:45:54 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000), 0x4) setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000240), 0x4) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d307830303030303030303030300900000000000000626a5f747970653d237d5e2c00a5b272e807365e9f2577c0ff646d6d7cfe8866c8e29ba58624e9b907e481a127f4aff27aba65b70d52a694ebe36ed692806a437aece4f995f598fa84702948e33d85f639afc6c11c35ce3cc882e91461dae34fa5b96c7b257b3101081e5cc1ff25abcefa68911aad5f43397183b1901b9cc87d1d697a2e907b76eda371a14cad7be0b68f38724dd64f60466657eec4c416e03be453a731cd4b2a80a205416ffd97fe826733bd05cb07bf14cce0f9a276a5050860de9dd13db7fa62f692"], 0x0, 0x0, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000000), 0x4) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000280), 0x4) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) socket$igmp6(0xa, 0x3, 0x2) (async) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd4, &(0x7f0000000000), 0x4) (async) setsockopt$MRT6_ASSERT(r1, 0x29, 0xcf, &(0x7f0000000240), 0x4) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f775f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d3078303030303030303030303030303030302c6d61785f726561643d307830303030303030303030300900000000000000626a5f747970653d237d5e2c00a5b272e807365e9f2577c0ff646d6d7cfe8866c8e29ba58624e9b907e481a127f4aff27aba65b70d52a694ebe36ed692806a437aece4f995f598fa84702948e33d85f639afc6c11c35ce3cc882e91461dae34fa5b96c7b257b3101081e5cc1ff25abcefa68911aad5f43397183b1901b9cc87d1d697a2e907b76eda371a14cad7be0b68f38724dd64f60466657eec4c416e03be453a731cd4b2a80a205416ffd97fe826733bd05cb07bf14cce0f9a276a5050860de9dd13db7fa62f692"], 0x0, 0x0, 0x0) (async) socket$igmp6(0xa, 0x3, 0x2) (async) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000000), 0x4) (async) setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000280), 0x4) (async) 22:45:54 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d14fff96f64653d30303030303030303030303030303030303134303030302c757365725f69643d414c4b960bfbac8a6573616559efe50e489e2b3e54eb52e093237c2ad0bf9575794eb25e45bcbcb68946601d469d507e452543ba277359d1beda480603145afad4ac28391024750c205a25fd898d1b6e", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f7f5f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d30342c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00"], 0x0, 0x0, 0x0) 22:45:54 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d14fff96f64653d30303030303030303030303030303030303134303030302c757365725f69643d414c4b960bfbac8a6573616559efe50e489e2b3e54eb52e093237c2ad0bf9575794eb25e45bcbcb68946601d469d507e452543ba277359d1beda480603145afad4ac28391024750c205a25fd898d1b6e", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f7f5f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d30342c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00"], 0x0, 0x0, 0x0) 22:45:54 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d14fff96f64653d30303030303030303030303030303030303134303030302c757365725f69643d414c4b960bfbac8a6573616559efe50e489e2b3e54eb52e093237c2ad0bf9575794eb25e45bcbcb68946601d469d507e452543ba277359d1beda480603145afad4ac28391024750c205a25fd898d1b6e", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c616c6c6f7f5f6f746865722c616c6c6f775f6f746865722c616c6c6f775f6f746865722c64656661756c745f7065726d697373696f6e732c6d61785f726561643d30342c6d61785f726561643d3078303030303030303030303030303030302c7375626a5f747970653d237d5e2c00"], 0x0, 0x0, 0x0) [ 932.003828] do_syscall_64+0x1d5/0x640 [ 932.007728] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 932.012916] RIP: 0033:0x7f8e2a1775fa [ 932.016622] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 932.024329] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 932.031598] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 932.038866] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 932.046131] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 22:45:54 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:54 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r10, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:54 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x1, 0x70, 0x7}}, 0x30) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) [ 932.053397] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:54 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 77) 22:45:54 executing program 1: socketpair(0x28, 0x0, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 22:45:54 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000280), 0x8, 0x600080) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000002c0)) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {@default_permissions}], [{@fowner_eq}, {@flag='async'}, {@measure}]}}, 0x0, 0x0, 0x0) [ 932.177085] FAULT_INJECTION: forcing a failure. [ 932.177085] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 932.189030] CPU: 0 PID: 17993 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 932.196914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 932.206266] Call Trace: [ 932.208864] dump_stack+0x1b2/0x281 [ 932.212502] should_fail.cold+0x10a/0x149 [ 932.216656] __alloc_pages_nodemask+0x21e/0x2900 [ 932.221448] ? fuse_fill_super+0xe0c/0x15c0 [ 932.225773] ? mount_nodev+0x4c/0xf0 [ 932.229499] ? __lock_acquire+0x5fc/0x3f20 [ 932.233741] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 932.238600] ? trace_hardirqs_on+0x10/0x10 [ 932.242840] ? fs_reclaim_release+0xd0/0x110 [ 932.247256] ? __d_alloc+0x2a/0xa20 [ 932.250889] cache_grow_begin+0x91/0x700 [ 932.254949] ? fs_reclaim_release+0xd0/0x110 [ 932.259364] ? check_preemption_disabled+0x35/0x240 [ 932.264386] cache_alloc_refill+0x273/0x350 [ 932.268715] kmem_cache_alloc+0x333/0x3c0 [ 932.272868] alloc_inode+0xa0/0x170 [ 932.276499] new_inode+0x1d/0xf0 [ 932.279867] fuse_ctl_add_dentry+0x8d/0x410 [ 932.284187] ? __lockdep_init_map+0x100/0x560 [ 932.288682] fuse_ctl_add_conn+0x110/0x250 [ 932.292918] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 932.297585] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 932.302185] fuse_fill_super+0xe0c/0x15c0 [ 932.306337] ? fuse_get_root_inode+0xc0/0xc0 [ 932.310745] ? up_write+0x17/0x60 [ 932.314193] ? register_shrinker+0x15f/0x220 [ 932.318592] ? sget_userns+0x768/0xc10 [ 932.322465] ? get_anon_bdev+0x1c0/0x1c0 [ 932.328510] ? sget+0xd9/0x110 [ 932.331718] ? fuse_get_root_inode+0xc0/0xc0 [ 932.336108] mount_nodev+0x4c/0xf0 [ 932.339632] mount_fs+0x92/0x2a0 [ 932.343003] vfs_kern_mount.part.0+0x5b/0x470 [ 932.347481] do_mount+0xe65/0x2a30 [ 932.350999] ? __do_page_fault+0x159/0xad0 [ 932.355223] ? retint_kernel+0x2d/0x2d [ 932.359290] ? copy_mount_string+0x40/0x40 [ 932.363520] ? memset+0x20/0x40 [ 932.366781] ? copy_mount_options+0x1fa/0x2f0 [ 932.371256] ? copy_mnt_ns+0xa30/0xa30 [ 932.375121] SyS_mount+0xa8/0x120 [ 932.378550] ? copy_mnt_ns+0xa30/0xa30 [ 932.382415] do_syscall_64+0x1d5/0x640 [ 932.386284] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 932.391451] RIP: 0033:0x7f8e2a1775fa [ 932.395315] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 932.403008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 932.410253] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 932.417499] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 932.424745] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 932.431989] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:54 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010027bd7000fddbdf25020000000c000180060801000a000000"], 0x20}, 0x1, 0x0, 0x0, 0x40804}, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x84, r2, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x24000080}, 0x4040) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x18d9fd0d, 0x0, 0x3, 0x1a20, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x1, 0x3}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x4, 0x2, 0x0, 0x1ff, 0x1100, r4, 0x54, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010027bd7000fddbdf25020000000c000180060801000a000000"], 0x20}, 0x1, 0x0, 0x0, 0x40804}, 0x20000000) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000340)) (async) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x84, r2, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x24000080}, 0x4040) (async) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x18d9fd0d, 0x0, 0x3, 0x1a20, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x1, 0x3}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x4, 0x2, 0x0, 0x1ff, 0x1100, r4, 0x54, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48) (async) 22:45:54 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:54 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = syz_open_dev$dri(&(0x7f0000000280), 0x8, 0x600080) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000002c0)) (async) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {@default_permissions}], [{@fowner_eq}, {@flag='async'}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:54 executing program 1: socketpair(0x28, 0x0, 0x0, 0x0) (async, rerun: 32) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (rerun: 32) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) 22:45:54 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 78) 22:45:54 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:54 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000280), 0x8, 0x600080) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000002c0)) getresuid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {@default_permissions}], [{@fowner_eq}, {@flag='async'}, {@measure}]}}, 0x0, 0x0, 0x0) 22:45:54 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) [ 932.702427] FAULT_INJECTION: forcing a failure. [ 932.702427] name failslab, interval 1, probability 0, space 0, times 0 [ 932.733250] CPU: 1 PID: 18025 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 932.741155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 932.750508] Call Trace: [ 932.753100] dump_stack+0x1b2/0x281 [ 932.756739] should_fail.cold+0x10a/0x149 [ 932.760893] should_failslab+0xd6/0x130 [ 932.764872] kmem_cache_alloc+0x28e/0x3c0 [ 932.769037] alloc_inode+0xa0/0x170 [ 932.772665] new_inode+0x1d/0xf0 [ 932.776033] fuse_ctl_add_dentry+0x8d/0x410 [ 932.780368] ? __lockdep_init_map+0x100/0x560 [ 932.784868] fuse_ctl_add_conn+0x148/0x250 [ 932.789100] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 932.793778] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 932.798367] fuse_fill_super+0xe0c/0x15c0 [ 932.803302] ? fuse_get_root_inode+0xc0/0xc0 [ 932.807712] ? up_write+0x17/0x60 [ 932.811174] ? register_shrinker+0x15f/0x220 [ 932.815588] ? sget_userns+0x768/0xc10 [ 932.819481] ? get_anon_bdev+0x1c0/0x1c0 [ 932.823546] ? sget+0xd9/0x110 [ 932.826738] ? fuse_get_root_inode+0xc0/0xc0 [ 932.831152] mount_nodev+0x4c/0xf0 [ 932.834695] mount_fs+0x92/0x2a0 [ 932.838083] vfs_kern_mount.part.0+0x5b/0x470 [ 932.842583] do_mount+0xe65/0x2a30 [ 932.846125] ? __do_page_fault+0x159/0xad0 [ 932.850359] ? retint_kernel+0x2d/0x2d [ 932.854250] ? copy_mount_string+0x40/0x40 [ 932.858489] ? memset+0x20/0x40 [ 932.861775] ? copy_mount_options+0x1fa/0x2f0 [ 932.866273] ? copy_mnt_ns+0xa30/0xa30 [ 932.870168] SyS_mount+0xa8/0x120 [ 932.873621] ? copy_mnt_ns+0xa30/0xa30 [ 932.877518] do_syscall_64+0x1d5/0x640 [ 932.881420] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 932.886610] RIP: 0033:0x7f8e2a1775fa [ 932.890318] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 22:45:55 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010027bd7000fddbdf25020000000c000180060801000a000000"], 0x20}, 0x1, 0x0, 0x0, 0x40804}, 0x20000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000480)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x84, r2, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x28, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x24000080}, 0x4040) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x18d9fd0d, 0x0, 0x3, 0x1a20, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x1, 0x3}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x4, 0x2, 0x0, 0x1ff, 0x1100, r4, 0x54, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48) 22:45:55 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 1: socketpair(0x28, 0x0, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socketpair(0x28, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) 22:45:55 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_IOCTL(r1, &(0x7f00000000c0)={0x20, 0x0, 0x0, {0xa41, 0x0, 0x5, 0x4}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd5', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) [ 932.898046] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 932.905318] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 