nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xfc, r1, 0x0, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1d1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x67}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) 10:19:33 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 64) statx(r0, &(0x7f0000000100)='./file0\x00', 0x4500, 0x1, &(0x7f0000000140)) (rerun: 64) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f00000000c0)={0x2}) 10:19:33 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xfc, r1, 0x0, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1d1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x67}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xfc, r1, 0x0, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1d1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x67}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) (async) 10:19:33 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x9, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) statx(r0, &(0x7f0000000000)='./file0\x00', 0x800, 0x4, &(0x7f00000000c0)) [ 1047.853651] get_empty_filp+0x16b/0x3f0 [ 1047.857632] alloc_file+0x23/0x440 [ 1047.861176] __shmem_file_setup.part.0+0x198/0x3c0 [ 1047.866109] ? shmem_create+0x30/0x30 [ 1047.869913] ? __alloc_fd+0x1be/0x490 [ 1047.873719] SyS_memfd_create+0x1fc/0x3c0 [ 1047.877867] ? shmem_fcntl+0x120/0x120 [ 1047.881754] ? __do_page_fault+0x159/0xad0 [ 1047.885991] ? do_syscall_64+0x4c/0x640 [ 1047.889965] ? shmem_fcntl+0x120/0x120 [ 1047.893855] do_syscall_64+0x1d5/0x640 [ 1047.897748] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1047.902935] RIP: 0033:0x7f2e61d66049 [ 1047.906639] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1047.914365] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d66049 [ 1047.921631] RDX: 00000000000003fe RSI: 0000000000000000 RDI: 00007f2e61dbf1e0 [ 1047.928902] RBP: 0000000000000001 R08: 00000000000001ff R09: 00007f2e606db1d0 [ 1047.936170] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 1047.943439] R13: 0000000020000640 R14: 00000000000003fe R15: 0000000020000f80 10:19:33 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 6) 10:19:33 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x9, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) statx(r0, &(0x7f0000000000)='./file0\x00', 0x800, 0x4, &(0x7f00000000c0)) 10:19:33 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r1, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xfc, r1, 0x0, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1d1}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x67}}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x40000) 10:19:33 executing program 1: socket(0x2b, 0x0, 0x0) 10:19:33 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0xc802, 0x0) ioctl$SNDCTL_SEQ_PANIC(r0, 0x5111) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x1406, 0x8, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x8842) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) ioctl$SNDCTL_SEQ_TESTMIDI(r2, 0x40045108, &(0x7f00000002c0)=0x15c6ad1d) sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x2, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0x8}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40800}, 0x4003) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0xc802, 0x0) (async) ioctl$SNDCTL_SEQ_PANIC(r0, 0x5111) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x1406, 0x8, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x8842) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) ioctl$SNDCTL_SEQ_TESTMIDI(r2, 0x40045108, &(0x7f00000002c0)=0x15c6ad1d) (async) sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x2, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0x8}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40800}, 0x4003) (async) 10:19:33 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000b00)={0x4c, 0x0, &(0x7f00000009c0)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000900)={@fda={0x66646185, 0x1, 0x1, 0x20}, @flat=@weak_binder={0x77622a85, 0xa}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000980)={0x0, 0x20, 0x38}}, 0x400}], 0xa6, 0x0, &(0x7f0000000a40)="68d9eeda0e63c837fe77a2cf96ba9b1b9a8ef4b1d1b9206d3e7af6e774ae3534489bcda8905eb422af513e2fbc82158e4fda2f5e7635748769a819e58b83f851480ec5c2ea108cf3ad4debc12c5517a3a4f9f617b92b4ec58c65a4274b640a5d89f99401250bb8d85f6ba9d7a2c4994f4a93bf810fa161414c44e533fd506fc69ae38436ded0430647cc9cd94ec3c9688159557eb55c75fb57390a5ff9bdf00eb73f7adff9d3"}) r1 = syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1, 0x8, &(0x7f00000006c0)=[{&(0x7f00000000c0)="792cc650332a8e383ad060132edcd6536cd46f14d9e88df2166902639f3c456b673dbbf9b8c8658be259996fdf6a95f9c71f74f66bff095bfe2ff31ce38d44b34fc902751ede9d733d6fa4d25f36ec180f26eb2df7a2880b1fb102fade8f02c12cfafeab9d1d96a7023c923a6dc42865481e8f465a6011fe4951fc686cf904a37bdd6bfe85bbc04f8a558d53773fc7840650af51c99867c3ce8245628330ba06f1fe271b33742a5652a49957e20155", 0xaf, 0xfffffffffffffffe}, {&(0x7f0000000180)="1ab0047df924548b10fee88543778ea378e9f6241a3bfeff8e797c77f16c2d0bdb41a781b62c647ad197319efd60f65b21d71f7a5a38365538628364776abee26d16de3eaee1a7e5ee13aa93b89bcfa557e5f53174899d38a09162e8a607e06519c5aaceeaa1774dcf2208206146c61f604c15b99e7af239dd26b9e3777076d422436b8e381d209eb7be2c47694eb3ce25b1e10f4299bbce700fc9e0ed5dbd", 0x9f, 0x2}, {&(0x7f0000000240)="25c3a5978eade99b3d985932acebcbe226253954644181481482a801e760a1405d7a2cca901ac60dc38d9dfe70c2563c169b4ffc5c22afb0518f373130a3e37a4c237dce15d57c2f647a3310aa266d8b948831100cb4ccc0048e", 0x5a, 0x5ecb}, {&(0x7f00000002c0)="b18dc2d6572072ca9d1c8953d01f951ff64029343b77e79cdc8b23f1ce7cefba81f083e8aee8b0bcda29cb0f2662777de24405da948468f4d3a3a3a6035a4e2ba4859c1ce6c4a48f793ea4742073d12c08a0e96e7641bc0ccf744622f0ae4e902a72b253e3c1a3bca4b406a6bb3f7c6b621c08974843efe99e0c6b02af775d47e878c4c19e03bfe0ca5da69cb0747480df8c38424d4a1e4cd989c7289b2c927dea3c903020874b1e4eb9ae5e88029af904631dfe7426264c4816ed2f82636ba4bca1fc7b01dde834e440fa1020c7102691af8ebc", 0xd4, 0xfffffffffffffff8}, {&(0x7f00000003c0)="7320a3df034c262525ce2f2dab6e9f47b5da820f96dd3bc0a92607033e2f5b28676a248af23c06b2785d212436ad9936f7cf617ce51dcf1d0831b7327014ee19f1c0ca23399bd3ab28b9f6383726311876680e4374c0d1a0d4b2464f738b5c6f2e93561c7d6fe16c210e08afbf47783dfb8804afd8675f39818b86de5594f737c9c8ac84d0158de361fd1abaa502f48e8220f03cc80ca2631e80ef9ce564266b330a3611149d0019698ea464c6081867a43905afc0cb", 0xb6, 0x8}, {&(0x7f0000000480)="d6bf080c87449562872a7345d411f2a103420afd50c5d4cc23e0d3e2971086a011c91da44fd5d5d1bd0224c563c59487726102b46821bb41925ea0196df2d5ff2ba072791731be7fce52d818dc7047e848da0de34f2eee14efcd2c1482e2b44316f8b9fa6d797f1a9e43c6d6fe428039", 0x70, 0x7}, {&(0x7f0000000500)="a379ee34be4fc7fa06230b974ed99372fc2b0cffe3dde096cfb5a2336a2b2f8c10c7805c4b83fdb8f12868da0aac6599e6dc59493d00054fe556fa99f8e804b6c46728313ca170b09db30b6304dada4f08d96066293690a2fe507b711d4a08e95ecb7a103fc11fd8e5b6963125e55dfe10aabeb8908b120730ab760f3036919581b3f359a3dbadeef699386aac", 0x8d, 0x1}, {&(0x7f00000005c0)="68d6f2240fea14647c2dfb15c26a2714e2bc15cdfe7178892deefe1364f7969226c558b44245c6d0c3608e524034d90abc0ea6b47d257fcd0564df7e02290a2261b771b2b5c989460e298ca53f5f5b8b1b66268e94c1d1a1357e7bc06bff2b5d5c34092ed392d0a7", 0x68, 0x8}], 0x1b484c8, &(0x7f0000000780)={[{')'}], [{@dont_hash}, {@dont_measure}, {@audit}, {@obj_role}, {@subj_type={'subj_type', 0x3d, ':@\xbf^,$-#%}'}}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x53, 0x31, 0x39, 0x3, 0x31, 0x35, 0x36], 0x2d, [0x64, 0x66, 0x2, 0x37], 0x2d, [0x36, 0x35, 0x66, 0x61], 0x2d, [0x34, 0x32, 0x66, 0x33], 0x2d, [0x62, 0x31, 0x65, 0x30, 0x6, 0x32, 0x31, 0x34]}}}]}) statx(r1, &(0x7f0000000640)='./file0/file0\x00', 0x6100, 0x40, &(0x7f0000000800)) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000b00)={0x4c, 0x0, &(0x7f00000009c0)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000900)={@fda={0x66646185, 0x1, 0x1, 0x20}, @flat=@weak_binder={0x77622a85, 0xa}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000980)={0x0, 0x20, 0x38}}, 0x400}], 0xa6, 0x0, &(0x7f0000000a40)="68d9eeda0e63c837fe77a2cf96ba9b1b9a8ef4b1d1b9206d3e7af6e774ae3534489bcda8905eb422af513e2fbc82158e4fda2f5e7635748769a819e58b83f851480ec5c2ea108cf3ad4debc12c5517a3a4f9f617b92b4ec58c65a4274b640a5d89f99401250bb8d85f6ba9d7a2c4994f4a93bf810fa161414c44e533fd506fc69ae38436ded0430647cc9cd94ec3c9688159557eb55c75fb57390a5ff9bdf00eb73f7adff9d3"}) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1, 0x8, &(0x7f00000006c0)=[{&(0x7f00000000c0)="792cc650332a8e383ad060132edcd6536cd46f14d9e88df2166902639f3c456b673dbbf9b8c8658be259996fdf6a95f9c71f74f66bff095bfe2ff31ce38d44b34fc902751ede9d733d6fa4d25f36ec180f26eb2df7a2880b1fb102fade8f02c12cfafeab9d1d96a7023c923a6dc42865481e8f465a6011fe4951fc686cf904a37bdd6bfe85bbc04f8a558d53773fc7840650af51c99867c3ce8245628330ba06f1fe271b33742a5652a49957e20155", 0xaf, 0xfffffffffffffffe}, {&(0x7f0000000180)="1ab0047df924548b10fee88543778ea378e9f6241a3bfeff8e797c77f16c2d0bdb41a781b62c647ad197319efd60f65b21d71f7a5a38365538628364776abee26d16de3eaee1a7e5ee13aa93b89bcfa557e5f53174899d38a09162e8a607e06519c5aaceeaa1774dcf2208206146c61f604c15b99e7af239dd26b9e3777076d422436b8e381d209eb7be2c47694eb3ce25b1e10f4299bbce700fc9e0ed5dbd", 0x9f, 0x2}, {&(0x7f0000000240)="25c3a5978eade99b3d985932acebcbe226253954644181481482a801e760a1405d7a2cca901ac60dc38d9dfe70c2563c169b4ffc5c22afb0518f373130a3e37a4c237dce15d57c2f647a3310aa266d8b948831100cb4ccc0048e", 0x5a, 0x5ecb}, {&(0x7f00000002c0)="b18dc2d6572072ca9d1c8953d01f951ff64029343b77e79cdc8b23f1ce7cefba81f083e8aee8b0bcda29cb0f2662777de24405da948468f4d3a3a3a6035a4e2ba4859c1ce6c4a48f793ea4742073d12c08a0e96e7641bc0ccf744622f0ae4e902a72b253e3c1a3bca4b406a6bb3f7c6b621c08974843efe99e0c6b02af775d47e878c4c19e03bfe0ca5da69cb0747480df8c38424d4a1e4cd989c7289b2c927dea3c903020874b1e4eb9ae5e88029af904631dfe7426264c4816ed2f82636ba4bca1fc7b01dde834e440fa1020c7102691af8ebc", 0xd4, 0xfffffffffffffff8}, {&(0x7f00000003c0)="7320a3df034c262525ce2f2dab6e9f47b5da820f96dd3bc0a92607033e2f5b28676a248af23c06b2785d212436ad9936f7cf617ce51dcf1d0831b7327014ee19f1c0ca23399bd3ab28b9f6383726311876680e4374c0d1a0d4b2464f738b5c6f2e93561c7d6fe16c210e08afbf47783dfb8804afd8675f39818b86de5594f737c9c8ac84d0158de361fd1abaa502f48e8220f03cc80ca2631e80ef9ce564266b330a3611149d0019698ea464c6081867a43905afc0cb", 0xb6, 0x8}, {&(0x7f0000000480)="d6bf080c87449562872a7345d411f2a103420afd50c5d4cc23e0d3e2971086a011c91da44fd5d5d1bd0224c563c59487726102b46821bb41925ea0196df2d5ff2ba072791731be7fce52d818dc7047e848da0de34f2eee14efcd2c1482e2b44316f8b9fa6d797f1a9e43c6d6fe428039", 0x70, 0x7}, {&(0x7f0000000500)="a379ee34be4fc7fa06230b974ed99372fc2b0cffe3dde096cfb5a2336a2b2f8c10c7805c4b83fdb8f12868da0aac6599e6dc59493d00054fe556fa99f8e804b6c46728313ca170b09db30b6304dada4f08d96066293690a2fe507b711d4a08e95ecb7a103fc11fd8e5b6963125e55dfe10aabeb8908b120730ab760f3036919581b3f359a3dbadeef699386aac", 0x8d, 0x1}, {&(0x7f00000005c0)="68d6f2240fea14647c2dfb15c26a2714e2bc15cdfe7178892deefe1364f7969226c558b44245c6d0c3608e524034d90abc0ea6b47d257fcd0564df7e02290a2261b771b2b5c989460e298ca53f5f5b8b1b66268e94c1d1a1357e7bc06bff2b5d5c34092ed392d0a7", 0x68, 0x8}], 0x1b484c8, &(0x7f0000000780)={[{')'}], [{@dont_hash}, {@dont_measure}, {@audit}, {@obj_role}, {@subj_type={'subj_type', 0x3d, ':@\xbf^,$-#%}'}}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x53, 0x31, 0x39, 0x3, 0x31, 0x35, 0x36], 0x2d, [0x64, 0x66, 0x2, 0x37], 0x2d, [0x36, 0x35, 0x66, 0x61], 0x2d, [0x34, 0x32, 0x66, 0x33], 0x2d, [0x62, 0x31, 0x65, 0x30, 0x6, 0x32, 0x31, 0x34]}}}]}) (async) statx(r1, &(0x7f0000000640)='./file0/file0\x00', 0x6100, 0x40, &(0x7f0000000800)) (async) 10:19:33 executing program 1: socket(0x24, 0x0, 0x9) 10:19:33 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x408900, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000340)=@e={0xff, 0xa, 0x2, 0xe9, @SEQ_NOTEON=@note=0x7b, 0x40, 0x8, 0x1}) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x202, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000042}, 0x40010) r4 = ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, 0x1407, 0x300, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x8080}, 0x80c4) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="dd360710", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fedbdf257000000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990004000000310000000a000600ffffffffffff00000a000600ffffffffffff00000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) 10:19:33 executing program 1: socket(0x24, 0x0, 0x9) 10:19:33 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0xc802, 0x0) ioctl$SNDCTL_SEQ_PANIC(r0, 0x5111) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, 0x1406, 0x8, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x8842) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async, rerun: 32) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (rerun: 32) r4 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) ioctl$SNDCTL_SEQ_TESTMIDI(r2, 0x40045108, &(0x7f00000002c0)=0x15c6ad1d) (async) sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r3, 0x2, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @val={0x8}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40800}, 0x4003) 10:19:33 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x9, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) statx(r0, &(0x7f0000000000)='./file0\x00', 0x800, 0x4, &(0x7f00000000c0)) 10:19:33 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000b00)={0x4c, 0x0, &(0x7f00000009c0)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000900)={@fda={0x66646185, 0x1, 0x1, 0x20}, @flat=@weak_binder={0x77622a85, 0xa}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000980)={0x0, 0x20, 0x38}}, 0x400}], 0xa6, 0x0, &(0x7f0000000a40)="68d9eeda0e63c837fe77a2cf96ba9b1b9a8ef4b1d1b9206d3e7af6e774ae3534489bcda8905eb422af513e2fbc82158e4fda2f5e7635748769a819e58b83f851480ec5c2ea108cf3ad4debc12c5517a3a4f9f617b92b4ec58c65a4274b640a5d89f99401250bb8d85f6ba9d7a2c4994f4a93bf810fa161414c44e533fd506fc69ae38436ded0430647cc9cd94ec3c9688159557eb55c75fb57390a5ff9bdf00eb73f7adff9d3"}) (async) r1 = syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x1, 0x8, &(0x7f00000006c0)=[{&(0x7f00000000c0)="792cc650332a8e383ad060132edcd6536cd46f14d9e88df2166902639f3c456b673dbbf9b8c8658be259996fdf6a95f9c71f74f66bff095bfe2ff31ce38d44b34fc902751ede9d733d6fa4d25f36ec180f26eb2df7a2880b1fb102fade8f02c12cfafeab9d1d96a7023c923a6dc42865481e8f465a6011fe4951fc686cf904a37bdd6bfe85bbc04f8a558d53773fc7840650af51c99867c3ce8245628330ba06f1fe271b33742a5652a49957e20155", 0xaf, 0xfffffffffffffffe}, {&(0x7f0000000180)="1ab0047df924548b10fee88543778ea378e9f6241a3bfeff8e797c77f16c2d0bdb41a781b62c647ad197319efd60f65b21d71f7a5a38365538628364776abee26d16de3eaee1a7e5ee13aa93b89bcfa557e5f53174899d38a09162e8a607e06519c5aaceeaa1774dcf2208206146c61f604c15b99e7af239dd26b9e3777076d422436b8e381d209eb7be2c47694eb3ce25b1e10f4299bbce700fc9e0ed5dbd", 0x9f, 0x2}, {&(0x7f0000000240)="25c3a5978eade99b3d985932acebcbe226253954644181481482a801e760a1405d7a2cca901ac60dc38d9dfe70c2563c169b4ffc5c22afb0518f373130a3e37a4c237dce15d57c2f647a3310aa266d8b948831100cb4ccc0048e", 0x5a, 0x5ecb}, {&(0x7f00000002c0)="b18dc2d6572072ca9d1c8953d01f951ff64029343b77e79cdc8b23f1ce7cefba81f083e8aee8b0bcda29cb0f2662777de24405da948468f4d3a3a3a6035a4e2ba4859c1ce6c4a48f793ea4742073d12c08a0e96e7641bc0ccf744622f0ae4e902a72b253e3c1a3bca4b406a6bb3f7c6b621c08974843efe99e0c6b02af775d47e878c4c19e03bfe0ca5da69cb0747480df8c38424d4a1e4cd989c7289b2c927dea3c903020874b1e4eb9ae5e88029af904631dfe7426264c4816ed2f82636ba4bca1fc7b01dde834e440fa1020c7102691af8ebc", 0xd4, 0xfffffffffffffff8}, {&(0x7f00000003c0)="7320a3df034c262525ce2f2dab6e9f47b5da820f96dd3bc0a92607033e2f5b28676a248af23c06b2785d212436ad9936f7cf617ce51dcf1d0831b7327014ee19f1c0ca23399bd3ab28b9f6383726311876680e4374c0d1a0d4b2464f738b5c6f2e93561c7d6fe16c210e08afbf47783dfb8804afd8675f39818b86de5594f737c9c8ac84d0158de361fd1abaa502f48e8220f03cc80ca2631e80ef9ce564266b330a3611149d0019698ea464c6081867a43905afc0cb", 0xb6, 0x8}, {&(0x7f0000000480)="d6bf080c87449562872a7345d411f2a103420afd50c5d4cc23e0d3e2971086a011c91da44fd5d5d1bd0224c563c59487726102b46821bb41925ea0196df2d5ff2ba072791731be7fce52d818dc7047e848da0de34f2eee14efcd2c1482e2b44316f8b9fa6d797f1a9e43c6d6fe428039", 0x70, 0x7}, {&(0x7f0000000500)="a379ee34be4fc7fa06230b974ed99372fc2b0cffe3dde096cfb5a2336a2b2f8c10c7805c4b83fdb8f12868da0aac6599e6dc59493d00054fe556fa99f8e804b6c46728313ca170b09db30b6304dada4f08d96066293690a2fe507b711d4a08e95ecb7a103fc11fd8e5b6963125e55dfe10aabeb8908b120730ab760f3036919581b3f359a3dbadeef699386aac", 0x8d, 0x1}, {&(0x7f00000005c0)="68d6f2240fea14647c2dfb15c26a2714e2bc15cdfe7178892deefe1364f7969226c558b44245c6d0c3608e524034d90abc0ea6b47d257fcd0564df7e02290a2261b771b2b5c989460e298ca53f5f5b8b1b66268e94c1d1a1357e7bc06bff2b5d5c34092ed392d0a7", 0x68, 0x8}], 0x1b484c8, &(0x7f0000000780)={[{')'}], [{@dont_hash}, {@dont_measure}, {@audit}, {@obj_role}, {@subj_type={'subj_type', 0x3d, ':@\xbf^,$-#%}'}}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x53, 0x31, 0x39, 0x3, 0x31, 0x35, 0x36], 0x2d, [0x64, 0x66, 0x2, 0x37], 0x2d, [0x36, 0x35, 0x66, 0x61], 0x2d, [0x34, 0x32, 0x66, 0x33], 0x2d, [0x62, 0x31, 0x65, 0x30, 0x6, 0x32, 0x31, 0x34]}}}]}) statx(r1, &(0x7f0000000640)='./file0/file0\x00', 0x6100, 0x40, &(0x7f0000000800)) [ 1048.073766] FAULT_INJECTION: forcing a failure. [ 1048.073766] name failslab, interval 1, probability 0, space 0, times 0 [ 1048.131171] CPU: 0 PID: 13667 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1048.139079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.148526] Call Trace: [ 1048.151117] dump_stack+0x1b2/0x281 [ 1048.154774] should_fail.cold+0x10a/0x149 [ 1048.158942] should_failslab+0xd6/0x130 [ 1048.162919] kmem_cache_alloc+0x28e/0x3c0 [ 1048.167070] getname_flags+0xc8/0x550 [ 1048.170874] do_sys_open+0x1ce/0x410 [ 1048.174589] ? filp_open+0x60/0x60 [ 1048.178128] ? SyS_pwrite64+0xca/0x140 [ 1048.182014] ? do_syscall_64+0x4c/0x640 [ 1048.185983] ? SyS_open+0x30/0x30 [ 1048.189437] do_syscall_64+0x1d5/0x640 [ 1048.193330] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1048.198514] RIP: 0033:0x7f2e61d18f64 [ 1048.202221] RSP: 002b:00007f2e606daeb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1048.209927] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d18f64 [ 1048.217193] RDX: 0000000000000002 RSI: 00007f2e606dafe0 RDI: 00000000ffffff9c [ 1048.224459] RBP: 00007f2e606dafe0 R08: 0000000000000000 R09: 00007f2e606db1d0 10:19:33 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 7) 10:19:33 executing program 1: socket(0x24, 0x0, 0x9) 10:19:33 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x408900, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000340)=@e={0xff, 0xa, 0x2, 0xe9, @SEQ_NOTEON=@note=0x7b, 0x40, 0x8, 0x1}) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x202, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000042}, 0x40010) r4 = ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, 0x1407, 0x300, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x8080}, 0x80c4) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="dd360710", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fedbdf257000000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990004000000310000000a000600ffffffffffff00000a000600ffffffffffff00000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x408900, 0x0) (async) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000340)=@e={0xff, 0xa, 0x2, 0xe9, @SEQ_NOTEON=@note=0x7b, 0x40, 0x8, 0x1}) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) (async) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x202, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000042}, 0x40010) (async) ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, 0x1407, 0x300, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x8080}, 0x80c4) (async) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="dd360710", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fedbdf257000000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990004000000310000000a000600ffffffffffff00000a000600ffffffffffff00000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) (async) 10:19:33 executing program 3: msgget$private(0x0, 0x43) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x109000) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 10:19:33 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='\x00', 0x4, 0x6, &(0x7f0000000640)=[{&(0x7f0000000280)="3008cf0cd698f2cfedb7cf27fc74c495d465079b5a2aa3a547a4026946c8c3ac58a9a0d68edfc6ca2d286bfabe43ef99579d2fd1ca6c5526fac3376c958bb00f0a419015d3d0b61605a571797b0ccf594660685e93ae103babd59da2eade333213056cb70c458de14d0b22a5f5c318792cac462c4a875425b6521f89b832ed1e55b60a2df16d108cfed8e6458ae28c8c5bbd1aca30a840b4f40df9dc39cbf8d3caf8cef56b4885107945eac95257cbbe5cbfd06d33540ff161f01a98b0030e2df48e9d913e65565d", 0xc8, 0x84}, {&(0x7f0000000380)="053b4ed297841cf623771e7aff683e376f2bc4b41a028e9cb5a40e25abda2e6f5460040ad17096bffb8ea2aee315a2e2e4d8b193db66b52b0dd0e6bdfe1e246b7e0ca22577cc97ad92cba37984dc33f85d036988a1029bbacfa60a8438b1673335cba0de0dd5079e44fba17eeaf5367884e2bbbc3beb5c022a900ed3a449e6d030d9f7121eca1a69575f7e5c781fd32710b960b44563f455f7c9453eba06c1d904f02f3401ad9cffc9bce1c60b7fefd174f07c42e75dd00c3f0fc2c25b151033976dadd619c3c80c7c1233", 0xcb}, {&(0x7f0000000840)="a4e79f4a8d7cc245faecedff3a1071e02a8a862d41dc2931016b74dbbbbfc572cb1ac7536ccbb550d8cfa118531bbef3b36964d5de441d4c65a2df318b4c604e97677b4418fb9ced095364f7d33679458833049d0282ea8dad9ffd49c6a2370d98c4e9c4a68534250ae1b046d8095eb4672cc74d650d9f6a5dd22985876c9e539ee622e4d9e0a881c3ad2fab3d", 0x8d, 0xffffffff902656cd}, {&(0x7f00000001c0)="db36cec26679c569418acfb636f8bf4a3cff9d434a2eac3083fb9e882be709f9c8b168d13e217b31b80752b61149dc8cda4cc44d0178d29e29ee731353fc4c8ed11ee4475f84884f3c6da6523d4d73f2afbbe84541ca069b099cedc0e1e8b9b20dfce010ded1c8bcc52372e8cd25f5dd8482f6dcd979a2bed8a7eb85bb77a2a8f4feb3fe4d281d52fd11727be2116207c68ae8621264df58a748216904a74cbfddc1fee0f324cf5ad9ca99b9a94e36fb638361b42874", 0xb6, 0x2}, {&(0x7f0000000700)="20ef0228e96e778e24b605e4e4b7642c4110c3ef5c2210faeb9e59f566da692c6baf93b4d36d7aefa03cf3392eab148a57eaaa985760100e02675e6b7ada7e0ffbcbdac46ac47b25b5a5d78c0146bbe8980d579443aba44e736b2051c4ac417e8c2fc86e7df58d3feef6d10332d71752f8dbf663196430d820200000000000000000000000009a4a9ddcf8e0cf5405513c9833b58df3a57a3e62e548bf699a94361ab98be5026a1fbf0b42661bec1d5b6ebc0500d4f5108124d27f4997593c502bbbbf5f49a6991fcdfb52065fc21de2bd938c5cb5ec31ee2c5ea3ebdee2f9170400000066069cd78d76371b0a5bb86c521348830c45b6bac39791672113bd1eb83302873d841b20d5fe7dadd33030420469ac100b24c84a68fd", 0x11a, 0x2}, {&(0x7f0000000580)="710f8a6be6f76196051a296c78d210123c2197c3fc99d45693934d42184b3834ddf15dd1a5575907d4830c37882b873e656dcf96d54ce25ca20a45ced71b7df76216419065e1f3f578140555ca6b4ecfffddcb5b93022e56ed108fdce46a4564c2a21fea34acaebc1280c630591ee1ed742507436358418e4c53b8a128a98f2b2e14ae0218ddccef29c1d7547a7760bae4bfa704fe", 0x95, 0x8}], 0x801810, &(0x7f0000000480)={[{}, {'\'^:\\*'}, {'@*.'}, {'\xeeQ\xd3\xf3\x917\x9dr\xd8R\xfe\x1c\xe1\x89\\X/#\t\x17\xaf\xf1\xde\xa8\x18=7\xaa\x9c\xf5.\x8eA\x9b5\x12k\xd7\xebe\x1f\\\x1de6\xc6\xc8N\xde7\x1a\xc3s\x00'/64}, {'.:'}, {'['}, {')++&\x1e\x9c\xdc<3\x02\xac\xdf\a\xba\x1a\x86\"\xb5\x02!\tT\xfd\xaa\x9f\xa6\x15\xf2\x11(\x8a-\xf0\x05\xe0\x8b\x95\x1a[\xd96AS\x15\xf3\xbb36=\xe8\xad\xa0o\x9a\xe0\xb2/\xde\x8d\x811$\xb4\xa4\xb8a\xc6\xfc\"\xb9\xa1\xfao\xa4^\x1f5Fr|y\x9b\xa6+\xee\xa0O\x1b\x13\xf0\xf5'}, {'%{'}, {'@({&'}, {'%'}], [{@subj_role={'subj_role', 0x3d, '!}[@,,*/'}}, {@uid_eq={'uid', 0x3d, 0xee01}}]}) [ 1048.231727] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1048.238997] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:33 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0xffffffffffffff16, 0x0, 0x828049, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x301000, 0x0) ioctl$SNDCTL_TMR_SELECT(r0, 0x40045408) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) 10:19:33 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x109800, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x6004801) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMK(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x74, r6, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x78}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PMK={0x14, 0xfe, "293476169a23467fbb6f45f4f48c136b"}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "cc0d790000d9f32ba06c6e579b84ae20"}]}, 0x74}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040005) sendmsg$NL80211_CMD_LEAVE_OCB(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r4, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x67}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x20000000) sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xc0, r4, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "cdb4633789e364fe191e9ab2da"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "109cb9ffa56dc144e2eda8dbc9"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "73eb4986de"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x2c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY={0x38, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x24, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_MODE={0x5}]}]}, 0xc0}}, 0xc0) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="88000010", @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf250c00000034005080040006000800030001ac0f000500020002000000110001008bc4dfbd5b74e674b4af1b46b400000008000400db77a1020a00060008021100000000000800090005ac0f0008003700000020000800090005ac0f0004002800054dd13c5832b95600080001000000080037000100000008"], 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x804) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r7, 0x0, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r3) sendmsg$NL80211_CMD_GET_WIPHY(r7, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r8, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7c}, @void, @val={0xc, 0x99, {0x4, 0x70}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x4) 10:19:33 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x408900, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000340)=@e={0xff, 0xa, 0x2, 0xe9, @SEQ_NOTEON=@note=0x7b, 0x40, 0x8, 0x1}) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x202, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000042}, 0x40010) r4 = ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, 0x1407, 0x300, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x8080}, 0x80c4) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="dd360710", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fedbdf257000000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990004000000310000000a000600ffffffffffff00000a000600ffffffffffff00000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) fcntl$getownex(r0, 0x10, &(0x7f00000001c0)) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0x408900, 0x0) (async) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000340)=@e={0xff, 0xa, 0x2, 0xe9, @SEQ_NOTEON=@note=0x7b, 0x40, 0x8, 0x1}) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) (async) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x202, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000042}, 0x40010) (async) ioctl$NS_GET_PARENT(r3, 0xb702, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, 0x1407, 0x300, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x8080}, 0x80c4) (async) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="dd360710", @ANYRES16=0x0, @ANYBLOB="10002bbd7000fedbdf257000000008000300", @ANYRES32=0x0, @ANYBLOB="0c00990004000000310000000a000600ffffffffffff00000a000600ffffffffffff00000a0006000802110000010000"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r1) (async) [ 1048.321922] FAULT_INJECTION: forcing a failure. [ 1048.321922] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1048.333740] CPU: 0 PID: 13723 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1048.341621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.350971] Call Trace: [ 1048.353565] dump_stack+0x1b2/0x281 [ 1048.357196] should_fail.cold+0x10a/0x149 [ 1048.361350] __alloc_pages_nodemask+0x22c/0x2720 [ 1048.366105] ? trace_hardirqs_on+0x10/0x10 [ 1048.370340] ? trace_hardirqs_on+0x10/0x10 [ 1048.374575] ? trace_hardirqs_on+0x10/0x10 [ 1048.378808] ? __lock_acquire+0x5fc/0x3f20 [ 1048.383046] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1048.387896] ? up_write+0x17/0x60 [ 1048.391347] ? generic_file_write_iter+0x2f8/0x650 [ 1048.396275] ? __fsnotify_inode_delete+0x20/0x20 [ 1048.401027] ? iov_iter_init+0xa6/0x1c0 [ 1048.405004] cache_grow_begin+0x91/0x700 [ 1048.409064] ? fs_reclaim_release+0xd0/0x110 [ 1048.413469] ? check_preemption_disabled+0x35/0x240 10:19:33 executing program 0: sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x29, 0x7f, 0x5, 0x8, 0x4, @mcast1, @loopback, 0x700, 0x8000, 0x3, 0x9d98}}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0}}) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r3, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r5, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) r8 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x40, 0x140e, 0x400, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4080}, 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0}}) r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r9, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r10, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r11, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000780)={&(0x7f0000000280)={0x4cc, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [{{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x19c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3d9d}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7fd}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffff}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7f5}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r1}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8}, {0xc8, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x4cc}, 0x1, 0x0, 0x0, 0x20000000}, 0x44041) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1048.418487] cache_alloc_refill+0x273/0x350 [ 1048.422812] kmem_cache_alloc+0x333/0x3c0 [ 1048.426961] getname_flags+0xc8/0x550 [ 1048.430761] do_sys_open+0x1ce/0x410 [ 1048.434479] ? filp_open+0x60/0x60 [ 1048.438018] ? SyS_pwrite64+0xca/0x140 [ 1048.441908] ? do_syscall_64+0x4c/0x640 [ 1048.445881] ? SyS_open+0x30/0x30 [ 1048.449340] do_syscall_64+0x1d5/0x640 [ 1048.453228] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1048.458410] RIP: 0033:0x7f2e61d18f64 [ 1048.462119] RSP: 002b:00007f2e606daeb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 10:19:33 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x109800, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x6004801) (async, rerun: 32) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMK(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x74, r6, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x78}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PMK={0x14, 0xfe, "293476169a23467fbb6f45f4f48c136b"}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "cc0d790000d9f32ba06c6e579b84ae20"}]}, 0x74}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040005) (async) sendmsg$NL80211_CMD_LEAVE_OCB(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r4, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x67}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x20000000) (async) sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xc0, r4, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "cdb4633789e364fe191e9ab2da"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "109cb9ffa56dc144e2eda8dbc9"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "73eb4986de"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x2c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY={0x38, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x24, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_MODE={0x5}]}]}, 0xc0}}, 0xc0) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="88000010", @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf250c00000034005080040006000800030001ac0f000500020002000000110001008bc4dfbd5b74e674b4af1b46b400000008000400db77a1020a00060008021100000000000800090005ac0f0008003700000020000800090005ac0f0004002800054dd13c5832b95600080001000000080037000100000008"], 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async, rerun: 32) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r7, 0x0, 0x0) (async) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r3) sendmsg$NL80211_CMD_GET_WIPHY(r7, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r8, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7c}, @void, @val={0xc, 0x99, {0x4, 0x70}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x4) 10:19:33 executing program 3: msgget$private(0x0, 0x43) (async, rerun: 32) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x109000) (async, rerun: 32) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 64) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) (rerun: 64) 10:19:33 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0xffffffffffffff16, 0x0, 0x828049, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x301000, 0x0) ioctl$SNDCTL_TMR_SELECT(r0, 0x40045408) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) [ 1048.469934] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d18f64 [ 1048.477230] RDX: 0000000000000002 RSI: 00007f2e606dafe0 RDI: 00000000ffffff9c [ 1048.484499] RBP: 00007f2e606dafe0 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1048.491856] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1048.499123] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1048.570805] qnx4: unable to read the superblock 10:19:34 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 8) 10:19:34 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='\x00', 0x4, 0x6, &(0x7f0000000640)=[{&(0x7f0000000280)="3008cf0cd698f2cfedb7cf27fc74c495d465079b5a2aa3a547a4026946c8c3ac58a9a0d68edfc6ca2d286bfabe43ef99579d2fd1ca6c5526fac3376c958bb00f0a419015d3d0b61605a571797b0ccf594660685e93ae103babd59da2eade333213056cb70c458de14d0b22a5f5c318792cac462c4a875425b6521f89b832ed1e55b60a2df16d108cfed8e6458ae28c8c5bbd1aca30a840b4f40df9dc39cbf8d3caf8cef56b4885107945eac95257cbbe5cbfd06d33540ff161f01a98b0030e2df48e9d913e65565d", 0xc8, 0x84}, {&(0x7f0000000380)="053b4ed297841cf623771e7aff683e376f2bc4b41a028e9cb5a40e25abda2e6f5460040ad17096bffb8ea2aee315a2e2e4d8b193db66b52b0dd0e6bdfe1e246b7e0ca22577cc97ad92cba37984dc33f85d036988a1029bbacfa60a8438b1673335cba0de0dd5079e44fba17eeaf5367884e2bbbc3beb5c022a900ed3a449e6d030d9f7121eca1a69575f7e5c781fd32710b960b44563f455f7c9453eba06c1d904f02f3401ad9cffc9bce1c60b7fefd174f07c42e75dd00c3f0fc2c25b151033976dadd619c3c80c7c1233", 0xcb}, {&(0x7f0000000840)="a4e79f4a8d7cc245faecedff3a1071e02a8a862d41dc2931016b74dbbbbfc572cb1ac7536ccbb550d8cfa118531bbef3b36964d5de441d4c65a2df318b4c604e97677b4418fb9ced095364f7d33679458833049d0282ea8dad9ffd49c6a2370d98c4e9c4a68534250ae1b046d8095eb4672cc74d650d9f6a5dd22985876c9e539ee622e4d9e0a881c3ad2fab3d", 0x8d, 0xffffffff902656cd}, {&(0x7f00000001c0)="db36cec26679c569418acfb636f8bf4a3cff9d434a2eac3083fb9e882be709f9c8b168d13e217b31b80752b61149dc8cda4cc44d0178d29e29ee731353fc4c8ed11ee4475f84884f3c6da6523d4d73f2afbbe84541ca069b099cedc0e1e8b9b20dfce010ded1c8bcc52372e8cd25f5dd8482f6dcd979a2bed8a7eb85bb77a2a8f4feb3fe4d281d52fd11727be2116207c68ae8621264df58a748216904a74cbfddc1fee0f324cf5ad9ca99b9a94e36fb638361b42874", 0xb6, 0x2}, {&(0x7f0000000700)="20ef0228e96e778e24b605e4e4b7642c4110c3ef5c2210faeb9e59f566da692c6baf93b4d36d7aefa03cf3392eab148a57eaaa985760100e02675e6b7ada7e0ffbcbdac46ac47b25b5a5d78c0146bbe8980d579443aba44e736b2051c4ac417e8c2fc86e7df58d3feef6d10332d71752f8dbf663196430d820200000000000000000000000009a4a9ddcf8e0cf5405513c9833b58df3a57a3e62e548bf699a94361ab98be5026a1fbf0b42661bec1d5b6ebc0500d4f5108124d27f4997593c502bbbbf5f49a6991fcdfb52065fc21de2bd938c5cb5ec31ee2c5ea3ebdee2f9170400000066069cd78d76371b0a5bb86c521348830c45b6bac39791672113bd1eb83302873d841b20d5fe7dadd33030420469ac100b24c84a68fd", 0x11a, 0x2}, {&(0x7f0000000580)="710f8a6be6f76196051a296c78d210123c2197c3fc99d45693934d42184b3834ddf15dd1a5575907d4830c37882b873e656dcf96d54ce25ca20a45ced71b7df76216419065e1f3f578140555ca6b4ecfffddcb5b93022e56ed108fdce46a4564c2a21fea34acaebc1280c630591ee1ed742507436358418e4c53b8a128a98f2b2e14ae0218ddccef29c1d7547a7760bae4bfa704fe", 0x95, 0x8}], 0x801810, &(0x7f0000000480)={[{}, {'\'^:\\*'}, {'@*.'