932.912587] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 932.919857] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 932.927127] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:55 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 79) 22:45:55 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_IOCTL(r1, &(0x7f00000000c0)={0x20, 0x0, 0x0, {0xa41, 0x0, 0x5, 0x4}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd5', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) 22:45:55 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) read$FUSE(r7, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(0xffffffffffffffff, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2, r9}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, r8, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 933.098513] FAULT_INJECTION: forcing a failure. [ 933.098513] name failslab, interval 1, probability 0, space 0, times 0 [ 933.136043] CPU: 1 PID: 18088 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 933.143992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 933.153351] Call Trace: [ 933.155936] dump_stack+0x1b2/0x281 [ 933.159568] should_fail.cold+0x10a/0x149 [ 933.163722] should_failslab+0xd6/0x130 [ 933.167695] kmem_cache_alloc+0x28e/0x3c0 [ 933.171847] alloc_inode+0xa0/0x170 [ 933.175472] new_inode+0x1d/0xf0 [ 933.179620] fuse_ctl_add_dentry+0x8d/0x410 [ 933.183949] ? __lockdep_init_map+0x100/0x560 [ 933.188446] fuse_ctl_add_conn+0x110/0x250 [ 933.192680] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 933.197350] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 933.201940] fuse_fill_super+0xe0c/0x15c0 [ 933.206092] ? fuse_get_root_inode+0xc0/0xc0 [ 933.210502] ? up_write+0x17/0x60 [ 933.213952] ? register_shrinker+0x15f/0x220 [ 933.218355] ? sget_userns+0x768/0xc10 [ 933.222509] ? get_anon_bdev+0x1c0/0x1c0 [ 933.226569] ? sget+0xd9/0x110 [ 933.229762] ? fuse_get_root_inode+0xc0/0xc0 [ 933.234174] mount_nodev+0x4c/0xf0 [ 933.237720] mount_fs+0x92/0x2a0 [ 933.241091] vfs_kern_mount.part.0+0x5b/0x470 [ 933.245592] do_mount+0xe65/0x2a30 [ 933.249136] ? __do_page_fault+0x159/0xad0 [ 933.253391] ? retint_kernel+0x2d/0x2d [ 933.257282] ? copy_mount_string+0x40/0x40 [ 933.261523] ? memset+0x20/0x40 [ 933.264803] ? copy_mount_options+0x1fa/0x2f0 [ 933.269297] ? copy_mnt_ns+0xa30/0xa30 [ 933.273189] SyS_mount+0xa8/0x120 [ 933.276647] ? copy_mnt_ns+0xa30/0xa30 [ 933.280531] do_syscall_64+0x1d5/0x640 [ 933.284413] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 933.289588] RIP: 0033:0x7f8e2a1775fa [ 933.293281] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 933.300978] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 933.308226] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 933.315472] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 933.322716] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 933.329963] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:55 executing program 0: sched_getaffinity(0x0, 0x8, &(0x7f0000000000)) read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0xfff, 0x20002) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/180, 0xb4) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/9) 22:45:55 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_IOCTL(r1, &(0x7f00000000c0)={0x20, 0x0, 0x0, {0xa41, 0x0, 0x5, 0x4}}, 0x20) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd5', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) write$FUSE_IOCTL(r1, &(0x7f00000000c0)={0x20, 0x0, 0x0, {0xa41, 0x0, 0x5, 0x4}}, 0x20) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd5', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_type=#}^,measure,\x00'], 0x0, 0x0, 0x0) (async) 22:45:55 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:55 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 80) 22:45:55 executing program 1: syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) 22:45:55 executing program 0: sched_getaffinity(0x0, 0x8, &(0x7f0000000000)) read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0xfff, 0x20002) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/180, 0xb4) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/9) sched_getaffinity(0x0, 0x8, &(0x7f0000000000)) (async) read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) (async) syz_open_dev$evdev(&(0x7f00000000c0), 0xfff, 0x20002) (async) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/180, 0xb4) (async) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/9) (async) [ 933.768123] FAULT_INJECTION: forcing a failure. [ 933.768123] name failslab, interval 1, probability 0, space 0, times 0 [ 933.780686] CPU: 0 PID: 18124 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 933.788580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 933.797928] Call Trace: [ 933.800515] dump_stack+0x1b2/0x281 [ 933.805361] should_fail.cold+0x10a/0x149 [ 933.809514] should_failslab+0xd6/0x130 [ 933.813507] kmem_cache_alloc+0x28e/0x3c0 22:45:56 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000080)={0x0, 0x1, 0xffffffffffffffff}) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000200)='./file0/file0\x00', 0x8000, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x14000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@allow_other}, {@allow_other}], [{@smackfstransmute}, {@appraise}, {@fsmagic}, {@dont_appraise}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]}}, 0x0, 0x0, &(0x7f0000000380)="d7120aa8df6b04849b735b48e7c3563780e6477ecbfcd69aeea968eca7be67bfba2bae150d7a4d61feb7cf482dfc4dfe19c279c47892f6f97cb55fde84b6bcfdb7269c211de36c9703844142268f126364f2d92d4bfa24ca3a1fabbd428696d1a60684ecd2a277aaf62ada5bed6f7324a5ce01018318901c98c96ee19683a7942889ca5464def04d15efec22de4654144bc7a7db976dbe7b85783a7e5224504f14244fde474567be73e883a2431343e026cbbefd3a4d650e103d22a605304ff25b09af79f38204c7058df544532ef89aa00d8f0be934d676b82ebe26077a614ed115fb6dc610") ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"6922fd197c237d1a0c7ea47c9f08ee5048f7a2b773b5cc85d296bc6c7baf11d0", r1, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"03e303e73338106594af045cd1a5c506d3cfd969880b6d704f1ffe6842750ee8", r3}) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x5, 0x200081) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f0000000100)={0x0, 0x1}) [ 