}, {'\xeeQ\xd3\xf3\x917\x9dr\xd8R\xfe\x1c\xe1\x89\\X/#\t\x17\xaf\xf1\xde\xa8\x18=7\xaa\x9c\xf5.\x8eA\x9b5\x12k\xd7\xebe\x1f\\\x1de6\xc6\xc8N\xde7\x1a\xc3s\x00'/64}, {'.:'}, {'['}, {')++&\x1e\x9c\xdc<3\x02\xac\xdf\a\xba\x1a\x86\"\xb5\x02!\tT\xfd\xaa\x9f\xa6\x15\xf2\x11(\x8a-\xf0\x05\xe0\x8b\x95\x1a[\xd96AS\x15\xf3\xbb36=\xe8\xad\xa0o\x9a\xe0\xb2/\xde\x8d\x811$\xb4\xa4\xb8a\xc6\xfc\"\xb9\xa1\xfao\xa4^\x1f5Fr|y\x9b\xa6+\xee\xa0O\x1b\x13\xf0\xf5'}, {'%{'}, {'@({&'}, {'%'}], [{@subj_role={'subj_role', 0x3d, '!}[@,,*/'}}, {@uid_eq={'uid', 0x3d, 0xee01}}]}) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='\x00', 0x4, 0x6, &(0x7f0000000640)=[{&(0x7f0000000280)="3008cf0cd698f2cfedb7cf27fc74c495d465079b5a2aa3a547a4026946c8c3ac58a9a0d68edfc6ca2d286bfabe43ef99579d2fd1ca6c5526fac3376c958bb00f0a419015d3d0b61605a571797b0ccf594660685e93ae103babd59da2eade333213056cb70c458de14d0b22a5f5c318792cac462c4a875425b6521f89b832ed1e55b60a2df16d108cfed8e6458ae28c8c5bbd1aca30a840b4f40df9dc39cbf8d3caf8cef56b4885107945eac95257cbbe5cbfd06d33540ff161f01a98b0030e2df48e9d913e65565d", 0xc8, 0x84}, {&(0x7f0000000380)="053b4ed297841cf623771e7aff683e376f2bc4b41a028e9cb5a40e25abda2e6f5460040ad17096bffb8ea2aee315a2e2e4d8b193db66b52b0dd0e6bdfe1e246b7e0ca22577cc97ad92cba37984dc33f85d036988a1029bbacfa60a8438b1673335cba0de0dd5079e44fba17eeaf5367884e2bbbc3beb5c022a900ed3a449e6d030d9f7121eca1a69575f7e5c781fd32710b960b44563f455f7c9453eba06c1d904f02f3401ad9cffc9bce1c60b7fefd174f07c42e75dd00c3f0fc2c25b151033976dadd619c3c80c7c1233", 0xcb}, {&(0x7f0000000840)="a4e79f4a8d7cc245faecedff3a1071e02a8a862d41dc2931016b74dbbbbfc572cb1ac7536ccbb550d8cfa118531bbef3b36964d5de441d4c65a2df318b4c604e97677b4418fb9ced095364f7d33679458833049d0282ea8dad9ffd49c6a2370d98c4e9c4a68534250ae1b046d8095eb4672cc74d650d9f6a5dd22985876c9e539ee622e4d9e0a881c3ad2fab3d", 0x8d, 0xffffffff902656cd}, {&(0x7f00000001c0)="db36cec26679c569418acfb636f8bf4a3cff9d434a2eac3083fb9e882be709f9c8b168d13e217b31b80752b61149dc8cda4cc44d0178d29e29ee731353fc4c8ed11ee4475f84884f3c6da6523d4d73f2afbbe84541ca069b099cedc0e1e8b9b20dfce010ded1c8bcc52372e8cd25f5dd8482f6dcd979a2bed8a7eb85bb77a2a8f4feb3fe4d281d52fd11727be2116207c68ae8621264df58a748216904a74cbfddc1fee0f324cf5ad9ca99b9a94e36fb638361b42874", 0xb6, 0x2}, {&(0x7f0000000700)="20ef0228e96e778e24b605e4e4b7642c4110c3ef5c2210faeb9e59f566da692c6baf93b4d36d7aefa03cf3392eab148a57eaaa985760100e02675e6b7ada7e0ffbcbdac46ac47b25b5a5d78c0146bbe8980d579443aba44e736b2051c4ac417e8c2fc86e7df58d3feef6d10332d71752f8dbf663196430d820200000000000000000000000009a4a9ddcf8e0cf5405513c9833b58df3a57a3e62e548bf699a94361ab98be5026a1fbf0b42661bec1d5b6ebc0500d4f5108124d27f4997593c502bbbbf5f49a6991fcdfb52065fc21de2bd938c5cb5ec31ee2c5ea3ebdee2f9170400000066069cd78d76371b0a5bb86c521348830c45b6bac39791672113bd1eb83302873d841b20d5fe7dadd33030420469ac100b24c84a68fd", 0x11a, 0x2}, {&(0x7f0000000580)="710f8a6be6f76196051a296c78d210123c2197c3fc99d45693934d42184b3834ddf15dd1a5575907d4830c37882b873e656dcf96d54ce25ca20a45ced71b7df76216419065e1f3f578140555ca6b4ecfffddcb5b93022e56ed108fdce46a4564c2a21fea34acaebc1280c630591ee1ed742507436358418e4c53b8a128a98f2b2e14ae0218ddccef29c1d7547a7760bae4bfa704fe", 0x95, 0x8}], 0x801810, &(0x7f0000000480)={[{}, {'\'^:\\*'}, {'@*.'}, {'\xeeQ\xd3\xf3\x917\x9dr\xd8R\xfe\x1c\xe1\x89\\X/#\t\x17\xaf\xf1\xde\xa8\x18=7\xaa\x9c\xf5.\x8eA\x9b5\x12k\xd7\xebe\x1f\\\x1de6\xc6\xc8N\xde7\x1a\xc3s\x00'/64}, {'.:'}, {'['}, {')++&\x1e\x9c\xdc<3\x02\xac\xdf\a\xba\x1a\x86\"\xb5\x02!\tT\xfd\xaa\x9f\xa6\x15\xf2\x11(\x8a-\xf0\x05\xe0\x8b\x95\x1a[\xd96AS\x15\xf3\xbb36=\xe8\xad\xa0o\x9a\xe0\xb2/\xde\x8d\x811$\xb4\xa4\xb8a\xc6\xfc\"\xb9\xa1\xfao\xa4^\x1f5Fr|y\x9b\xa6+\xee\xa0O\x1b\x13\xf0\xf5'}, {'%{'}, {'@({&'}, {'%'}], [{@subj_role={'subj_role', 0x3d, '!}[@,,*/'}}, {@uid_eq={'uid', 0x3d, 0xee01}}]}) (async) 10:19:34 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0xffffffffffffff16, 0x0, 0x828049, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x301000, 0x0) ioctl$SNDCTL_TMR_SELECT(r0, 0x40045408) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0xffffffffffffff16, 0x0, 0x828049, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x301000, 0x0) (async) ioctl$SNDCTL_TMR_SELECT(r0, 0x40045408) (async) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) (async) 10:19:34 executing program 0: sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x29, 0x7f, 0x5, 0x8, 0x4, @mcast1, @loopback, 0x700, 0x8000, 0x3, 0x9d98}}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) (async) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0}}) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x4) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r3, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r5, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) r8 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x40, 0x140e, 0x400, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4080}, 0x1) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0}}) r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) (async, rerun: 64) r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r9, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r10, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r11, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000780)={&(0x7f0000000280)={0x4cc, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [{{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x19c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3d9d}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7fd}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffff}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7f5}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r1}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8}, {0xc8, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x4cc}, 0x1, 0x0, 0x0, 0x20000000}, 0x44041) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:34 executing program 3: msgget$private(0x0, 0x43) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x109000) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) msgget$private(0x0, 0x43) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x109000) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) (async) 10:19:34 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000540), 0x109800, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x6004801) (async) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) (async) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r5 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) (async) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_PMK(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x74, r6, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0x1, 0x78}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PMK={0x14, 0xfe, "293476169a23467fbb6f45f4f48c136b"}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "cc0d790000d9f32ba06c6e579b84ae20"}]}, 0x74}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040005) (async) sendmsg$NL80211_CMD_LEAVE_OCB(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r4, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x67}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000804}, 0x20000000) sendmsg$NL80211_CMD_DEL_KEY(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xc0, r4, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "cdb4633789e364fe191e9ab2da"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "109cb9ffa56dc144e2eda8dbc9"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "73eb4986de"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x2c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY={0x38, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x24, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_MODE={0x5}]}]}, 0xc0}}, 0xc0) (async) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="88000010", @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf250c00000034005080040006000800030001ac0f000500020002000000110001008bc4dfbd5b74e674b4af1b46b400000008000400db77a1020a00060008021100000000000800090005ac0f0008003700000020000800090005ac0f0004002800054dd13c5832b95600080001000000080037000100000008"], 0x88}, 0x1, 0x0, 0x0, 0x800}, 0x804) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r7, 0x0, 0x0) (async) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r3) sendmsg$NL80211_CMD_GET_WIPHY(r7, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, r8, 0x200, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x7c}, @void, @val={0xc, 0x99, {0x4, 0x70}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000080}, 0x4) 10:19:34 executing program 2: sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0xf}, @void, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2f}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0xc0) r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(r0, &(0x7f0000000000)='./file0\x00', 0x4000, 0x8, &(0x7f0000000080)) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1048.683875] FAULT_INJECTION: forcing a failure. [ 1048.683875] name failslab, interval 1, probability 0, space 0, times 0 [ 1048.737379] CPU: 0 PID: 13792 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1048.745283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.754637] Call Trace: [ 1048.757228] dump_stack+0x1b2/0x281 [ 1048.760866] should_fail.cold+0x10a/0x149 [ 1048.765020] should_failslab+0xd6/0x130 [ 1048.769000] kmem_cache_alloc+0x28e/0x3c0 [ 1048.773154] get_empty_filp+0x86/0x3f0 [ 1048.777044] path_openat+0x84/0x2970 [ 1048.780768] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1048.785614] ? path_lookupat+0x780/0x780 [ 1048.789679] ? trace_hardirqs_on+0x10/0x10 [ 1048.793922] do_filp_open+0x179/0x3c0 [ 1048.797727] ? may_open_dev+0xe0/0xe0 [ 1048.801528] ? __alloc_fd+0x1be/0x490 [ 1048.805341] ? lock_downgrade+0x740/0x740 [ 1048.809490] ? do_raw_spin_unlock+0x164/0x220 [ 1048.813986] ? _raw_spin_unlock+0x29/0x40 [ 1048.818141] ? __alloc_fd+0x1be/0x490 [ 1048.821947] do_sys_open+0x296/0x410 [ 1048.825660] ? filp_open+0x60/0x60 [ 1048.829190] ? SyS_pwrite64+0xca/0x140 [ 1048.833067] ? do_syscall_64+0x4c/0x640 [ 1048.837026] ? SyS_open+0x30/0x30 [ 1048.840460] do_syscall_64+0x1d5/0x640 [ 1048.844335] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1048.849505] RIP: 0033:0x7f2e61d18f64 [ 1048.853200] RSP: 002b:00007f2e606daeb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1048.860894] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d18f64 [ 1048.868144] RDX: 0000000000000002 RSI: 00007f2e606dafe0 RDI: 00000000ffffff9c [ 1048.875397] RBP: 00007f2e606dafe0 R08: 0000000000000000 R09: 00007f2e606db1d0 10:19:34 executing program 2: sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0xf}, @void, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2f}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0xc0) r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(r0, &(0x7f0000000000)='./file0\x00', 0x4000, 0x8, &(0x7f0000000080)) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:34 executing program 1: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xfc0000000000) socket(0x23, 0x0, 0x0) 10:19:34 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x8001) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1406, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000881}, 0x24024880) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/mac80211', 0x4040, 0x190) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000080)={0x2, 'syz0\x00'}) 10:19:34 executing program 0: sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x29, 0x7f, 0x5, 0x8, 0x4, @mcast1, @loopback, 0x700, 0x8000, 0x3, 0x9d98}}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_1\x00', 0x0}) (async, rerun: 32) r2 = socket$inet6_udp(0xa, 0x2, 0x0) (rerun: 32) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0}}) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) (async, rerun: 64) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x4) (async, rerun: 32) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r3, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) (rerun: 32) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r5, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) (async) r8 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000880)={&(0x7f0000000840)={0x40, 0x140e, 0x400, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x5}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4080}, 0x1) (async, rerun: 64) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0}}) (rerun: 64) r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) (async) r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r9, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r10, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, r11, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000780)={&(0x7f0000000280)={0x4cc, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [{{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x19c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3d9d}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7fd}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffff}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7f5}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r0}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r1}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8}, {0xc8, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x4cc}, 0x1, 0x0, 0x0, 0x20000000}, 0x44041) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:34 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='\x00', 0x4, 0x6, &(0x7f0000000640)=[{&(0x7f0000000280)="3008cf0cd698f2cfedb7cf27fc74c495d465079b5a2aa3a547a4026946c8c3ac58a9a0d68edfc6ca2d286bfabe43ef99579d2fd1ca6c5526fac3376c958bb00f0a419015d3d0b61605a571797b0ccf594660685e93ae103babd59da2eade333213056cb70c458de14d0b22a5f5c318792cac462c4a875425b6521f89b832ed1e55b60a2df16d108cfed8e6458ae28c8c5bbd1aca30a840b4f40df9dc39cbf8d3caf8cef56b4885107945eac95257cbbe5cbfd06d33540ff161f01a98b0030e2df48e9d913e65565d", 0xc8, 0x84}, {&(0x7f0000000380)="053b4ed297841cf623771e7aff683e376f2bc4b41a028e9cb5a40e25abda2e6f5460040ad17096bffb8ea2aee315a2e2e4d8b193db66b52b0dd0e6bdfe1e246b7e0ca22577cc97ad92cba37984dc33f85d036988a1029bbacfa60a8438b1673335cba0de0dd5079e44fba17eeaf5367884e2bbbc3beb5c022a900ed3a449e6d030d9f7121eca1a69575f7e5c781fd32710b960b44563f455f7c9453eba06c1d904f02f3401ad9cffc9bce1c60b7fefd174f07c42e75dd00c3f0fc2c25b151033976dadd619c3c80c7c1233", 0xcb}, {&(0x7f0000000840)="a4e79f4a8d7cc245faecedff3a1071e02a8a862d41dc2931016b74dbbbbfc572cb1ac7536ccbb550d8cfa118531bbef3b36964d5de441d4c65a2df318b4c604e97677b4418fb9ced095364f7d33679458833049d0282ea8dad9ffd49c6a2370d98c4e9c4a68534250ae1b046d8095eb4672cc74d650d9f6a5dd22985876c9e539ee622e4d9e0a881c3ad2fab3d", 0x8d, 0xffffffff902656cd}, {&(0x7f00000001c0)="db36cec26679c569418acfb636f8bf4a3cff9d434a2eac3083fb9e882be709f9c8b168d13e217b31b80752b61149dc8cda4cc44d0178d29e29ee731353fc4c8ed11ee4475f84884f3c6da6523d4d73f2afbbe84541ca069b099cedc0e1e8b9b20dfce010ded1c8bcc52372e8cd25f5dd8482f6dcd979a2bed8a7eb85bb77a2a8f4feb3fe4d281d52fd11727be2116207c68ae8621264df58a748216904a74cbfddc1fee0f324cf5ad9ca99b9a94e36fb638361b42874", 0xb6, 0x2}, {&(0x7f0000000700)="20ef0228e96e778e24b605e4e4b7642c4110c3ef5c2210faeb9e59f566da692c6baf93b4d36d7aefa03cf3392eab148a57eaaa985760100e02675e6b7ada7e0ffbcbdac46ac47b25b5a5d78c0146bbe8980d579443aba44e736b2051c4ac417e8c2fc86e7df58d3feef6d10332d71752f8dbf663196430d820200000000000000000000000009a4a9ddcf8e0cf5405513c9833b58df3a57a3e62e548bf699a94361ab98be5026a1fbf0b42661bec1d5b6ebc0500d4f5108124d27f4997593c502bbbbf5f49a6991fcdfb52065fc21de2bd938c5cb5ec31ee2c5ea3ebdee2f9170400000066069cd78d76371b0a5bb86c521348830c45b6bac39791672113bd1eb83302873d841b20d5fe7dadd33030420469ac100b24c84a68fd", 0x11a, 0x2}, {&(0x7f0000000580)="710f8a6be6f76196051a296c78d210123c2197c3fc99d45693934d42184b3834ddf15dd1a5575907d4830c37882b873e656dcf96d54ce25ca20a45ced71b7df76216419065e1f3f578140555ca6b4ecfffddcb5b93022e56ed108fdce46a4564c2a21fea34acaebc1280c630591ee1ed742507436358418e4c53b8a128a98f2b2e14ae0218ddccef29c1d7547a7760bae4bfa704fe", 0x95, 0x8}], 0x801810, &(0x7f0000000480)={[{}, {'\'^:\\*'}, {'@*.'}, {'\xeeQ\xd3\xf3\x917\x9dr\xd8R\xfe\x1c\xe1\x89\\X/#\t\x17\xaf\xf1\xde\xa8\x18=7\xaa\x9c\xf5.\x8eA\x9b5\x12k\xd7\xebe\x1f\\\x1de6\xc6\xc8N\xde7\x1a\xc3s\x00'/64}, {'.:'}, {'['}, {')++&\x1e\x9c\xdc<3\x02\xac\xdf\a\xba\x1a\x86\"\xb5\x02!\tT\xfd\xaa\x9f\xa6\x15\xf2\x11(\x8a-\xf0\x05\xe0\x8b\x95\x1a[\xd96AS\x15\xf3\xbb36=\xe8\xad\xa0o\x9a\xe0\xb2/\xde\x8d\x811$\xb4\xa4\xb8a\xc6\xfc\"\xb9\xa1\xfao\xa4^\x1f5Fr|y\x9b\xa6+\xee\xa0O\x1b\x13\xf0\xf5'}, {'%{'}, {'@({&'}, {'%'}], [{@subj_role={'subj_role', 0x3d, '!}[@,,*/'}}, {@uid_eq={'uid', 0x3d, 0xee01}}]}) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='\x00', 0x4, 0x6, &(0x7f0000000640)=[{&(0x7f0000000280)="3008cf0cd698f2cfedb7cf27fc74c495d465079b5a2aa3a547a4026946c8c3ac58a9a0d68edfc6ca2d286bfabe43ef99579d2fd1ca6c5526fac3376c958bb00f0a419015d3d0b61605a571797b0ccf594660685e93ae103babd59da2eade333213056cb70c458de14d0b22a5f5c318792cac462c4a875425b6521f89b832ed1e55b60a2df16d108cfed8e6458ae28c8c5bbd1aca30a840b4f40df9dc39cbf8d3caf8cef56b4885107945eac95257cbbe5cbfd06d33540ff161f01a98b0030e2df48e9d913e65565d", 0xc8, 0x84}, {&(0x7f0000000380)="053b4ed297841cf623771e7aff683e376f2bc4b41a028e9cb5a40e25abda2e6f5460040ad17096bffb8ea2aee315a2e2e4d8b193db66b52b0dd0e6bdfe1e246b7e0ca22577cc97ad92cba37984dc33f85d036988a1029bbacfa60a8438b1673335cba0de0dd5079e44fba17eeaf5367884e2bbbc3beb5c022a900ed3a449e6d030d9f7121eca1a69575f7e5c781fd32710b960b44563f455f7c9453eba06c1d904f02f3401ad9cffc9bce1c60b7fefd174f07c42e75dd00c3f0fc2c25b151033976dadd619c3c80c7c1233", 0xcb}, {&(0x7f0000000840)="a4e79f4a8d7cc245faecedff3a1071e02a8a862d41dc2931016b74dbbbbfc572cb1ac7536ccbb550d8cfa118531bbef3b36964d5de441d4c65a2df318b4c604e97677b4418fb9ced095364f7d33679458833049d0282ea8dad9ffd49c6a2370d98c4e9c4a68534250ae1b046d8095eb4672cc74d650d9f6a5dd22985876c9e539ee622e4d9e0a881c3ad2fab3d", 0x8d, 0xffffffff902656cd}, {&(0x7f00000001c0)="db36cec26679c569418acfb636f8bf4a3cff9d434a2eac3083fb9e882be709f9c8b168d13e217b31b80752b61149dc8cda4cc44d0178d29e29ee731353fc4c8ed11ee4475f84884f3c6da6523d4d73f2afbbe84541ca069b099cedc0e1e8b9b20dfce010ded1c8bcc52372e8cd25f5dd8482f6dcd979a2bed8a7eb85bb77a2a8f4feb3fe4d281d52fd11727be2116207c68ae8621264df58a748216904a74cbfddc1fee0f324cf5ad9ca99b9a94e36fb638361b42874", 0xb6, 0x2}, {&(0x7f0000000700)="20ef0228e96e778e24b605e4e4b7642c4110c3ef5c2210faeb9e59f566da692c6baf93b4d36d7aefa03cf3392eab148a57eaaa985760100e02675e6b7ada7e0ffbcbdac46ac47b25b5a5d78c0146bbe8980d579443aba44e736b2051c4ac417e8c2fc86e7df58d3feef6d10332d71752f8dbf663196430d820200000000000000000000000009a4a9ddcf8e0cf5405513c9833b58df3a57a3e62e548bf699a94361ab98be5026a1fbf0b42661bec1d5b6ebc0500d4f5108124d27f4997593c502bbbbf5f49a6991fcdfb52065fc21de2bd938c5cb5ec31ee2c5ea3ebdee2f9170400000066069cd78d76371b0a5bb86c521348830c45b6bac39791672113bd1eb83302873d841b20d5fe7dadd33030420469ac100b24c84a68fd", 0x11a, 0x2}, {&(0x7f0000000580)="710f8a6be6f76196051a296c78d210123c2197c3fc99d45693934d42184b3834ddf15dd1a5575907d4830c37882b873e656dcf96d54ce25ca20a45ced71b7df76216419065e1f3f578140555ca6b4ecfffddcb5b93022e56ed108fdce46a4564c2a21fea34acaebc1280c630591ee1ed742507436358418e4c53b8a128a98f2b2e14ae0218ddccef29c1d7547a7760bae4bfa704fe", 0x95, 0x8}], 0x801810, &(0x7f0000000480)={[{}, {'\'^:\\*'}, {'@*.'}, {'\xeeQ\xd3\xf3\x917\x9dr\xd8R\xfe\x1c\xe1\x89\\X/#\t\x17\xaf\xf1\xde\xa8\x18=7\xaa\x9c\xf5.\x8eA\x9b5\x12k\xd7\xebe\x1f\\\x1de6\xc6\xc8N\xde7\x1a\xc3s\x00'/64}, {'.:'}, {'['}, {')++&\x1e\x9c\xdc<3\x02\xac\xdf\a\xba\x1a\x86\"\xb5\x02!\tT\xfd\xaa\x9f\xa6\x15\xf2\x11(\x8a-\xf0\x05\xe0\x8b\x95\x1a[\xd96AS\x15\xf3\xbb36=\xe8\xad\xa0o\x9a\xe0\xb2/\xde\x8d\x811$\xb4\xa4\xb8a\xc6\xfc\"\xb9\xa1\xfao\xa4^\x1f5Fr|y\x9b\xa6+\xee\xa0O\x1b\x13\xf0\xf5'}, {'%{'}, {'@({&'}, {'%'}], [{@subj_role={'subj_role', 0x3d, '!}[@,,*/'}}, {@uid_eq={'uid', 0x3d, 0xee01}}]}) (async) [ 1048.882648] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1048.889897] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:34 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 9) 10:19:34 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x8001) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1406, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000881}, 0x24024880) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/mac80211', 0x4040, 0x190) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000080)={0x2, 'syz0\x00'}) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) socket(0x1d, 0x2, 0x8001) (async) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1406, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000881}, 0x24024880) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/mac80211', 0x4040, 0x190) (async) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000080)={0x2, 'syz0\x00'}) (async) 10:19:34 executing program 2: sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0xf}, @void, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x2f}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0xc0) (async) r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(r0, &(0x7f0000000000)='./file0\x00', 0x4000, 0x8, &(0x7f0000000080)) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1049.027554] FAULT_INJECTION: forcing a failure. [ 1049.027554] name failslab, interval 1, probability 0, space 0, times 0 [ 1049.042914] CPU: 0 PID: 13852 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1049.050810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.060162] Call Trace: [ 1049.062750] dump_stack+0x1b2/0x281 [ 1049.066378] should_fail.cold+0x10a/0x149 [ 1049.070529] should_failslab+0xd6/0x130 [ 1049.074505] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1049.079300] ? loop_get_status64+0x100/0x100 [ 1049.083706] __kthread_create_on_node+0xbe/0x3a0 [ 1049.088461] ? kthread_park+0x130/0x130 [ 1049.092449] ? loop_get_status64+0x100/0x100 [ 1049.096857] kthread_create_on_node+0xa8/0xd0 [ 1049.101352] ? __kthread_create_on_node+0x3a0/0x3a0 [ 1049.106374] ? __lockdep_init_map+0x100/0x560 [ 1049.110866] ? __lockdep_init_map+0x100/0x560 [ 1049.115364] lo_ioctl+0xcd9/0x1cd0 [ 1049.118906] ? loop_set_status64+0xe0/0xe0 [ 1049.123149] blkdev_ioctl+0x540/0x1830 10:19:34 executing program 1: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xfc0000000000) socket(0x23, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xfc0000000000) (async) socket(0x23, 0x0, 0x0) (async) [ 1049.127045] ? blkpg_ioctl+0x8d0/0x8d0 [ 1049.130932] ? trace_hardirqs_on+0x10/0x10 [ 1049.135172] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1049.140305] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1049.145329] block_ioctl+0xd9/0x120 [ 1049.148959] ? blkdev_fallocate+0x3a0/0x3a0 [ 1049.153281] do_vfs_ioctl+0x75a/0xff0 [ 1049.157121] ? lock_acquire+0x170/0x3f0 [ 1049.161092] ? ioctl_preallocate+0x1a0/0x1a0 [ 1049.165501] ? __fget+0x265/0x3e0 [ 1049.168950] ? do_vfs_ioctl+0xff0/0xff0 [ 1049.172923] ? security_file_ioctl+0x83/0xb0 10:19:34 executing program 1: ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xfc0000000000) socket(0x23, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000)) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xfc0000000000) (async) socket(0x23, 0x0, 0x0) (async) [ 1049.177321] SyS_ioctl+0x7f/0xb0 [ 1049.180676] ? do_vfs_ioctl+0xff0/0xff0 [ 1049.184650] do_syscall_64+0x1d5/0x640 [ 1049.188540] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1049.193724] RIP: 0033:0x7f2e61d65e07 [ 1049.197427] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1049.205130] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1049.212396] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1049.219660] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 10:19:34 executing program 1: r0 = socket(0x1a, 0x80000, 0xfffffffb) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1410, 0x200, 0x70bd2d, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x2401c8c1}, 0x20040004) 10:19:34 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_NRMIDIS(0xffffffffffffffff, 0x8004510b, &(0x7f0000000000)) 10:19:34 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x8001) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1406, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000881}, 0x24024880) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/mac80211', 0x4040, 0x190) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000080)={0x2, 'syz0\x00'}) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) socket(0x1d, 0x2, 0x8001) (async) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1406, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000881}, 0x24024880) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/mac80211', 0x4040, 0x190) (async) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000080)={0x2, 'syz0\x00'}) (async) 10:19:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x2, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x20, 0x1d}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xc1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1049.227013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1049.234284] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:34 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 10) 10:19:34 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x104029, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x6002, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) 10:19:34 executing program 1: r0 = socket(0x1a, 0x80000, 0xfffffffb) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1410, 0x200, 0x70bd2d, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x2401c8c1}, 0x20040004) 10:19:34 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x8000000000000001, 0x10000) syz_open_dev$media(&(0x7f0000000040), 0x0, 0x100) 10:19:34 executing program 2: r0 = msgget$private(0x0, 0x240) msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000000)=""/41) socket(0x24, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000040), r1) 10:19:34 executing program 1: r0 = socket(0x1a, 0x80000, 0xfffffffb) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1410, 0x200, 0x70bd2d, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x5}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x2401c8c1}, 0x20040004) 10:19:34 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x2, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x20, 0x1d}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xc1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:34 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x104029, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x6002, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x104029, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x6002, 0x0) (async) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) (async) [ 1049.377740] FAULT_INJECTION: forcing a failure. [ 1049.377740] name failslab, interval 1, probability 0, space 0, times 0 [ 1049.405384] CPU: 0 PID: 13906 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1049.413294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.422648] Call Trace: [ 1049.425235] dump_stack+0x1b2/0x281 [ 1049.428879] should_fail.cold+0x10a/0x149 [ 1049.433079] should_failslab+0xd6/0x130 [ 1049.437059] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1049.441740] ? loop_get_status64+0x100/0x100 [ 1049.446153] __kthread_create_on_node+0xbe/0x3a0 [ 1049.450915] ? kthread_park+0x130/0x130 [ 1049.454903] ? loop_get_status64+0x100/0x100 [ 1049.459316] kthread_create_on_node+0xa8/0xd0 [ 1049.463826] ? __kthread_create_on_node+0x3a0/0x3a0 [ 1049.468849] ? __lockdep_init_map+0x100/0x560 [ 1049.473345] ? __lockdep_init_map+0x100/0x560 10:19:34 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x104029, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x6002, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) [ 1049.477849] lo_ioctl+0xcd9/0x1cd0 [ 1049.481397] ? loop_set_status64+0xe0/0xe0 [ 1049.485634] blkdev_ioctl+0x540/0x1830 [ 1049.489525] ? blkpg_ioctl+0x8d0/0x8d0 [ 1049.493410] ? trace_hardirqs_on+0x10/0x10 [ 1049.497769] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1049.502874] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1049.507898] block_ioctl+0xd9/0x120 [ 1049.511527] ? blkdev_fallocate+0x3a0/0x3a0 [ 1049.515848] do_vfs_ioctl+0x75a/0xff0 [ 1049.519650] ? lock_acquire+0x170/0x3f0 [ 1049.523625] ? ioctl_preallocate+0x1a0/0x1a0 [ 1049.528033] ? __fget+0x265/0x3e0 [ 1049.531494] ? do_vfs_ioctl+0xff0/0xff0 [ 1049.535467] ? security_file_ioctl+0x83/0xb0 [ 1049.539870] SyS_ioctl+0x7f/0xb0 [ 1049.543234] ? do_vfs_ioctl+0xff0/0xff0 [ 1049.547208] do_syscall_64+0x1d5/0x640 [ 1049.551100] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1049.556305] RIP: 0033:0x7f2e61d65e07 [ 1049.560007] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1049.567712] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 10:19:35 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x140d, 0x4, 0x70bd2a, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x200000c1}, 0x4000) 10:19:35 executing program 2: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x104029, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x6002, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) 10:19:35 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x8000000000000001, 0x10000) (async) syz_open_dev$media(&(0x7f0000000040), 0x0, 0x100) [ 1049.574983] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1049.582249] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1049.589518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1049.596786] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:35 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 11) 10:19:35 executing program 1: sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x4005) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x25, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3f, 0x18}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x8041) socket(0x24, 0x0, 0x0) 10:19:35 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r1, 0x2, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x20, 0x1d}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xc1}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4000) (async, rerun: 32) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:35 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 1) 10:19:35 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x140d, 0x4, 0x70bd2a, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x200000c1}, 0x4000) 10:19:35 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x8000000000000001, 0x10000) syz_open_dev$media(&(0x7f0000000040), 0x0, 0x100) syz_open_dev$media(&(0x7f0000000000), 0x8000000000000001, 0x10000) (async) syz_open_dev$media(&(0x7f0000000040), 0x0, 0x100) (async) [ 1049.723089] FAULT_INJECTION: forcing a failure. [ 1049.723089] name failslab, interval 1, probability 0, space 0, times 0 [ 1049.734815] CPU: 0 PID: 13953 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1049.742701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.752145] Call Trace: [ 1049.754738] dump_stack+0x1b2/0x281 [ 1049.758374] should_fail.cold+0x10a/0x149 [ 1049.762525] should_failslab+0xd6/0x130 [ 1049.766502] kmem_cache_alloc+0x40/0x3c0 [ 1049.768789] FAULT_INJECTION: forcing a failure. [ 1049.768789] name failslab, interval 1, probability 0, space 0, times 0 [ 1049.770558] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 1049.787377] idr_get_free_cmn+0x595/0x8d0 [ 1049.791548] ? trace_hardirqs_on+0x10/0x10 [ 1049.795784] idr_alloc_cmn+0xe8/0x1e0 [ 1049.799588] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 1049.804428] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1049.809442] ? __schedule+0x1450/0x1de0 [ 1049.813426] ? cpuacct_charge+0x1cf/0x350 [ 1049.817570] ? fs_reclaim_release+0xd0/0x110 [ 1049.821980] idr_alloc_cyclic+0xc2/0x1d0 [ 1049.826042] ? idr_alloc_cmn+0x1e0/0x1e0 [ 1049.830100] ? __radix_tree_preload+0x1c3/0x250 [ 1049.834774] __kernfs_new_node+0xaf/0x470 [ 1049.838925] kernfs_create_dir_ns+0x8c/0x200 [ 1049.843332] internal_create_group+0xe9/0x710 [ 1049.847830] lo_ioctl+0x1137/0x1cd0 [ 1049.851462] ? loop_set_status64+0xe0/0xe0 [ 1049.855698] blkdev_ioctl+0x540/0x1830 [ 1049.859593] ? blkpg_ioctl+0x8d0/0x8d0 [ 1049.863478] ? trace_hardirqs_on+0x10/0x10 [ 1049.867711] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1049.872809] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1049.877823] block_ioctl+0xd9/0x120 [ 1049.881447] ? blkdev_fallocate+0x3a0/0x3a0 [ 1049.885768] do_vfs_ioctl+0x75a/0xff0 [ 1049.889566] ? lock_acquire+0x170/0x3f0 [ 1049.893535] ? ioctl_preallocate+0x1a0/0x1a0 [ 1049.897936] ? __fget+0x265/0x3e0 [ 1049.901386] ? do_vfs_ioctl+0xff0/0xff0 [ 1049.905353] ? security_file_ioctl+0x83/0xb0 [ 1049.909749] SyS_ioctl+0x7f/0xb0 [ 1049.913104] ? do_vfs_ioctl+0xff0/0xff0 [ 1049.917082] do_syscall_64+0x1d5/0x640 [ 1049.920967] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1049.926147] RIP: 0033:0x7f2e61d65e07 [ 1049.929844] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1049.937547] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1049.944810] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1049.952074] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1049.959335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1049.966597] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1049.973871] CPU: 1 PID: 13958 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1049.980741] qnx4: unable to read the superblock [ 1049.981752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.981757] Call Trace: [ 1049.981771] dump_stack+0x1b2/0x281 [ 1049.981788] should_fail.cold+0x10a/0x149 [ 1050.006227] should_failslab+0xd6/0x130 [ 1050.010209] __kmalloc+0x2c1/0x400 [ 1050.013747] ? SyS_memfd_create+0xbc/0x3c0 [ 1050.017983] SyS_memfd_create+0xbc/0x3c0 10:19:35 executing program 1: sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x4005) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x25, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3f, 0x18}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x8041) (async) socket(0x24, 0x0, 0x0) 10:19:35 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x4, 0x0) 10:19:35 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x140d, 0x4, 0x70bd2a, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x200000c1}, 0x4000) 10:19:35 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:35 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x4, 0x0) 10:19:35 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1050.022044] ? shmem_fcntl+0x120/0x120 [ 1050.025937] ? __do_page_fault+0x159/0xad0 [ 1050.030176] ? do_syscall_64+0x4c/0x640 [ 1050.034150] ? shmem_fcntl+0x120/0x120 [ 1050.038048] do_syscall_64+0x1d5/0x640 [ 1050.041936] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1050.047120] RIP: 0033:0x7f94265b5049 [ 1050.050860] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1050.058566] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b5049 [ 1050.065835] RDX: 00000000000003fe RSI: 0000000000000000 RDI: 00007f942660e1e0 10:19:35 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 12) 10:19:35 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0x4, 0x0) 10:19:35 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:35 executing program 1: sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x4005) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x25, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3f, 0x18}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x8041) socket(0x24, 0x0, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x34, 0x0, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffffffff}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x40080}, 0x4005) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x25, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3f, 0x18}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x8041) (async) socket(0x24, 0x0, 0x0) (async) 10:19:35 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socket$isdn_base(0x22, 0x3, 0x0) statx(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f00000000c0)) 10:19:35 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 2) [ 1050.073115] RBP: 0000000000000001 R08: 00000000000001ff R09: 00007f9424f2a1d0 [ 1050.080384] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 1050.087656] R13: 0000000020000640 R14: 00000000000003fe R15: 0000000020000f80 10:19:35 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom0\x00', 0x800, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r2) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/pps', 0x10080, 0x80) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x513043, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r1, 0x110, 0x5, &(0x7f0000000180)=[0x3, 0x3], 0x2) ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f00000000c0)=0x1) 10:19:35 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socket$isdn_base(0x22, 0x3, 0x0) (async) statx(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f00000000c0)) 10:19:35 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x3, 0x5, &(0x7f0000001240)=[{&(0x7f0000000100)="4e1776edcdc9e7a8d3ce6eaf9415b36f74", 0x11, 0x2}, {&(0x7f0000000140)="9529d8536913b8559d7f87ca2e297f6a36f15be75fe488a8cab193f7ee7ed81041362fed19c45379b4d519e704dfab56e291255025df628d1b48a6", 0x3b, 0x3}, {&(0x7f0000000180)="ab19b16b8cde50ad660c0f8db42b560eadff9ea74269d92143ab00fa389c9abe91991764fc2044c6b657bd1fffe9cdb618574a64c7ddbb5e55f973e1809afd389d814d5eea2bb94da996fbc5da05c9217e2e06809268f8595cf9f6729d05dc2f359af4b64ccdb8216b61ba863e746127a77c8d7b27fbd9a45898a7b1c1a7aff51c6f557579ab1aac30cd23707a5c38b08aa5bf6b98eaa14dc41162d688a86bf09af2681cd0e3afc165d0b23ac086feae0fb407c0f65752b46a2c8aa40ad80aefee4b7227ff5faa2cd3b1a8711cc666835c0beccf8b7395d797575e2c5bb33d2aab2eb950c019efe990306b9fe2068e1837dbf0e21bb023e0a36a41bce63fe5ece67fa68734f9e89096d507f9ab949100cd1348ab696533270787a63c337645703aa52f1bf18d75d80517998ef8282086a635592e7aa84941ec2deeea8ac81e62f930bab50e203e2c1ba6d0810e3faa843be67f66e182901b3139eaf54ed369304f99ed7dff09bd77530318f9fa37deeab5affad8cd709b25edc0831f203b87337718c5e6022076b10fdd2f5286ed176f38b28e40ea3375fa92384d3bccb65eb81e926f76822cd5af9163b5bfe088df9be92970db626708e45742ff12b28b12c3a55660aa33298a5b908efe27990104b4b167773d3c56c25e487c5ddb1a1d181eb8d75bbba553704786e9e7af7e51d610fd13e05bf149c0b7ed281ea23788bbf16ae767ecfbe0c171f71a570f85cee7b9ba552e3a9de8685c7ac72b4cb5e729bad8207d5c64be03b3aed2b5cfbb9dac37cb210513a39a58266bfc051867086a56b5944e1d81f35d1e5bd432cd95e1abb0874a5699189b3c87d2f71ec36549f6569ded510c45312ff72840c69f20a4e1162fee412fe7d82b012254fd519594f56f84cc13f7f91237527cabe08308eef2a08ac27d8cc3be7fcbab82bfafed8326b4f18611786ca4811e918efd274095d8dde7251202df7a8631a888d553c5bcb81536dedfbda81b88744512c93d8714b3b94033d188a60dcde3f3373fbfcf48f7212407ddf0e95702f32c6becd73752cda2c37843f4a646a13458e9bf7058ea427103652fb13ea10a25879f62df283637cba672a75d434d952c9e82bf62e78fbdd6042d7c2d9a48143c0e223847131b6b86c5c4f008d0fa959a0b0dfe1083f9c757658572c52d9383e857d69ce81ff521a132a6766acea5d400899c90180d7bcd92302dd18a93012bd25cd9f1ca58f64ac369e698bb727859377fce7df91565151bbc5e0933bc5cb03018bce3f67ab61b9ca5ddfb8ea04254237f6b956b4b2750ebd044788bad02eb9a727b04cdef9708619a71ecf2fafdc0b2577b834cfba9c52777d4a3120b9df2da35c182d08aa3a76ec530b7ad2e44407635c931e9790f472ad20619d4a91cbedcc12389c6ade6b82fd3b248c7245e51952c79a6b88d960bec3533eec5207bf533970ea9a0f938862c9b734192184785626887b2156a3afadd21061dda87cea825ba9ca95863eb446f3d7b6ab9835da75cb86bfe52642b39235e2180955b40411c83f2bd7d625a0ac56b46e1630fed4b71117679d371dae68b889992724b9017cb1be1ab16e7f53588e75e686f72fb5ea6998826a6b281b122e3e643fd79752b0809359e3996c19ce13cc172adcd15831c2d1ed44affe40dd030f4fb7c82fd61aff8b2382b4cf7d8d83626de9027e989bd92913f6917e5eda64eec7d31242af5e8f21d1aa4f1dcc0f516b8038aea379e142e3212186480132c3ad928b0bf6596bd21154c39d86bafd1ec4f93dd9328e8695f80d3774ad39baab5e52ab46ca57de2242aa1e64e6574f2124835ce40a7ad9dbb6d626f5db24dbc0a7a30eaada1bcca7431c539291df43a10f38fc3e854b19c5cfa5c79a15a0c68761b6c54108650d3c7a44336a532cefd9ba11527dbfd759a0643631567a4cb0d2b9bf720041a13d3107355a10aa8a58cfe30f6d5bfe0bcb64dda4393a5a4cb3ab5648c02b786376cc9d2cf39c11d0877e7d4ee13f70f0f3615084621325e190266af869f4051fedbf2c906f33f20863f77a75eca2256fdea4c88cb45a71989080607b1719253bce697835c975f61a8578de7a7efaa7e6174b67017300a06f77c531febc0e79b67b6d012298dce801db80a3667c8f213891628b68098612857801665db40df7ec35be5634ec20e5235361ba2d725b22c58d55ea7769c90138debc7b55a416b3282e35f3d3ded12052012edc1275e2eed17f193a51b3f487048c74129c738e0a63173c0e6c00a605a8ae01bbfe391b3621c7c4d6e5dd0ccb01e04308a6736a3d1300ca9b0e35d4dedd066806c2d10678a7c7b5ac389c0dc0485c7931b0b7da367057652f732a77eea1409b5201d105f5ee3f0d8c7243465fa41669968694a54392b9329d385a87b3d2384484813968c8cc20f516c9c77ce25ac0ed90919a95a392219cbf89eb23bdca171676e77236cf0f9566ebd2a0e1911848c3dd0e42164d6866aaa54a9adf2a6e7343dc5ccb9d66ab794d4a55c2871dc514ead06b3e9c553c281c861e2cc8f39008da7f4f5022a693c56ec24cd65a8fcf9832398d3fc50a7144bf3794c67785008a3a4ca4045780947b1157155a26d25315beb1572e7c3c4aa3806e0dff3aaf8423516d4075b61c81091f4945d0adefc0440c545744f37304440a6ee54ab3640a3304c6659a7de516feb7a0b1f400f9baadbe1b156dab12454f0ac1ffcb2ddd03f95ba22def3d255046270af71d4028b538b2422742d97b032ab941cfdca6634f8dd08af8f4548c9d432d78de8ed4c474a4e1f406818b09f5fd383a70da62074b1aa3ecfded88916ef6ff40e8b4457061657d5f3702faaa45dc2283ef7eb2c21886b602ce4dc30740d9c72f075dc0b0ba94ee3c4650d0bd445aa5edb989b48f71bc8f50bd0d53fc33e0f0994a789e61942069558658855e74fd4da48bb2cc65153866bcb887e7ab11ccbbb0aa9566e70cc5cc2908b27e0e0c018c33efe24228ade3b9152dd65fa4cdad3ef8678401c0278589af115e6d92424f6f542576c5d13321fe39d6b267c8f06a3e81d8be5bec32c6ae6a6a7c5da6034ce29b8f8314530ad979d090f85c8c815e895c75e4523269880bf825bbf9a04c8c44931bad22e8c6c6e4a07b3278fb32c7f19f1ecca7a843828686fe5321678d57de2baea36db1dadcbbb4d50d0a22c1ab9960c67eaaba63b45c5494d82408f8d426727b60a2f6b10cc77f203d08e8e94368a4d725ce66d8821d4ca7738155c08366ff898f1192e90f196f65af199cee39716fa5266c1f406f4d10fb42a0f61dc0a07a746e265888aa9750d7cd2784e3dbe920457d43e4add91574feced54011cc62064b79bfc55a40a228f496191987594bd1f67700073d98b41443ba3b9bdcda335d153087a1d901f4c90f43f4f167a111ac2a7ff69569755b8b799bbce91daf91c34840336c766d13526eb20cf2111493f7f5a6657778b98ac0ff0d34a73011bc975bb093d655bae54c6debc87ab95bc58a63b98ce32cd31b4be57ea58d4f4d36d6e9d230b1eb5858fc117c4848664508801fbf9d185f88f7c122801f4f71cc7d993be45bbea3bf668a43d20d745f1fdf2d9fbb89682f634eeeb209a80c03929528717d990de4a91d0630fbf01e98edfc458e5e538637db031fe0f0a91f9a1663e24a173da729f45c4b0e83e40ffd1d11893ec9ee87bdf609de53c2777d51166fc89ef83f6c6b63ebd3b2c1c61619d8fb79640c2a7a6a388ce879c5535d742d36f56bbaf681c3cce96111a7b66f7ccd737dc5a3921bc242678b21849269fea5459d6ef6e50bddc02214035146deb5c9603c68af37402242961c04dcc008f3ad4883ea37df035b21deb8a74ea1f2447f0a241b5d70cb5bdf5a069adb7e1aca18bffaf1399ac0052b1ce1fe4d37a5e77dcf1f9545ce638889b2c3787f124b8548d088033412a7f1c95988b97f0ca09dfb28f38d8e26c536afb79c363d724a0093a2fadab294502f0413ca213af4ead3f531b3f52925dc907b200b6962637d766709aae8ec002e62e38fd82ceb136acb33873a60e4d1916b8648f123229cdcd4139f8cf9e1b0af8485752a1b6cab50c0c9bb36fe5d6f07fe88a083574417969980c884f8759f138973a7f28793623196e59cec2bd7ca46f110dde4b3b29dd4301d47f7ebebfc2ac669933f4849098645d7d59b1ab2db82e4e33520d2d8a158ab27dfabb628748180d47b8ab22df657624f8f4f0afa4f1c9c0f362272d2da8edc87cc1f54a30f59dd50a8594a9fdce5cbdbb4da6af7cef44560a6868dbb3645457941076fc8a234c09bec1185756133602940d63e68ab8b518c9a4885fe164cc25a9274b421647c701bec25780eb82ba5d62e16b45795c1234a4ff948d6b844281adc2b8625db0134e9674187a1aac9c28ef7295a86046fb75ab4a2584c3a853748dcc31ecc937550c2008cc330a6ebfcb3412f487349d012d3742723c368aef355e23cb4876b43b10b8ee17f4762b07495c646e35bfbd6ee9c9388e330a2fc580ad7d703598ef43b4d6bdc68a7c28ae141a686b1da73ba10c037f6f1bfb66a9ca5a064934a1f46e6c0c6f7e2a8febb31969143b7e092deca1dbcf550058b6a84a934eaf9f18c12d9857057ca2932575c400581c2f6cec19c34dbc9dded09cb9b117923d14ff39cc46774b9d7d499ec1ea5b5a9b69708d48756a7f0fe458e54d0a8ad3b0e1d7bf6bd3035319737e06abbcc7eadd234fcb05bca2286f0f619723465c11f504f27aaec303c4e46707c9fc1e72a61614489539ae7acefb099fd3002a3070a6d7d2df62900e36e1164fcc880603c5a514581ca15086e36ca458ab77f9fae1bd1ecc378e426ad956228ae4ca43519d755da63fbced116f853d2c4d9178e30bf32f38a6eca7e64c073f69b7e3fdf3548cbd4eaea7a843e9f0ef574a6ae80de9068727a084f85fa5353ad00772447ecaec1f2520dcf97541e3c0a3f984bfa1b99b946f42c5262003488b2471250118560b2b4487d23b76a241a67fd7274a447f17dcf21853b2f641402e7634fa360ac83d6bcd2e88009985792793d3503fe517bc23b1899a8f2e15a1ef49ce0a45ff7b8255d3a1805f352a81471c6cce277ebd340d18eca10f4237d16dddbd54df9303c171f436d1b92c6ba097cc5b21902fe8a3a038959ef8709225511cd5d594379457319088f72b359796c37a1bf2312e4e08bb5b1f1e6013dd6357261309dadb6627377adf6b3341fe66c1a6cc6578050affd30eb98d536229e9a0eac87581eb79b45375331b97f10cd0cbe7bd2b70ca254155f4a4bbc7b1101cfb5e17169efa01713b2528cebb3bd1e16cc4c03dd067491262d4603195e78c355aebaa42e1240fee5b52de2b8f5faf3753bbe9f2d37f898ca41a883ba9f93d2cbdcf2eeb42b2af9cbf1894255731665d3c9420ff553c53fcdf5f3c9a947018b0091346edb9532095c6509e2a755f8316f9a6f1189e94ae1b9a16013ad764b1cd146d9131cf809aeda0fa31afeeccdf16a10a976f6b71d117c0abc07d4905cae9e9368e467debcb51142e810b097780777e376adf5f67e8762ef1fc5bfb7f4f0b14c926d7b91b0b71578761dcc18983ecc5ee4a5965ecd06a19b129a36ef826666d8ba2ebd71f1c1e4869486808215d328873eaf2a6f191518733d7c429ced3221f976fc42f366f39997296f441ab1db475a6d5101180b81f3d72b36b399591f46b508f038f6edda6b8a2904e42056cca62a77d2326ed173f27013e8612db67eea00b9fe7e6270b46db52c1307f92", 0x1000, 0x3483}, {&(0x7f0000001180)="c4609c8d84fc67a02e4407657e1f297222003c350fd654d8530298068f72efb5050816c54b79a70f3a6bcbf331f4a0d95f21e93cb179a5", 0x37, 0xffffffff7fffffff}, {&(0x7f00000011c0)="dfb94de3a6300d0e8dd604cd7933af3ce4ee34c116ce7ef17cbd86cd2c95a7ee039dc811391f186fc14c41b0dedbea3d49d0715b902500972781984e557750198a4428701ef85af0ca834329ed68ad425e5083e2cfda98bd33c9ad331bc0c2bd57dd0840d89a46af4f5e487f2a3b48c2e10f2b03fac0", 0x76, 0x3ff}], 0x8400, &(0x7f00000012c0)={[{}, {'*@'}, {'$!'}, {'/..[!\'\x0e'}], [{@obj_type={'obj_type', 0x3d, '@{.'}}, {@euid_lt={'euid<', 0xee01}}, {@appraise_type}, {@fsmagic={'fsmagic', 0x3d, 0x1}}, {@audit}, {@permit_directio}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@pcr={'pcr', 0x3d, 0x7}}]}) statx(r0, &(0x7f0000001380)='./file0/../file0\x00', 0x400, 0x100, &(0x7f00000013c0)) 10:19:35 executing program 1: socket(0x24, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x802, 0x0) syz_open_dev$media(&(0x7f0000000080), 0xfffb, 0x1b3e06) 10:19:35 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom0\x00', 0x800, 0x0) (async, rerun: 64) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r2) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/pps', 0x10080, 0x80) (async, rerun: 32) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x513043, 0x0) (async, rerun: 32) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r1, 0x110, 0x5, &(0x7f0000000180)=[0x3, 0x3], 0x2) ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f00000000c0)=0x1) [ 1050.198251] FAULT_INJECTION: forcing a failure. [ 1050.198251] name failslab, interval 1, probability 0, space 0, times 0 [ 1050.219875] FAULT_INJECTION: forcing a failure. [ 1050.219875] name failslab, interval 1, probability 0, space 0, times 0 [ 1050.229713] CPU: 1 PID: 14005 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1050.238951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.248302] Call Trace: [ 1050.250893] dump_stack+0x1b2/0x281 [ 1050.254526] should_fail.cold+0x10a/0x149 [ 1050.258678] should_failslab+0xd6/0x130 [ 1050.262658] kmem_cache_alloc+0x28e/0x3c0 [ 1050.266808] __d_alloc+0x2a/0xa20 [ 1050.270262] ? lock_downgrade+0x740/0x740 [ 1050.274417] __shmem_file_setup.part.0+0xcb/0x3c0 [ 1050.279262] ? shmem_create+0x30/0x30 [ 1050.283058] ? __alloc_fd+0x1be/0x490 [ 1050.286866] SyS_memfd_create+0x1fc/0x3c0 [ 1050.291006] ? shmem_fcntl+0x120/0x120 [ 1050.294882] ? __do_page_fault+0x159/0xad0 [ 1050.299113] ? do_syscall_64+0x4c/0x640 [ 1050.303080] ? shmem_fcntl+0x120/0x120 [ 1050.306959] do_syscall_64+0x1d5/0x640 [ 1050.310851] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1050.316037] RIP: 0033:0x7f94265b5049 [ 1050.319739] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1050.327440] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b5049 [ 1050.334731] RDX: 00000000000003fe RSI: 0000000000000000 RDI: 00007f942660e1e0 [ 1050.341992] RBP: 0000000000000001 R08: 00000000000001ff R09: 00007f9424f2a1d0 [ 1050.349255] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 1050.356519] R13: 0000000020000640 R14: 00000000000003fe R15: 0000000020000f80 [ 1050.363831] CPU: 0 PID: 14007 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1050.371714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.381063] Call Trace: [ 1050.383650] dump_stack+0x1b2/0x281 [ 1050.387281] should_fail.cold+0x10a/0x149 [ 1050.391426] should_failslab+0xd6/0x130 10:19:35 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) socket$isdn_base(0x22, 0x3, 0x0) (async, rerun: 32) statx(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x2, &(0x7f00000000c0)) (rerun: 32) [ 1050.395399] kmem_cache_alloc+0x28e/0x3c0 [ 1050.399546] __kernfs_new_node+0x6f/0x470 [ 1050.403698] kernfs_new_node+0x7b/0xe0 [ 1050.407582] __kernfs_create_file+0x3d/0x320 [ 1050.411989] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1050.416656] ? kernfs_create_dir_ns+0x171/0x200 [ 1050.421324] internal_create_group+0x22b/0x710 [ 1050.425909] lo_ioctl+0x1137/0x1cd0 [ 1050.429543] ? loop_set_status64+0xe0/0xe0 [ 1050.433779] blkdev_ioctl+0x540/0x1830 [ 1050.437667] ? blkpg_ioctl+0x8d0/0x8d0 [ 1050.441551] ? trace_hardirqs_on+0x10/0x10 [ 1050.441567] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1050.441577] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1050.441591] block_ioctl+0xd9/0x120 [ 1050.441599] ? blkdev_fallocate+0x3a0/0x3a0 [ 1050.441609] do_vfs_ioctl+0x75a/0xff0 [ 1050.441618] ? lock_acquire+0x170/0x3f0 [ 1050.441627] ? ioctl_preallocate+0x1a0/0x1a0 [ 1050.441638] ? __fget+0x265/0x3e0 [ 1050.441648] ? do_vfs_ioctl+0xff0/0xff0 [ 1050.441661] ? security_file_ioctl+0x83/0xb0 [ 1050.450963] SyS_ioctl+0x7f/0xb0 [ 1050.450970] ? do_vfs_ioctl+0xff0/0xff0 [ 1050.450981] do_syscall_64+0x1d5/0x640 [ 1050.450994] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1050.451003] RIP: 0033:0x7f2e61d65e07 [ 1050.451010] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 [ 1050.476151] ORIG_RAX: 0000000000000010 [ 1050.476158] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1050.476164] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1050.476169] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1050.476174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1050.476180] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1050.505373] qnx4: unable to read the superblock 10:19:36 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 13) 10:19:36 executing program 1: socket(0x24, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x802, 0x0) syz_open_dev$media(&(0x7f0000000080), 0xfffb, 0x1b3e06) socket(0x24, 0x0, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x802, 0x0) (async) syz_open_dev$media(&(0x7f0000000080), 0xfffb, 0x1b3e06) (async) 10:19:36 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 3) 10:19:36 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom0\x00', 0x800, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), r2) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/class/pps', 0x10080, 0x80) (async) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x513043, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r1, 0x110, 0x5, &(0x7f0000000180)=[0x3, 0x3], 0x2) ioctl$BINDER_SET_MAX_THREADS(r3, 0x40046205, &(0x7f00000000c0)=0x1) 10:19:36 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x3, 0x5, &(0x7f0000001240)=[{&(0x7f0000000100)="4e1776edcdc9e7a8d3ce6eaf9415b36f74", 0x11, 0x2}, {&(0x7f0000000140)="9529d8536913b8559d7f87ca2e297f6a36f15be75fe488a8cab193f7ee7ed81041362fed19c45379b4d519e704dfab56e291255025df628d1b48a6", 0x3b, 0x3}, {&(0x7f0000000180)="ab19b16b8cde50ad660c0f8db42b560eadff9ea74269d92143ab00fa389c9abe91991764fc2044c6b657bd1fffe9cdb618574a64c7ddbb5e55f973e1809afd389d814d5eea2bb94da996fbc5da05c9217e2e06809268f8595cf9f6729d05dc2f359af4b64ccdb8216b61ba863e746127a77c8d7b27fbd9a45898a7b1c1a7aff51c6f557579ab1aac30cd23707a5c38b08aa5bf6b98eaa14dc41162d688a86bf09af2681cd0e3afc165d0b23ac086feae0fb407c0f65752b46a2c8aa40ad80aefee4b7227ff5faa2cd3b1a8711cc666835c0beccf8b7395d797575e2c5bb33d2aab2eb950c019efe990306b9fe2068e1837dbf0e21bb023e0a36a41bce63fe5ece67fa68734f9e89096d507f9ab949100cd1348ab696533270787a63c337645703aa52f1bf18d75d80517998ef8282086a635592e7aa84941ec2deeea8ac81e62f930bab50e203e2c1ba6d0810e3faa843be67f66e182901b3139eaf54ed369304f99ed7dff09bd77530318f9fa37deeab5affad8cd709b25edc0831f203b87337718c5e6022076b10fdd2f5286ed176f38b28e40ea3375fa92384d3bccb65eb81e926f76822cd5af9163b5bfe088df9be92970db626708e45742ff12b28b12c3a55660aa33298a5b908efe27990104b4b167773d3c56c25e487c5ddb1a1d181eb8d75bbba553704786e9e7af7e51d610fd13e05bf149c0b7ed281ea23788bbf16ae767ecfbe0c171f71a570f85cee7b9ba552e3a9de8685c7ac72b4cb5e729bad8207d5c64be03b3aed2b5cfbb9dac37cb210513a39a58266bfc051867086a56b5944e1d81f35d1e5bd432cd95e1abb0874a5699189b3c87d2f71ec36549f6569ded510c45312ff72840c69f20a4e1162fee412fe7d82b012254fd519594f56f84cc13f7f91237527cabe08308eef2a08ac27d8cc3be7fcbab82bfafed8326b4f18611786ca4811e918efd274095d8dde7251202df7a8631a888d553c5bcb81536dedfbda81b88744512c93d8714b3b94033d188a60dcde3f3373fbfcf48f7212407ddf0e95702f32c6becd73752cda2c37843f4a646a13458e9bf7058ea427103652fb13ea10a25879f62df283637cba672a75d434d952c9e82bf62e78fbdd6042d7c2d9a48143c0e223847131b6b86c5c4f008d0fa959a0b0dfe1083f9c757658572c52d9383e857d69ce81ff521a132a6766acea5d400899c90180d7bcd92302dd18a93012bd25cd9f1ca58f64ac369e698bb727859377fce7df91565151bbc5e0933bc5cb03018bce3f67ab61b9ca5ddfb8ea04254237f6b956b4b2750ebd044788bad02eb9a727b04cdef9708619a71ecf2fafdc0b2577b834cfba9c52777d4a3120b9df2da35c182d08aa3a76ec530b7ad2e44407635c931e9790f472ad20619d4a91cbedcc12389c6ade6b82fd3b248c7245e51952c79a6b88d960bec3533eec5207bf533970ea9a0f938862c9b734192184785626887b2156a3afadd21061dda87cea825ba9ca95863eb446f3d7b6ab9835da75cb86bfe52642b39235e2180955b40411c83f2bd7d625a0ac56b46e1630fed4b71117679d371dae68b889992724b9017cb1be1ab16e7f53588e75e686f72fb5ea6998826a6b281b122e3e643fd79752b0809359e3996c19ce13cc172adcd15831c2d1ed44affe40dd030f4fb7c82fd61aff8b2382b4cf7d8d83626de9027e989bd92913f6917e5eda64eec7d31242af5e8f21d1aa4f1dcc0f516b8038aea379e142e3212186480132c3ad928b0bf6596bd21154c39d86bafd1ec4f93dd9328e8695f80d3774ad39baab5e52ab46ca57de2242aa1e64e6574f2124835ce40a7ad9dbb6d626f5db24dbc0a7a30eaada1bcca7431c539291df43a10f38fc3e854b19c5cfa5c79a15a0c68761b6c54108650d3c7a44336a532cefd9ba11527dbfd759a0643631567a4cb0d2b9bf720041a13d3107355a10aa8a58cfe30f6d5bfe0bcb64dda4393a5a4cb3ab5648c02b786376cc9d2cf39c11d0877e7d4ee13f70f0f3615084621325e190266af869f4051fedbf2c906f33f20863f77a75eca2256fdea4c88cb45a71989080607b1719253bce697835c975f61a8578de7a7efaa7e6174b67017300a06f77c531febc0e79b67b6d012298dce801db80a3667c8f213891628b68098612857801665db40df7ec35be5634ec20e5235361ba2d725b22c58d55ea7769c90138debc7b55a416b3282e35f3d3ded12052012edc1275e2eed17f193a51b3f487048c74129c738e0a63173c0e6c00a605a8ae01bbfe391b3621c7c4d6e5dd0ccb01e04308a6736a3d1300ca9b0e35d4dedd066806c2d10678a7c7b5ac389c0dc0485c7931b0b7da367057652f732a77eea1409b5201d105f5ee3f0d8c7243465fa41669968694a54392b9329d385a87b3d2384484813968c8cc20f516c9c77ce25ac0ed90919a95a392219cbf89eb23bdca171676e77236cf0f9566ebd2a0e1911848c3dd0e42164d6866aaa54a9adf2a6e7343dc5ccb9d66ab794d4a55c2871dc514ead06b3e9c553c281c861e2cc8f39008da7f4f5022a693c56ec24cd65a8fcf9832398d3fc50a7144bf3794c67785008a3a4ca4045780947b1157155a26d25315beb1572e7c3c4aa3806e0dff3aaf8423516d4075b61c81091f4945d0adefc0440c545744f37304440a6ee54ab3640a3304c6659a7de516feb7a0b1f400f9baadbe1b156dab12454f0ac1ffcb2ddd03f95ba22def3d255046270af71d4028b538b2422742d97b032ab941cfdca6634f8dd08af8f4548c9d432d78de8ed4c474a4e1f406818b09f5fd383a70da62074b1aa3ecfded88916ef6ff40e8b4457061657d5f3702faaa45dc2283ef7eb2c21886b602ce4dc30740d9c72f075dc0b0ba94ee3c4650d0bd445aa5edb989b48f71bc8f50bd0d53fc33e0f0994a789e61942069558658855e74fd4da48bb2cc65153866bcb887e7ab11ccbbb0aa9566e70cc5cc2908b27e0e0c018c33efe24228ade3b9152dd65fa4cdad3ef8678401c0278589af115e6d92424f6f542576c5d13321fe39d6b267c8f06a3e81d8be5bec32c6ae6a6a7c5da6034ce29b8f8314530ad979d090f85c8c815e895c75e4523269880bf825bbf9a04c8c44931bad22e8c6c6e4a07b3278fb32c7f19f1ecca7a843828686fe5321678d57de2baea36db1dadcbbb4d50d0a22c1ab9960c67eaaba63b45c5494d82408f8d426727b60a2f6b10cc77f203d08e8e94368a4d725ce66d8821d4ca7738155c08366ff898f1192e90f196f65af199cee39716fa5266c1f406f4d10fb42a0f61dc0a07a746e265888aa9750d7cd2784e3dbe920457d43e4add91574feced54011cc62064b79bfc55a40a228f496191987594bd1f67700073d98b41443ba3b9bdcda335d153087a1d901f4c90f43f4f167a111ac2a7ff69569755b8b799bbce91daf91c34840336c766d13526eb20cf2111493f7f5a6657778b98ac0ff0d34a73011bc975bb093d655bae54c6debc87ab95bc58a63b98ce32cd31b4be57ea58d4f4d36d6e9d230b1eb5858fc117c4848664508801fbf9d185f88f7c122801f4f71cc7d993be45bbea3bf668a43d20d745f1fdf2d9fbb89682f634eeeb209a80c03929528717d990de4a91d0630fbf01e98edfc458e5e538637db031fe0f0a91f9a1663e24a173da729f45c4b0e83e40ffd1d11893ec9ee87bdf609de53c2777d51166fc89ef83f6c6b63ebd3b2c1c61619d8fb79640c2a7a6a388ce879c5535d742d36f56bbaf681c3cce96111a7b66f7ccd737dc5a3921bc242678b21849269fea5459d6ef6e50bddc02214035146deb5c9603c68af37402242961c04dcc008f3ad4883ea37df035b21deb8a74ea1f2447f0a241b5d70cb5bdf5a069adb7e1aca18bffaf1399ac0052b1ce1fe4d37a5e77dcf1f9545ce638889b2c3787f124b8548d088033412a7f1c95988b97f0ca09dfb28f38d8e26c536afb79c363d724a0093a2fadab294502f0413ca213af4ead3f531b3f52925dc907b200b6962637d766709aae8ec002e62e38fd82ceb136acb33873a60e4d1916b8648f123229cdcd4139f8cf9e1b0af8485752a1b6cab50c0c9bb36fe5d6f07fe88a083574417969980c884f8759f138973a7f28793623196e59cec2bd7ca46f110dde4b3b29dd4301d47f7ebebfc2ac669933f4849098645d7d59b1ab2db82e4e33520d2d8a158ab27dfabb628748180d47b8ab22df657624f8f4f0afa4f1c9c0f362272d2da8edc87cc1f54a30f59dd50a8594a9fdce5cbdbb4da6af7cef44560a6868dbb3645457941076fc8a234c09bec1185756133602940d63e68ab8b518c9a4885fe164cc25a9274b421647c701bec25780eb82ba5d62e16b45795c1234a4ff948d6b844281adc2b8625db0134e9674187a1aac9c28ef7295a86046fb75ab4a2584c3a853748dcc31ecc937550c2008cc330a6ebfcb3412f487349d012d3742723c368aef355e23cb4876b43b10b8ee17f4762b07495c646e35bfbd6ee9c9388e330a2fc580ad7d703598ef43b4d6bdc68a7c28ae141a686b1da73ba10c037f6f1bfb66a9ca5a064934a1f46e6c0c6f7e2a8febb31969143b7e092deca1dbcf550058b6a84a934eaf9f18c12d9857057ca2932575c400581c2f6cec19c34dbc9dded09cb9b117923d14ff39cc46774b9d7d499ec1ea5b5a9b69708d48756a7f0fe458e54d0a8ad3b0e1d7bf6bd3035319737e06abbcc7eadd234fcb05bca2286f0f619723465c11f504f27aaec303c4e46707c9fc1e72a61614489539ae7acefb099fd3002a3070a6d7d2df62900e36e1164fcc880603c5a514581ca15086e36ca458ab77f9fae1bd1ecc378e426ad956228ae4ca43519d755da63fbced116f853d2c4d9178e30bf32f38a6eca7e64c073f69b7e3fdf3548cbd4eaea7a843e9f0ef574a6ae80de9068727a084f85fa5353ad00772447ecaec1f2520dcf97541e3c0a3f984bfa1b99b946f42c5262003488b2471250118560b2b4487d23b76a241a67fd7274a447f17dcf21853b2f641402e7634fa360ac83d6bcd2e88009985792793d3503fe517bc23b1899a8f2e15a1ef49ce0a45ff7b8255d3a1805f352a81471c6cce277ebd340d18eca10f4237d16dddbd54df9303c171f436d1b92c6ba097cc5b21902fe8a3a038959ef8709225511cd5d594379457319088f72b359796c37a1bf2312e4e08bb5b1f1e6013dd6357261309dadb6627377adf6b3341fe66c1a6cc6578050affd30eb98d536229e9a0eac87581eb79b45375331b97f10cd0cbe7bd2b70ca254155f4a4bbc7b1101cfb5e17169efa01713b2528cebb3bd1e16cc4c03dd067491262d4603195e78c355aebaa42e1240fee5b52de2b8f5faf3753bbe9f2d37f898ca41a883ba9f93d2cbdcf2eeb42b2af9cbf1894255731665d3c9420ff553c53fcdf5f3c9a947018b0091346edb9532095c6509e2a755f8316f9a6f1189e94ae1b9a16013ad764b1cd146d9131cf809aeda0fa31afeeccdf16a10a976f6b71d117c0abc07d4905cae9e9368e467debcb51142e810b097780777e376adf5f67e8762ef1fc5bfb7f4f0b14c926d7b91b0b71578761dcc18983ecc5ee4a5965ecd06a19b129a36ef826666d8ba2ebd71f1c1e4869486808215d328873eaf2a6f191518733d7c429ced3221f976fc42f366f39997296f441ab1db475a6d5101180b81f3d72b36b399591f46b508f038f6edda6b8a2904e42056cca62a77d2326ed173f27013e8612db67eea00b9fe7e6270b46db52c1307f92", 0x1000, 0x3483}, {&(0x7f0000001180)="c4609c8d84fc67a02e4407657e1f297222003c350fd654d8530298068f72efb5050816c54b79a70f3a6bcbf331f4a0d95f21e93cb179a5", 0x37, 0xffffffff7fffffff}, {&(0x7f00000011c0)="dfb94de3a6300d0e8dd604cd7933af3ce4ee34c116ce7ef17cbd86cd2c95a7ee039dc811391f186fc14c41b0dedbea3d49d0715b902500972781984e557750198a4428701ef85af0ca834329ed68ad425e5083e2cfda98bd33c9ad331bc0c2bd57dd0840d89a46af4f5e487f2a3b48c2e10f2b03fac0", 0x76, 0x3ff}], 0x8400, &(0x7f00000012c0)={[{}, {'*@'}, {'$!'}, {'/..[!\'\x0e'}], [{@obj_type={'obj_type', 0x3d, '@{.'}}, {@euid_lt={'euid<', 0xee01}}, {@appraise_type}, {@fsmagic={'fsmagic', 0x3d, 0x1}}, {@audit}, {@permit_directio}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@pcr={'pcr', 0x3d, 0x7}}]}) statx(r0, &(0x7f0000001380)='./file0/../file0\x00', 0x400, 0x100, &(0x7f00000013c0)) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x3, 0x5, &(0x7f0000001240)=[{&(0x7f0000000100)="4e1776edcdc9e7a8d3ce6eaf9415b36f74", 0x11, 0x2}, {&(0x7f0000000140)="9529d8536913b8559d7f87ca2e297f6a36f15be75fe488a8cab193f7ee7ed81041362fed19c45379b4d519e704dfab56e291255025df628d1b48a6", 0x3b, 0x3}, {&(0x7f0000000180)="ab19b16b8cde50ad660c0f8db42b560eadff9ea74269d92143ab00fa389c9abe91991764fc2044c6b657bd1fffe9cdb618574a64c7ddbb5e55f973e1809afd389d814d5eea2bb94da996fbc5da05c9217e2e06809268f8595cf9f6729d05dc2f359af4b64ccdb8216b61ba863e746127a77c8d7b27fbd9a45898a7b1c1a7aff51c6f557579ab1aac30cd23707a5c38b08aa5bf6b98eaa14dc41162d688a86bf09af2681cd0e3afc165d0b23ac086feae0fb407c0f65752b46a2c8aa40ad80aefee4b7227ff5faa2cd3b1a8711cc666835c0beccf8b7395d797575e2c5bb33d2aab2eb950c019efe990306b9fe2068e1837dbf0e21bb023e0a36a41bce63fe5ece67fa68734f9e89096d507f9ab949100cd1348ab696533270787a63c337645703aa52f1bf18d75d80517998ef8282086a635592e7aa84941ec2deeea8ac81e62f930bab50e203e2c1ba6d0810e3faa843be67f66e182901b3139eaf54ed369304f99ed7dff09bd77530318f9fa37deeab5affad8cd709b25edc0831f203b87337718c5e6022076b10fdd2f5286ed176f38b28e40ea3375fa92384d3bccb65eb81e926f76822cd5af9163b5bfe088df9be92970db626708e45742ff12b28b12c3a55660aa33298a5b908efe27990104b4b167773d3c56c25e487c5ddb1a1d181eb8d75bbba553704786e9e7af7e51d610fd13e05bf149c0b7ed281ea23788bbf16ae767ecfbe0c171f71a570f85cee7b9ba552e3a9de8685c7ac72b4cb5e729bad8207d5c64be03b3aed2b5cfbb9dac37cb210513a39a58266bfc051867086a56b5944e1d81f35d1e5bd432cd95e1abb0874a5699189b3c87d2f71ec36549f6569ded510c45312ff72840c69f20a4e1162fee412fe7d82b012254fd519594f56f84cc13f7f91237527cabe08308eef2a08ac27d8cc3be7fcbab82bfafed8326b4f18611786ca4811e918efd274095d8dde7251202df7a8631a888d553c5bcb81536dedfbda81b88744512c93d8714b3b94033d188a60dcde3f3373fbfcf48f7212407ddf0e95702f32c6becd73752cda2c37843f4a646a13458e9bf7058ea427103652fb13ea10a25879f62df283637cba672a75d434d952c9e82bf62e78fbdd6042d7c2d9a48143c0e223847131b6b86c5c4f008d0fa959a0b0dfe1083f9c757658572c52d9383e857d69ce81ff521a132a6766acea5d400899c90180d7bcd92302dd18a93012bd25cd9f1ca58f64ac369e698bb727859377fce7df91565151bbc5e0933bc5cb03018bce3f67ab61b9ca5ddfb8ea04254237f6b956b4b2750ebd044788bad02eb9a727b04cdef9708619a71ecf2fafdc0b2577b834cfba9c52777d4a3120b9df2da35c182d08aa3a76ec530b7ad2e44407635c931e9790f472ad20619d4a91cbedcc12389c6ade6b82fd3b248c7245e51952c79a6b88d960bec3533eec5207bf533970ea9a0f938862c9b734192184785626887b2156a3afadd21061dda87cea825ba9ca95863eb446f3d7b6ab9835da75cb86bfe52642b39235e2180955b40411c83f2bd7d625a0ac56b46e1630fed4b71117679d371dae68b889992724b9017cb1be1ab16e7f53588e75e686f72fb5ea6998826a6b281b122e3e643fd79752b0809359e3996c19ce13cc172adcd15831c2d1ed44affe40dd030f4fb7c82fd61aff8b2382b4cf7d8d83626de9027e989bd92913f6917e5eda64eec7d31242af5e8f21d1aa4f1dcc0f516b8038aea379e142e3212186480132c3ad928b0bf6596bd21154c39d86bafd1ec4f93dd9328e8695f80d3774ad39baab5e52ab46ca57de2242aa1e64e6574f2124835ce40a7ad9dbb6d626f5db24dbc0a7a30eaada1bcca7431c539291df43a10f38fc3e854b19c5cfa5c79a15a0c68761b6c54108650d3c7a44336a532cefd9ba11527dbfd759a0643631567a4cb0d2b9bf720041a13d3107355a10aa8a58cfe30f6d5bfe0bcb64dda4393a5a4cb3ab5648c02b786376cc9d2cf39c11d0877e7d4ee13f70f0f3615084621325e190266af869f4051fedbf2c906f33f20863f77a75eca2256fdea4c88cb45a71989080607b1719253bce697835c975f61a8578de7a7efaa7e6174b67017300a06f77c531febc0e79b67b6d012298dce801db80a3667c8f213891628b68098612857801665db40df7ec35be5634ec20e5235361ba2d725b22c58d55ea7769c90138debc7b55a416b3282e35f3d3ded12052012edc1275e2eed17f193a51b3f487048c74129c738e0a63173c0e6c00a605a8ae01bbfe391b3621c7c4d6e5dd0ccb01e04308a6736a3d1300ca9b0e35d4dedd066806c2d10678a7c7b5ac389c0dc0485c7931b0b7da367057652f732a77eea1409b5201d105f5ee3f0d8c7243465fa41669968694a54392b9329d385a87b3d2384484813968c8cc20f516c9c77ce25ac0ed90919a95a392219cbf89eb23bdca171676e77236cf0f9566ebd2a0e1911848c3dd0e42164d6866aaa54a9adf2a6e7343dc5ccb9d66ab794d4a55c2871dc514ead06b3e9c553c281c861e2cc8f39008da7f4f5022a693c56ec24cd65a8fcf9832398d3fc50a7144bf3794c67785008a3a4ca4045780947b1157155a26d25315beb1572e7c3c4aa3806e0dff3aaf8423516d4075b61c81091f4945d0adefc0440c545744f37304440a6ee54ab3640a3304c6659a7de516feb7a0b1f400f9baadbe1b156dab12454f0ac1ffcb2ddd03f95ba22def3d255046270af71d4028b538b2422742d97b032ab941cfdca6634f8dd08af8f4548c9d432d78de8ed4c474a4e1f406818b09f5fd383a70da62074b1aa3ecfded88916ef6ff40e8b4457061657d5f3702faaa45dc2283ef7eb2c21886b602ce4dc30740d9c72f075dc0b0ba94ee3c4650d0bd445aa5edb989b48f71bc8f50bd0d53fc33e0f0994a789e61942069558658855e74fd4da48bb2cc65153866bcb887e7ab11ccbbb0aa9566e70cc5cc2908b27e0e0c018c33efe24228ade3b9152dd65fa4cdad3ef8678401c0278589af115e6d92424f6f542576c5d13321fe39d6b267c8f06a3e81d8be5bec32c6ae6a6a7c5da6034ce29b8f8314530ad979d090f85c8c815e895c75e4523269880bf825bbf9a04c8c44931bad22e8c6c6e4a07b3278fb32c7f19f1ecca7a843828686fe5321678d57de2baea36db1dadcbbb4d50d0a22c1ab9960c67eaaba63b45c5494d82408f8d426727b60a2f6b10cc77f203d08e8e94368a4d725ce66d8821d4ca7738155c08366ff898f1192e90f196f65af199cee39716fa5266c1f406f4d10fb42a0f61dc0a07a746e265888aa9750d7cd2784e3dbe920457d43e4add91574feced54011cc62064b79bfc55a40a228f496191987594bd1f67700073d98b41443ba3b9bdcda335d153087a1d901f4c90f43f4f167a111ac2a7ff69569755b8b799bbce91daf91c34840336c766d13526eb20cf2111493f7f5a6657778b98ac0ff0d34a73011bc975bb093d655bae54c6debc87ab95bc58a63b98ce32cd31b4be57ea58d4f4d36d6e9d230b1eb5858fc117c4848664508801fbf9d185f88f7c122801f4f71cc7d993be45bbea3bf668a43d20d745f1fdf2d9fbb89682f634eeeb209a80c03929528717d990de4a91d0630fbf01e98edfc458e5e538637db031fe0f0a91f9a1663e24a173da729f45c4b0e83e40ffd1d11893ec9ee87bdf609de53c2777d51166fc89ef83f6c6b63ebd3b2c1c61619d8fb79640c2a7a6a388ce879c5535d742d36f56bbaf681c3cce96111a7b66f7ccd737dc5a3921bc242678b21849269fea5459d6ef6e50bddc02214035146deb5c9603c68af37402242961c04dcc008f3ad4883ea37df035b21deb8a74ea1f2447f0a241b5d70cb5bdf5a069adb7e1aca18bffaf1399ac0052b1ce1fe4d37a5e77dcf1f9545ce638889b2c3787f124b8548d088033412a7f1c95988b97f0ca09dfb28f38d8e26c536afb79c363d724a0093a2fadab294502f0413ca213af4ead3f531b3f52925dc907b200b6962637d766709aae8ec002e62e38fd82ceb136acb33873a60e4d1916b8648f123229cdcd4139f8cf9e1b0af8485752a1b6cab50c0c9bb36fe5d6f07fe88a083574417969980c884f8759f138973a7f28793623196e59cec2bd7ca46f110dde4b3b29dd4301d47f7ebebfc2ac669933f4849098645d7d59b1ab2db82e4e33520d2d8a158ab27dfabb628748180d47b8ab22df657624f8f4f0afa4f1c9c0f362272d2da8edc87cc1f54a30f59dd50a8594a9fdce5cbdbb4da6af7cef44560a6868dbb3645457941076fc8a234c09bec1185756133602940d63e68ab8b518c9a4885fe164cc25a9274b421647c701bec25780eb82ba5d62e16b45795c1234a4ff948d6b844281adc2b8625db0134e9674187a1aac9c28ef7295a86046fb75ab4a2584c3a853748dcc31ecc937550c2008cc330a6ebfcb3412f487349d012d3742723c368aef355e23cb4876b43b10b8ee17f4762b07495c646e35bfbd6ee9c9388e330a2fc580ad7d703598ef43b4d6bdc68a7c28ae141a686b1da73ba10c037f6f1bfb66a9ca5a064934a1f46e6c0c6f7e2a8febb31969143b7e092deca1dbcf550058b6a84a934eaf9f18c12d9857057ca2932575c400581c2f6cec19c34dbc9dded09cb9b117923d14ff39cc46774b9d7d499ec1ea5b5a9b69708d48756a7f0fe458e54d0a8ad3b0e1d7bf6bd3035319737e06abbcc7eadd234fcb05bca2286f0f619723465c11f504f27aaec303c4e46707c9fc1e72a61614489539ae7acefb099fd3002a3070a6d7d2df62900e36e1164fcc880603c5a514581ca15086e36ca458ab77f9fae1bd1ecc378e426ad956228ae4ca43519d755da63fbced116f853d2c4d9178e30bf32f38a6eca7e64c073f69b7e3fdf3548cbd4eaea7a843e9f0ef574a6ae80de9068727a084f85fa5353ad00772447ecaec1f2520dcf97541e3c0a3f984bfa1b99b946f42c5262003488b2471250118560b2b4487d23b76a241a67fd7274a447f17dcf21853b2f641402e7634fa360ac83d6bcd2e88009985792793d3503fe517bc23b1899a8f2e15a1ef49ce0a45ff7b8255d3a1805f352a81471c6cce277ebd340d18eca10f4237d16dddbd54df9303c171f436d1b92c6ba097cc5b21902fe8a3a038959ef8709225511cd5d594379457319088f72b359796c37a1bf2312e4e08bb5b1f1e6013dd6357261309dadb6627377adf6b3341fe66c1a6cc6578050affd30eb98d536229e9a0eac87581eb79b45375331b97f10cd0cbe7bd2b70ca254155f4a4bbc7b1101cfb5e17169efa01713b2528cebb3bd1e16cc4c03dd067491262d4603195e78c355aebaa42e1240fee5b52de2b8f5faf3753bbe9f2d37f898ca41a883ba9f93d2cbdcf2eeb42b2af9cbf1894255731665d3c9420ff553c53fcdf5f3c9a947018b0091346edb9532095c6509e2a755f8316f9a6f1189e94ae1b9a16013ad764b1cd146d9131cf809aeda0fa31afeeccdf16a10a976f6b71d117c0abc07d4905cae9e9368e467debcb51142e810b097780777e376adf5f67e8762ef1fc5bfb7f4f0b14c926d7b91b0b71578761dcc18983ecc5ee4a5965ecd06a19b129a36ef826666d8ba2ebd71f1c1e4869486808215d328873eaf2a6f191518733d7c429ced3221f976fc42f366f39997296f441ab1db475a6d5101180b81f3d72b36b399591f46b508f038f6edda6b8a2904e42056cca62a77d2326ed173f27013e8612db67eea00b9fe7e6270b46db52c1307f92", 0x1000, 0x3483}, {&(0x7f0000001180)="c4609c8d84fc67a02e4407657e1f297222003c350fd654d8530298068f72efb5050816c54b79a70f3a6bcbf331f4a0d95f21e93cb179a5", 0x37, 0xffffffff7fffffff}, {&(0x7f00000011c0)="dfb94de3a6300d0e8dd604cd7933af3ce4ee34c116ce7ef17cbd86cd2c95a7ee039dc811391f186fc14c41b0dedbea3d49d0715b902500972781984e557750198a4428701ef85af0ca834329ed68ad425e5083e2cfda98bd33c9ad331bc0c2bd57dd0840d89a46af4f5e487f2a3b48c2e10f2b03fac0", 0x76, 0x3ff}], 0x8400, &(0x7f00000012c0)={[{}, {'*@'}, {'$!'}, {'/..[!\'\x0e'}], [{@obj_type={'obj_type', 0x3d, '@{.'