933.817751] alloc_inode+0xa0/0x170 [ 933.821380] new_inode+0x1d/0xf0 [ 933.824755] fuse_ctl_add_dentry+0x8d/0x410 [ 933.829080] ? __lockdep_init_map+0x100/0x560 [ 933.833575] fuse_ctl_add_conn+0x148/0x250 [ 933.837810] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 933.842490] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 933.847077] fuse_fill_super+0xe0c/0x15c0 [ 933.851229] ? fuse_get_root_inode+0xc0/0xc0 [ 933.855636] ? up_write+0x17/0x60 [ 933.859090] ? register_shrinker+0x15f/0x220 [ 933.863509] ? sget_userns+0x768/0xc10 [ 933.867417] ? get_anon_bdev+0x1c0/0x1c0 [ 933.871477] ? sget+0xd9/0x110 [ 933.874670] ? fuse_get_root_inode+0xc0/0xc0 [ 933.879082] mount_nodev+0x4c/0xf0 [ 933.882779] mount_fs+0x92/0x2a0 [ 933.886164] vfs_kern_mount.part.0+0x5b/0x470 [ 933.890843] do_mount+0xe65/0x2a30 [ 933.894395] ? __do_page_fault+0x159/0xad0 [ 933.898720] ? retint_kernel+0x2d/0x2d [ 933.902613] ? copy_mount_string+0x40/0x40 [ 933.906855] ? memset+0x20/0x40 [ 933.910128] ? copy_mount_options+0x1fa/0x2f0 [ 933.914616] ? copy_mnt_ns+0xa30/0xa30 [ 933.918495] SyS_mount+0xa8/0x120 [ 933.921929] ? copy_mnt_ns+0xa30/0xa30 [ 933.925802] do_syscall_64+0x1d5/0x640 [ 933.929673] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 933.934838] RIP: 0033:0x7f8e2a1775fa [ 933.938532] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 933.946237] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 933.953490] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 933.960736] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 22:45:56 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:56 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:56 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:56 executing program 0: sched_getaffinity(0x0, 0x8, &(0x7f0000000000)) (async) read$char_usb(0xffffffffffffffff, &(0x7f00000001c0)=""/173, 0xad) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0xfff, 0x20002) read$char_usb(0xffffffffffffffff, &(0x7f0000000100)=""/180, 0xb4) (async, rerun: 32) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/9) (rerun: 32) 22:45:56 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) [ 933.967982] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 933.975230] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:56 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000000)) 22:45:56 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:56 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 81) 22:45:56 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES16=r2, @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f696401", @ANYRESOCT=r3, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:56 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000080)={0x0, 0x1, 0xffffffffffffffff}) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000200)='./file0/file0\x00', 0x8000, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x14000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@allow_other}, {@allow_other}], [{@smackfstransmute}, {@appraise}, {@fsmagic}, {@dont_appraise}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]}}, 0x0, 0x0, &(0x7f0000000380)="d7120aa8df6b04849b735b48e7c3563780e6477ecbfcd69aeea968eca7be67bfba2bae150d7a4d61feb7cf482dfc4dfe19c279c47892f6f97cb55fde84b6bcfdb7269c211de36c9703844142268f126364f2d92d4bfa24ca3a1fabbd428696d1a60684ecd2a277aaf62ada5bed6f7324a5ce01018318901c98c96ee19683a7942889ca5464def04d15efec22de4654144bc7a7db976dbe7b85783a7e5224504f14244fde474567be73e883a2431343e026cbbefd3a4d650e103d22a605304ff25b09af79f38204c7058df544532ef89aa00d8f0be934d676b82ebe26077a614ed115fb6dc610") (async) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"6922fd197c237d1a0c7ea47c9f08ee5048f7a2b773b5cc85d296bc6c7baf11d0", r1, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"03e303e73338106594af045cd1a5c506d3cfd969880b6d704f1ffe6842750ee8", r3}) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x5, 0x200081) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f0000000100)={0x0, 0x1}) 22:45:56 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:56 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) 22:45:56 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:56 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) (async) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES16=r2, @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f696401", @ANYRESOCT=r3, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) 22:45:56 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000080)={0x0, 0x1, 0xffffffffffffffff}) (async) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) (async) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000200)='./file0/file0\x00', 0x8000, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x14000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@allow_other}, {@allow_other}], [{@smackfstransmute}, {@appraise}, {@fsmagic}, {@dont_appraise}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]}}, 0x0, 0x0, &(0x7f0000000380)="d7120aa8df6b04849b735b48e7c3563780e6477ecbfcd69aeea968eca7be67bfba2bae150d7a4d61feb7cf482dfc4dfe19c279c47892f6f97cb55fde84b6bcfdb7269c211de36c9703844142268f126364f2d92d4bfa24ca3a1fabbd428696d1a60684ecd2a277aaf62ada5bed6f7324a5ce01018318901c98c96ee19683a7942889ca5464def04d15efec22de4654144bc7a7db976dbe7b85783a7e5224504f14244fde474567be73e883a2431343e026cbbefd3a4d650e103d22a605304ff25b09af79f38204c7058df544532ef89aa00d8f0be934d676b82ebe26077a614ed115fb6dc610") (async) ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000140)={"6922fd197c237d1a0c7ea47c9f08ee5048f7a2b773b5cc85d296bc6c7baf11d0", r1, 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000180)={"03e303e73338106594af045cd1a5c506d3cfd969880b6d704f1ffe6842750ee8", r3}) (async) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x5, 0x200081) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f0000000100)={0x0, 0x1}) 22:45:56 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 934.220074] FAULT_INJECTION: forcing a failure. [ 934.220074] name failslab, interval 1, probability 0, space 0, times 0 [ 934.260390] CPU: 0 PID: 18192 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 934.268295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 934.277645] Call Trace: [ 934.280242] dump_stack+0x1b2/0x281 [ 934.283896] should_fail.cold+0x10a/0x149 [ 934.288055] should_failslab+0xd6/0x130 [ 934.292035] kmem_cache_alloc+0x28e/0x3c0 [ 934.296195] alloc_inode+0xa0/0x170 [ 934.299832] new_inode+0x1d/0xf0 [ 934.303196] fuse_ctl_add_dentry+0x8d/0x410 [ 934.307521] ? __lockdep_init_map+0x100/0x560 [ 934.312021] fuse_ctl_add_conn+0x1b0/0x250 [ 934.316258] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 934.320936] fuse_fill_super+0xe0c/0x15c0 [ 934.325090] ? fuse_get_root_inode+0xc0/0xc0 [ 934.329507] ? up_write+0x17/0x60 [ 934.332963] ? register_shrinker+0x15f/0x220 [ 934.337373] ? sget_userns+0x768/0xc10 [ 934.341279] ? get_anon_bdev+0x1c0/0x1c0 [ 934.345352] ? sget+0xd9/0x110 [ 934.348552] ? fuse_get_root_inode+0xc0/0xc0 [ 934.352966] mount_nodev+0x4c/0xf0 [ 934.356510] mount_fs+0x92/0x2a0 22:45:56 executing program 1: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES16=r2, @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f696401", @ANYRESOCT=r3, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r1, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r2, 0x0, 0x0) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRES16=r2, @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f696401", @ANYRESOCT=r3, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async) [ 934.359883] vfs_kern_mount.part.0+0x5b/0x470 [ 934.364423] do_mount+0xe65/0x2a30 [ 934.368049] ? __do_page_fault+0x159/0xad0 [ 934.372284] ? retint_kernel+0x2d/0x2d [ 934.376176] ? copy_mount_string+0x40/0x40 [ 934.380423] ? memset+0x20/0x40 [ 934.383702] ? copy_mount_options+0x1fa/0x2f0 [ 934.388198] ? copy_mnt_ns+0xa30/0xa30 [ 934.392095] SyS_mount+0xa8/0x120 [ 934.395547] ? copy_mnt_ns+0xa30/0xa30 [ 934.399439] do_syscall_64+0x1d5/0x640 [ 934.403336] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 934.408520] RIP: 0033:0x7f8e2a1775fa [ 934.412229] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 934.419948] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 934.427224] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 934.434584] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 934.441867] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 934.449133] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:57 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 82) 22:45:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) (async) ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000000)) 22:45:57 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000010, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1a00}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x32, 0x61, 0x36, 0x30, 0x31, 0x65, 0x65], 0x2d, [0x39, 0x31, 0x61, 0x34], 0x2d, [0x64, 0x37, 0x32, 0x65], 0x2d, [0x4, 0x35, 0x32, 0x32], 0x2d, [0x37, 0x30, 0x3c, 0x38, 0x34, 0x61, 0x35, 0x34]}}}, {@smackfsroot={'smackfsroot', 0x3d, '.'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@smackfsroot={'smackfsroot', 0x3d, 'fd'}}, {@obj_role}, {@flag='lazytime'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@dont_appraise}]}}, 0x0, 0x0, &(0x7f0000000240)="87a18870134b6d65e597763a9c9a53b64706d503198f139070586caba670cad43da31285d41549e96cb949a92bbc06ac0e2a5cda9c5cb43888e6200f0f1b4b0d28ea5085c655811a983d7a461b4416b1a6677a33e866ec4638cdd8e7a9579c2edcd8e6a6f397740557e3a736925c3d99a3b4c7fdc78c55a27422b635a2af9084852d970ca6d3b1b92fb18e73876318fe2e846f9b38bac85ade60080610b0d540e2e7fbcdd049d8095739ec949cb94704109e1125df480117b586bdad") 22:45:57 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:57 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000280), 0x7, 0x42000) ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f00000002c0)={0x3f, 0x0, 0x1ff, 0x10001, 0x200, 0x6}) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f0000000080)={""/32, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)) 22:45:57 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:57 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) 22:45:57 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 934.996921] FAULT_INJECTION: forcing a failure. [ 934.996921] name failslab, interval 1, probability 0, space 0, times 0 [ 935.031741] CPU: 0 PID: 18265 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 935.039662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 935.049017] Call Trace: [ 935.051655] dump_stack+0x1b2/0x281 [ 935.055319] should_fail.cold+0x10a/0x149 [ 935.059482] should_failslab+0xd6/0x130 [ 935.063464] kmem_cache_alloc+0x28e/0x3c0 [ 935.067620] alloc_inode+0xa0/0x170 [ 935.071257] new_inode+0x1d/0xf0 [ 935.074637] fuse_ctl_add_dentry+0x8d/0x410 [ 935.078963] ? __lockdep_init_map+0x100/0x560 [ 935.083465] fuse_ctl_add_conn+0x148/0x250 [ 935.087703] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 935.092364] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 935.096931] fuse_fill_super+0xe0c/0x15c0 [ 935.101062] ? fuse_get_root_inode+0xc0/0xc0 [ 935.105448] ? up_write+0x17/0x60 [ 935.108877] ? register_shrinker+0x15f/0x220 [ 935.113262] ? sget_userns+0x768/0xc10 [ 935.117143] ? get_anon_bdev+0x1c0/0x1c0 [ 935.121200] ? sget+0xd9/0x110 [ 935.124388] ? fuse_get_root_inode+0xc0/0xc0 [ 935.128775] mount_nodev+0x4c/0xf0 [ 935.132293] mount_fs+0x92/0x2a0 [ 935.135644] vfs_kern_mount.part.0+0x5b/0x470 [ 935.140120] do_mount+0xe65/0x2a30 [ 935.143650] ? __do_page_fault+0x159/0xad0 [ 935.147865] ? retint_kernel+0x2d/0x2d [ 935.151727] ? copy_mount_string+0x40/0x40 [ 935.155949] ? memset+0x20/0x40 [ 935.159217] ? copy_mount_options+0x1fa/0x2f0 [ 935.163711] ? copy_mnt_ns+0xa30/0xa30 [ 935.167589] SyS_mount+0xa8/0x120 [ 935.171056] ? copy_mnt_ns+0xa30/0xa30 [ 935.174920] do_syscall_64+0x1d5/0x640 [ 935.178889] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 935.184056] RIP: 0033:0x7f8e2a1775fa [ 935.187746] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 22:45:57 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000280), 0x7, 0x42000) ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f00000002c0)={0x3f, 0x0, 0x1ff, 0x10001, 0x200, 0x6}) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f0000000080)={""/32, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)) [ 935.195439] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 935.202809] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 935.210076] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 935.217335] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 935.224682] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:57 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r4, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:57 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:57 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000010, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1a00}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x32, 0x61, 0x36, 0x30, 0x31, 0x65, 0x65], 0x2d, [0x39, 0x31, 0x61, 0x34], 0x2d, [0x64, 0x37, 0x32, 0x65], 0x2d, [0x4, 0x35, 0x32, 0x32], 0x2d, [0x37, 0x30, 0x3c, 0x38, 0x34, 0x61, 0x35, 0x34]}}}, {@smackfsroot={'smackfsroot', 0x3d, '.'