}}, {@euid_lt={'euid<', 0xee01}}, {@appraise_type}, {@fsmagic={'fsmagic', 0x3d, 0x1}}, {@audit}, {@permit_directio}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@pcr={'pcr', 0x3d, 0x7}}]}) (async) statx(r0, &(0x7f0000001380)='./file0/../file0\x00', 0x400, 0x100, &(0x7f00000013c0)) (async) 10:19:36 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:36 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x90050001}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x1401, 0x200, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x40801}, 0xc044015) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f0000000040)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:36 executing program 1: socket(0x24, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x802, 0x0) syz_open_dev$media(&(0x7f0000000080), 0xfffb, 0x1b3e06) socket(0x24, 0x0, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder1\x00', 0x802, 0x0) (async) syz_open_dev$media(&(0x7f0000000080), 0xfffb, 0x1b3e06) (async) [ 1050.717801] FAULT_INJECTION: forcing a failure. [ 1050.717801] name failslab, interval 1, probability 0, space 0, times 0 [ 1050.723774] FAULT_INJECTION: forcing a failure. [ 1050.723774] name failslab, interval 1, probability 0, space 0, times 0 [ 1050.729402] CPU: 0 PID: 14064 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1050.748204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.757556] Call Trace: [ 1050.760149] dump_stack+0x1b2/0x281 [ 1050.763768] should_fail.cold+0x10a/0x149 [ 1050.767900] should_failslab+0xd6/0x130 [ 1050.771855] kmem_cache_alloc+0x40/0x3c0 [ 1050.775895] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 1050.781504] idr_get_free_cmn+0x595/0x8d0 [ 1050.785636] ? trace_hardirqs_on+0x10/0x10 [ 1050.789849] idr_alloc_cmn+0xe8/0x1e0 [ 1050.793632] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 1050.798454] ? cpuacct_charge+0x1cf/0x350 [ 1050.802582] ? fs_reclaim_release+0xd0/0x110 [ 1050.806967] idr_alloc_cyclic+0xc2/0x1d0 [ 1050.811008] ? idr_alloc_cmn+0x1e0/0x1e0 [ 1050.815058] ? __radix_tree_preload+0x1c3/0x250 [ 1050.819706] __kernfs_new_node+0xaf/0x470 [ 1050.823832] kernfs_create_dir_ns+0x8c/0x200 [ 1050.828219] internal_create_group+0xe9/0x710 [ 1050.832692] lo_ioctl+0x1137/0x1cd0 [ 1050.836301] ? loop_set_status64+0xe0/0xe0 [ 1050.840565] blkdev_ioctl+0x540/0x1830 [ 1050.844431] ? blkpg_ioctl+0x8d0/0x8d0 [ 1050.848293] ? trace_hardirqs_on+0x10/0x10 [ 1050.852505] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1050.857636] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1050.862640] block_ioctl+0xd9/0x120 [ 1050.866242] ? blkdev_fallocate+0x3a0/0x3a0 [ 1050.870541] do_vfs_ioctl+0x75a/0xff0 [ 1050.874323] ? lock_acquire+0x170/0x3f0 [ 1050.878274] ? ioctl_preallocate+0x1a0/0x1a0 [ 1050.882676] ? __fget+0x265/0x3e0 [ 1050.886113] ? do_vfs_ioctl+0xff0/0xff0 [ 1050.890072] ? security_file_ioctl+0x83/0xb0 [ 1050.894461] SyS_ioctl+0x7f/0xb0 [ 1050.897802] ? do_vfs_ioctl+0xff0/0xff0 [ 1050.901754] do_syscall_64+0x1d5/0x640 [ 1050.905628] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1050.910794] RIP: 0033:0x7f2e61d65e07 [ 1050.914481] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1050.922299] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1050.929551] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1050.936803] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1050.944056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1050.951308] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1050.979395] CPU: 1 PID: 14067 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1050.987297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.996656] Call Trace: [ 1050.999262] dump_stack+0x1b2/0x281 [ 1051.002895] should_fail.cold+0x10a/0x149 [ 1051.003093] qnx4: unable to read the superblock [ 1051.007044] should_failslab+0xd6/0x130 [ 1051.007058] kmem_cache_alloc+0x28e/0x3c0 [ 1051.007069] ? shmem_destroy_callback+0xa0/0xa0 [ 1051.007079] shmem_alloc_inode+0x18/0x40 [ 1051.007088] ? shmem_destroy_callback+0xa0/0xa0 [ 1051.007095] alloc_inode+0x5d/0x170 [ 1051.007106] new_inode+0x1d/0xf0 [ 1051.040157] shmem_get_inode+0x8b/0x890 [ 1051.044141] __shmem_file_setup.part.0+0x104/0x3c0 [ 1051.049077] ? shmem_create+0x30/0x30 [ 1051.052880] ? __alloc_fd+0x1be/0x490 [ 1051.056687] SyS_memfd_create+0x1fc/0x3c0 [ 1051.060835] ? shmem_fcntl+0x120/0x120 [ 1051.064720] ? __do_page_fault+0x159/0xad0 [ 1051.068954] ? do_syscall_64+0x4c/0x640 [ 1051.072924] ? shmem_fcntl+0x120/0x120 [ 1051.076814] do_syscall_64+0x1d5/0x640 [ 1051.080709] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1051.085891] RIP: 0033:0x7f94265b5049 [ 1051.089597] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1051.097309] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b5049 [ 1051.104572] RDX: 00000000000003fe RSI: 0000000000000000 RDI: 00007f942660e1e0 [ 1051.111846] RBP: 0000000000000001 R08: 00000000000001ff R09: 00007f9424f2a1d0 [ 1051.119112] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 10:19:36 executing program 1: msgctl$IPC_RMID(0xffffffffffffffff, 0x0) socket(0x24, 0x0, 0x0) 10:19:36 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x90050001}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x1401, 0x200, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x40801}, 0xc044015) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f0000000040)) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:36 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x90050001}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x1401, 0x200, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x40801}, 0xc044015) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f0000000040)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x90050001}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, 0x1401, 0x200, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x40801}, 0xc044015) (async) ioctl$SNDCTL_SEQ_NRMIDIS(r0, 0x8004510b, &(0x7f0000000040)) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) 10:19:36 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1051.126378] R13: 0000000020000640 R14: 00000000000003fe R15: 0000000020000f80 10:19:36 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 14) 10:19:36 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 4) 10:19:36 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:36 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x3, 0x5, &(0x7f0000001240)=[{&(0x7f0000000100)="4e1776edcdc9e7a8d3ce6eaf9415b36f74", 0x11, 0x2}, {&(0x7f0000000140)="9529d8536913b8559d7f87ca2e297f6a36f15be75fe488a8cab193f7ee7ed81041362fed19c45379b4d519e704dfab56e291255025df628d1b48a6", 0x3b, 0x3}, {&(0x7f0000000180)="ab19b16b8cde50ad660c0f8db42b560eadff9ea74269d92143ab00fa389c9abe91991764fc2044c6b657bd1fffe9cdb618574a64c7ddbb5e55f973e1809afd389d814d5eea2bb94da996fbc5da05c9217e2e06809268f8595cf9f6729d05dc2f359af4b64ccdb8216b61ba863e746127a77c8d7b27fbd9a45898a7b1c1a7aff51c6f557579ab1aac30cd23707a5c38b08aa5bf6b98eaa14dc41162d688a86bf09af2681cd0e3afc165d0b23ac086feae0fb407c0f65752b46a2c8aa40ad80aefee4b7227ff5faa2cd3b1a8711cc666835c0beccf8b7395d797575e2c5bb33d2aab2eb950c019efe990306b9fe2068e1837dbf0e21bb023e0a36a41bce63fe5ece67fa68734f9e89096d507f9ab949100cd1348ab696533270787a63c337645703aa52f1bf18d75d80517998ef8282086a635592e7aa84941ec2deeea8ac81e62f930bab50e203e2c1ba6d0810e3faa843be67f66e182901b3139eaf54ed369304f99ed7dff09bd77530318f9fa37deeab5affad8cd709b25edc0831f203b87337718c5e6022076b10fdd2f5286ed176f38b28e40ea3375fa92384d3bccb65eb81e926f76822cd5af9163b5bfe088df9be92970db626708e45742ff12b28b12c3a55660aa33298a5b908efe27990104b4b167773d3c56c25e487c5ddb1a1d181eb8d75bbba553704786e9e7af7e51d610fd13e05bf149c0b7ed281ea23788bbf16ae767ecfbe0c171f71a570f85cee7b9ba552e3a9de8685c7ac72b4cb5e729bad8207d5c64be03b3aed2b5cfbb9dac37cb210513a39a58266bfc051867086a56b5944e1d81f35d1e5bd432cd95e1abb0874a5699189b3c87d2f71ec36549f6569ded510c45312ff72840c69f20a4e1162fee412fe7d82b012254fd519594f56f84cc13f7f91237527cabe08308eef2a08ac27d8cc3be7fcbab82bfafed8326b4f18611786ca4811e918efd274095d8dde7251202df7a8631a888d553c5bcb81536dedfbda81b88744512c93d8714b3b94033d188a60dcde3f3373fbfcf48f7212407ddf0e95702f32c6becd73752cda2c37843f4a646a13458e9bf7058ea427103652fb13ea10a25879f62df283637cba672a75d434d952c9e82bf62e78fbdd6042d7c2d9a48143c0e223847131b6b86c5c4f008d0fa959a0b0dfe1083f9c757658572c52d9383e857d69ce81ff521a132a6766acea5d400899c90180d7bcd92302dd18a93012bd25cd9f1ca58f64ac369e698bb727859377fce7df91565151bbc5e0933bc5cb03018bce3f67ab61b9ca5ddfb8ea04254237f6b956b4b2750ebd044788bad02eb9a727b04cdef9708619a71ecf2fafdc0b2577b834cfba9c52777d4a3120b9df2da35c182d08aa3a76ec530b7ad2e44407635c931e9790f472ad20619d4a91cbedcc12389c6ade6b82fd3b248c7245e51952c79a6b88d960bec3533eec5207bf533970ea9a0f938862c9b734192184785626887b2156a3afadd21061dda87cea825ba9ca95863eb446f3d7b6ab9835da75cb86bfe52642b39235e2180955b40411c83f2bd7d625a0ac56b46e1630fed4b71117679d371dae68b889992724b9017cb1be1ab16e7f53588e75e686f72fb5ea6998826a6b281b122e3e643fd79752b0809359e3996c19ce13cc172adcd15831c2d1ed44affe40dd030f4fb7c82fd61aff8b2382b4cf7d8d83626de9027e989bd92913f6917e5eda64eec7d31242af5e8f21d1aa4f1dcc0f516b8038aea379e142e3212186480132c3ad928b0bf6596bd21154c39d86bafd1ec4f93dd9328e8695f80d3774ad39baab5e52ab46ca57de2242aa1e64e6574f2124835ce40a7ad9dbb6d626f5db24dbc0a7a30eaada1bcca7431c539291df43a10f38fc3e854b19c5cfa5c79a15a0c68761b6c54108650d3c7a44336a532cefd9ba11527dbfd759a0643631567a4cb0d2b9bf720041a13d3107355a10aa8a58cfe30f6d5bfe0bcb64dda4393a5a4cb3ab5648c02b786376cc9d2cf39c11d0877e7d4ee13f70f0f3615084621325e190266af869f4051fedbf2c906f33f20863f77a75eca2256fdea4c88cb45a71989080607b1719253bce697835c975f61a8578de7a7efaa7e6174b67017300a06f77c531febc0e79b67b6d012298dce801db80a3667c8f213891628b68098612857801665db40df7ec35be5634ec20e5235361ba2d725b22c58d55ea7769c90138debc7b55a416b3282e35f3d3ded12052012edc1275e2eed17f193a51b3f487048c74129c738e0a63173c0e6c00a605a8ae01bbfe391b3621c7c4d6e5dd0ccb01e04308a6736a3d1300ca9b0e35d4dedd066806c2d10678a7c7b5ac389c0dc0485c7931b0b7da367057652f732a77eea1409b5201d105f5ee3f0d8c7243465fa41669968694a54392b9329d385a87b3d2384484813968c8cc20f516c9c77ce25ac0ed90919a95a392219cbf89eb23bdca171676e77236cf0f9566ebd2a0e1911848c3dd0e42164d6866aaa54a9adf2a6e7343dc5ccb9d66ab794d4a55c2871dc514ead06b3e9c553c281c861e2cc8f39008da7f4f5022a693c56ec24cd65a8fcf9832398d3fc50a7144bf3794c67785008a3a4ca4045780947b1157155a26d25315beb1572e7c3c4aa3806e0dff3aaf8423516d4075b61c81091f4945d0adefc0440c545744f37304440a6ee54ab3640a3304c6659a7de516feb7a0b1f400f9baadbe1b156dab12454f0ac1ffcb2ddd03f95ba22def3d255046270af71d4028b538b2422742d97b032ab941cfdca6634f8dd08af8f4548c9d432d78de8ed4c474a4e1f406818b09f5fd383a70da62074b1aa3ecfded88916ef6ff40e8b4457061657d5f3702faaa45dc2283ef7eb2c21886b602ce4dc30740d9c72f075dc0b0ba94ee3c4650d0bd445aa5edb989b48f71bc8f50bd0d53fc33e0f0994a789e61942069558658855e74fd4da48bb2cc65153866bcb887e7ab11ccbbb0aa9566e70cc5cc2908b27e0e0c018c33efe24228ade3b9152dd65fa4cdad3ef8678401c0278589af115e6d92424f6f542576c5d13321fe39d6b267c8f06a3e81d8be5bec32c6ae6a6a7c5da6034ce29b8f8314530ad979d090f85c8c815e895c75e4523269880bf825bbf9a04c8c44931bad22e8c6c6e4a07b3278fb32c7f19f1ecca7a843828686fe5321678d57de2baea36db1dadcbbb4d50d0a22c1ab9960c67eaaba63b45c5494d82408f8d426727b60a2f6b10cc77f203d08e8e94368a4d725ce66d8821d4ca7738155c08366ff898f1192e90f196f65af199cee39716fa5266c1f406f4d10fb42a0f61dc0a07a746e265888aa9750d7cd2784e3dbe920457d43e4add91574feced54011cc62064b79bfc55a40a228f496191987594bd1f67700073d98b41443ba3b9bdcda335d153087a1d901f4c90f43f4f167a111ac2a7ff69569755b8b799bbce91daf91c34840336c766d13526eb20cf2111493f7f5a6657778b98ac0ff0d34a73011bc975bb093d655bae54c6debc87ab95bc58a63b98ce32cd31b4be57ea58d4f4d36d6e9d230b1eb5858fc117c4848664508801fbf9d185f88f7c122801f4f71cc7d993be45bbea3bf668a43d20d745f1fdf2d9fbb89682f634eeeb209a80c03929528717d990de4a91d0630fbf01e98edfc458e5e538637db031fe0f0a91f9a1663e24a173da729f45c4b0e83e40ffd1d11893ec9ee87bdf609de53c2777d51166fc89ef83f6c6b63ebd3b2c1c61619d8fb79640c2a7a6a388ce879c5535d742d36f56bbaf681c3cce96111a7b66f7ccd737dc5a3921bc242678b21849269fea5459d6ef6e50bddc02214035146deb5c9603c68af37402242961c04dcc008f3ad4883ea37df035b21deb8a74ea1f2447f0a241b5d70cb5bdf5a069adb7e1aca18bffaf1399ac0052b1ce1fe4d37a5e77dcf1f9545ce638889b2c3787f124b8548d088033412a7f1c95988b97f0ca09dfb28f38d8e26c536afb79c363d724a0093a2fadab294502f0413ca213af4ead3f531b3f52925dc907b200b6962637d766709aae8ec002e62e38fd82ceb136acb33873a60e4d1916b8648f123229cdcd4139f8cf9e1b0af8485752a1b6cab50c0c9bb36fe5d6f07fe88a083574417969980c884f8759f138973a7f28793623196e59cec2bd7ca46f110dde4b3b29dd4301d47f7ebebfc2ac669933f4849098645d7d59b1ab2db82e4e33520d2d8a158ab27dfabb628748180d47b8ab22df657624f8f4f0afa4f1c9c0f362272d2da8edc87cc1f54a30f59dd50a8594a9fdce5cbdbb4da6af7cef44560a6868dbb3645457941076fc8a234c09bec1185756133602940d63e68ab8b518c9a4885fe164cc25a9274b421647c701bec25780eb82ba5d62e16b45795c1234a4ff948d6b844281adc2b8625db0134e9674187a1aac9c28ef7295a86046fb75ab4a2584c3a853748dcc31ecc937550c2008cc330a6ebfcb3412f487349d012d3742723c368aef355e23cb4876b43b10b8ee17f4762b07495c646e35bfbd6ee9c9388e330a2fc580ad7d703598ef43b4d6bdc68a7c28ae141a686b1da73ba10c037f6f1bfb66a9ca5a064934a1f46e6c0c6f7e2a8febb31969143b7e092deca1dbcf550058b6a84a934eaf9f18c12d9857057ca2932575c400581c2f6cec19c34dbc9dded09cb9b117923d14ff39cc46774b9d7d499ec1ea5b5a9b69708d48756a7f0fe458e54d0a8ad3b0e1d7bf6bd3035319737e06abbcc7eadd234fcb05bca2286f0f619723465c11f504f27aaec303c4e46707c9fc1e72a61614489539ae7acefb099fd3002a3070a6d7d2df62900e36e1164fcc880603c5a514581ca15086e36ca458ab77f9fae1bd1ecc378e426ad956228ae4ca43519d755da63fbced116f853d2c4d9178e30bf32f38a6eca7e64c073f69b7e3fdf3548cbd4eaea7a843e9f0ef574a6ae80de9068727a084f85fa5353ad00772447ecaec1f2520dcf97541e3c0a3f984bfa1b99b946f42c5262003488b2471250118560b2b4487d23b76a241a67fd7274a447f17dcf21853b2f641402e7634fa360ac83d6bcd2e88009985792793d3503fe517bc23b1899a8f2e15a1ef49ce0a45ff7b8255d3a1805f352a81471c6cce277ebd340d18eca10f4237d16dddbd54df9303c171f436d1b92c6ba097cc5b21902fe8a3a038959ef8709225511cd5d594379457319088f72b359796c37a1bf2312e4e08bb5b1f1e6013dd6357261309dadb6627377adf6b3341fe66c1a6cc6578050affd30eb98d536229e9a0eac87581eb79b45375331b97f10cd0cbe7bd2b70ca254155f4a4bbc7b1101cfb5e17169efa01713b2528cebb3bd1e16cc4c03dd067491262d4603195e78c355aebaa42e1240fee5b52de2b8f5faf3753bbe9f2d37f898ca41a883ba9f93d2cbdcf2eeb42b2af9cbf1894255731665d3c9420ff553c53fcdf5f3c9a947018b0091346edb9532095c6509e2a755f8316f9a6f1189e94ae1b9a16013ad764b1cd146d9131cf809aeda0fa31afeeccdf16a10a976f6b71d117c0abc07d4905cae9e9368e467debcb51142e810b097780777e376adf5f67e8762ef1fc5bfb7f4f0b14c926d7b91b0b71578761dcc18983ecc5ee4a5965ecd06a19b129a36ef826666d8ba2ebd71f1c1e4869486808215d328873eaf2a6f191518733d7c429ced3221f976fc42f366f39997296f441ab1db475a6d5101180b81f3d72b36b399591f46b508f038f6edda6b8a2904e42056cca62a77d2326ed173f27013e8612db67eea00b9fe7e6270b46db52c1307f92", 0x1000, 0x3483}, {&(0x7f0000001180)="c4609c8d84fc67a02e4407657e1f297222003c350fd654d8530298068f72efb5050816c54b79a70f3a6bcbf331f4a0d95f21e93cb179a5", 0x37, 0xffffffff7fffffff}, {&(0x7f00000011c0)="dfb94de3a6300d0e8dd604cd7933af3ce4ee34c116ce7ef17cbd86cd2c95a7ee039dc811391f186fc14c41b0dedbea3d49d0715b902500972781984e557750198a4428701ef85af0ca834329ed68ad425e5083e2cfda98bd33c9ad331bc0c2bd57dd0840d89a46af4f5e487f2a3b48c2e10f2b03fac0", 0x76, 0x3ff}], 0x8400, &(0x7f00000012c0)={[{}, {'*@'}, {'$!'}, {'/..[!\'\x0e'}], [{@obj_type={'obj_type', 0x3d, '@{.'}}, {@euid_lt={'euid<', 0xee01}}, {@appraise_type}, {@fsmagic={'fsmagic', 0x3d, 0x1}}, {@audit}, {@permit_directio}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@pcr={'pcr', 0x3d, 0x7}}]}) statx(r0, &(0x7f0000001380)='./file0/../file0\x00', 0x400, 0x100, &(0x7f00000013c0)) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x3, 0x5, &(0x7f0000001240)=[{&(0x7f0000000100)="4e1776edcdc9e7a8d3ce6eaf9415b36f74", 0x11, 0x2}, {&(0x7f0000000140)="9529d8536913b8559d7f87ca2e297f6a36f15be75fe488a8cab193f7ee7ed81041362fed19c45379b4d519e704dfab56e291255025df628d1b48a6", 0x3b, 0x3}, {&(0x7f0000000180)="ab19b16b8cde50ad660c0f8db42b560eadff9ea74269d92143ab00fa389c9abe91991764fc2044c6b657bd1fffe9cdb618574a64c7ddbb5e55f973e1809afd389d814d5eea2bb94da996fbc5da05c9217e2e06809268f8595cf9f6729d05dc2f359af4b64ccdb8216b61ba863e746127a77c8d7b27fbd9a45898a7b1c1a7aff51c6f557579ab1aac30cd23707a5c38b08aa5bf6b98eaa14dc41162d688a86bf09af2681cd0e3afc165d0b23ac086feae0fb407c0f65752b46a2c8aa40ad80aefee4b7227ff5faa2cd3b1a8711cc666835c0beccf8b7395d797575e2c5bb33d2aab2eb950c019efe990306b9fe2068e1837dbf0e21bb023e0a36a41bce63fe5ece67fa68734f9e89096d507f9ab949100cd1348ab696533270787a63c337645703aa52f1bf18d75d80517998ef8282086a635592e7aa84941ec2deeea8ac81e62f930bab50e203e2c1ba6d0810e3faa843be67f66e182901b3139eaf54ed369304f99ed7dff09bd77530318f9fa37deeab5affad8cd709b25edc0831f203b87337718c5e6022076b10fdd2f5286ed176f38b28e40ea3375fa92384d3bccb65eb81e926f76822cd5af9163b5bfe088df9be92970db626708e45742ff12b28b12c3a55660aa33298a5b908efe27990104b4b167773d3c56c25e487c5ddb1a1d181eb8d75bbba553704786e9e7af7e51d610fd13e05bf149c0b7ed281ea23788bbf16ae767ecfbe0c171f71a570f85cee7b9ba552e3a9de8685c7ac72b4cb5e729bad8207d5c64be03b3aed2b5cfbb9dac37cb210513a39a58266bfc051867086a56b5944e1d81f35d1e5bd432cd95e1abb0874a5699189b3c87d2f71ec36549f6569ded510c45312ff72840c69f20a4e1162fee412fe7d82b012254fd519594f56f84cc13f7f91237527cabe08308eef2a08ac27d8cc3be7fcbab82bfafed8326b4f18611786ca4811e918efd274095d8dde7251202df7a8631a888d553c5bcb81536dedfbda81b88744512c93d8714b3b94033d188a60dcde3f3373fbfcf48f7212407ddf0e95702f32c6becd73752cda2c37843f4a646a13458e9bf7058ea427103652fb13ea10a25879f62df283637cba672a75d434d952c9e82bf62e78fbdd6042d7c2d9a48143c0e223847131b6b86c5c4f008d0fa959a0b0dfe1083f9c757658572c52d9383e857d69ce81ff521a132a6766acea5d400899c90180d7bcd92302dd18a93012bd25cd9f1ca58f64ac369e698bb727859377fce7df91565151bbc5e0933bc5cb03018bce3f67ab61b9ca5ddfb8ea04254237f6b956b4b2750ebd044788bad02eb9a727b04cdef9708619a71ecf2fafdc0b2577b834cfba9c52777d4a3120b9df2da35c182d08aa3a76ec530b7ad2e44407635c931e9790f472ad20619d4a91cbedcc12389c6ade6b82fd3b248c7245e51952c79a6b88d960bec3533eec5207bf533970ea9a0f938862c9b734192184785626887b2156a3afadd21061dda87cea825ba9ca95863eb446f3d7b6ab9835da75cb86bfe52642b39235e2180955b40411c83f2bd7d625a0ac56b46e1630fed4b71117679d371dae68b889992724b9017cb1be1ab16e7f53588e75e686f72fb5ea6998826a6b281b122e3e643fd79752b0809359e3996c19ce13cc172adcd15831c2d1ed44affe40dd030f4fb7c82fd61aff8b2382b4cf7d8d83626de9027e989bd92913f6917e5eda64eec7d31242af5e8f21d1aa4f1dcc0f516b8038aea379e142e3212186480132c3ad928b0bf6596bd21154c39d86bafd1ec4f93dd9328e8695f80d3774ad39baab5e52ab46ca57de2242aa1e64e6574f2124835ce40a7ad9dbb6d626f5db24dbc0a7a30eaada1bcca7431c539291df43a10f38fc3e854b19c5cfa5c79a15a0c68761b6c54108650d3c7a44336a532cefd9ba11527dbfd759a0643631567a4cb0d2b9bf720041a13d3107355a10aa8a58cfe30f6d5bfe0bcb64dda4393a5a4cb3ab5648c02b786376cc9d2cf39c11d0877e7d4ee13f70f0f3615084621325e190266af869f4051fedbf2c906f33f20863f77a75eca2256fdea4c88cb45a71989080607b1719253bce697835c975f61a8578de7a7efaa7e6174b67017300a06f77c531febc0e79b67b6d012298dce801db80a3667c8f213891628b68098612857801665db40df7ec35be5634ec20e5235361ba2d725b22c58d55ea7769c90138debc7b55a416b3282e35f3d3ded12052012edc1275e2eed17f193a51b3f487048c74129c738e0a63173c0e6c00a605a8ae01bbfe391b3621c7c4d6e5dd0ccb01e04308a6736a3d1300ca9b0e35d4dedd066806c2d10678a7c7b5ac389c0dc0485c7931b0b7da367057652f732a77eea1409b5201d105f5ee3f0d8c7243465fa41669968694a54392b9329d385a87b3d2384484813968c8cc20f516c9c77ce25ac0ed90919a95a392219cbf89eb23bdca171676e77236cf0f9566ebd2a0e1911848c3dd0e42164d6866aaa54a9adf2a6e7343dc5ccb9d66ab794d4a55c2871dc514ead06b3e9c553c281c861e2cc8f39008da7f4f5022a693c56ec24cd65a8fcf9832398d3fc50a7144bf3794c67785008a3a4ca4045780947b1157155a26d25315beb1572e7c3c4aa3806e0dff3aaf8423516d4075b61c81091f4945d0adefc0440c545744f37304440a6ee54ab3640a3304c6659a7de516feb7a0b1f400f9baadbe1b156dab12454f0ac1ffcb2ddd03f95ba22def3d255046270af71d4028b538b2422742d97b032ab941cfdca6634f8dd08af8f4548c9d432d78de8ed4c474a4e1f406818b09f5fd383a70da62074b1aa3ecfded88916ef6ff40e8b4457061657d5f3702faaa45dc2283ef7eb2c21886b602ce4dc30740d9c72f075dc0b0ba94ee3c4650d0bd445aa5edb989b48f71bc8f50bd0d53fc33e0f0994a789e61942069558658855e74fd4da48bb2cc65153866bcb887e7ab11ccbbb0aa9566e70cc5cc2908b27e0e0c018c33efe24228ade3b9152dd65fa4cdad3ef8678401c0278589af115e6d92424f6f542576c5d13321fe39d6b267c8f06a3e81d8be5bec32c6ae6a6a7c5da6034ce29b8f8314530ad979d090f85c8c815e895c75e4523269880bf825bbf9a04c8c44931bad22e8c6c6e4a07b3278fb32c7f19f1ecca7a843828686fe5321678d57de2baea36db1dadcbbb4d50d0a22c1ab9960c67eaaba63b45c5494d82408f8d426727b60a2f6b10cc77f203d08e8e94368a4d725ce66d8821d4ca7738155c08366ff898f1192e90f196f65af199cee39716fa5266c1f406f4d10fb42a0f61dc0a07a746e265888aa9750d7cd2784e3dbe920457d43e4add91574feced54011cc62064b79bfc55a40a228f496191987594bd1f67700073d98b41443ba3b9bdcda335d153087a1d901f4c90f43f4f167a111ac2a7ff69569755b8b799bbce91daf91c34840336c766d13526eb20cf2111493f7f5a6657778b98ac0ff0d34a73011bc975bb093d655bae54c6debc87ab95bc58a63b98ce32cd31b4be57ea58d4f4d36d6e9d230b1eb5858fc117c4848664508801fbf9d185f88f7c122801f4f71cc7d993be45bbea3bf668a43d20d745f1fdf2d9fbb89682f634eeeb209a80c03929528717d990de4a91d0630fbf01e98edfc458e5e538637db031fe0f0a91f9a1663e24a173da729f45c4b0e83e40ffd1d11893ec9ee87bdf609de53c2777d51166fc89ef83f6c6b63ebd3b2c1c61619d8fb79640c2a7a6a388ce879c5535d742d36f56bbaf681c3cce96111a7b66f7ccd737dc5a3921bc242678b21849269fea5459d6ef6e50bddc02214035146deb5c9603c68af37402242961c04dcc008f3ad4883ea37df035b21deb8a74ea1f2447f0a241b5d70cb5bdf5a069adb7e1aca18bffaf1399ac0052b1ce1fe4d37a5e77dcf1f9545ce638889b2c3787f124b8548d088033412a7f1c95988b97f0ca09dfb28f38d8e26c536afb79c363d724a0093a2fadab294502f0413ca213af4ead3f531b3f52925dc907b200b6962637d766709aae8ec002e62e38fd82ceb136acb33873a60e4d1916b8648f123229cdcd4139f8cf9e1b0af8485752a1b6cab50c0c9bb36fe5d6f07fe88a083574417969980c884f8759f138973a7f28793623196e59cec2bd7ca46f110dde4b3b29dd4301d47f7ebebfc2ac669933f4849098645d7d59b1ab2db82e4e33520d2d8a158ab27dfabb628748180d47b8ab22df657624f8f4f0afa4f1c9c0f362272d2da8edc87cc1f54a30f59dd50a8594a9fdce5cbdbb4da6af7cef44560a6868dbb3645457941076fc8a234c09bec1185756133602940d63e68ab8b518c9a4885fe164cc25a9274b421647c701bec25780eb82ba5d62e16b45795c1234a4ff948d6b844281adc2b8625db0134e9674187a1aac9c28ef7295a86046fb75ab4a2584c3a853748dcc31ecc937550c2008cc330a6ebfcb3412f487349d012d3742723c368aef355e23cb4876b43b10b8ee17f4762b07495c646e35bfbd6ee9c9388e330a2fc580ad7d703598ef43b4d6bdc68a7c28ae141a686b1da73ba10c037f6f1bfb66a9ca5a064934a1f46e6c0c6f7e2a8febb31969143b7e092deca1dbcf550058b6a84a934eaf9f18c12d9857057ca2932575c400581c2f6cec19c34dbc9dded09cb9b117923d14ff39cc46774b9d7d499ec1ea5b5a9b69708d48756a7f0fe458e54d0a8ad3b0e1d7bf6bd3035319737e06abbcc7eadd234fcb05bca2286f0f619723465c11f504f27aaec303c4e46707c9fc1e72a61614489539ae7acefb099fd3002a3070a6d7d2df62900e36e1164fcc880603c5a514581ca15086e36ca458ab77f9fae1bd1ecc378e426ad956228ae4ca43519d755da63fbced116f853d2c4d9178e30bf32f38a6eca7e64c073f69b7e3fdf3548cbd4eaea7a843e9f0ef574a6ae80de9068727a084f85fa5353ad00772447ecaec1f2520dcf97541e3c0a3f984bfa1b99b946f42c5262003488b2471250118560b2b4487d23b76a241a67fd7274a447f17dcf21853b2f641402e7634fa360ac83d6bcd2e88009985792793d3503fe517bc23b1899a8f2e15a1ef49ce0a45ff7b8255d3a1805f352a81471c6cce277ebd340d18eca10f4237d16dddbd54df9303c171f436d1b92c6ba097cc5b21902fe8a3a038959ef8709225511cd5d594379457319088f72b359796c37a1bf2312e4e08bb5b1f1e6013dd6357261309dadb6627377adf6b3341fe66c1a6cc6578050affd30eb98d536229e9a0eac87581eb79b45375331b97f10cd0cbe7bd2b70ca254155f4a4bbc7b1101cfb5e17169efa01713b2528cebb3bd1e16cc4c03dd067491262d4603195e78c355aebaa42e1240fee5b52de2b8f5faf3753bbe9f2d37f898ca41a883ba9f93d2cbdcf2eeb42b2af9cbf1894255731665d3c9420ff553c53fcdf5f3c9a947018b0091346edb9532095c6509e2a755f8316f9a6f1189e94ae1b9a16013ad764b1cd146d9131cf809aeda0fa31afeeccdf16a10a976f6b71d117c0abc07d4905cae9e9368e467debcb51142e810b097780777e376adf5f67e8762ef1fc5bfb7f4f0b14c926d7b91b0b71578761dcc18983ecc5ee4a5965ecd06a19b129a36ef826666d8ba2ebd71f1c1e4869486808215d328873eaf2a6f191518733d7c429ced3221f976fc42f366f39997296f441ab1db475a6d5101180b81f3d72b36b399591f46b508f038f6edda6b8a2904e42056cca62a77d2326ed173f27013e8612db67eea00b9fe7e6270b46db52c1307f92", 0x1000, 0x3483}, {&(0x7f0000001180)="c4609c8d84fc67a02e4407657e1f297222003c350fd654d8530298068f72efb5050816c54b79a70f3a6bcbf331f4a0d95f21e93cb179a5", 0x37, 0xffffffff7fffffff}, {&(0x7f00000011c0)="dfb94de3a6300d0e8dd604cd7933af3ce4ee34c116ce7ef17cbd86cd2c95a7ee039dc811391f186fc14c41b0dedbea3d49d0715b902500972781984e557750198a4428701ef85af0ca834329ed68ad425e5083e2cfda98bd33c9ad331bc0c2bd57dd0840d89a46af4f5e487f2a3b48c2e10f2b03fac0", 0x76, 0x3ff}], 0x8400, &(0x7f00000012c0)={[{}, {'*@'}, {'$!'}, {'/..[!\'\x0e'}], [{@obj_type={'obj_type', 0x3d, '@{.'}}, {@euid_lt={'euid<', 0xee01}}, {@appraise_type}, {@fsmagic={'fsmagic', 0x3d, 0x1}}, {@audit}, {@permit_directio}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@pcr={'pcr', 0x3d, 0x7}}]}) (async) statx(r0, &(0x7f0000001380)='./file0/../file0\x00', 0x400, 0x100, &(0x7f00000013c0)) (async) 10:19:36 executing program 1: msgctl$IPC_RMID(0xffffffffffffffff, 0x0) socket(0x24, 0x0, 0x0) 10:19:36 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x434, 0xffffffd7, 0x0, 0x1010808, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_OCB(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x41}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x4011) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) syz_open_dev$media(&(0x7f00000001c0), 0x8, 0x12002) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x28}}, 0x0) sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r5, 0x810, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x40004) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xac, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe85c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20008100}, 0x48084) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000040)) 10:19:36 executing program 1: msgctl$IPC_RMID(0xffffffffffffffff, 0x0) (async) socket(0x24, 0x0, 0x0) [ 1051.268896] FAULT_INJECTION: forcing a failure. [ 1051.268896] name failslab, interval 1, probability 0, space 0, times 0 10:19:36 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x434, 0xffffffd7, 0x0, 0x1010808, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1051.328404] CPU: 0 PID: 14114 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1051.336308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.345663] Call Trace: [ 1051.348261] dump_stack+0x1b2/0x281 [ 1051.351893] should_fail.cold+0x10a/0x149 [ 1051.356053] should_failslab+0xd6/0x130 [ 1051.360047] kmem_cache_alloc+0x28e/0x3c0 [ 1051.364207] get_empty_filp+0x86/0x3f0 [ 1051.368112] alloc_file+0x23/0x440 [ 1051.371661] __shmem_file_setup.part.0+0x198/0x3c0 10:19:36 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x434, 0xffffffd7, 0x0, 0x1010808, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1051.376594] ? shmem_create+0x30/0x30 [ 1051.380391] ? __alloc_fd+0x1be/0x490 [ 1051.384199] SyS_memfd_create+0x1fc/0x3c0 [ 1051.388346] ? shmem_fcntl+0x120/0x120 [ 1051.392234] ? __do_page_fault+0x159/0xad0 [ 1051.396472] ? do_syscall_64+0x4c/0x640 [ 1051.400450] ? shmem_fcntl+0x120/0x120 [ 1051.404349] do_syscall_64+0x1d5/0x640 [ 1051.408237] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1051.413427] RIP: 0033:0x7f94265b5049 [ 1051.417135] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 10:19:36 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x8, 0x0, 0x0, 0xa4, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_OCB(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x41}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x4011) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) syz_open_dev$media(&(0x7f00000001c0), 0x8, 0x12002) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x28}}, 0x0) sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r5, 0x810, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x40004) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xac, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe85c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20008100}, 0x48084) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NL80211_CMD_LEAVE_OCB(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x41}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x4011) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f00000001c0), 0x8, 0x12002) (async) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$IPVS_CMD_SET_DEST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x28}}, 0x0) (async) sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r5, 0x810, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x40004) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xac, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe85c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20008100}, 0x48084) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000040)) (async) [ 1051.424841] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b5049 [ 1051.432110] RDX: 00000000000003fe RSI: 0000000000000000 RDI: 00007f942660e1e0 [ 1051.439468] RBP: 0000000000000001 R08: 00000000000001ff R09: 00007f9424f2a1d0 [ 1051.446747] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 [ 1051.454017] R13: 0000000020000640 R14: 00000000000003fe R15: 0000000020000f80 [ 1051.480098] FAULT_INJECTION: forcing a failure. [ 1051.480098] name failslab, interval 1, probability 0, space 0, times 0 [ 1051.503497] CPU: 0 PID: 14130 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1051.511405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.520758] Call Trace: [ 1051.523348] dump_stack+0x1b2/0x281 [ 1051.526985] should_fail.cold+0x10a/0x149 [ 1051.531152] should_failslab+0xd6/0x130 [ 1051.535130] kmem_cache_alloc+0x28e/0x3c0 [ 1051.539284] __kernfs_new_node+0x6f/0x470 [ 1051.543443] kernfs_new_node+0x7b/0xe0 [ 1051.547332] __kernfs_create_file+0x3d/0x320 [ 1051.551738] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1051.556404] ? kernfs_create_dir_ns+0x171/0x200 [ 1051.561074] internal_create_group+0x22b/0x710 [ 1051.565661] lo_ioctl+0x1137/0x1cd0 [ 1051.569288] ? loop_set_status64+0xe0/0xe0 [ 1051.573522] blkdev_ioctl+0x540/0x1830 [ 1051.577413] ? blkpg_ioctl+0x8d0/0x8d0 [ 1051.581298] ? trace_hardirqs_on+0x10/0x10 [ 1051.585536] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1051.590637] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1051.595655] block_ioctl+0xd9/0x120 [ 1051.599283] ? blkdev_fallocate+0x3a0/0x3a0 [ 1051.603725] do_vfs_ioctl+0x75a/0xff0 [ 1051.607525] ? lock_acquire+0x170/0x3f0 [ 1051.611509] ? ioctl_preallocate+0x1a0/0x1a0 [ 1051.615924] ? __fget+0x265/0x3e0 [ 1051.619378] ? do_vfs_ioctl+0xff0/0xff0 [ 1051.623349] ? security_file_ioctl+0x83/0xb0 [ 1051.627767] SyS_ioctl+0x7f/0xb0 [ 1051.631128] ? do_vfs_ioctl+0xff0/0xff0 [ 1051.635101] do_syscall_64+0x1d5/0x640 [ 1051.639003] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1051.644173] RIP: 0033:0x7f2e61d65e07 [ 1051.647885] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1051.655578] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1051.662827] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1051.670088] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 10:19:37 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 15) 10:19:37 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_TMR_START(0xffffffffffffffff, 0x5402) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:37 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x8, 0x0, 0x0, 0xa4, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:37 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 5) 10:19:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_OCB(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, 0x0, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x41}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x4011) (async) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) syz_open_dev$media(&(0x7f00000001c0), 0x8, 0x12002) (async) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x28}}, 0x0) (async) sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x50, r5, 0x810, 0x70bd2b, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_DEST={0x20, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x840}, 0x40004) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xac, 0x0, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe85c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}]}, 0xac}, 0x1, 0x0, 0x0, 0x20008100}, 0x48084) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, &(0x7f0000000040)) 10:19:37 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)) r0 = socket(0x24, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000200", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fedbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x880) [ 1051.677338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1051.684591] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1051.714285] qnx4: unable to read the superblock 10:19:37 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)) (async, rerun: 64) r0 = socket(0x24, 0x0, 0x0) (rerun: 64) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000200", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fedbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x880) 10:19:37 executing program 3: ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f00000000c0)=0x29b) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0xdea6, 0x4100) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x4) 10:19:37 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x8, 0x0, 0x0, 0xa4, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1051.817741] FAULT_INJECTION: forcing a failure. [ 1051.817741] name failslab, interval 1, probability 0, space 0, times 0 [ 1051.840241] FAULT_INJECTION: forcing a failure. [ 1051.840241] name failslab, interval 1, probability 0, space 0, times 0 10:19:37 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_TMR_START(0xffffffffffffffff, 0x5402) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$SNDCTL_TMR_START(0xffffffffffffffff, 0x5402) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1051.860667] CPU: 0 PID: 14186 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1051.868577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.877931] Call Trace: [ 1051.880519] dump_stack+0x1b2/0x281 [ 1051.884148] should_fail.cold+0x10a/0x149 [ 1051.888298] should_failslab+0xd6/0x130 [ 1051.892273] kmem_cache_alloc+0x28e/0x3c0 [ 1051.896424] __kernfs_new_node+0x6f/0x470 [ 1051.900578] kernfs_new_node+0x7b/0xe0 [ 1051.904463] __kernfs_create_file+0x3d/0x320 [ 1051.908876] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1051.913545] ? kernfs_create_dir_ns+0x171/0x200 10:19:37 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)) (async) r0 = socket(0x24, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000200", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fedbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x880) [ 1051.918217] internal_create_group+0x22b/0x710 [ 1051.922805] lo_ioctl+0x1137/0x1cd0 [ 1051.926436] ? loop_set_status64+0xe0/0xe0 [ 1051.930673] blkdev_ioctl+0x540/0x1830 [ 1051.934565] ? blkpg_ioctl+0x8d0/0x8d0 [ 1051.938449] ? trace_hardirqs_on+0x10/0x10 [ 1051.942683] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1051.947782] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1051.952801] block_ioctl+0xd9/0x120 [ 1051.956426] ? blkdev_fallocate+0x3a0/0x3a0 [ 1051.960742] do_vfs_ioctl+0x75a/0xff0 [ 1051.964539] ? lock_acquire+0x170/0x3f0 10:19:37 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_TMR_START(0xffffffffffffffff, 0x5402) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1051.968516] ? ioctl_preallocate+0x1a0/0x1a0 [ 1051.972924] ? __fget+0x265/0x3e0 [ 1051.976376] ? do_vfs_ioctl+0xff0/0xff0 [ 1051.980352] ? security_file_ioctl+0x83/0xb0 [ 1051.984760] SyS_ioctl+0x7f/0xb0 [ 1051.988123] ? do_vfs_ioctl+0xff0/0xff0 [ 1051.992101] do_syscall_64+0x1d5/0x640 [ 1051.995992] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.001174] RIP: 0033:0x7f2e61d65e07 [ 1052.004881] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1052.012588] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1052.019851] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1052.027125] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1052.034389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1052.041662] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1052.072236] CPU: 0 PID: 14193 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1052.080136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.089489] Call Trace: [ 1052.092074] dump_stack+0x1b2/0x281 [ 1052.095702] should_fail.cold+0x10a/0x149 [ 1052.099851] should_failslab+0xd6/0x130 [ 1052.103834] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1052.108504] apparmor_file_alloc_security+0x129/0x800 [ 1052.113701] security_file_alloc+0x66/0xa0 [ 1052.117931] ? selinux_is_enabled+0x5/0x50 [ 1052.122168] get_empty_filp+0x16b/0x3f0 [ 1052.126149] alloc_file+0x23/0x440 [ 1052.129689] __shmem_file_setup.part.0+0x198/0x3c0 [ 1052.134616] ? shmem_create+0x30/0x30 [ 1052.138410] ? __alloc_fd+0x1be/0x490 [ 1052.142213] SyS_memfd_create+0x1fc/0x3c0 [ 1052.146359] ? shmem_fcntl+0x120/0x120 [ 1052.150243] ? __do_page_fault+0x159/0xad0 [ 1052.154478] ? do_syscall_64+0x4c/0x640 [ 1052.158445] ? shmem_fcntl+0x120/0x120 [ 1052.162335] do_syscall_64+0x1d5/0x640 [ 1052.166230] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.167319] qnx4: unable to read the superblock [ 1052.171412] RIP: 0033:0x7f94265b5049 [ 1052.171417] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1052.171427] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b5049 [ 1052.171431] RDX: 00000000000003fe RSI: 0000000000000000 RDI: 00007f942660e1e0 [ 1052.171436] RBP: 0000000000000001 R08: 00000000000001ff R09: 00007f9424f2a1d0 [ 1052.171441] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000 10:19:37 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 16) 10:19:37 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000340)=0xc) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="f2118040b21206fa4244641377ca3e3e2162abe142477f62fb3b8344b1aa54ecc96e1387cab7684a28d60b18c8fdd9cbfefb00f4fc66c16946ac953f687508a01ee6fb35d3682cf2c2920aff5fa459fbe98839b712e6d342b0b1b3014009064e98f8ef1503e5222adcc2748ef0b76127f6241fd57b440a40e83a70d3d5cf393d77e8ebfb6370416517c8e68e64511f43f3ad02f3fc39c578f4908487e9d0c755636aacf894c6713cfba16b4b0f729710ab16b36fc3c55699f8e9d2b2f4482cb22d22417480c9203b9c0f231549a96d30273e40f9b485216920f0b2bd2302055930eb652772a57505606d09b1fe3d623a9bad5ee955a86e0980a591dd65ca", 0xfe, 0xfe3}], 0x14, &(0x7f0000000380)={[{}, {}, {'-'}, {'!^].\'})!)\xc9*/%'}], [{@uid_eq={'uid', 0x3d, r0}}, {@smackfsfloor}, {@seclabel}, {@euid_eq={'euid', 0x3d, r1}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}) 10:19:37 executing program 3: ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f00000000c0)=0x29b) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0xdea6, 0x4100) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x4) ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f00000000c0)=0x29b) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0xdea6, 0x4100) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) (async) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x4) (async) 10:19:37 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x10000, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x2, 0x10) 10:19:37 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 6) 10:19:37 executing program 1: socket(0x24, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) [ 1052.171446] R13: 0000000020000640 R14: 00000000000003fe R15: 0000000020000f80 10:19:37 executing program 3: ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f00000000c0)=0x29b) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0xdea6, 0x4100) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x8001, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x4) [ 1052.318369] qnx4: no qnx4 filesystem (no root dir). [ 1052.327754] FAULT_INJECTION: forcing a failure. [ 1052.327754] name failslab, interval 1, probability 0, space 0, times 0 [ 1052.336209] FAULT_INJECTION: forcing a failure. [ 1052.336209] name failslab, interval 1, probability 0, space 0, times 0 [ 1052.340986] CPU: 0 PID: 14240 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1052.359080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.368431] Call Trace: [ 1052.371307] dump_stack+0x1b2/0x281 [ 1052.374943] should_fail.cold+0x10a/0x149 [ 1052.379096] should_failslab+0xd6/0x130 [ 1052.383059] kmem_cache_alloc+0x28e/0x3c0 [ 1052.387194] __kernfs_new_node+0x6f/0x470 [ 1052.391337] kernfs_new_node+0x7b/0xe0 [ 1052.395222] __kernfs_create_file+0x3d/0x320 [ 1052.399620] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1052.404282] ? kernfs_create_dir_ns+0x171/0x200 [ 1052.408955] internal_create_group+0x22b/0x710 [ 1052.413533] lo_ioctl+0x1137/0x1cd0 [ 1052.417149] ? loop_set_status64+0xe0/0xe0 [ 1052.421377] blkdev_ioctl+0x540/0x1830 [ 1052.425253] ? blkpg_ioctl+0x8d0/0x8d0 [ 1052.429307] ? trace_hardirqs_on+0x10/0x10 [ 1052.433540] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1052.438636] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1052.443651] block_ioctl+0xd9/0x120 [ 1052.447270] ? blkdev_fallocate+0x3a0/0x3a0 [ 1052.451581] do_vfs_ioctl+0x75a/0xff0 [ 1052.455371] ? lock_acquire+0x170/0x3f0 [ 1052.459332] ? ioctl_preallocate+0x1a0/0x1a0 [ 1052.463735] ? __fget+0x265/0x3e0 [ 1052.467186] ? do_vfs_ioctl+0xff0/0xff0 [ 1052.471162] ? security_file_ioctl+0x83/0xb0 [ 1052.476689] SyS_ioctl+0x7f/0xb0 [ 1052.480045] ? do_vfs_ioctl+0xff0/0xff0 [ 1052.484005] do_syscall_64+0x1d5/0x640 [ 1052.487906] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.493084] RIP: 0033:0x7f2e61d65e07 [ 1052.496780] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1052.504486] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1052.511746] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 10:19:37 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x10000, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) msgget(0x2, 0x10) [ 1052.519007] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1052.526271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1052.533529] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1052.540798] CPU: 1 PID: 14241 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1052.548682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.558029] Call Trace: [ 1052.560623] dump_stack+0x1b2/0x281 [ 1052.564265] should_fail.cold+0x10a/0x149 [ 1052.568415] should_failslab+0xd6/0x130 [ 1052.572390] kmem_cache_alloc+0x28e/0x3c0 [ 1052.574612] qnx4: unable to read the superblock [ 1052.576539] getname_flags+0xc8/0x550 [ 1052.576553] do_sys_open+0x1ce/0x410 [ 1052.576566] ? filp_open+0x60/0x60 [ 1052.592239] ? SyS_pwrite64+0xca/0x140 [ 1052.596131] ? do_syscall_64+0x4c/0x640 [ 1052.600089] ? SyS_open+0x30/0x30 [ 1052.603525] do_syscall_64+0x1d5/0x640 [ 1052.607401] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.612573] RIP: 0033:0x7f9426567f64 10:19:38 executing program 1: socket(0x24, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) 10:19:38 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x10000, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x2, 0x10) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x10000, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) msgget(0x2, 0x10) (async) 10:19:38 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 17) 10:19:38 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 7) [ 1052.616267] RSP: 002b:00007f9424f29eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1052.623957] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f9426567f64 [ 1052.631222] RDX: 0000000000000002 RSI: 00007f9424f29fe0 RDI: 00000000ffffff9c [ 1052.638486] RBP: 00007f9424f29fe0 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1052.645748] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1052.653003] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:38 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getgid() [ 1052.765709] FAULT_INJECTION: forcing a failure. [ 1052.765709] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1052.777612] CPU: 1 PID: 14277 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1052.785490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.794841] Call Trace: [ 1052.797428] dump_stack+0x1b2/0x281 [ 1052.801063] should_fail.cold+0x10a/0x149 [ 1052.805215] __alloc_pages_nodemask+0x22c/0x2720 [ 1052.809973] ? trace_hardirqs_on+0x10/0x10 [ 1052.814206] ? trace_hardirqs_on+0x10/0x10 [ 1052.818440] ? trace_hardirqs_on+0x10/0x10 [ 1052.821792] FAULT_INJECTION: forcing a failure. [ 1052.821792] name failslab, interval 1, probability 0, space 0, times 0 [ 1052.822676] ? __lock_acquire+0x5fc/0x3f20 [ 1052.822700] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1052.842912] ? up_write+0x17/0x60 [ 1052.846351] ? generic_file_write_iter+0x2f8/0x650 [ 1052.851262] ? __fsnotify_inode_delete+0x20/0x20 [ 1052.856001] ? iov_iter_init+0xa6/0x1c0 [ 1052.859960] cache_grow_begin+0x91/0x700 [ 1052.864003] ? fs_reclaim_release+0xd0/0x110 [ 1052.868398] ? check_preemption_disabled+0x35/0x240 [ 1052.873396] cache_alloc_refill+0x273/0x350 [ 1052.877758] kmem_cache_alloc+0x333/0x3c0 [ 1052.881891] getname_flags+0xc8/0x550 [ 1052.885688] do_sys_open+0x1ce/0x410 [ 1052.889385] ? filp_open+0x60/0x60 [ 1052.892911] ? SyS_pwrite64+0xca/0x140 [ 1052.896784] ? do_syscall_64+0x4c/0x640 [ 1052.900741] ? SyS_open+0x30/0x30 [ 1052.904177] do_syscall_64+0x1d5/0x640 [ 1052.908057] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.913240] RIP: 0033:0x7f9426567f64 [ 1052.917029] RSP: 002b:00007f9424f29eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1052.924719] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f9426567f64 [ 1052.931972] RDX: 0000000000000002 RSI: 00007f9424f29fe0 RDI: 00000000ffffff9c [ 1052.939223] RBP: 00007f9424f29fe0 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1052.946476] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1052.953727] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1052.961005] CPU: 0 PID: 14275 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1052.968884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.978233] Call Trace: [ 1052.980817] dump_stack+0x1b2/0x281 [ 1052.982309] qnx4: unable to read the superblock [ 1052.984442] should_fail.cold+0x10a/0x149 [ 1052.984457] should_failslab+0xd6/0x130 [ 1052.984470] kmem_cache_alloc+0x28e/0x3c0 [ 1052.984482] __kernfs_new_node+0x6f/0x470 [ 1052.984494] kernfs_new_node+0x7b/0xe0 [ 1053.009374] __kernfs_create_file+0x3d/0x320 [ 1053.013788] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1053.018455] ? kernfs_create_dir_ns+0x171/0x200 [ 1053.023135] internal_create_group+0x22b/0x710 [ 1053.025495] print_req_error: I/O error, dev loop0, sector 0 [ 1053.027715] lo_ioctl+0x1137/0x1cd0 [ 1053.027730] ? loop_set_status64+0xe0/0xe0 [ 1053.027742] blkdev_ioctl+0x540/0x1830 [ 1053.027752] ? blkpg_ioctl+0x8d0/0x8d0 [ 1053.033498] Buffer I/O error on dev loop0, logical block 0, async page read [ 1053.037061] ? trace_hardirqs_on+0x10/0x10 [ 1053.047589] print_req_error: I/O error, dev loop0, sector 2 10:19:38 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000340)=0xc) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="f2118040b21206fa4244641377ca3e3e2162abe142477f62fb3b8344b1aa54ecc96e1387cab7684a28d60b18c8fdd9cbfefb00f4fc66c16946ac953f687508a01ee6fb35d3682cf2c2920aff5fa459fbe98839b712e6d342b0b1b3014009064e98f8ef1503e5222adcc2748ef0b76127f6241fd57b440a40e83a70d3d5cf393d77e8ebfb6370416517c8e68e64511f43f3ad02f3fc39c578f4908487e9d0c755636aacf894c6713cfba16b4b0f729710ab16b36fc3c55699f8e9d2b2f4482cb22d22417480c9203b9c0f231549a96d30273e40f9b485216920f0b2bd2302055930eb652772a57505606d09b1fe3d623a9bad5ee955a86e0980a591dd65ca", 0xfe, 0xfe3}], 0x14, &(0x7f0000000380)={[{}, {}, {'-'}, {'!^].\'})!)\xc9*/%'}], [{@uid_eq={'uid', 0x3d, r0}}, {@smackfsfloor}, {@seclabel}, {@euid_eq={'euid', 0x3d, r1}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) (async) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0xc) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="f2118040b21206fa4244641377ca3e3e2162abe142477f62fb3b8344b1aa54ecc96e1387cab7684a28d60b18c8fdd9cbfefb00f4fc66c16946ac953f687508a01ee6fb35d3682cf2c2920aff5fa459fbe98839b712e6d342b0b1b3014009064e98f8ef1503e5222adcc2748ef0b76127f6241fd57b440a40e83a70d3d5cf393d77e8ebfb6370416517c8e68e64511f43f3ad02f3fc39c578f4908487e9d0c755636aacf894c6713cfba16b4b0f729710ab16b36fc3c55699f8e9d2b2f4482cb22d22417480c9203b9c0f231549a96d30273e40f9b485216920f0b2bd2302055930eb652772a57505606d09b1fe3d623a9bad5ee955a86e0980a591dd65ca", 0xfe, 0xfe3}], 0x14, &(0x7f0000000380)={[{}, {}, {'-'}, {'!^].\'})!)\xc9*/%'}], [{@uid_eq={'uid', 0x3d, r0}}, {@smackfsfloor}, {@seclabel}, {@euid_eq={'euid', 0x3d, r1}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}) (async) 10:19:38 executing program 3: sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x1f0, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xbb}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_LINK={0x80, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3010}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8000}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x46}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x6, 0x61}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x6}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x6be6}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:38 executing program 1: socket(0x24, 0x0, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket(0x24, 0x0, 0x0) (async) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) 10:19:38 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getgid() syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) getgid() (async) [ 1053.049018] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1053.049030] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1053.049046] block_ioctl+0xd9/0x120 [ 1053.056288] Buffer I/O error on dev loop0, logical block 2, async page read [ 1053.060447] ? blkdev_fallocate+0x3a0/0x3a0 [ 1053.066507] print_req_error: I/O error, dev loop0, sector 3 [ 1053.071221] do_vfs_ioctl+0x75a/0xff0 [ 1053.071233] ? lock_acquire+0x170/0x3f0 [ 1053.071243] ? ioctl_preallocate+0x1a0/0x1a0 [ 1053.071255] ? __fget+0x265/0x3e0 [ 1053.071266] ? do_vfs_ioctl+0xff0/0xff0 [ 1053.071276] ? security_file_ioctl+0x83/0xb0 [ 1053.071286] SyS_ioctl+0x7f/0xb0 [ 1053.071293] ? do_vfs_ioctl+0xff0/0xff0 [ 1053.071303] do_syscall_64+0x1d5/0x640 [ 1053.071317] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1053.076308] Buffer I/O error on dev loop0, logical block 3, async page read [ 1053.079913] RIP: 0033:0x7f2e61d65e07 [ 1053.088549] print_req_error: I/O error, dev loop0, sector 4 [ 1053.091285] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 10:19:38 executing program 1: r0 = socket(0x24, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x29, 0xa, 0x68) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x40488c0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x20, 0x5, 0x0, 0x7, @private0, @mcast2, 0x1, 0x1, 0x4, 0xfff}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r1) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000480)=0x0, &(0x7f00000004c0)=0x4) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xc8008}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, r2, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x178, 0x1403, 0x10, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'sit0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_macvtap\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'caif0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvtap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond_slave_0\x00'}}]}, 0x178}, 0x1, 0x0, 0x0, 0x40001}, 0x20004844) [ 1053.091297] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1053.091303] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1053.091308] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1053.091313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1053.091317] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1053.199671] Buffer I/O error on dev loop0, logical block 4, async page read [ 1053.206895] print_req_error: I/O error, dev loop0, sector 5 10:19:38 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 8) 10:19:38 executing program 3: sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x1f0, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xbb}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_LINK={0x80, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3010}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8000}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x46}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x6, 0x61}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x6}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x6be6}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x1f0, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xbb}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_LINK={0x80, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3010}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8000}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x46}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x6, 0x61}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x6}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x6be6}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) 10:19:38 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getgid() syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) getgid() (async) 10:19:38 executing program 3: sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x1f0, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xbb}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x80000001}]}, @TIPC_NLA_LINK={0x80, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x200}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3010}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8000}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x46}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x38, 0x0, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r0}, @val={0xc, 0x99, {0x6, 0x61}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x6}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x6be6}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1053.213540] Buffer I/O error on dev loop0, logical block 5, async page read [ 1053.220744] print_req_error: I/O error, dev loop0, sector 6 [ 1053.226455] Buffer I/O error on dev loop0, logical block 6, async page read [ 1053.233681] print_req_error: I/O error, dev loop0, sector 7 [ 1053.239660] Buffer I/O error on dev loop0, logical block 7, async page read [ 1053.273449] qnx4: no qnx4 filesystem (no root dir). [ 1053.300075] FAULT_INJECTION: forcing a failure. [ 1053.300075] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.337740] CPU: 1 PID: 14314 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1053.345642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.354996] Call Trace: [ 1053.357583] dump_stack+0x1b2/0x281 [ 1053.361220] should_fail.cold+0x10a/0x149 [ 1053.365369] should_failslab+0xd6/0x130 [ 1053.369349] kmem_cache_alloc+0x28e/0x3c0 [ 1053.373499] get_empty_filp+0x86/0x3f0 [ 1053.377384] path_openat+0x84/0x2970 [ 1053.381101] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1053.385943] ? path_lookupat+0x780/0x780 [ 1053.390003] ? trace_hardirqs_on+0x10/0x10 [ 1053.390822] qnx4: unable to read the superblock [ 1053.394235] do_filp_open+0x179/0x3c0 [ 1053.394247] ? may_open_dev+0xe0/0xe0 [ 1053.394258] ? __alloc_fd+0x1be/0x490 [ 1053.394276] ? lock_downgrade+0x740/0x740 [ 1053.413204] qnx4: no qnx4 filesystem (no root dir). [ 1053.415613] ? do_raw_spin_unlock+0x164/0x220 [ 1053.415625] ? _raw_spin_unlock+0x29/0x40 [ 1053.415635] ? __alloc_fd+0x1be/0x490 [ 1053.415652] do_sys_open+0x296/0x410 [ 1053.436774] ? filp_open+0x60/0x60 [ 1053.440313] ? SyS_pwrite64+0xca/0x140 [ 1053.444203] ? do_syscall_64+0x4c/0x640 [ 1053.448173] ? SyS_open+0x30/0x30 [ 1053.451624] do_syscall_64+0x1d5/0x640 [ 1053.455516] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1053.460698] RIP: 0033:0x7f9426567f64 [ 1053.464406] RSP: 002b:00007f9424f29eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1053.472109] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f9426567f64 [ 1053.479368] RDX: 0000000000000002 RSI: 00007f9424f29fe0 RDI: 00000000ffffff9c [ 1053.486616] RBP: 00007f9424f29fe0 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1053.493871] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1053.501134] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:39 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 18) 10:19:39 executing program 1: r0 = socket(0x24, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x29, 0xa, 0x68) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x40488c0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x20, 0x5, 0x0, 0x7, @private0, @mcast2, 0x1, 0x1, 0x4, 0xfff}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r1) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000480)=0x0, &(0x7f00000004c0)=0x4) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xc8008}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, r2, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x178, 0x1403, 0x10, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'sit0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_macvtap\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'caif0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvtap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond_slave_0\x00'}}]}, 0x178}, 0x1, 0x0, 0x0, 0x40001}, 0x20004844) socket(0x24, 0x0, 0x0) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) socket(0x29, 0xa, 0x68) (async) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x40488c0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r1) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x20, 0x5, 0x0, 0x7, @private0, @mcast2, 0x1, 0x1, 0x4, 0xfff}}) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r1) (async) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000480), &(0x7f00000004c0)=0x4) (async) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xc8008}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, r2, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) (async) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x178, 0x1403, 0x10, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'sit0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_macvtap\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'caif0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvtap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond_slave_0\x00'}}]}, 0x178}, 0x1, 0x0, 0x0, 0x40001}, 0x20004844) (async) 10:19:39 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:39 executing program 3: syz_open_dev$media(&(0x7f0000000040), 0x10000, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="f11c794f193e9400", @ANYRES16=0x0, @ANYBLOB="00002abd7000fedbdf2501000000050030000100000008003100070000000500300000000000"], 0x2c}}, 0x20000850) 10:19:39 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 9) 10:19:39 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=0x0) (async) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000340)=0xc) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0/../file0\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="f2118040b21206fa4244641377ca3e3e2162abe142477f62fb3b8344b1aa54ecc96e1387cab7684a28d60b18c8fdd9cbfefb00f4fc66c16946ac953f687508a01ee6fb35d3682cf2c2920aff5fa459fbe98839b712e6d342b0b1b3014009064e98f8ef1503e5222adcc2748ef0b76127f6241fd57b440a40e83a70d3d5cf393d77e8ebfb6370416517c8e68e64511f43f3ad02f3fc39c578f4908487e9d0c755636aacf894c6713cfba16b4b0f729710ab16b36fc3c55699f8e9d2b2f4482cb22d22417480c9203b9c0f231549a96d30273e40f9b485216920f0b2bd2302055930eb652772a57505606d09b1fe3d623a9bad5ee955a86e0980a591dd65ca", 0xfe, 0xfe3}], 0x14, &(0x7f0000000380)={[{}, {}, {'-'}, {'!^].\'})!)\xc9*/%'}], [{@uid_eq={'uid', 0x3d, r0}}, {@smackfsfloor}, {@seclabel}, {@euid_eq={'euid', 0x3d, r1}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}]}) 10:19:39 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:39 executing program 3: syz_open_dev$media(&(0x7f0000000040), 0x10000, 0x0) (async) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="f11c794f193e9400", @ANYRES16=0x0, @ANYBLOB="00002abd7000fedbdf2501000000050030000100000008003100070000000500300000000000"], 0x2c}}, 0x20000850) [ 1053.646336] FAULT_INJECTION: forcing a failure. [ 1053.646336] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.688142] FAULT_INJECTION: forcing a failure. [ 1053.688142] name failslab, interval 1, probability 0, space 0, times 0 [ 1053.696176] CPU: 1 PID: 14352 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1053.707229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.716585] Call Trace: [ 1053.719174] dump_stack+0x1b2/0x281 [ 1053.722810] should_fail.cold+0x10a/0x149 [ 1053.726955] should_failslab+0xd6/0x130 [ 1053.730924] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1053.735588] apparmor_file_alloc_security+0x129/0x800 [ 1053.740772] security_file_alloc+0x66/0xa0 [ 1053.744991] ? selinux_is_enabled+0x5/0x50 [ 1053.749211] get_empty_filp+0x16b/0x3f0 [ 1053.753171] path_openat+0x84/0x2970 [ 1053.756881] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1053.761709] ? path_lookupat+0x780/0x780 [ 1053.765771] ? trace_hardirqs_on+0x10/0x10 [ 1053.769996] do_filp_open+0x179/0x3c0 [ 1053.773779] ? may_open_dev+0xe0/0xe0 [ 1053.777576] ? __alloc_fd+0x1be/0x490 [ 1053.781365] ? lock_downgrade+0x740/0x740 [ 1053.785498] ? do_raw_spin_unlock+0x164/0x220 [ 1053.789976] ? _raw_spin_unlock+0x29/0x40 [ 1053.794112] ? __alloc_fd+0x1be/0x490 [ 1053.797906] do_sys_open+0x296/0x410 [ 1053.801605] ? filp_open+0x60/0x60 [ 1053.805126] ? SyS_pwrite64+0xca/0x140 [ 1053.808998] ? do_syscall_64+0x4c/0x640 [ 1053.812954] ? SyS_open+0x30/0x30 [ 1053.816423] do_syscall_64+0x1d5/0x640 [ 1053.820296] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1053.825472] RIP: 0033:0x7f9426567f64 [ 1053.829168] RSP: 002b:00007f9424f29eb0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1053.836857] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f9426567f64 [ 1053.844107] RDX: 0000000000000002 RSI: 00007f9424f29fe0 RDI: 00000000ffffff9c [ 1053.851363] RBP: 00007f9424f29fe0 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1053.858617] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1053.865870] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1053.873136] CPU: 0 PID: 14361 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 10:19:39 executing program 3: syz_open_dev$media(&(0x7f0000000040), 0x10000, 0x0) (async) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="f11c794f193e9400", @ANYRES16=0x0, @ANYBLOB="00002abd7000fedbdf2501000000050030000100000008003100070000000500300000000000"], 0x2c}}, 0x20000850) [ 1053.881021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.890372] Call Trace: [ 1053.892960] dump_stack+0x1b2/0x281 [ 1053.896587] should_fail.cold+0x10a/0x149 [ 1053.900740] should_failslab+0xd6/0x130 [ 1053.904714] __kmalloc+0x2c1/0x400 [ 1053.908259] ? kobject_get_path+0xb5/0x230 [ 1053.912494] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1053.917963] kobject_get_path+0xb5/0x230 [ 1053.922026] kobject_uevent_env+0x230/0xf30 [ 1053.926345] ? internal_create_group+0x48f/0x710 [ 1053.931103] lo_ioctl+0x11a6/0x1cd0 [ 1053.934784] ? loop_set_status64+0xe0/0xe0 10:19:39 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4c800) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1053.939036] blkdev_ioctl+0x540/0x1830 [ 1053.942924] ? blkpg_ioctl+0x8d0/0x8d0 [ 1053.946805] ? trace_hardirqs_on+0x10/0x10 [ 1053.951040] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1053.956144] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1053.961161] block_ioctl+0xd9/0x120 [ 1053.964788] ? blkdev_fallocate+0x3a0/0x3a0 [ 1053.969108] do_vfs_ioctl+0x75a/0xff0 [ 1053.972919] ? lock_acquire+0x170/0x3f0 [ 1053.976897] ? ioctl_preallocate+0x1a0/0x1a0 [ 1053.981304] ? __fget+0x265/0x3e0 [ 1053.984758] ? do_vfs_ioctl+0xff0/0xff0 10:19:39 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4c800) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1053.988731] ? security_file_ioctl+0x83/0xb0 [ 1053.993138] SyS_ioctl+0x7f/0xb0 [ 1053.996496] ? do_vfs_ioctl+0xff0/0xff0 [ 1054.000468] do_syscall_64+0x1d5/0x640 [ 1054.004354] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1054.009539] RIP: 0033:0x7f2e61d65e07 [ 1054.013242] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1054.020949] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1054.028214] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 10:19:39 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4c800) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1054.035479] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1054.042750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1054.050017] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1054.082139] print_req_error: I/O error, dev loop0, sector 0 [ 1054.083645] qnx4: unable to read the superblock 10:19:39 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 19) 10:19:39 executing program 1: r0 = socket(0x24, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r1 = socket(0x29, 0xa, 0x68) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x40488c0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x20, 0x5, 0x0, 0x7, @private0, @mcast2, 0x1, 0x1, 0x4, 0xfff}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r1) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000480)=0x0, &(0x7f00000004c0)=0x4) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xc8008}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, r2, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x178, 0x1403, 0x10, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'sit0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_macvtap\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'caif0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvtap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond_slave_0\x00'}}]}, 0x178}, 0x1, 0x0, 0x0, 0x40001}, 0x20004844) socket(0x24, 0x0, 0x0) (async) socket$nl_rdma(0x10, 0x3, 0x14) (async) socket(0x29, 0xa, 0x68) (async) sendmsg$NL80211_CMD_NEW_MPATH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x800, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x41}, 0x40488c0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r1) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'ip6gre0\x00', 0x0, 0x4, 0x20, 0x5, 0x0, 0x7, @private0, @mcast2, 0x1, 0x1, 0x4, 0xfff}}) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r1) (async) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000480), &(0x7f00000004c0)=0x4) (async) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000005c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xc8008}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x4c, r2, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r4}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) (async) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0x178, 0x1403, 0x10, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'sit0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_macvtap\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'caif0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macvtap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond_slave_0\x00'}}]}, 0x178}, 0x1, 0x0, 0x0, 0x40001}, 0x20004844) (async) 10:19:39 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:39 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 10) 10:19:39 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f00000000c0)=0x2) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="11000500d7e604e3df2d26294f88424048df5a652f37f1378e6d901012912df5f06cd307e5b18491f85b9b8c398fe3626a73902894bfb88ec80e13a52553a1ffb48be98ae892c4c9b06e5e15b79f6fb2187d1973a55688388dc6c059dde17a55f91167cc8c66c40bb88bff823694ac1a3142245b501626028854286fcded66adff", @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf250c0000000c009900990000006f00000009000700f0c5f66c6e000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe4, r1, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x58}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x22b}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xe93}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xde4e}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x161c}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8001}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80000001}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x39d}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x20}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x18}, @NL80211_ATTR_OPER_CLASS={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xe4}, 0x1, 0x0, 0x0, 0x14}, 0x40) 10:19:39 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket(0x1e, 0x80810, 0x7fffffff) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) getsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) syz_genetlink_get_family_id$smc(&(0x7f0000000200), r1) sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r0, 0x4, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4001) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:39 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async) r1 = socket(0x1e, 0x80810, 0x7fffffff) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) (async) getsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) syz_genetlink_get_family_id$smc(&(0x7f0000000200), r1) (async) sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r0, 0x4, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4001) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:39 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x208001, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:39 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f00000000c0)=0x2) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="11000500d7e604e3df2d26294f88424048df5a652f37f1378e6d901012912df5f06cd307e5b18491f85b9b8c398fe3626a73902894bfb88ec80e13a52553a1ffb48be98ae892c4c9b06e5e15b79f6fb2187d1973a55688388dc6c059dde17a55f91167cc8c66c40bb88bff823694ac1a3142245b501626028854286fcded66adff", @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf250c0000000c009900990000006f00000009000700f0c5f66c6e000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe4, r1, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x58}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x22b}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xe93}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xde4e}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x161c}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8001}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80000001}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x39d}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x20}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x18}, @NL80211_ATTR_OPER_CLASS={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xe4}, 0x1, 0x0, 0x0, 0x14}, 