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@smackfsroot={'smackfsroot', 0x3d, 'fd'}}, {@obj_role}, {@flag='lazytime'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@dont_appraise}]}}, 0x0, 0x0, &(0x7f0000000240)="87a18870134b6d65e597763a9c9a53b64706d503198f139070586caba670cad43da31285d41549e96cb949a92bbc06ac0e2a5cda9c5cb43888e6200f0f1b4b0d28ea5085c655811a983d7a461b4416b1a6677a33e866ec4638cdd8e7a9579c2edcd8e6a6f397740557e3a736925c3d99a3b4c7fdc78c55a27422b635a2af9084852d970ca6d3b1b92fb18e73876318fe2e846f9b38bac85ade60080610b0d540e2e7fbcdd049d8095739ec949cb94704109e1125df480117b586bdad") openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000010, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1a00}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x32, 0x61, 0x36, 0x30, 0x31, 0x65, 0x65], 0x2d, [0x39, 0x31, 0x61, 0x34], 0x2d, [0x64, 0x37, 0x32, 0x65], 0x2d, [0x4, 0x35, 0x32, 0x32], 0x2d, [0x37, 0x30, 0x3c, 0x38, 0x34, 0x61, 0x35, 0x34]}}}, {@smackfsroot={'smackfsroot', 0x3d, '.'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@smackfsroot={'smackfsroot', 0x3d, 'fd'}}, {@obj_role}, {@flag='lazytime'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@dont_appraise}]}}, 0x0, 0x0, &(0x7f0000000240)="87a18870134b6d65e597763a9c9a53b64706d503198f139070586caba670cad43da31285d41549e96cb949a92bbc06ac0e2a5cda9c5cb43888e6200f0f1b4b0d28ea5085c655811a983d7a461b4416b1a6677a33e866ec4638cdd8e7a9579c2edcd8e6a6f397740557e3a736925c3d99a3b4c7fdc78c55a27422b635a2af9084852d970ca6d3b1b92fb18e73876318fe2e846f9b38bac85ade60080610b0d540e2e7fbcdd049d8095739ec949cb94704109e1125df480117b586bdad") (async) 22:45:57 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 83) [ 935.385578] FAULT_INJECTION: forcing a failure. [ 935.385578] name failslab, interval 1, probability 0, space 0, times 0 [ 935.401068] CPU: 0 PID: 18312 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 935.409063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 935.418421] Call Trace: [ 935.421008] dump_stack+0x1b2/0x281 [ 935.424647] should_fail.cold+0x10a/0x149 [ 935.428817] should_failslab+0xd6/0x130 [ 935.432800] kmem_cache_alloc+0x28e/0x3c0 [ 935.436949] __d_alloc+0x2a/0xa20 [ 935.440418] ? lock_acquire+0x170/0x3f0 [ 935.444398] d_alloc+0x46/0x240 [ 935.447681] d_alloc_name+0x70/0x80 [ 935.451323] ? d_alloc+0x240/0x240 [ 935.454867] fuse_ctl_add_dentry+0x70/0x410 [ 935.459310] ? __lockdep_init_map+0x100/0x560 [ 935.463813] fuse_ctl_add_conn+0x17c/0x250 [ 935.468055] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 935.472731] ? CIFSSMBGetPosixACL+0x245/0x1390 [ 935.477333] fuse_fill_super+0xe0c/0x15c0 [ 935.481491] ? fuse_get_root_inode+0xc0/0xc0 [ 935.485905] ? up_write+0x17/0x60 [ 935.489359] ? register_shrinker+0x15f/0x220 [ 935.493777] ? sget_userns+0x768/0xc10 [ 935.497692] ? get_anon_bdev+0x1c0/0x1c0 [ 935.501760] ? sget+0xd9/0x110 [ 935.504960] ? fuse_get_root_inode+0xc0/0xc0 [ 935.509371] mount_nodev+0x4c/0xf0 [ 935.512916] mount_fs+0x92/0x2a0 [ 935.516293] vfs_kern_mount.part.0+0x5b/0x470 [ 935.520798] do_mount+0xe65/0x2a30 [ 935.524340] ? __do_page_fault+0x159/0xad0 [ 935.528924] ? retint_kernel+0x2d/0x2d [ 935.532802] ? copy_mount_string+0x40/0x40 [ 935.537020] ? memset+0x20/0x40 [ 935.540276] ? copy_mount_options+0x1fa/0x2f0 [ 935.544752] ? copy_mnt_ns+0xa30/0xa30 [ 935.548618] SyS_mount+0xa8/0x120 [ 935.552047] ? copy_mnt_ns+0xa30/0xa30 [ 935.555909] do_syscall_64+0x1d5/0x640 [ 935.559778] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 935.564945] RIP: 0033:0x7f8e2a1775fa [ 935.568632] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 935.576316] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 935.583562] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 935.590899] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 935.598152] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 935.605449] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 22:45:58 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$char_usb(r0, &(0x7f00000001c0)=""/173, 0xad) ioctl$MEDIA_IOC_DEVICE_INFO(0xffffffffffffffff, 0xc1007c00, &(0x7f0000000000)) 22:45:58 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r4, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:58 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) 22:45:58 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000280), 0x7, 0x42000) ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f00000002c0)={0x3f, 0x0, 0x1ff, 0x10001, 0x200, 0x6}) (async) ioctl$SYNC_IOC_FILE_INFO(0xffffffffffffffff, 0xc0383e04, &(0x7f0000000080)={""/32, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)}) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@subj_type={'subj_type', 0x3d, '#}^'}}]}}, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)) 22:45:58 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) read$FUSE(r0, &(0x7f0000002400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000010, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1a00}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x32, 0x61, 0x36, 0x30, 0x31, 0x65, 0x65], 0x2d, [0x39, 0x31, 0x61, 0x34], 0x2d, [0x64, 0x37, 0x32, 0x65], 0x2d, [0x4, 0x35, 0x32, 0x32], 0x2d, [0x37, 0x30, 0x3c, 0x38, 0x34, 0x61, 0x35, 0x34]}}}, {@smackfsroot={'smackfsroot', 0x3d, '.'