0x40) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f00000000c0)=0x2) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="11000500d7e604e3df2d26294f88424048df5a652f37f1378e6d901012912df5f06cd307e5b18491f85b9b8c398fe3626a73902894bfb88ec80e13a52553a1ffb48be98ae892c4c9b06e5e15b79f6fb2187d1973a55688388dc6c059dde17a55f91167cc8c66c40bb88bff823694ac1a3142245b501626028854286fcded66adff", @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf250c0000000c009900990000006f00000009000700f0c5f66c6e000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe4, r1, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x58}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x22b}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xe93}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xde4e}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x161c}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8001}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80000001}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x39d}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x20}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x18}, @NL80211_ATTR_OPER_CLASS={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xe4}, 0x1, 0x0, 0x0, 0x14}, 0x40) (async) [ 1054.254672] FAULT_INJECTION: forcing a failure. [ 1054.254672] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.293382] CPU: 1 PID: 14411 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1054.301278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.310631] Call Trace: [ 1054.313220] dump_stack+0x1b2/0x281 [ 1054.316852] should_fail.cold+0x10a/0x149 [ 1054.321004] should_failslab+0xd6/0x130 [ 1054.324982] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1054.329654] ? loop_get_status64+0x100/0x100 [ 1054.334057] __kthread_create_on_node+0xbe/0x3a0 [ 1054.338812] ? kthread_park+0x130/0x130 [ 1054.342799] ? loop_get_status64+0x100/0x100 [ 1054.347204] kthread_create_on_node+0xa8/0xd0 [ 1054.351705] ? __kthread_create_on_node+0x3a0/0x3a0 [ 1054.356721] ? __lockdep_init_map+0x100/0x560 [ 1054.361218] ? __lockdep_init_map+0x100/0x560 [ 1054.365719] lo_ioctl+0xcd9/0x1cd0 [ 1054.369258] ? loop_set_status64+0xe0/0xe0 [ 1054.373490] blkdev_ioctl+0x540/0x1830 [ 1054.377385] ? blkpg_ioctl+0x8d0/0x8d0 [ 1054.381271] ? trace_hardirqs_on+0x10/0x10 [ 1054.385510] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1054.390613] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1054.395630] block_ioctl+0xd9/0x120 [ 1054.399253] ? blkdev_fallocate+0x3a0/0x3a0 10:19:39 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x208001, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:39 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 64) r1 = socket(0x1e, 0x80810, 0x7fffffff) (rerun: 64) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async, rerun: 32) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) (async, rerun: 32) getsockopt$PNPIPE_ENCAP(r4, 0x113, 0x1, &(0x7f0000000180), &(0x7f00000001c0)=0x4) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r3, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) syz_genetlink_get_family_id$smc(&(0x7f0000000200), r1) (async) sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r0, 0x4, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4001) (async, rerun: 32) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (rerun: 32) 10:19:39 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x208001, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1054.403577] do_vfs_ioctl+0x75a/0xff0 [ 1054.407384] ? lock_acquire+0x170/0x3f0 [ 1054.411360] ? ioctl_preallocate+0x1a0/0x1a0 [ 1054.415768] ? __fget+0x265/0x3e0 [ 1054.419224] ? do_vfs_ioctl+0xff0/0xff0 [ 1054.423198] ? security_file_ioctl+0x83/0xb0 [ 1054.427610] SyS_ioctl+0x7f/0xb0 [ 1054.430978] ? do_vfs_ioctl+0xff0/0xff0 [ 1054.434952] do_syscall_64+0x1d5/0x640 [ 1054.438846] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1054.444025] RIP: 0033:0x7f94265b4e07 [ 1054.447724] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1054.455429] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1054.455746] FAULT_INJECTION: forcing a failure. [ 1054.455746] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.462686] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1054.462692] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1054.462696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1054.462701] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1054.580407] CPU: 0 PID: 14412 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1054.588305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.597653] Call Trace: [ 1054.600242] dump_stack+0x1b2/0x281 [ 1054.603876] should_fail.cold+0x10a/0x149 [ 1054.608018] should_failslab+0xd6/0x130 [ 1054.611983] kmem_cache_alloc+0x28e/0x3c0 [ 1054.616117] __kernfs_new_node+0x6f/0x470 [ 1054.620244] kernfs_new_node+0x7b/0xe0 [ 1054.624113] __kernfs_create_file+0x3d/0x320 [ 1054.628508] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1054.633161] ? kernfs_create_dir_ns+0x171/0x200 [ 1054.637817] internal_create_group+0x22b/0x710 [ 1054.642384] lo_ioctl+0x1137/0x1cd0 [ 1054.645989] ? loop_set_status64+0xe0/0xe0 [ 1054.650201] blkdev_ioctl+0x540/0x1830 [ 1054.654065] ? blkpg_ioctl+0x8d0/0x8d0 [ 1054.657930] ? trace_hardirqs_on+0x10/0x10 [ 1054.662142] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1054.667221] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1054.672218] block_ioctl+0xd9/0x120 [ 1054.675821] ? blkdev_fallocate+0x3a0/0x3a0 [ 1054.680126] do_vfs_ioctl+0x75a/0xff0 [ 1054.683906] ? lock_acquire+0x170/0x3f0 [ 1054.687859] ? ioctl_preallocate+0x1a0/0x1a0 [ 1054.692246] ? __fget+0x265/0x3e0 [ 1054.695676] ? do_vfs_ioctl+0xff0/0xff0 [ 1054.699635] ? security_file_ioctl+0x83/0xb0 [ 1054.704019] SyS_ioctl+0x7f/0xb0 [ 1054.707365] ? do_vfs_ioctl+0xff0/0xff0 [ 1054.711318] do_syscall_64+0x1d5/0x640 [ 1054.715186] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1054.720352] RIP: 0033:0x7f2e61d65e07 [ 1054.724038] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1054.731720] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1054.738965] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1054.746215] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1054.753470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1054.760717] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:40 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 20) 10:19:40 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0, 0x201000, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000180)={r0}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop7', 0x90500, 0x4) openat$cgroup_freezer_state(r1, &(0x7f0000000100), 0x2, 0x0) ioctl$SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, &(0x7f00000000c0)=0x8d) 10:19:40 executing program 1: socket(0x24, 0x800, 0x0) clock_getres(0x4, &(0x7f0000000000)) socket(0x8, 0x2, 0x2) 10:19:40 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x8400) 10:19:40 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 11) 10:19:40 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f00000000c0)=0x2) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="11000500d7e604e3df2d26294f88424048df5a652f37f1378e6d901012912df5f06cd307e5b18491f85b9b8c398fe3626a73902894bfb88ec80e13a52553a1ffb48be98ae892c4c9b06e5e15b79f6fb2187d1973a55688388dc6c059dde17a55f91167cc8c66c40bb88bff823694ac1a3142245b501626028854286fcded66adff", @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf250c0000000c009900990000006f00000009000700f0c5f66c6e000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe4, r1, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x58}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x22b}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xe93}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xde4e}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x161c}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8001}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80000001}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x39d}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x20}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x18}, @NL80211_ATTR_OPER_CLASS={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xe4}, 0x1, 0x0, 0x0, 0x14}, 0x40) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, &(0x7f00000000c0)=0x2) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="11000500d7e604e3df2d26294f88424048df5a652f37f1378e6d901012912df5f06cd307e5b18491f85b9b8c398fe3626a73902894bfb88ec80e13a52553a1ffb48be98ae892c4c9b06e5e15b79f6fb2187d1973a55688388dc6c059dde17a55f91167cc8c66c40bb88bff823694ac1a3142245b501626028854286fcded66adff", @ANYRES16=r1, @ANYBLOB="010027bd7000ffdbdf250c0000000c009900990000006f00000009000700f0c5f66c6e000000"], 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe4, r1, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}, @NL80211_ATTR_CENTER_FREQ1={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x58}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x22b}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xe93}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xde4e}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x161c}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9a8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8001}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x80000001}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x39d}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x20}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x18}, @NL80211_ATTR_OPER_CLASS={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xe4}, 0x1, 0x0, 0x0, 0x14}, 0x40) (async) [ 1054.783238] qnx4: unable to read the superblock 10:19:40 executing program 1: socket(0x24, 0x800, 0x0) clock_getres(0x4, &(0x7f0000000000)) socket(0x8, 0x2, 0x2) socket(0x24, 0x800, 0x0) (async) clock_getres(0x4, &(0x7f0000000000)) (async) socket(0x8, 0x2, 0x2) (async) 10:19:40 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x8400) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x8400) (async) 10:19:40 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x2000014, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x440001, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(r0, 0xc0045401, &(0x7f0000000180)=0x1d5) r1 = msgget(0x3, 0x200) ioctl$SNDCTL_SYNTH_ID(r0, 0xc08c5114, &(0x7f00000001c0)={"82799106d3af7d143cdc3518d58f606f31e65cdcf5955548aa5ccebfd2c1", 0x7, 0x0, 0x1, 0x2, 0x7fff, 0x423ba545, 0x1, 0x3, [0x1, 0xfe3d, 0xad98, 0x9, 0x6, 0x20, 0x5, 0x40, 0x77, 0x4, 0x8, 0x80, 0x80, 0x10000, 0x6, 0x0, 0x8, 0x0, 0x400]}) msgsnd(r1, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgctl$MSG_STAT(r1, 0xb, &(0x7f00000000c0)=""/124) msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000280)=""/4096) 10:19:40 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0, 0x201000, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000180)={r0}) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop7', 0x90500, 0x4) openat$cgroup_freezer_state(r1, &(0x7f0000000100), 0x2, 0x0) ioctl$SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, &(0x7f00000000c0)=0x8d) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0, 0x201000, 0x0) (async) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)) (async) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000180)={r0}) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop7', 0x90500, 0x4) (async) openat$cgroup_freezer_state(r1, &(0x7f0000000100), 0x2, 0x0) (async) ioctl$SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, &(0x7f00000000c0)=0x8d) (async) [ 1054.914384] FAULT_INJECTION: forcing a failure. [ 1054.914384] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.949572] FAULT_INJECTION: forcing a failure. [ 1054.949572] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.973202] CPU: 1 PID: 14486 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1054.981093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.990437] Call Trace: [ 1054.993370] dump_stack+0x1b2/0x281 [ 1054.997000] should_fail.cold+0x10a/0x149 [ 1055.001149] should_failslab+0xd6/0x130 [ 1055.005126] kmem_cache_alloc+0x28e/0x3c0 [ 1055.009278] __kernfs_new_node+0x6f/0x470 [ 1055.013433] kernfs_create_dir_ns+0x8c/0x200 [ 1055.017842] internal_create_group+0xe9/0x710 10:19:40 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0, 0x201000, 0x0) (async) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000180)={r0}) (async) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/block/loop7', 0x90500, 0x4) openat$cgroup_freezer_state(r1, &(0x7f0000000100), 0x2, 0x0) (async) ioctl$SNDCTL_SYNTH_MEMAVL(r1, 0xc004510e, &(0x7f00000000c0)=0x8d) 10:19:40 executing program 1: socket(0x24, 0x800, 0x0) clock_getres(0x4, &(0x7f0000000000)) socket(0x8, 0x2, 0x2) socket(0x24, 0x800, 0x0) (async) clock_getres(0x4, &(0x7f0000000000)) (async) socket(0x8, 0x2, 0x2) (async) [ 1055.022341] lo_ioctl+0x1137/0x1cd0 [ 1055.025969] ? loop_set_status64+0xe0/0xe0 [ 1055.030204] blkdev_ioctl+0x540/0x1830 [ 1055.034089] ? blkpg_ioctl+0x8d0/0x8d0 [ 1055.037975] ? trace_hardirqs_on+0x10/0x10 [ 1055.042209] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1055.047315] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1055.052334] block_ioctl+0xd9/0x120 [ 1055.055960] ? blkdev_fallocate+0x3a0/0x3a0 [ 1055.060279] do_vfs_ioctl+0x75a/0xff0 [ 1055.064086] ? lock_acquire+0x170/0x3f0 [ 1055.068061] ? ioctl_preallocate+0x1a0/0x1a0 [ 1055.072466] ? __fget+0x265/0x3e0 [ 1055.075913] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.079882] ? security_file_ioctl+0x83/0xb0 [ 1055.084285] SyS_ioctl+0x7f/0xb0 [ 1055.087653] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.091625] do_syscall_64+0x1d5/0x640 [ 1055.095509] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1055.100691] RIP: 0033:0x7f94265b4e07 [ 1055.104405] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1055.112109] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1055.119369] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1055.126628] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1055.133893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1055.141156] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1055.167328] CPU: 0 PID: 14488 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1055.175235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1055.184584] Call Trace: [ 1055.187176] dump_stack+0x1b2/0x281 [ 1055.190820] should_fail.cold+0x10a/0x149 [ 1055.194988] should_failslab+0xd6/0x130 [ 1055.198962] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1055.203630] ? dev_uevent_filter+0xd0/0xd0 [ 1055.207863] kobject_uevent_env+0x20c/0xf30 [ 1055.212183] ? internal_create_group+0x48f/0x710 [ 1055.213559] qnx4: unable to read the superblock [ 1055.216940] lo_ioctl+0x11a6/0x1cd0 [ 1055.216955] ? loop_set_status64+0xe0/0xe0 [ 1055.216968] blkdev_ioctl+0x540/0x1830 [ 1055.216979] ? blkpg_ioctl+0x8d0/0x8d0 [ 1055.237213] ? trace_hardirqs_on+0x10/0x10 [ 1055.241456] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1055.246566] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1055.251585] block_ioctl+0xd9/0x120 [ 1055.255217] ? blkdev_fallocate+0x3a0/0x3a0 [ 1055.259540] do_vfs_ioctl+0x75a/0xff0 [ 1055.263341] ? lock_acquire+0x170/0x3f0 [ 1055.267402] ? ioctl_preallocate+0x1a0/0x1a0 [ 1055.271811] ? __fget+0x265/0x3e0 [ 1055.275263] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.279234] ? security_file_ioctl+0x83/0xb0 [ 1055.283641] SyS_ioctl+0x7f/0xb0 [ 1055.287091] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.291058] do_syscall_64+0x1d5/0x640 [ 1055.294929] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1055.300095] RIP: 0033:0x7f2e61d65e07 [ 1055.303786] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1055.311472] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1055.318719] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1055.325974] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1055.333222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1055.340472] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1055.357375] qnx4: unable to read the superblock 10:19:40 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 21) 10:19:40 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x2000014, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x440001, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(r0, 0xc0045401, &(0x7f0000000180)=0x1d5) (async) r1 = msgget(0x3, 0x200) (async) ioctl$SNDCTL_SYNTH_ID(r0, 0xc08c5114, &(0x7f00000001c0)={"82799106d3af7d143cdc3518d58f606f31e65cdcf5955548aa5ccebfd2c1", 0x7, 0x0, 0x1, 0x2, 0x7fff, 0x423ba545, 0x1, 0x3, [0x1, 0xfe3d, 0xad98, 0x9, 0x6, 0x20, 0x5, 0x40, 0x77, 0x4, 0x8, 0x80, 0x80, 0x10000, 0x6, 0x0, 0x8, 0x0, 0x400]}) msgsnd(r1, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgctl$MSG_STAT(r1, 0xb, &(0x7f00000000c0)=""/124) msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000280)=""/4096) 10:19:40 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x8400) 10:19:40 executing program 5: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() syz_open_procfs$namespace(r1, 0x0) sched_rr_get_interval(r1, &(0x7f0000000200)) getgid() r2 = syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffff9, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x7fffffff) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x100, 0x1d, &(0x7f0000000100)) 10:19:40 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 12) 10:19:40 executing program 1: socket(0x24, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)="7aaf09832fe5e9cd29152f3c833e45a410aef783f7b81691351a58b4e05db793fb122366756f9d4c13b9c4cae1c18184eefbe167ef5385dd4fdf746bcad9aab8400408b9c24547c2f72e713a7848bcd29d757ebd40cf4f1f8ca9dd03b14a42ba68189aba585810b38293ef7bcb03bc0dd7c7b0ea9dc23fa10794d5e559e8be7f740a410fd88c9324ac6ac5959d5598313e0aef99766dfee7768c2d517343812c3a35", 0xa2}, {&(0x7f0000000100)="2c2d5b250178e418d0811ab8770f173300e5d8c183a36515a5b23bd2100c6bb521b2af22dd9bda67d93995aa74e99d7e98081d4fd70288d28a13e6dad307a0b4ae1b07f6361958a1f076e1a1b6f90b33fb7bc40a4ffdf768498bdc4d2d6cf5", 0x5f}, {&(0x7f0000000180)="e9890748960cbba72be3430bf5a916528d1baacae377e42cbf8b241424369ab2296b5a0b5b1288f791d5320dae", 0x2d}, {&(0x7f00000001c0)="2e76a56472b634d2f6775dd5f78fb2ae07dfcfc3baebe6f9432586fe2d5efe6b8248d85b2bfc71f723ab02bfe6b411580fb986579e44fc9dd0fdbd0776cf1924415630307e1b5d990b14bf708027ac5e9f25d002d872ca1e01ed5c0e3ecf3f32129524017ce7cbcab4632017a071a24c04b34a81f6e3f9f5b99c294c44b95d4c048fed26d687e9122249655a3ddb7325243096c1757ff887c25b9d9c7cc9fe92735a5bd5e653e3690948a981f60fba17e3796ada4624ae244e4d9eceb5dd0ba5b3c90af88ebe8689e19b700b7e9d5fda6dede1002bab797bdae9fc6fdbd15382abc60f", 0xe3}], 0x4, 0x0, 0x0, 0x8080}, 0x10) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000000)='\x00', 0x1) 10:19:40 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x9, 0x80000) 10:19:40 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x2000014, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x440001, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(r0, 0xc0045401, &(0x7f0000000180)=0x1d5) (async) r1 = msgget(0x3, 0x200) ioctl$SNDCTL_SYNTH_ID(r0, 0xc08c5114, &(0x7f00000001c0)={"82799106d3af7d143cdc3518d58f606f31e65cdcf5955548aa5ccebfd2c1", 0x7, 0x0, 0x1, 0x2, 0x7fff, 0x423ba545, 0x1, 0x3, [0x1, 0xfe3d, 0xad98, 0x9, 0x6, 0x20, 0x5, 0x40, 0x77, 0x4, 0x8, 0x80, 0x80, 0x10000, 0x6, 0x0, 0x8, 0x0, 0x400]}) msgsnd(r1, &(0x7f0000000000)={0x2}, 0x8, 0x0) (async) msgctl$MSG_STAT(r1, 0xb, &(0x7f00000000c0)=""/124) msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000280)=""/4096) [ 1055.489293] FAULT_INJECTION: forcing a failure. [ 1055.489293] name failslab, interval 1, probability 0, space 0, times 0 [ 1055.504995] CPU: 0 PID: 14561 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1055.512892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1055.522242] Call Trace: [ 1055.524834] dump_stack+0x1b2/0x281 [ 1055.528466] should_fail.cold+0x10a/0x149 [ 1055.532621] should_failslab+0xd6/0x130 10:19:41 executing program 5: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() syz_open_procfs$namespace(r1, 0x0) (async) sched_rr_get_interval(r1, &(0x7f0000000200)) getgid() (async) r2 = syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffff9, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x7fffffff) (async) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x100, 0x1d, &(0x7f0000000100)) [ 1055.536597] __kmalloc+0x2c1/0x400 [ 1055.540226] ? kobject_get_path+0xb5/0x230 [ 1055.544460] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1055.549910] kobject_get_path+0xb5/0x230 [ 1055.553973] kobject_uevent_env+0x230/0xf30 [ 1055.558294] ? internal_create_group+0x48f/0x710 [ 1055.563053] lo_ioctl+0x11a6/0x1cd0 [ 1055.566681] ? loop_set_status64+0xe0/0xe0 [ 1055.570925] blkdev_ioctl+0x540/0x1830 [ 1055.574823] ? blkpg_ioctl+0x8d0/0x8d0 [ 1055.578709] ? trace_hardirqs_on+0x10/0x10 [ 1055.582946] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1055.588046] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1055.593068] block_ioctl+0xd9/0x120 [ 1055.596693] ? blkdev_fallocate+0x3a0/0x3a0 [ 1055.601013] do_vfs_ioctl+0x75a/0xff0 [ 1055.604811] ? lock_acquire+0x170/0x3f0 [ 1055.608784] ? ioctl_preallocate+0x1a0/0x1a0 [ 1055.613190] ? __fget+0x265/0x3e0 [ 1055.616644] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.620618] ? security_file_ioctl+0x83/0xb0 [ 1055.625028] SyS_ioctl+0x7f/0xb0 [ 1055.628391] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.632363] do_syscall_64+0x1d5/0x640 10:19:41 executing program 1: socket(0x24, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)="7aaf09832fe5e9cd29152f3c833e45a410aef783f7b81691351a58b4e05db793fb122366756f9d4c13b9c4cae1c18184eefbe167ef5385dd4fdf746bcad9aab8400408b9c24547c2f72e713a7848bcd29d757ebd40cf4f1f8ca9dd03b14a42ba68189aba585810b38293ef7bcb03bc0dd7c7b0ea9dc23fa10794d5e559e8be7f740a410fd88c9324ac6ac5959d5598313e0aef99766dfee7768c2d517343812c3a35", 0xa2}, {&(0x7f0000000100)="2c2d5b250178e418d0811ab8770f173300e5d8c183a36515a5b23bd2100c6bb521b2af22dd9bda67d93995aa74e99d7e98081d4fd70288d28a13e6dad307a0b4ae1b07f6361958a1f076e1a1b6f90b33fb7bc40a4ffdf768498bdc4d2d6cf5", 0x5f}, {&(0x7f0000000180)="e9890748960cbba72be3430bf5a916528d1baacae377e42cbf8b241424369ab2296b5a0b5b1288f791d5320dae", 0x2d}, {&(0x7f00000001c0)="2e76a56472b634d2f6775dd5f78fb2ae07dfcfc3baebe6f9432586fe2d5efe6b8248d85b2bfc71f723ab02bfe6b411580fb986579e44fc9dd0fdbd0776cf1924415630307e1b5d990b14bf708027ac5e9f25d002d872ca1e01ed5c0e3ecf3f32129524017ce7cbcab4632017a071a24c04b34a81f6e3f9f5b99c294c44b95d4c048fed26d687e9122249655a3ddb7325243096c1757ff887c25b9d9c7cc9fe92735a5bd5e653e3690948a981f60fba17e3796ada4624ae244e4d9eceb5dd0ba5b3c90af88ebe8689e19b700b7e9d5fda6dede1002bab797bdae9fc6fdbd15382abc60f", 0xe3}], 0x4, 0x0, 0x0, 0x8080}, 0x10) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000000)='\x00', 0x1) socket(0x24, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) (async) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)="7aaf09832fe5e9cd29152f3c833e45a410aef783f7b81691351a58b4e05db793fb122366756f9d4c13b9c4cae1c18184eefbe167ef5385dd4fdf746bcad9aab8400408b9c24547c2f72e713a7848bcd29d757ebd40cf4f1f8ca9dd03b14a42ba68189aba585810b38293ef7bcb03bc0dd7c7b0ea9dc23fa10794d5e559e8be7f740a410fd88c9324ac6ac5959d5598313e0aef99766dfee7768c2d517343812c3a35", 0xa2}, {&(0x7f0000000100)="2c2d5b250178e418d0811ab8770f173300e5d8c183a36515a5b23bd2100c6bb521b2af22dd9bda67d93995aa74e99d7e98081d4fd70288d28a13e6dad307a0b4ae1b07f6361958a1f076e1a1b6f90b33fb7bc40a4ffdf768498bdc4d2d6cf5", 0x5f}, {&(0x7f0000000180)="e9890748960cbba72be3430bf5a916528d1baacae377e42cbf8b241424369ab2296b5a0b5b1288f791d5320dae", 0x2d}, {&(0x7f00000001c0)="2e76a56472b634d2f6775dd5f78fb2ae07dfcfc3baebe6f9432586fe2d5efe6b8248d85b2bfc71f723ab02bfe6b411580fb986579e44fc9dd0fdbd0776cf1924415630307e1b5d990b14bf708027ac5e9f25d002d872ca1e01ed5c0e3ecf3f32129524017ce7cbcab4632017a071a24c04b34a81f6e3f9f5b99c294c44b95d4c048fed26d687e9122249655a3ddb7325243096c1757ff887c25b9d9c7cc9fe92735a5bd5e653e3690948a981f60fba17e3796ada4624ae244e4d9eceb5dd0ba5b3c90af88ebe8689e19b700b7e9d5fda6dede1002bab797bdae9fc6fdbd15382abc60f", 0xe3}], 0x4, 0x0, 0x0, 0x8080}, 0x10) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000000)='\x00', 0x1) (async) [ 1055.636261] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1055.641456] RIP: 0033:0x7f2e61d65e07 [ 1055.645157] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1055.652862] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1055.660127] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1055.667389] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1055.674665] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1055.681930] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:41 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x9, 0x80000) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0x9, 0x80000) (async) 10:19:41 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) [ 1055.696480] FAULT_INJECTION: forcing a failure. [ 1055.696480] name failslab, interval 1, probability 0, space 0, times 0 [ 1055.764743] CPU: 1 PID: 14568 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1055.772650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1055.781999] Call Trace: [ 1055.784585] dump_stack+0x1b2/0x281 [ 1055.787358] qnx4: unable to read the superblock [ 1055.788209] should_fail.cold+0x10a/0x149 [ 1055.788226] should_failslab+0xd6/0x130 [ 1055.800979] kmem_cache_alloc+0x28e/0x3c0 [ 1055.805125] __kernfs_new_node+0x6f/0x470 [ 1055.809274] kernfs_new_node+0x7b/0xe0 [ 1055.813161] __kernfs_create_file+0x3d/0x320 [ 1055.817571] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1055.822236] ? kernfs_create_dir_ns+0x171/0x200 [ 1055.826904] internal_create_group+0x22b/0x710 [ 1055.831486] lo_ioctl+0x1137/0x1cd0 [ 1055.835117] ? loop_set_status64+0xe0/0xe0 [ 1055.839706] blkdev_ioctl+0x540/0x1830 [ 1055.843594] ? blkpg_ioctl+0x8d0/0x8d0 [ 1055.847474] ? trace_hardirqs_on+0x10/0x10 [ 1055.851707] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1055.856805] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1055.861818] block_ioctl+0xd9/0x120 [ 1055.865424] ? blkdev_fallocate+0x3a0/0x3a0 [ 1055.869720] do_vfs_ioctl+0x75a/0xff0 [ 1055.873502] ? lock_acquire+0x170/0x3f0 [ 1055.877454] ? ioctl_preallocate+0x1a0/0x1a0 [ 1055.881844] ? __fget+0x265/0x3e0 [ 1055.885276] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.889235] ? security_file_ioctl+0x83/0xb0 [ 1055.893630] SyS_ioctl+0x7f/0xb0 [ 1055.896980] ? do_vfs_ioctl+0xff0/0xff0 [ 1055.900945] do_syscall_64+0x1d5/0x640 [ 1055.904824] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1055.909990] RIP: 0033:0x7f94265b4e07 [ 1055.913680] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1055.921363] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1055.928612] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1055.936290] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1055.943533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1055.950788] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:41 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 22) 10:19:41 executing program 5: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r1 = gettid() syz_open_procfs$namespace(r1, 0x0) (async, rerun: 64) sched_rr_get_interval(r1, &(0x7f0000000200)) (async, rerun: 64) getgid() (async) r2 = syz_open_dev$loop(&(0x7f0000000000), 0xfffffffffffffff9, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x7fffffff) (async) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x100, 0x1d, &(0x7f0000000100)) 10:19:41 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x9, 0x80000) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0x9, 0x80000) (async) 10:19:41 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) [ 1055.967231] qnx4: unable to read the superblock 10:19:41 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 13) 10:19:41 executing program 1: socket(0x24, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) r1 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)="7aaf09832fe5e9cd29152f3c833e45a410aef783f7b81691351a58b4e05db793fb122366756f9d4c13b9c4cae1c18184eefbe167ef5385dd4fdf746bcad9aab8400408b9c24547c2f72e713a7848bcd29d757ebd40cf4f1f8ca9dd03b14a42ba68189aba585810b38293ef7bcb03bc0dd7c7b0ea9dc23fa10794d5e559e8be7f740a410fd88c9324ac6ac5959d5598313e0aef99766dfee7768c2d517343812c3a35", 0xa2}, {&(0x7f0000000100)="2c2d5b250178e418d0811ab8770f173300e5d8c183a36515a5b23bd2100c6bb521b2af22dd9bda67d93995aa74e99d7e98081d4fd70288d28a13e6dad307a0b4ae1b07f6361958a1f076e1a1b6f90b33fb7bc40a4ffdf768498bdc4d2d6cf5", 0x5f}, {&(0x7f0000000180)="e9890748960cbba72be3430bf5a916528d1baacae377e42cbf8b241424369ab2296b5a0b5b1288f791d5320dae", 0x2d}, {&(0x7f00000001c0)="2e76a56472b634d2f6775dd5f78fb2ae07dfcfc3baebe6f9432586fe2d5efe6b8248d85b2bfc71f723ab02bfe6b411580fb986579e44fc9dd0fdbd0776cf1924415630307e1b5d990b14bf708027ac5e9f25d002d872ca1e01ed5c0e3ecf3f32129524017ce7cbcab4632017a071a24c04b34a81f6e3f9f5b99c294c44b95d4c048fed26d687e9122249655a3ddb7325243096c1757ff887c25b9d9c7cc9fe92735a5bd5e653e3690948a981f60fba17e3796ada4624ae244e4d9eceb5dd0ba5b3c90af88ebe8689e19b700b7e9d5fda6dede1002bab797bdae9fc6fdbd15382abc60f", 0xe3}], 0x4, 0x0, 0x0, 0x8080}, 0x10) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 64) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000000)='\x00', 0x1) (rerun: 64) 10:19:41 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80100, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) 10:19:41 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000080), 0x1, 0x4081) 10:19:41 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_TMR_METRONOME(r0, 0x40045407) socket(0x24, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket(0x8, 0x3, 0x1f) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r4, 0x2, 0x70bd27, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x800}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xfffffffffffffff7}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4048090}, 0x1) [ 1056.163916] FAULT_INJECTION: forcing a failure. [ 1056.163916] name failslab, interval 1, probability 0, space 0, times 0 [ 1056.175341] CPU: 0 PID: 14631 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1056.183232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1056.192586] Call Trace: [ 1056.195156] dump_stack+0x1b2/0x281 [ 1056.198774] should_fail.cold+0x10a/0x149 [ 1056.202902] should_failslab+0xd6/0x130 [ 1056.206852] kmem_cache_alloc+0x40/0x3c0 [ 1056.210890] radix_tree_node_alloc.constprop.0+0x1b0/0x2f0 [ 1056.216497] idr_get_free_cmn+0x595/0x8d0 [ 1056.220627] ? trace_hardirqs_on+0x10/0x10 [ 1056.224844] idr_alloc_cmn+0xe8/0x1e0 [ 1056.228622] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 1056.233437] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1056.238477] ? __schedule+0x1450/0x1de0 [ 1056.242429] ? cpuacct_charge+0x1cf/0x350 [ 1056.246553] ? fs_reclaim_release+0xd0/0x110 [ 1056.250943] idr_alloc_cyclic+0xc2/0x1d0 [ 1056.254984] ? idr_alloc_cmn+0x1e0/0x1e0 [ 1056.259020] ? __radix_tree_preload+0x1c3/0x250 [ 1056.263673] __kernfs_new_node+0xaf/0x470 [ 1056.267799] kernfs_create_dir_ns+0x8c/0x200 [ 1056.272186] internal_create_group+0xe9/0x710 [ 1056.276670] lo_ioctl+0x1137/0x1cd0 [ 1056.280293] ? loop_set_status64+0xe0/0xe0 [ 1056.284511] blkdev_ioctl+0x540/0x1830 [ 1056.288377] ? blkpg_ioctl+0x8d0/0x8d0 [ 1056.292242] ? trace_hardirqs_on+0x10/0x10 [ 1056.296471] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1056.301549] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1056.306545] block_ioctl+0xd9/0x120 [ 1056.310151] ? blkdev_fallocate+0x3a0/0x3a0 [ 1056.314464] do_vfs_ioctl+0x75a/0xff0 [ 1056.318243] ? lock_acquire+0x170/0x3f0 [ 1056.322199] ? ioctl_preallocate+0x1a0/0x1a0 [ 1056.326582] ? __fget+0x265/0x3e0 [ 1056.330011] ? do_vfs_ioctl+0xff0/0xff0 [ 1056.333961] ? security_file_ioctl+0x83/0xb0 [ 1056.338343] SyS_ioctl+0x7f/0xb0 [ 1056.341682] ? do_vfs_ioctl+0xff0/0xff0 [ 1056.345632] do_syscall_64+0x1d5/0x640 [ 1056.349496] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1056.354663] RIP: 0033:0x7f94265b4e07 10:19:41 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x100000000, 0x3, &(0x7f00000002c0)=[{&(0x7f0000000100)="494e0696c97de4aff34b1929124993b8b2fc4e234885e54880116c6157abdab56b577b5c6f7578908b6451524ccddf715abd60f27413a563ef5ca383a72783693c30dd3c1a7f2d003d281b4eb535cae7bc4b46c3fc8118952f5766ac5f1386416c393f456130bc6c0c00b489bd99269c3c71ee6524bb05b51d35938a110e82704154cfa1f04d0f20eafaf953d8a5e3452f24b9d0086288102e73732c7bcca6b33d9ad4c2da6c2d4ff24ca9e1dd7d2a2a74299f95db74b05684c5cadebb5efdf98abdd87decd0ae412ab471aa6fa148eda2c8d1210b17cfce5979cb53f74e1cf215284edf56e919497e", 0xe9, 0x9}, {&(0x7f0000000200)="281b788ffb5b5f27453fd123d2e1d24b11381ec860e9578210297695d12caa600ceeb62ab62be859d02be2d9ba9087a97467347ff344b5326684c22c8ffda665ba3efa3b3a06a72ca0da5ac54efbc86f7acd77f460", 0x55, 0x6}, {&(0x7f0000000280)="a7acf0f772d850a6c6a5161b5ee45c9e4b52", 0x12, 0x3ff}], 0x4000, &(0x7f0000000340)={[{}, {')@['}, {}], [{@appraise}, {@smackfsfloor={'smackfsfloor', 0x3d, '/^/'}}, {@appraise}]}) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) write$sequencer(r0, &(0x7f0000000380)=[@n={0x3, 0x81, @generic=0x9, 0x20}, @x={0x94, 0xc, "d495d87f4248"}, @echo=0x8, @echo=0x1, @t={0x4, 0x5, 0x0, 0x7}, @generic={0x2}], 0x1d) [ 1056.358350] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1056.366032] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1056.373276] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1056.380523] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1056.387771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1056.395018] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:41 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000080), 0x1, 0x4081) 10:19:41 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x5, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_SEQ_NRSYNTHS(r0, 0x8004510a, &(0x7f00000001c0)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5111) syz_mount_image$qnx4(&(0x7f0000000200), &(0x7f00000000c0)='./file1\x00', 0x8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000100)="9047aaec2c842825edf1eeecb778d7a7b9d0fb8dabd5e9e58734d0741b522d64d2c1fb3bb81330", 0x27, 0x2}], 0xd3008, &(0x7f0000000000)={[{'^'}, {}, {')$!@]\\'}, {';\xb4\xb4\xd9\xc5\xdc\x1f\'1Y\xdc\x80\xd7MS*'}, {'(&}'}, {'\f:'}, {'!/{!&\'^+-]'}], [{@smackfsfloor}]}) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xa0, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x18, 0xbe, "c1d16550bb9ed7850fb611209d341badd83ac703"}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x6ab}, @NL80211_ATTR_OPMODE_NOTIF={0x5}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x65d}, @NL80211_ATTR_STA_WME={0x4c, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xff}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x48}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xd4}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x81}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x20}, @NL80211_STA_WME_MAX_SP={0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xfd}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3b}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000004) [ 1056.558088] qnx4: no qnx4 filesystem (no root dir). [ 1056.565127] FAULT_INJECTION: forcing a failure. [ 1056.565127] name failslab, interval 1, probability 0, space 0, times 0 [ 1056.576892] CPU: 1 PID: 14625 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1056.584771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1056.594127] Call Trace: [ 1056.596819] dump_stack+0x1b2/0x281 [ 1056.600433] should_fail.cold+0x10a/0x149 [ 1056.604566] should_failslab+0xd6/0x130 [ 1056.608524] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1056.613609] __kmalloc_node_track_caller+0x38/0x70 [ 1056.618529] __alloc_skb+0x96/0x510 [ 1056.622135] kobject_uevent_env+0x882/0xf30 [ 1056.626613] lo_ioctl+0x11a6/0x1cd0 [ 1056.630218] ? loop_set_status64+0xe0/0xe0 [ 1056.634444] blkdev_ioctl+0x540/0x1830 [ 1056.638322] ? blkpg_ioctl+0x8d0/0x8d0 [ 1056.642191] ? trace_hardirqs_on+0x10/0x10 [ 1056.646431] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1056.651518] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1056.656522] block_ioctl+0xd9/0x120 [ 1056.660138] ? blkdev_fallocate+0x3a0/0x3a0 [ 1056.664441] do_vfs_ioctl+0x75a/0xff0 [ 1056.668223] ? lock_acquire+0x170/0x3f0 [ 1056.672277] ? ioctl_preallocate+0x1a0/0x1a0 [ 1056.676677] ? __fget+0x265/0x3e0 [ 1056.680147] ? do_vfs_ioctl+0xff0/0xff0 [ 1056.684100] ? security_file_ioctl+0x83/0xb0 [ 1056.688489] SyS_ioctl+0x7f/0xb0 [ 1056.691843] ? do_vfs_ioctl+0xff0/0xff0 [ 1056.695814] do_syscall_64+0x1d5/0x640 [ 1056.699685] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1056.704853] RIP: 0033:0x7f2e61d65e07 [ 1056.708538] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1056.716220] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1056.723465] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1056.730715] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1056.737972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1056.745229] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1056.758202] qnx4: unable to read the superblock [ 1056.768660] qnx4: unable to read the superblock 10:19:42 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 23) 10:19:42 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_TMR_METRONOME(r0, 0x40045407) socket(0x24, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket(0x8, 0x3, 0x1f) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r4, 0x2, 0x70bd27, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x800}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xfffffffffffffff7}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4048090}, 0x1) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$SNDCTL_TMR_METRONOME(r0, 0x40045407) (async) socket(0x24, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) (async) socket(0x8, 0x3, 0x1f) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) (async) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r4, 0x2, 0x70bd27, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x800}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xfffffffffffffff7}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4048090}, 0x1) (async) 10:19:42 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000080), 0x1, 0x4081) 10:19:42 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x5, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$SNDCTL_SEQ_NRSYNTHS(r0, 0x8004510a, &(0x7f00000001c0)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async, rerun: 32) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5111) (async, rerun: 32) syz_mount_image$qnx4(&(0x7f0000000200), &(0x7f00000000c0)='./file1\x00', 0x8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000100)="9047aaec2c842825edf1eeecb778d7a7b9d0fb8dabd5e9e58734d0741b522d64d2c1fb3bb81330", 0x27, 0x2}], 0xd3008, &(0x7f0000000000)={[{'^'}, {}, {')$!@]\\'}, {';\xb4\xb4\xd9\xc5\xdc\x1f\'1Y\xdc\x80\xd7MS*'}, {'(&}'}, {'\f:'}, {'!/{!&\'^+-]'}], [{@smackfsfloor}]}) (async) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xa0, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x18, 0xbe, "c1d16550bb9ed7850fb611209d341badd83ac703"}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x6ab}, @NL80211_ATTR_OPMODE_NOTIF={0x5}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x65d}, @NL80211_ATTR_STA_WME={0x4c, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xff}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x48}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xd4}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x81}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x20}, @NL80211_STA_WME_MAX_SP={0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xfd}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3b}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000004) 10:19:42 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 14) 10:19:42 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x100000000, 0x3, &(0x7f00000002c0)=[{&(0x7f0000000100)="494e0696c97de4aff34b1929124993b8b2fc4e234885e54880116c6157abdab56b577b5c6f7578908b6451524ccddf715abd60f27413a563ef5ca383a72783693c30dd3c1a7f2d003d281b4eb535cae7bc4b46c3fc8118952f5766ac5f1386416c393f456130bc6c0c00b489bd99269c3c71ee6524bb05b51d35938a110e82704154cfa1f04d0f20eafaf953d8a5e3452f24b9d0086288102e73732c7bcca6b33d9ad4c2da6c2d4ff24ca9e1dd7d2a2a74299f95db74b05684c5cadebb5efdf98abdd87decd0ae412ab471aa6fa148eda2c8d1210b17cfce5979cb53f74e1cf215284edf56e919497e", 0xe9, 0x9}, {&(0x7f0000000200)="281b788ffb5b5f27453fd123d2e1d24b11381ec860e9578210297695d12caa600ceeb62ab62be859d02be2d9ba9087a97467347ff344b5326684c22c8ffda665ba3efa3b3a06a72ca0da5ac54efbc86f7acd77f460", 0x55, 0x6}, {&(0x7f0000000280)="a7acf0f772d850a6c6a5161b5ee45c9e4b52", 0x12, 0x3ff}], 0x4000, &(0x7f0000000340)={[{}, {')@['}, {}], [{@appraise}, {@smackfsfloor={'smackfsfloor', 0x3d, '/^/'}}, {@appraise}]}) (async, rerun: 32) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) write$sequencer(r0, &(0x7f0000000380)=[@n={0x3, 0x81, @generic=0x9, 0x20}, @x={0x94, 0xc, "d495d87f4248"}, @echo=0x8, @echo=0x1, @t={0x4, 0x5, 0x0, 0x7}, @generic={0x2}], 0x1d) 10:19:42 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) 10:19:42 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_TMR_METRONOME(r0, 0x40045407) socket(0x24, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) r2 = socket(0x8, 0x3, 0x1f) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r4, 0x2, 0x70bd27, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x800}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xfffffffffffffff7}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4048090}, 0x1) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$SNDCTL_TMR_METRONOME(r0, 0x40045407) (async) socket(0x24, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) (async) socket(0x8, 0x3, 0x1f) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$devlink(&(0x7f00000003c0), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) (async) sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r4, 0x2, 0x70bd27, 0x25dfdbff, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0x800}, @DEVLINK_ATTR_RATE_PARENT_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0xfffffffffffffff7}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x4048090}, 0x1) (async) 10:19:42 executing program 0: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x5, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$SNDCTL_SEQ_NRSYNTHS(r0, 0x8004510a, &(0x7f00000001c0)) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$SNDCTL_SEQ_PANIC(r1, 0x5111) (async) syz_mount_image$qnx4(&(0x7f0000000200), &(0x7f00000000c0)='./file1\x00', 0x8, 0x1, &(0x7f0000000140)=[{&(0x7f0000000100)="9047aaec2c842825edf1eeecb778d7a7b9d0fb8dabd5e9e58734d0741b522d64d2c1fb3bb81330", 0x27, 0x2}], 0xd3008, &(0x7f0000000000)={[{'^'}, {}, {')$!@]\\'}, {';\xb4\xb4\xd9\xc5\xdc\x1f\'1Y\xdc\x80\xd7MS*'}, {'(&}'}, {'\f:'}, {'!/{!&\'^+-]'}], [{@smackfsfloor}]}) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0xa0, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x1}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x18, 0xbe, "c1d16550bb9ed7850fb611209d341badd83ac703"}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x6ab}, @NL80211_ATTR_OPMODE_NOTIF={0x5}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x65d}, @NL80211_ATTR_STA_WME={0x4c, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xff}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x48}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xd4}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x81}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x20}, @NL80211_STA_WME_MAX_SP={0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0xfd}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3b}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000004) 10:19:42 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) (async) [ 1056.996624] FAULT_INJECTION: forcing a failure. [ 1056.996624] name failslab, interval 1, probability 0, space 0, times 0 [ 1057.009324] CPU: 1 PID: 14698 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1057.017217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1057.026567] Call Trace: [ 1057.029155] dump_stack+0x1b2/0x281 [ 1057.032781] should_fail.cold+0x10a/0x149 [ 1057.036931] should_failslab+0xd6/0x130 [ 1057.040906] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1057.046023] __kmalloc_node_track_caller+0x38/0x70 [ 1057.050949] __alloc_skb+0x96/0x510 [ 1057.054582] kobject_uevent_env+0x882/0xf30 [ 1057.058896] lo_ioctl+0x11a6/0x1cd0 [ 1057.062515] ? loop_set_status64+0xe0/0xe0 [ 1057.064692] FAULT_INJECTION: forcing a failure. [ 1057.064692] name failslab, interval 1, probability 0, space 0, times 0 [ 1057.066744] blkdev_ioctl+0x540/0x1830 [ 1057.081837] ? blkpg_ioctl+0x8d0/0x8d0 [ 1057.085715] ? trace_hardirqs_on+0x10/0x10 [ 1057.089935] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1057.095018] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1057.100025] block_ioctl+0xd9/0x120 [ 1057.103632] ? blkdev_fallocate+0x3a0/0x3a0 [ 1057.107934] do_vfs_ioctl+0x75a/0xff0 [ 1057.111715] ? lock_acquire+0x170/0x3f0 [ 1057.115669] ? ioctl_preallocate+0x1a0/0x1a0 [ 1057.120061] ? __fget+0x265/0x3e0 [ 1057.123508] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.127464] ? security_file_ioctl+0x83/0xb0 [ 1057.131859] SyS_ioctl+0x7f/0xb0 [ 1057.135207] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.139167] do_syscall_64+0x1d5/0x640 [ 1057.143041] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1057.148214] RIP: 0033:0x7f2e61d65e07 [ 1057.151908] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1057.159601] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1057.166851] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1057.174103] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1057.181357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1057.188613] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:42 executing program 1: r0 = socket(0x24, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000140)) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x1410, 0x1, 0x70bd28, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x4}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x0, 0x1, 0x1}]}, 0x21}, 0x1, 0x0, 0x0, 0x20000851}, 0x8000) [ 1057.195878] CPU: 0 PID: 14703 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1057.203762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1057.213112] Call Trace: [ 1057.215701] dump_stack+0x1b2/0x281 [ 1057.219340] should_fail.cold+0x10a/0x149 [ 1057.221609] qnx4: unable to read the superblock [ 1057.223488] should_failslab+0xd6/0x130 [ 1057.223500] kmem_cache_alloc+0x28e/0x3c0 [ 1057.223513] __kernfs_new_node+0x6f/0x470 [ 1057.240397] kernfs_new_node+0x7b/0xe0 [ 1057.244295] __kernfs_create_file+0x3d/0x320 [ 1057.248703] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1057.249235] qnx4: no qnx4 filesystem (no root dir). [ 1057.253363] ? kernfs_create_dir_ns+0x171/0x200 [ 1057.253375] internal_create_group+0x22b/0x710 [ 1057.253388] lo_ioctl+0x1137/0x1cd0 [ 1057.253401] ? loop_set_status64+0xe0/0xe0 [ 1057.253413] blkdev_ioctl+0x540/0x1830 [ 1057.253423] ? blkpg_ioctl+0x8d0/0x8d0 [ 1057.253431] ? trace_hardirqs_on+0x10/0x10 [ 1057.253444] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1057.292526] ? debug_check_no_obj_freed+0x2c0/0x680 10:19:42 executing program 1: r0 = socket(0x24, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000140)) (async) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x1410, 0x1, 0x70bd28, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x4}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x0, 0x1, 0x1}]}, 0x21}, 0x1, 0x0, 0x0, 0x20000851}, 0x8000) [ 1057.297548] block_ioctl+0xd9/0x120 [ 1057.301184] ? blkdev_fallocate+0x3a0/0x3a0 [ 1057.305508] do_vfs_ioctl+0x75a/0xff0 [ 1057.309308] ? lock_acquire+0x170/0x3f0 [ 1057.313278] ? ioctl_preallocate+0x1a0/0x1a0 [ 1057.317689] ? __fget+0x265/0x3e0 [ 1057.321141] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.325112] ? security_file_ioctl+0x83/0xb0 [ 1057.329518] SyS_ioctl+0x7f/0xb0 [ 1057.332881] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.336857] do_syscall_64+0x1d5/0x640 [ 1057.340750] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1057.345928] RIP: 0033:0x7f94265b4e07 [ 1057.349632] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1057.357335] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1057.364601] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1057.371873] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1057.379144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1057.386413] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:42 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 24) 10:19:42 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) (async) 10:19:42 executing program 0: sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x80, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x200, 0x55}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x92) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0x38}}}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004090}, 0x24040080) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:42 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 15) [ 1057.416439] qnx4: unable to read the superblock [ 1057.426848] qnx4: no qnx4 filesystem (no root dir). 10:19:42 executing program 1: r0 = socket(0x24, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000140)) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x1410, 0x1, 0x70bd28, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x4}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x0, 0x1, 0x1}]}, 0x21}, 0x1, 0x0, 0x0, 0x20000851}, 0x8000) socket(0x24, 0x0, 0x0) (async) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000140)) (async) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x1410, 0x1, 0x70bd28, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x4}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x0, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES, @RDMA_NLDEV_ATTR_RES_LQPN={0x0, 0x15, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x0, 0x1, 0x1}]}, 0x21}, 0x1, 0x0, 0x0, 0x20000851}, 0x8000) (async) [ 1057.548522] FAULT_INJECTION: forcing a failure. [ 1057.548522] name failslab, interval 1, probability 0, space 0, times 0 [ 1057.559948] CPU: 0 PID: 14767 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1057.567832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1057.571505] qnx4: no qnx4 filesystem (no root dir). [ 1057.577186] Call Trace: [ 1057.583048] FAULT_INJECTION: forcing a failure. [ 1057.583048] name failslab, interval 1, probability 0, space 0, times 0 [ 1057.584767] dump_stack+0x1b2/0x281 [ 1057.600079] should_fail.cold+0x10a/0x149 [ 1057.604234] should_failslab+0xd6/0x130 [ 1057.608216] kmem_cache_alloc+0x28e/0x3c0 [ 1057.612374] __kernfs_new_node+0x6f/0x470 [ 1057.616533] kernfs_new_node+0x7b/0xe0 [ 1057.620428] __kernfs_create_file+0x3d/0x320 [ 1057.624846] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1057.629524] ? kernfs_create_dir_ns+0x171/0x200 [ 1057.634196] internal_create_group+0x22b/0x710 [ 1057.638781] lo_ioctl+0x1137/0x1cd0 [ 1057.642412] ? loop_set_status64+0xe0/0xe0 [ 1057.646638] blkdev_ioctl+0x540/0x1830 [ 1057.650509] ? blkpg_ioctl+0x8d0/0x8d0 [ 1057.654381] ? trace_hardirqs_on+0x10/0x10 [ 1057.658606] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1057.663692] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1057.668694] block_ioctl+0xd9/0x120 [ 1057.672301] ? blkdev_fallocate+0x3a0/0x3a0 [ 1057.676604] do_vfs_ioctl+0x75a/0xff0 [ 1057.680386] ? lock_acquire+0x170/0x3f0 [ 1057.684341] ? ioctl_preallocate+0x1a0/0x1a0 [ 1057.688733] ? __fget+0x265/0x3e0 [ 1057.692169] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.696124] ? security_file_ioctl+0x83/0xb0 [ 1057.700517] SyS_ioctl+0x7f/0xb0 [ 1057.703864] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.707821] do_syscall_64+0x1d5/0x640 [ 1057.711705] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1057.716893] RIP: 0033:0x7f94265b4e07 [ 1057.720594] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1057.728289] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1057.735545] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1057.742800] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1057.750063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1057.757336] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1057.771258] CPU: 1 PID: 14764 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1057.779166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1057.788517] Call Trace: [ 1057.791102] dump_stack+0x1b2/0x281 [ 1057.794713] should_fail.cold+0x10a/0x149 [ 1057.798842] should_failslab+0xd6/0x130 [ 1057.802795] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1057.807888] __kmalloc_node_track_caller+0x38/0x70 [ 1057.812802] __alloc_skb+0x96/0x510 [ 1057.816409] kobject_uevent_env+0x882/0xf30 [ 1057.820717] lo_ioctl+0x11a6/0x1cd0 [ 1057.824324] ? loop_set_status64+0xe0/0xe0 [ 1057.828539] blkdev_ioctl+0x540/0x1830 [ 1057.832403] ? blkpg_ioctl+0x8d0/0x8d0 [ 1057.836272] ? trace_hardirqs_on+0x10/0x10 [ 1057.840489] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1057.845577] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1057.850594] block_ioctl+0xd9/0x120 [ 1057.854303] ? blkdev_fallocate+0x3a0/0x3a0 [ 1057.858611] do_vfs_ioctl+0x75a/0xff0 [ 1057.862393] ? lock_acquire+0x170/0x3f0 [ 1057.866352] ? ioctl_preallocate+0x1a0/0x1a0 [ 1057.871173] ? __fget+0x265/0x3e0 [ 1057.874626] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.878600] ? security_file_ioctl+0x83/0xb0 [ 1057.882991] SyS_ioctl+0x7f/0xb0 [ 1057.886334] ? do_vfs_ioctl+0xff0/0xff0 [ 1057.890288] do_syscall_64+0x1d5/0x640 [ 1057.894158] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1057.899326] RIP: 0033:0x7f2e61d65e07 [ 1057.903014] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1057.910699] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1057.917947] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1057.925196] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1057.932445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1057.939694] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:43 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x100000000, 0x3, &(0x7f00000002c0)=[{&(0x7f0000000100)="494e0696c97de4aff34b1929124993b8b2fc4e234885e54880116c6157abdab56b577b5c6f7578908b6451524ccddf715abd60f27413a563ef5ca383a72783693c30dd3c1a7f2d003d281b4eb535cae7bc4b46c3fc8118952f5766ac5f1386416c393f456130bc6c0c00b489bd99269c3c71ee6524bb05b51d35938a110e82704154cfa1f04d0f20eafaf953d8a5e3452f24b9d0086288102e73732c7bcca6b33d9ad4c2da6c2d4ff24ca9e1dd7d2a2a74299f95db74b05684c5cadebb5efdf98abdd87decd0ae412ab471aa6fa148eda2c8d1210b17cfce5979cb53f74e1cf215284edf56e919497e", 0xe9, 0x9}, {&(0x7f0000000200)="281b788ffb5b5f27453fd123d2e1d24b11381ec860e9578210297695d12caa600ceeb62ab62be859d02be2d9ba9087a97467347ff344b5326684c22c8ffda665ba3efa3b3a06a72ca0da5ac54efbc86f7acd77f460", 0x55, 0x6}, {&(0x7f0000000280)="a7acf0f772d850a6c6a5161b5ee45c9e4b52", 0x12, 0x3ff}], 0x4000, &(0x7f0000000340)={[{}, {')@['}, {}], [{@appraise}, {@smackfsfloor={'smackfsfloor', 0x3d, '/^/'}}, {@appraise}]}) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) write$sequencer(r0, &(0x7f0000000380)=[@n={0x3, 0x81, @generic=0x9, 0x20}, @x={0x94, 0xc, "d495d87f4248"}, @echo=0x8, @echo=0x1, @t={0x4, 0x5, 0x0, 0x7}, @generic={0x2}], 0x1d) 10:19:43 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) statx(r0, &(0x7f0000000040)='./file0\x00', 0x6800, 0x10, &(0x7f0000000500)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) sendmsg$SMC_PNETID_FLUSH(r1, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x50, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'team_slave_1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x64000814}, 0x40000) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000000b1400042bbd7000fddbdf25080003000200000008003f000000b96db6c93f72bfd30000080003000300000008003f000000000008003f000500000008000300000000000800010001000000080001000000000008003f0005000000fb3a3d1e8e4a6daae983543087396cb987d1ab92d7c9c86d78d6f83b66d8df3af6133e809f8bfbe29db498231597d84662d8749a5da967b7e03a2b2e684d700ce666aa92fdb7a1831d09212eb74e6ef584cdf3f2066a64ead8b96da36b7fb2a3fc63464808582902fc9c27a93b10e4a46a0e7f5c1482fa78c97c4708783f0cbf0eb126670139d4ce8594a36f4702e4d4c65e1c3189306f59201efadd19b1d3c354463d531c5b7d3b49fa4efb8f121385d086c15e8cde44e4ebcccea03a3e70c893e5a0a5dc05db3b3ef8559d4d71b6c5d43f522d4088fc9313"], 0x60}}, 0x240400c0) 10:19:43 executing program 1: write$sequencer(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="05c00a8092006011097f0002ff030a052100000480"], 0x15) socket(0x24, 0x0, 0x0) 10:19:43 executing program 0: sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x80, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x200, 0x55}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x92) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0x38}}}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004090}, 0x24040080) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:43 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 16) [ 1057.971872] qnx4: unable to read the superblock [ 1057.976567] qnx4: unable to read the superblock 10:19:43 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 25) 10:19:43 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) statx(r0, &(0x7f0000000040)='./file0\x00', 0x6800, 0x10, &(0x7f0000000500)) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000200), 0xffffffffffffffff) (async) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) sendmsg$SMC_PNETID_FLUSH(r1, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x50, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'team_slave_1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x64000814}, 0x40000) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000000b1400042bbd7000fddbdf25080003000200000008003f000000b96db6c93f72bfd30000080003000300000008003f000000000008003f000500000008000300000000000800010001000000080001000000000008003f0005000000fb3a3d1e8e4a6daae983543087396cb987d1ab92d7c9c86d78d6f83b66d8df3af6133e809f8bfbe29db498231597d84662d8749a5da967b7e03a2b2e684d700ce666aa92fdb7a1831d09212eb74e6ef584cdf3f2066a64ead8b96da36b7fb2a3fc63464808582902fc9c27a93b10e4a46a0e7f5c1482fa78c97c4708783f0cbf0eb126670139d4ce8594a36f4702e4d4c65e1c3189306f59201efadd19b1d3c354463d531c5b7d3b49fa4efb8f121385d086c15e8cde44e4ebcccea03a3e70c893e5a0a5dc05db3b3ef8559d4d71b6c5d43f522d4088fc9313"], 0x60}}, 0x240400c0) 10:19:43 executing program 1: write$sequencer(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="05c00a8092006011097f0002ff030a052100000480"], 0x15) socket(0x24, 0x0, 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="05c00a8092006011097f0002ff030a052100000480"], 0x15) (async) socket(0x24, 0x0, 0x0) (async) [ 1058.078081] qnx4: no qnx4 filesystem (no root dir). 10:19:43 executing program 0: sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)={0x80, 0x0, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x200, 0x55}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x80}, 0x1, 0x0, 0x0, 0x1}, 0x92) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) sendmsg$NL80211_CMD_SET_CHANNEL(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x38, 0x0, 0x400, 0x70bd29, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x4, 0x38}}}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x148c}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004090}, 0x24040080) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1058.106876] FAULT_INJECTION: forcing a failure. [ 1058.106876] name failslab, interval 1, probability 0, space 0, times 0 [ 1058.133846] CPU: 1 PID: 14800 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1058.141761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1058.151110] Call Trace: [ 1058.153696] dump_stack+0x1b2/0x281 [ 1058.157327] should_fail.cold+0x10a/0x149 [ 1058.161510] should_failslab+0xd6/0x130 [ 1058.165492] kmem_cache_alloc+0x28e/0x3c0 [ 1058.169644] __kernfs_new_node+0x6f/0x470 [ 1058.173798] kernfs_new_node+0x7b/0xe0 [ 1058.177687] __kernfs_create_file+0x3d/0x320 [ 1058.182094] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1058.186764] ? kernfs_create_dir_ns+0x171/0x200 [ 1058.191433] internal_create_group+0x22b/0x710 [ 1058.196018] lo_ioctl+0x1137/0x1cd0 [ 1058.199645] ? loop_set_status64+0xe0/0xe0 [ 1058.203880] blkdev_ioctl+0x540/0x1830 [ 1058.207772] ? blkpg_ioctl+0x8d0/0x8d0 [ 1058.211654] ? trace_hardirqs_on+0x10/0x10 [ 1058.215887] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1058.220990] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1058.226012] block_ioctl+0xd9/0x120 [ 1058.229639] ? blkdev_fallocate+0x3a0/0x3a0 [ 1058.233960] do_vfs_ioctl+0x75a/0xff0 [ 1058.237762] ? lock_acquire+0x170/0x3f0 [ 1058.241748] ? ioctl_preallocate+0x1a0/0x1a0 [ 1058.246158] ? __fget+0x265/0x3e0 [ 1058.249612] ? do_vfs_ioctl+0xff0/0xff0 10:19:43 executing program 1: write$sequencer(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="05c00a8092006011097f0002ff030a052100000480"], 0x15) (async) socket(0x24, 0x0, 0x0) 10:19:43 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0) r1 = accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'}) 10:19:43 executing program 1: r0 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xe8, r0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xd4, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc6}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x17b42232}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6d4743d4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x52}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x49}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5bdf2316}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2f}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbe}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xd9eafab}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x94}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x38a43ff9}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x687081}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x112c349b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5c37f5a0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x59dba2f2}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5163af53}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd1}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xad3a788}]}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x22010}, 0x4000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x24, 0x0, 0x0) [ 1058.253585] ? security_file_ioctl+0x83/0xb0 [ 1058.257988] SyS_ioctl+0x7f/0xb0 [ 1058.261357] ? do_vfs_ioctl+0xff0/0xff0 [ 1058.265331] do_syscall_64+0x1d5/0x640 [ 1058.269225] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1058.274407] RIP: 0033:0x7f94265b4e07 [ 1058.278127] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1058.285844] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1058.293109] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1058.300384] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 10:19:43 executing program 5: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x20, 0x0, 0x0, 0x14002, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) statx(r1, &(0x7f0000000100)='./file0\x00', 0x1000, 0x6ff, &(0x7f0000000140)) syz_open_dev$sg(&(0x7f0000000000), 0x88000080000006, 0x602200) statx(r0, &(0x7f0000000240)='./file0\x00', 0x2000, 0x800, &(0x7f0000000280)) 10:19:43 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0) (async) r1 = accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'}) 10:19:43 executing program 1: r0 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xe8, r0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xd4, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc6}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x17b42232}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6d4743d4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x52}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x49}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5bdf2316}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2f}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbe}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xd9eafab}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x94}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x38a43ff9}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x687081}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x112c349b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5c37f5a0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x59dba2f2}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5163af53}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd1}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xad3a788}]}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x22010}, 0x4000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x24, 0x0, 0x0) 10:19:43 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) statx(r0, &(0x7f0000000040)='./file0\x00', 0x6800, 0x10, &(0x7f0000000500)) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000080)) (async) sendmsg$SMC_PNETID_FLUSH(r1, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)={0x50, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'team_slave_1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x64000814}, 0x40000) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="600000000b1400042bbd7000fddbdf25080003000200000008003f000000b96db6c93f72bfd30000080003000300000008003f000000000008003f000500000008000300000000000800010001000000080001000000000008003f0005000000fb3a3d1e8e4a6daae983543087396cb987d1ab92d7c9c86d78d6f83b66d8df3af6133e809f8bfbe29db498231597d84662d8749a5da967b7e03a2b2e684d700ce666aa92fdb7a1831d09212eb74e6ef584cdf3f2066a64ead8b96da36b7fb2a3fc63464808582902fc9c27a93b10e4a46a0e7f5c1482fa78c97c4708783f0cbf0eb126670139d4ce8594a36f4702e4d4c65e1c3189306f59201efadd19b1d3c354463d531c5b7d3b49fa4efb8f121385d086c15e8cde44e4ebcccea03a3e70c893e5a0a5dc05db3b3ef8559d4d71b6c5d43f522d4088fc9313"], 0x60}}, 0x240400c0) [ 1058.307650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1058.314913] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1058.335796] FAULT_INJECTION: forcing a failure. [ 1058.335796] name failslab, interval 1, probability 0, space 0, times 0 [ 1058.368764] CPU: 0 PID: 14809 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1058.376667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1058.386021] Call Trace: [ 1058.388613] dump_stack+0x1b2/0x281 [ 1058.392242] should_fail.cold+0x10a/0x149 [ 1058.396403] should_failslab+0xd6/0x130 [ 1058.400383] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1058.405490] __kmalloc_node_track_caller+0x38/0x70 [ 1058.410419] __alloc_skb+0x96/0x510 [ 1058.414045] kobject_uevent_env+0x882/0xf30 [ 1058.418370] lo_ioctl+0x11a6/0x1cd0 [ 1058.421996] ? loop_set_status64+0xe0/0xe0 [ 1058.426229] blkdev_ioctl+0x540/0x1830 [ 1058.430115] ? blkpg_ioctl+0x8d0/0x8d0 [ 1058.433999] ? trace_hardirqs_on+0x10/0x10 [ 1058.438234] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1058.443334] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1058.448354] block_ioctl+0xd9/0x120 [ 1058.452095] ? blkdev_fallocate+0x3a0/0x3a0 [ 1058.456422] do_vfs_ioctl+0x75a/0xff0 [ 1058.460225] ? lock_acquire+0x170/0x3f0 [ 1058.464213] ? ioctl_preallocate+0x1a0/0x1a0 [ 1058.468633] ? __fget+0x265/0x3e0 [ 1058.472090] ? do_vfs_ioctl+0xff0/0xff0 [ 1058.476065] ? security_file_ioctl+0x83/0xb0 [ 1058.480459] SyS_ioctl+0x7f/0xb0 [ 1058.483813] ? do_vfs_ioctl+0xff0/0xff0 [ 1058.487776] do_syscall_64+0x1d5/0x640 [ 1058.491665] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1058.496846] RIP: 0033:0x7f2e61d65e07 [ 1058.500539] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1058.508225] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1058.515491] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1058.522752] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1058.530019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1058.537276] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1058.549517] qnx4: unable to read the superblock [ 1058.554096] qnx4: unable to read the superblock 10:19:44 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 17) 10:19:44 executing program 1: r0 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NLBL_CIPSOV4_C_LISTALL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xe8, r0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0xd4, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc6}]}, {0x3c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x17b42232}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x46}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6d4743d4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x52}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x49}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5bdf2316}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2f}]}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9c}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xbe}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xd9eafab}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x94}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x38a43ff9}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x687081}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x112c349b}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5c37f5a0}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x59dba2f2}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5163af53}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd1}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xad3a788}]}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x22010}, 0x4000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x24, 0x0, 0x0) 10:19:44 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) 10:19:44 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) openat$cgroup_freezer_state(r0, &(0x7f00000000c0), 0x2, 0x0) r1 = accept$phonet_pipe(0xffffffffffffffff, 0x0, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'}) 10:19:44 executing program 5: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x20, 0x0, 0x0, 0x14002, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) statx(r1, &(0x7f0000000100)='./file0\x00', 0x1000, 0x6ff, &(0x7f0000000140)) syz_open_dev$sg(&(0x7f0000000000), 0x88000080000006, 0x602200) (async) statx(r0, &(0x7f0000000240)='./file0\x00', 0x2000, 0x800, &(0x7f0000000280)) 10:19:44 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 26) 10:19:44 executing program 1: r0 = socket(0x22, 0x3, 0x10080) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x62269012}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x1404, 0x300, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x80010) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) socket$alg(0x26, 0x5, 0x0) 10:19:44 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) 10:19:44 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:44 