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@smackfsroot={'smackfsroot', 0x3d, 'fd'}}, {@obj_role}, {@flag='lazytime'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@dont_appraise}]}}, 0x0, 0x0, &(0x7f0000000240)="87a18870134b6d65e597763a9c9a53b64706d503198f139070586caba670cad43da31285d41549e96cb949a92bbc06ac0e2a5cda9c5cb43888e6200f0f1b4b0d28ea5085c655811a983d7a461b4416b1a6677a33e866ec4638cdd8e7a9579c2edcd8e6a6f397740557e3a736925c3d99a3b4c7fdc78c55a27422b635a2af9084852d970ca6d3b1b92fb18e73876318fe2e846f9b38bac85ade60080610b0d540e2e7fbcdd049d8095739ec949cb94704109e1125df480117b586bdad") openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) (async) read$FUSE(r0, &(0x7f0000002400)={0x2020}, 0x2020) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000010, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, r1}, 0x2c, {[{@allow_other}, {@blksize={'blksize', 0x3d, 0x1a00}}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x32, 0x61, 0x36, 0x30, 0x31, 0x65, 0x65], 0x2d, [0x39, 0x31, 0x61, 0x34], 0x2d, [0x64, 0x37, 0x32, 0x65], 0x2d, [0x4, 0x35, 0x32, 0x32], 0x2d, [0x37, 0x30, 0x3c, 0x38, 0x34, 0x61, 0x35, 0x34]}}}, {@smackfsroot={'smackfsroot', 0x3d, '.'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@smackfsroot={'smackfsroot', 0x3d, 'fd'}}, {@obj_role}, {@flag='lazytime'}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@dont_appraise}]}}, 0x0, 0x0, &(0x7f0000000240)="87a18870134b6d65e597763a9c9a53b64706d503198f139070586caba670cad43da31285d41549e96cb949a92bbc06ac0e2a5cda9c5cb43888e6200f0f1b4b0d28ea5085c655811a983d7a461b4416b1a6677a33e866ec4638cdd8e7a9579c2edcd8e6a6f397740557e3a736925c3d99a3b4c7fdc78c55a27422b635a2af9084852d970ca6d3b1b92fb18e73876318fe2e846f9b38bac85ade60080610b0d540e2e7fbcdd049d8095739ec949cb94704109e1125df480117b586bdad") (async) 22:45:58 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 84) 22:45:58 executing program 2: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$FUSE_INTERRUPT(r1, &(0x7f00000000c0)={0x10}, 0x10) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}], [{@fowner_eq}, {@subj_type={'subj_type', 0x3d, '#}^'}}, {@measure}]}}, 0x0, 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r2, 0xc01064c1, &(0x7f0000000040)) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000100)={0x0, 0x1}) 22:45:58 executing program 1: syz_init_net_socket$x25(0x9, 0x5, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000300), 0x0, 0xa0001) ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000380)=""/4096) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x4, 0x7f, 0x5}}, 0x30) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000080)=0xe3cc) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000001380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030300930303134303030302c757352725f69643d21d6aefd8e6f46d59e8cc0b8ad1e048ab37f52e915fe740dc417d5af84d32853c9f389b04940d66e25ebcf724618f2e4235ae00ad26edd39a9ff7487882cd4db2bece75a9a325795c28a772240789024faee4315398af985958558b5c2ed413925aa850817ec8808ae9049004cd86becd9b7d3b9269161978f68f1ee51989723ed6def240a869b037c1e52279af51200c0ab07a000a6569ae36ebdf03a188c4e0d7ed5fd4845e2539ff3e8a2374a4592e0083670eb7d67aff6491086913cdc7c3cfc8173d963d6adba9817d3af50730f8791ac857ecf293f78c40a", @ANYRESDEC=0x0, @ANYRESOCT=r0, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) socket(0x28, 0x3, 0x80000001) 22:45:58 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) write$FUSE_INIT(r0, &(0x7f00000006c0)={0x50, 0xc6d923c1a843df47, 0x0, {0x7, 0x26, 0x1, 0x800000, 0x8, 0x100, 0x1, 0x4}}, 0x50) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 935.922165] FAULT_INJECTION: forcing a failure. [ 935.922165] name failslab, interval 1, probability 0, space 0, times 0 [ 935.959682] CPU: 1 PID: 18351 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 935.967638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 935.976989] Call Trace: [ 935.979581] dump_stack+0x1b2/0x281 [ 935.983221] should_fail.cold+0x10a/0x149 [ 935.987377] should_failslab+0xd6/0x130 [ 935.991357] kmem_cache_alloc+0x28e/0x3c0 [ 935.995520] alloc_inode+0xa0/0x170 [ 935.999147] new_inode+0x1d/0xf0 [ 936.002509] fuse_ctl_add_dentry+0x8d/0x410 [ 936.006856] ? __lockdep_init_map+0x100/0x560 [ 936.011358] fuse_ctl_add_conn+0x1e0/0x250 [ 936.015600] ? fuse_ctl_remove_conn+0x1a0/0x1a0 [ 936.020389] ? CIFSSMB_set_compression+0x2e6/0x9a0 [ 936.025383] fuse_fill_super+0xe0c/0x15c0 [ 936.029540] ? fuse_get_root_inode+0xc0/0xc0 [ 936.033955] ? up_write+0x17/0x60 [ 936.037986] ? register_shrinker+0x15f/0x220 [ 936.042400] ? sget_userns+0x768/0xc10 [ 936.046286] ? get_anon_bdev+0x1c0/0x1c0 [ 936.050329] ? sget+0xd9/0x110 [ 936.053504] ? fuse_get_root_inode+0xc0/0xc0 [ 936.057891] mount_nodev+0x4c/0xf0 [ 936.061414] mount_fs+0x92/0x2a0 [ 936.064761] vfs_kern_mount.part.0+0x5b/0x470 [ 936.069235] do_mount+0xe65/0x2a30 [ 936.072755] ? __do_page_fault+0x159/0xad0 [ 936.076968] ? retint_kernel+0x2d/0x2d [ 936.080843] ? copy_mount_string+0x40/0x40 [ 936.085067] ? memset+0x20/0x40 [ 936.088329] ? copy_mount_options+0x1fa/0x2f0 [ 936.092801] ? copy_mnt_ns+0xa30/0xa30 [ 936.096671] SyS_mount+0xa8/0x120 [ 936.100118] ? copy_mnt_ns+0xa30/0xa30 [ 936.103990] do_syscall_64+0x1d5/0x640 [ 936.107870] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 936.113043] RIP: 0033:0x7f8e2a1775fa 22:45:58 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000022c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@allow_other}, {@default_permissions}, {}, {}]}}, 0x0, 0x0, 0x0) (fail_nth: 85) 22:45:58 executing program 1: syz_init_net_socket$x25(0x9, 0x5, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) (async, rerun: 32) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) (rerun: 32) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) (async) r2 = syz_open_dev$evdev(&(0x7f0000000300), 0x0, 0xa0001) ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000380)=""/4096) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x4, 0x7f, 0x5}}, 0x30) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000080)=0xe3cc) (async) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000001380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030300930303134303030302c757352725f69643d21d6aefd8e6f46d59e8cc0b8ad1e048ab37f52e915fe740dc417d5af84d32853c9f389b04940d66e25ebcf724618f2e4235ae00ad26edd39a9ff7487882cd4db2bece75a9a325795c28a772240789024faee4315398af985958558b5c2ed413925aa850817ec8808ae9049004cd86becd9b7d3b9269161978f68f1ee51989723ed6def240a869b037c1e52279af51200c0ab07a000a6569ae36ebdf03a188c4e0d7ed5fd4845e2539ff3e8a2374a4592e0083670eb7d67aff6491086913cdc7c3cfc8173d963d6adba9817d3af50730f8791ac857ecf293f78c40a", @ANYRESDEC=0x0, @ANYRESOCT=r0, @ANYRESDEC=0x0, @ANYBLOB=',allow_other,allow_other,allow_other,default_permissions,max_read=0x0000000000000000,max_read=0x0000000000000000,subj_type=#}^,\x00'], 0x0, 0x0, 0x0) (async, rerun: 32) socket(0x28, 0x3, 0x80000001) (rerun: 32) 22:45:58 executing program 4: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000005c0), 0x84, 0x20400) syz_open_dev$evdev(&(0x7f0000000640), 0x7f, 0x280880) r1 = syz_open_dev$evdev(&(0x7f00000022c0), 0x80000000, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, 0x0) syz_open_dev$evdev(&(0x7f0000000800), 0xfffffffffffffffd, 0x101082) r2 = syz_open_dev$evdev(&(0x7f0000000680), 0x27bd, 0x1) ioctl$EVIOCREVOKE(r2, 0x40044591, &(0x7f0000000600)=0x2) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000004980)=""/200) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000004a80)=ANY=[@ANYBLOB="6664389261b0431ff7884973aad157efc0b309419454339bfedf3fb37a79d5e8aba794240af0c0a2ab55b65d319b00", @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000060000,user_id=', @ANYRESDEC=r5, @ANYBLOB=',group_id=', @ANYRESDEC=r6, @ANYBLOB=',default_permissions,uid=', @ANYRESDEC, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB=',subj_role=-(),subj_role=allow_other,subj_type=,\x00']) openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000880), 0x2, 0x0) write$FUSE_INTERRUPT(r7, &(0x7f0000002900)={0x10}, 0x10) write$FUSE_LK(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x0, 0x0, {{0x5, 0x3, 0x2}}}, 0x28) syz_open_dev$evdev(&(0x7f0000000180), 0xffffffffffffffff, 0x210002) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000004bc0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x1ddc00}}, {@default_permissions}, {}, {}, {@max_read={'max_read', 0x3d, 0x2fb0d4c2}}], [{@subj_type={'subj_type', 0x3d, '\xa0}\xc3\x1d\x96rE\x88^\\'}}]}}, 0x0, 0x0, 0x0) [ 936.116748] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 936.124890] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 936.132191] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 936.139492] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 936.146752] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 936.154154] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 [ 936.209106] FAULT_INJECTION: forcing a failure. [ 936.209106] name failslab, interval 1, probability 0, space 0, times 0 [ 936.244550] CPU: 1 PID: 18384 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 936.253246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 936.262601] Call Trace: [ 936.265196] dump_stack+0x1b2/0x281 [ 936.268846] should_fail.cold+0x10a/0x149 [ 936.273002] should_failslab+0xd6/0x130 [ 936.276983] __kmalloc_track_caller+0x2bc/0x400 [ 936.281654] ? do_mount+0x1e41/0x2a30 [ 936.285463] kstrdup+0x36/0x70 [ 936.288745] do_mount+0x1e41/0x2a30 [ 936.292375] ? __do_page_fault+0x159/0xad0 [ 936.296620] ? retint_kernel+0x2d/0x2d [ 936.300513] ? copy_mount_string+0x40/0x40 [ 936.304753] ? memset+0x20/0x40 [ 936.308144] ? copy_mount_options+0x1fa/0x2f0 [ 936.312641] ? copy_mnt_ns+0xa30/0xa30 [ 936.316536] SyS_mount+0xa8/0x120 [ 936.319999] ? copy_mnt_ns+0xa30/0xa30 [ 936.323906] do_syscall_64+0x1d5/0x640 [ 936.327806] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 936.332999] RIP: 0033:0x7f8e2a1775fa [ 936.336700] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 936.344404] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 936.351653] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 936.358900] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 936.366320] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 936.373584] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 [ 936.383365] BUG: unable to handle kernel paging request at fffffffffffffffc [ 936.392236] IP: do_mount+0x1ef2/0x2a30 [ 936.396116] PGD 8e6b067 P4D 8e6b067 PUD 8e6d067 PMD 0 [ 936.401399] Oops: 0000 [#1] PREEMPT SMP KASAN [ 936.405885] Modules linked in: [ 936.409070] CPU: 1 PID: 18384 Comm: syz-executor.5 Not tainted 4.14.302-syzkaller #0 [ 936.416923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 936.426255] task: ffff88809ed06200 task.stack: ffff8880a0458000 [ 936.432289] RIP: 0010:do_mount+0x1ef2/0x2a30 [ 936.436668] RSP: 0018:ffff8880a045fd90 EFLAGS: 00010246 [ 936.442114] RAX: dffffc0000000000 RBX: 00000000fffffff4 RCX: ffffc900069f7000 [ 936.449371] RDX: 1fffffffffffffff RSI: ffffffff818eaee4 RDI: fffffffffffffffc [ 936.456630] RBP: fffffffffffffff4 R08: ffffffff8ba4424c R09: 0000000000000001 [ 936.463881] R10: 0000000000000000 R11: ffff88809ed06200 R12: ffff88809779c228 [ 936.471392] R13: ffffffff891eab60 R14: 0000000000000000 R15: 0000000000000020 [ 936.478735] FS: 00007f8e286e8700(0000) GS:ffff8880ba500000(0000) knlGS:0000000000000000 [ 936.486935] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 936.492793] CR2: fffffffffffffffc CR3: 00000000b1096000 CR4: 00000000003406e0 [ 936.500050] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 936.507294] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 936.514538] Call Trace: [ 936.517106] ? __do_page_fault+0x159/0xad0 [ 936.521318] ? retint_kernel+0x2d/0x2d [ 936.525182] ? copy_mount_string+0x40/0x40 [ 936.529397] ? memset+0x20/0x40 [ 936.532661] ? copy_mount_options+0x1fa/0x2f0 [ 936.537138] ? copy_mnt_ns+0xa30/0xa30 [ 936.540998] SyS_mount+0xa8/0x120 [ 936.544430] ? copy_mnt_ns+0xa30/0xa30 [ 936.548292] do_syscall_64+0x1d5/0x640 [ 936.552158] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 936.557332] RIP: 0033:0x7f8e2a1775fa [ 936.561899] RSP: 002b:00007f8e286e7f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 936.569586] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8e2a1775fa [ 936.576861] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000000 [ 936.584195] RBP: 00007f8e286e8020 R08: 00007f8e286e8020 R09: 0000000000000000 [ 936.591440] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 936.598681] R13: 0000000020000040 R14: 00007f8e286e7fe0 R15: 00000000200022c0 [ 936.605943] Code: c6 ff 48 89 ef 48 63 eb e8 7c 61 ff ff 48 8d 7d 08 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a 48 c1 ea 03 80 3c 02 00 0f 85 4b 08 00 00 <48> 8b 5d 08 e8 35 ab c6 ff 48 8d 7b 70 e8 ec 41 b2 ff 4c 89 ef [ 936.625121] RIP: do_mount+0x1ef2/0x2a30 RSP: ffff8880a045fd90 [ 936.631162] CR2: fffffffffffffffc [ 936.634699] ---[ end trace 19a4d2cdb1fd8871 ]--- [ 936.639440] Kernel panic - not syncing: Fatal exception [ 936.645058] Kernel Offset: disabled [ 936.648676] Rebooting in 86400 seconds..