executing program 5: r0 = syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x20, 0x0, 0x0, 0x14002, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) statx(r1, &(0x7f0000000100)='./file0\x00', 0x1000, 0x6ff, &(0x7f0000000140)) (async) syz_open_dev$sg(&(0x7f0000000000), 0x88000080000006, 0x602200) (async) statx(r0, &(0x7f0000000240)='./file0\x00', 0x2000, 0x800, &(0x7f0000000280)) 10:19:44 executing program 1: r0 = socket(0x22, 0x3, 0x10080) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x62269012}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x1404, 0x300, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x80010) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async) socket$alg(0x26, 0x5, 0x0) [ 1058.773295] FAULT_INJECTION: forcing a failure. [ 1058.773295] name failslab, interval 1, probability 0, space 0, times 0 10:19:44 executing program 3: r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$NS_GET_PARENT(r1, 0xb702, 0x0) (async) [ 1058.830431] FAULT_INJECTION: forcing a failure. [ 1058.830431] name failslab, interval 1, probability 0, space 0, times 0 [ 1058.886694] CPU: 0 PID: 14873 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1058.894599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1058.903952] Call Trace: [ 1058.906541] dump_stack+0x1b2/0x281 [ 1058.910171] should_fail.cold+0x10a/0x149 [ 1058.914322] should_failslab+0xd6/0x130 [ 1058.918300] kmem_cache_alloc_node+0x263/0x410 [ 1058.922881] __alloc_skb+0x5c/0x510 [ 1058.926506] kobject_uevent_env+0x882/0xf30 [ 1058.930829] lo_ioctl+0x11a6/0x1cd0 [ 1058.934457] ? loop_set_status64+0xe0/0xe0 [ 1058.938688] blkdev_ioctl+0x540/0x1830 [ 1058.942596] ? blkpg_ioctl+0x8d0/0x8d0 [ 1058.946475] ? trace_hardirqs_on+0x10/0x10 [ 1058.950704] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1058.955796] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1058.960807] block_ioctl+0xd9/0x120 [ 1058.964426] ? blkdev_fallocate+0x3a0/0x3a0 [ 1058.968736] do_vfs_ioctl+0x75a/0xff0 [ 1058.972526] ? lock_acquire+0x170/0x3f0 [ 1058.976487] ? ioctl_preallocate+0x1a0/0x1a0 [ 1058.980884] ? __fget+0x265/0x3e0 [ 1058.984328] ? do_vfs_ioctl+0xff0/0xff0 [ 1058.988292] ? security_file_ioctl+0x83/0xb0 [ 1058.992688] SyS_ioctl+0x7f/0xb0 [ 1058.996037] ? do_vfs_ioctl+0xff0/0xff0 [ 1058.999996] do_syscall_64+0x1d5/0x640 [ 1059.003877] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1059.009049] RIP: 0033:0x7f2e61d65e07 [ 1059.012764] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1059.020467] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1059.027721] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1059.034970] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1059.042223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1059.049480] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1059.056753] CPU: 1 PID: 14877 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1059.064636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1059.073987] Call Trace: [ 1059.076577] dump_stack+0x1b2/0x281 [ 1059.080209] should_fail.cold+0x10a/0x149 [ 1059.080756] qnx4: unable to read the superblock [ 1059.084358] should_failslab+0xd6/0x130 [ 1059.084371] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1059.084383] ? dev_uevent_filter+0xd0/0xd0 [ 1059.101867] kobject_uevent_env+0x20c/0xf30 [ 1059.106192] ? internal_create_group+0x48f/0x710 [ 1059.110961] lo_ioctl+0x11a6/0x1cd0 [ 1059.114596] ? loop_set_status64+0xe0/0xe0 [ 1059.118836] blkdev_ioctl+0x540/0x1830 [ 1059.122728] ? blkpg_ioctl+0x8d0/0x8d0 [ 1059.126612] ? trace_hardirqs_on+0x10/0x10 [ 1059.130848] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1059.135956] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1059.140974] block_ioctl+0xd9/0x120 [ 1059.144599] ? blkdev_fallocate+0x3a0/0x3a0 [ 1059.148921] do_vfs_ioctl+0x75a/0xff0 [ 1059.152728] ? lock_acquire+0x170/0x3f0 [ 1059.156704] ? ioctl_preallocate+0x1a0/0x1a0 [ 1059.161110] ? __fget+0x265/0x3e0 [ 1059.164560] ? do_vfs_ioctl+0xff0/0xff0 [ 1059.168541] ? security_file_ioctl+0x83/0xb0 [ 1059.172946] SyS_ioctl+0x7f/0xb0 [ 1059.176291] ? do_vfs_ioctl+0xff0/0xff0 [ 1059.180243] do_syscall_64+0x1d5/0x640 [ 1059.184116] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1059.189286] RIP: 0033:0x7f94265b4e07 [ 1059.192974] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1059.200663] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1059.207912] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1059.215160] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1059.222409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1059.229665] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1059.241097] qnx4: unable to read the superblock 10:19:44 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 18) 10:19:44 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x670e, 0x0, 0x0, 0x1, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:44 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x8, 0x80000) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) 10:19:44 executing program 1: r0 = socket(0x22, 0x3, 0x10080) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x62269012}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, 0x1404, 0x300, 0x70bd27, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x80010) (async) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async) socket$alg(0x26, 0x5, 0x0) 10:19:44 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:44 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 27) 10:19:44 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0x8, 0x80000) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) 10:19:44 executing program 1: socket(0x24, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x18a00, 0x0) 10:19:44 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:44 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x670e, 0x0, 0x0, 0x1, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x670e, 0x0, 0x0, 0x1, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1059.397765] FAULT_INJECTION: forcing a failure. [ 1059.397765] name failslab, interval 1, probability 0, space 0, times 0 [ 1059.418049] FAULT_INJECTION: forcing a failure. [ 1059.418049] name failslab, interval 1, probability 0, space 0, times 0 [ 1059.429818] CPU: 0 PID: 14917 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1059.437714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1059.447063] Call Trace: [ 1059.449650] dump_stack+0x1b2/0x281 [ 1059.453279] should_fail.cold+0x10a/0x149 [ 1059.457427] should_failslab+0xd6/0x130 [ 1059.461407] kmem_cache_alloc+0x28e/0x3c0 [ 1059.465564] __kernfs_new_node+0x6f/0x470 [ 1059.469712] kernfs_new_node+0x7b/0xe0 [ 1059.473598] __kernfs_create_file+0x3d/0x320 [ 1059.478008] sysfs_add_file_mode_ns+0x1e1/0x450 [ 1059.482678] ? kernfs_create_dir_ns+0x171/0x200 [ 1059.487351] internal_create_group+0x22b/0x710 [ 1059.492058] lo_ioctl+0x1137/0x1cd0 [ 1059.495690] ? loop_set_status64+0xe0/0xe0 [ 1059.499934] blkdev_ioctl+0x540/0x1830 [ 1059.503818] ? blkpg_ioctl+0x8d0/0x8d0 [ 1059.507705] ? trace_hardirqs_on+0x10/0x10 [ 1059.511943] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1059.517050] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1059.522074] block_ioctl+0xd9/0x120 [ 1059.525702] ? blkdev_fallocate+0x3a0/0x3a0 [ 1059.530020] do_vfs_ioctl+0x75a/0xff0 [ 1059.533820] ? lock_acquire+0x170/0x3f0 [ 1059.537793] ? ioctl_preallocate+0x1a0/0x1a0 [ 1059.542200] ? __fget+0x265/0x3e0 10:19:44 executing program 1: socket(0x24, 0x0, 0x0) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x18a00, 0x0) 10:19:44 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x670e, 0x0, 0x0, 0x1, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x670e, 0x0, 0x0, 0x1, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1059.545654] ? do_vfs_ioctl+0xff0/0xff0 [ 1059.549627] ? security_file_ioctl+0x83/0xb0 [ 1059.554034] SyS_ioctl+0x7f/0xb0 [ 1059.557396] ? do_vfs_ioctl+0xff0/0xff0 [ 1059.561371] do_syscall_64+0x1d5/0x640 [ 1059.565265] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1059.570447] RIP: 0033:0x7f94265b4e07 [ 1059.574149] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1059.581852] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1059.589115] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1059.596378] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1059.603646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1059.610916] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1059.624985] CPU: 0 PID: 14923 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1059.632868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1059.642220] Call Trace: [ 1059.644807] dump_stack+0x1b2/0x281 [ 1059.648438] should_fail.cold+0x10a/0x149 [ 1059.652588] should_failslab+0xd6/0x130 [ 1059.656567] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1059.661678] __kmalloc_node_track_caller+0x38/0x70 [ 1059.666608] __alloc_skb+0x96/0x510 [ 1059.670246] kobject_uevent_env+0x882/0xf30 [ 1059.674561] lo_ioctl+0x11a6/0x1cd0 [ 1059.678171] ? loop_set_status64+0xe0/0xe0 [ 1059.682386] blkdev_ioctl+0x540/0x1830 [ 1059.686254] ? blkpg_ioctl+0x8d0/0x8d0 [ 1059.690127] ? trace_hardirqs_on+0x10/0x10 [ 1059.694355] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1059.699444] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1059.704443] block_ioctl+0xd9/0x120 [ 1059.708052] ? blkdev_fallocate+0x3a0/0x3a0 [ 1059.712362] do_vfs_ioctl+0x75a/0xff0 [ 1059.716148] ? lock_acquire+0x170/0x3f0 [ 1059.720102] ? ioctl_preallocate+0x1a0/0x1a0 [ 1059.724491] ? __fget+0x265/0x3e0 [ 1059.727924] ? do_vfs_ioctl+0xff0/0xff0 [ 1059.732013] ? security_file_ioctl+0x83/0xb0 [ 1059.736410] SyS_ioctl+0x7f/0xb0 [ 1059.739754] ? do_vfs_ioctl+0xff0/0xff0 [ 1059.743705] do_syscall_64+0x1d5/0x640 [ 1059.747577] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1059.752748] RIP: 0033:0x7f2e61d65e07 [ 1059.756443] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1059.764129] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1059.771382] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1059.778636] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1059.785888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 10:19:45 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 19) 10:19:45 executing program 1: socket(0x24, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x18a00, 0x0) 10:19:45 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x40b042, 0x0) 10:19:45 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0x8, 0x80000) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) 10:19:45 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:45 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 28) [ 1059.793142] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1059.804629] qnx4: unable to read the superblock [ 1059.823394] qnx4: unable to read the superblock 10:19:45 executing program 1: syz_open_dev$sg(&(0x7f0000000040), 0x800, 0x151000) socket(0x2a, 0x2, 0x0) 10:19:45 executing program 3: ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000040)=0x400) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:45 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x40b042, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x40b042, 0x0) (async) 10:19:45 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:45 executing program 1: syz_open_dev$sg(&(0x7f0000000040), 0x800, 0x151000) (async) socket(0x2a, 0x2, 0x0) [ 1059.984769] FAULT_INJECTION: forcing a failure. [ 1059.984769] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.004887] FAULT_INJECTION: forcing a failure. [ 1060.004887] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.022055] CPU: 0 PID: 14975 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 10:19:45 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1060.029961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1060.039307] Call Trace: [ 1060.041885] dump_stack+0x1b2/0x281 [ 1060.045509] should_fail.cold+0x10a/0x149 [ 1060.049653] should_failslab+0xd6/0x130 [ 1060.053631] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1060.058740] __kmalloc_node_track_caller+0x38/0x70 [ 1060.063661] __alloc_skb+0x96/0x510 [ 1060.067292] kobject_uevent_env+0x882/0xf30 [ 1060.071624] lo_ioctl+0x11a6/0x1cd0 [ 1060.075254] ? loop_set_status64+0xe0/0xe0 [ 1060.079480] blkdev_ioctl+0x540/0x1830 [ 1060.083363] ? blkpg_ioctl+0x8d0/0x8d0 [ 1060.087239] ? trace_hardirqs_on+0x10/0x10 [ 1060.091465] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1060.096563] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1060.101574] block_ioctl+0xd9/0x120 [ 1060.105198] ? blkdev_fallocate+0x3a0/0x3a0 [ 1060.109513] do_vfs_ioctl+0x75a/0xff0 [ 1060.113304] ? lock_acquire+0x170/0x3f0 [ 1060.117271] ? ioctl_preallocate+0x1a0/0x1a0 [ 1060.121663] ? __fget+0x265/0x3e0 [ 1060.125115] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.129072] ? security_file_ioctl+0x83/0xb0 [ 1060.133466] SyS_ioctl+0x7f/0xb0 [ 1060.136822] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.140789] do_syscall_64+0x1d5/0x640 [ 1060.144675] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1060.149858] RIP: 0033:0x7f2e61d65e07 [ 1060.153555] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1060.161284] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1060.168537] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1060.175785] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1060.183036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1060.190288] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1060.197553] CPU: 1 PID: 14976 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1060.205435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1060.214785] Call Trace: [ 1060.217379] dump_stack+0x1b2/0x281 [ 1060.221006] should_fail.cold+0x10a/0x149 [ 1060.221310] qnx4: unable to read the superblock [ 1060.225152] should_failslab+0xd6/0x130 [ 1060.225165] __kmalloc+0x2c1/0x400 [ 1060.225175] ? kobject_get_path+0xb5/0x230 [ 1060.225187] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1060.246987] kobject_get_path+0xb5/0x230 [ 1060.251056] kobject_uevent_env+0x230/0xf30 [ 1060.255384] ? internal_create_group+0x48f/0x710 [ 1060.260144] lo_ioctl+0x11a6/0x1cd0 [ 1060.263773] ? loop_set_status64+0xe0/0xe0 [ 1060.268008] blkdev_ioctl+0x540/0x1830 [ 1060.271898] ? blkpg_ioctl+0x8d0/0x8d0 [ 1060.275780] ? trace_hardirqs_on+0x10/0x10 [ 1060.280014] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1060.285120] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1060.290139] block_ioctl+0xd9/0x120 [ 1060.293763] ? blkdev_fallocate+0x3a0/0x3a0 [ 1060.298081] do_vfs_ioctl+0x75a/0xff0 [ 1060.301886] ? lock_acquire+0x170/0x3f0 [ 1060.305860] ? ioctl_preallocate+0x1a0/0x1a0 [ 1060.310269] ? __fget+0x265/0x3e0 [ 1060.313723] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.317695] ? security_file_ioctl+0x83/0xb0 [ 1060.322106] SyS_ioctl+0x7f/0xb0 [ 1060.325467] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.329442] do_syscall_64+0x1d5/0x640 [ 1060.333329] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1060.338514] RIP: 0033:0x7f94265b4e07 [ 1060.342220] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1060.349929] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1060.357197] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1060.364459] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1060.371716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1060.378966] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:45 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 20) 10:19:45 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x20, 0x0, 0x0, 0x413825dd3891682c, 0x0) write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000040)='FROZEN\x00', 0x7) 10:19:45 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x40b042, 0x0) 10:19:45 executing program 1: syz_open_dev$sg(&(0x7f0000000040), 0x800, 0x151000) socket(0x2a, 0x2, 0x0) 10:19:45 executing program 3: ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000040)=0x400) (async, rerun: 32) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (rerun: 32) 10:19:45 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 29) [ 1060.393972] qnx4: unable to read the superblock 10:19:45 executing program 1: socket(0x24, 0x0, 0x0) r0 = socket(0x3, 0x0, 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1) accept4$alg(r0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f00000000c0)={0x5}) 10:19:45 executing program 3: ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000040)=0x400) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:45 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x20, 0x0, 0x0, 0x413825dd3891682c, 0x0) (async) write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000040)='FROZEN\x00', 0x7) 10:19:46 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) r6 = socket(0x1e, 0x80810, 0x7fffffff) r7 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r8, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r9, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x8c, r3, 0x4, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x1000, 0x5f}}}}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x1, 0xfffffffc}}, @NL80211_ATTR_STA_FLAGS={0x4}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r9}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x19}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x3ad}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x2}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_WME={0x24, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x4}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x20}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3f}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3f}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000051}, 0x20000001) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r3, 0x0, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x20}, 0x1, 0x0, 0x0, 0x2004090}, 0x804) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_TMR_START(r0, 0x5402) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x84, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8001}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1198}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbe}]}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040014}, 0x80) [ 1060.559754] FAULT_INJECTION: forcing a failure. [ 1060.559754] name failslab, interval 1, probability 0, space 0, times 0 10:19:46 executing program 1: socket(0x24, 0x0, 0x0) r0 = socket(0x3, 0x0, 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1) (async) accept4$alg(r0, 0x0, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) (async) ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f00000000c0)={0x5}) [ 1060.613258] CPU: 0 PID: 15019 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1060.621154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1060.630593] Call Trace: [ 1060.633187] dump_stack+0x1b2/0x281 [ 1060.636816] should_fail.cold+0x10a/0x149 [ 1060.640971] should_failslab+0xd6/0x130 [ 1060.644951] kmem_cache_alloc_node+0x263/0x410 [ 1060.649536] __alloc_skb+0x5c/0x510 [ 1060.653170] kobject_uevent_env+0x882/0xf30 [ 1060.657504] lo_ioctl+0x11a6/0x1cd0 10:19:46 executing program 1: socket(0x24, 0x0, 0x0) (async) r0 = socket(0x3, 0x0, 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x500, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1) (async) accept4$alg(r0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)) ioctl$IMGETDEVINFO(0xffffffffffffffff, 0x80044944, &(0x7f00000000c0)={0x5}) [ 1060.661133] ? loop_set_status64+0xe0/0xe0 [ 1060.665368] blkdev_ioctl+0x540/0x1830 [ 1060.669255] ? blkpg_ioctl+0x8d0/0x8d0 [ 1060.673139] ? trace_hardirqs_on+0x10/0x10 [ 1060.677374] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1060.682473] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1060.687489] block_ioctl+0xd9/0x120 [ 1060.691119] ? blkdev_fallocate+0x3a0/0x3a0 [ 1060.695437] do_vfs_ioctl+0x75a/0xff0 [ 1060.699234] ? lock_acquire+0x170/0x3f0 [ 1060.703204] ? ioctl_preallocate+0x1a0/0x1a0 [ 1060.707609] ? __fget+0x265/0x3e0 [ 1060.711058] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.715029] ? security_file_ioctl+0x83/0xb0 [ 1060.719436] SyS_ioctl+0x7f/0xb0 [ 1060.722799] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.726769] do_syscall_64+0x1d5/0x640 [ 1060.730658] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1060.735844] RIP: 0033:0x7f2e61d65e07 [ 1060.739549] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1060.747249] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1060.754502] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1060.761765] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1060.769018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1060.776273] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1060.790528] qnx4: unable to read the superblock [ 1060.791129] FAULT_INJECTION: forcing a failure. [ 1060.791129] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.806627] CPU: 1 PID: 15024 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1060.814525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1060.823865] Call Trace: [ 1060.826437] dump_stack+0x1b2/0x281 [ 1060.830051] should_fail.cold+0x10a/0x149 [ 1060.834179] should_failslab+0xd6/0x130 [ 1060.838135] kmem_cache_alloc_node+0x263/0x410 [ 1060.842710] __alloc_skb+0x5c/0x510 [ 1060.846324] kobject_uevent_env+0x882/0xf30 [ 1060.850627] lo_ioctl+0x11a6/0x1cd0 [ 1060.854247] ? loop_set_status64+0xe0/0xe0 [ 1060.858465] blkdev_ioctl+0x540/0x1830 [ 1060.862332] ? blkpg_ioctl+0x8d0/0x8d0 [ 1060.866198] ? trace_hardirqs_on+0x10/0x10 [ 1060.870425] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1060.875510] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1060.880531] block_ioctl+0xd9/0x120 [ 1060.884143] ? blkdev_fallocate+0x3a0/0x3a0 [ 1060.888447] do_vfs_ioctl+0x75a/0xff0 [ 1060.892233] ? lock_acquire+0x170/0x3f0 [ 1060.896188] ? ioctl_preallocate+0x1a0/0x1a0 [ 1060.900577] ? __fget+0x265/0x3e0 [ 1060.904010] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.907965] ? security_file_ioctl+0x83/0xb0 [ 1060.912351] SyS_ioctl+0x7f/0xb0 [ 1060.915693] ? do_vfs_ioctl+0xff0/0xff0 [ 1060.919648] do_syscall_64+0x1d5/0x640 [ 1060.923517] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1060.928683] RIP: 0033:0x7f94265b4e07 [ 1060.932390] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1060.940079] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1060.947326] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1060.954574] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1060.961823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1060.969079] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1060.993070] qnx4: unable to read the superblock 10:19:46 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 21) 10:19:46 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x20, 0x0, 0x0, 0x413825dd3891682c, 0x0) (async, rerun: 32) write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000040)='FROZEN\x00', 0x7) (rerun: 32) 10:19:46 executing program 1: r0 = socket(0x18, 0x5, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7ff, 0x45}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x90fba70e49d45cd2}, 0x200c800) 10:19:46 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/virtio_blk', 0x480000, 0x8d) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000080)) syz_open_dev$media(&(0x7f0000000040), 0x2, 0x4080) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x140b, 0x20, 0x70bd28, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000010) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000200)={0x1}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x140e, 0x100, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20010810}, 0xc004) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x101002, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000440)={0x30, 0x0, &(0x7f0000000380)=[@increfs_done={0x40106308, 0x1}, @increfs={0x40046304, 0x3}, @free_buffer, @acquire={0x40046305, 0x3}], 0x72, 0x0, &(0x7f00000003c0)="ae03afab63ea9e2f8d1cb7ff67fa3a2d23916f905d359e386047c76e2128da4037efab103c791ff041c70d050c6d629ed5564b0ca06842c5c63bcfc449a33d10f3bc1e90eb6199fd533d4421e8fc61bb0ab327f8104ba677443e8b858cb47444319e1ae1aeba8739117c3bfa0c5af703e405"}) 10:19:46 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) r6 = socket(0x1e, 0x80810, 0x7fffffff) r7 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r8, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r9, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x8c, r3, 0x4, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x1000, 0x5f}}}}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x1, 0xfffffffc}}, @NL80211_ATTR_STA_FLAGS={0x4}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r9}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x19}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x3ad}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x2}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_WME={0x24, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x4}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x20}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3f}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3f}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000051}, 0x20000001) (async) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r3, 0x0, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x20}, 0x1, 0x0, 0x0, 0x2004090}, 0x804) (async) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) (async, rerun: 64) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 64) ioctl$SNDCTL_TMR_START(r0, 0x5402) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x84, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8001}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1198}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbe}]}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040014}, 0x80) 10:19:46 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 30) 10:19:46 executing program 1: r0 = socket(0x18, 0x5, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7ff, 0x45}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x90fba70e49d45cd2}, 0x200c800) 10:19:46 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0, 0x0, 0x104001, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x10100, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) socket$rxrpc(0x21, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x68, r1, 0x710, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x8d486ca24c9f80a6}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "9bd91a7aee"}, @NL80211_KEY_DEFAULT={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x68}}, 0x0) 10:19:46 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/virtio_blk', 0x480000, 0x8d) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000080)) (async) syz_open_dev$media(&(0x7f0000000040), 0x2, 0x4080) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x140b, 0x20, 0x70bd28, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000010) (async, rerun: 32) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000200)={0x1}) (async, rerun: 32) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x140e, 0x100, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20010810}, 0xc004) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x101002, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000440)={0x30, 0x0, &(0x7f0000000380)=[@increfs_done={0x40106308, 0x1}, @increfs={0x40046304, 0x3}, @free_buffer, @acquire={0x40046305, 0x3}], 0x72, 0x0, &(0x7f00000003c0)="ae03afab63ea9e2f8d1cb7ff67fa3a2d23916f905d359e386047c76e2128da4037efab103c791ff041c70d050c6d629ed5564b0ca06842c5c63bcfc449a33d10f3bc1e90eb6199fd533d4421e8fc61bb0ab327f8104ba677443e8b858cb47444319e1ae1aeba8739117c3bfa0c5af703e405"}) 10:19:46 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) r6 = socket(0x1e, 0x80810, 0x7fffffff) (async) r7 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r8, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r9, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async, rerun: 32) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x8c, r3, 0x4, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x1000, 0x5f}}}}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x1, 0xfffffffc}}, @NL80211_ATTR_STA_FLAGS={0x4}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x3}, @NL80211_ATTR_STA_VLAN={0x8, 0x14, r9}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x19}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x3ad}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x2}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_STA_WME={0x24, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x4}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x20}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3f}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x3f}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000051}, 0x20000001) (rerun: 32) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r3, 0x0, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x20}, 0x1, 0x0, 0x0, 0x2004090}, 0x804) (async) fcntl$getownex(r1, 0x10, &(0x7f0000000000)) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_TMR_START(r0, 0x5402) (async) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x84, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x38, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x8001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8001}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1198}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbe}]}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x4040014}, 0x80) 10:19:46 executing program 1: r0 = socket(0x18, 0x5, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7ff, 0x45}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x90fba70e49d45cd2}, 0x200c800) socket(0x18, 0x5, 0x0) (async) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7ff, 0x45}}}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x90fba70e49d45cd2}, 0x200c800) (async) 10:19:46 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/virtio_blk', 0x480000, 0x8d) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000080)) syz_open_dev$media(&(0x7f0000000040), 0x2, 0x4080) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x140b, 0x20, 0x70bd28, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000010) (async) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000200)={0x1}) (async, rerun: 32) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, 0x140e, 0x100, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20010810}, 0xc004) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x101002, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000440)={0x30, 0x0, &(0x7f0000000380)=[@increfs_done={0x40106308, 0x1}, @increfs={0x40046304, 0x3}, @free_buffer, @acquire={0x40046305, 0x3}], 0x72, 0x0, &(0x7f00000003c0)="ae03afab63ea9e2f8d1cb7ff67fa3a2d23916f905d359e386047c76e2128da4037efab103c791ff041c70d050c6d629ed5564b0ca06842c5c63bcfc449a33d10f3bc1e90eb6199fd533d4421e8fc61bb0ab327f8104ba677443e8b858cb47444319e1ae1aeba8739117c3bfa0c5af703e405"}) [ 1061.198324] FAULT_INJECTION: forcing a failure. [ 1061.198324] name failslab, interval 1, probability 0, space 0, times 0 [ 1061.256494] CPU: 1 PID: 15078 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1061.264401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1061.273762] Call Trace: [ 1061.276364] dump_stack+0x1b2/0x281 [ 1061.280003] should_fail.cold+0x10a/0x149 [ 1061.284152] should_failslab+0xd6/0x130 [ 1061.288133] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1061.293240] __kmalloc_node_track_caller+0x38/0x70 [ 1061.298174] __alloc_skb+0x96/0x510 [ 1061.301804] kobject_uevent_env+0x882/0xf30 [ 1061.306134] lo_ioctl+0x11a6/0x1cd0 [ 1061.309765] ? loop_set_status64+0xe0/0xe0 [ 1061.314003] blkdev_ioctl+0x540/0x1830 [ 1061.317891] ? finish_task_switch+0x14d/0x610 [ 1061.322382] ? blkpg_ioctl+0x8d0/0x8d0 [ 1061.326250] ? __schedule+0x893/0x1de0 [ 1061.330121] ? retint_kernel+0x2d/0x2d [ 1061.334003] block_ioctl+0xd9/0x120 [ 1061.337609] ? blkdev_fallocate+0x3a0/0x3a0 [ 1061.341909] do_vfs_ioctl+0x75a/0xff0 [ 1061.345707] ? ioctl_preallocate+0x1a0/0x1a0 [ 1061.350094] ? do_vfs_ioctl+0xff0/0xff0 [ 1061.354051] ? security_file_ioctl+0x1a/0xb0 [ 1061.358440] ? __sanitizer_cov_trace_pc+0x4a/0x50 [ 1061.363267] ? security_file_ioctl+0x83/0xb0 [ 1061.367653] SyS_ioctl+0x7f/0xb0 [ 1061.370997] ? do_vfs_ioctl+0xff0/0xff0 [ 1061.374949] do_syscall_64+0x1d5/0x640 [ 1061.378820] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1061.383990] RIP: 0033:0x7f2e61d65e07 [ 1061.387678] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1061.395367] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1061.402617] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1061.409865] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1061.417114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1061.424371] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1061.444128] FAULT_INJECTION: forcing a failure. [ 1061.444128] name failslab, interval 1, probability 0, space 0, times 0 [ 1061.455746] qnx4: unable to read the superblock [ 1061.456039] CPU: 1 PID: 15079 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1061.468396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1061.477747] Call Trace: [ 1061.480350] dump_stack+0x1b2/0x281 [ 1061.484073] should_fail.cold+0x10a/0x149 [ 1061.488213] should_failslab+0xd6/0x130 [ 1061.492170] kmem_cache_alloc_node+0x263/0x410 [ 1061.496744] __alloc_skb+0x5c/0x510 [ 1061.500358] kobject_uevent_env+0x882/0xf30 [ 1061.504663] lo_ioctl+0x11a6/0x1cd0 [ 1061.508273] ? loop_set_status64+0xe0/0xe0 [ 1061.512492] blkdev_ioctl+0x540/0x1830 [ 1061.516387] ? blkpg_ioctl+0x8d0/0x8d0 [ 1061.520263] ? trace_hardirqs_on+0x10/0x10 [ 1061.524481] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1061.529565] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1061.534562] block_ioctl+0xd9/0x120 [ 1061.538166] ? blkdev_fallocate+0x3a0/0x3a0 [ 1061.542467] do_vfs_ioctl+0x75a/0xff0 [ 1061.546255] ? lock_acquire+0x170/0x3f0 [ 1061.550212] ? ioctl_preallocate+0x1a0/0x1a0 [ 1061.554600] ? __fget+0x265/0x3e0 [ 1061.558049] ? do_vfs_ioctl+0xff0/0xff0 [ 1061.562003] ? security_file_ioctl+0x83/0xb0 [ 1061.566392] SyS_ioctl+0x7f/0xb0 [ 1061.569758] ? do_vfs_ioctl+0xff0/0xff0 [ 1061.573718] do_syscall_64+0x1d5/0x640 [ 1061.577589] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1061.582760] RIP: 0033:0x7f94265b4e07 [ 1061.586525] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1061.594250] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 10:19:47 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 22) 10:19:47 executing program 1: socket(0x24, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) 10:19:47 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0, 0x0, 0x104001, 0x0) (async, rerun: 32) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)) (async, rerun: 32) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x10100, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r0) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) socket$rxrpc(0x21, 0x2, 0x2) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x68, r1, 0x710, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x8d486ca24c9f80a6}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "9bd91a7aee"}, @NL80211_KEY_DEFAULT={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x68}}, 0x0) 10:19:47 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file1\x00', 0x100000000004, 0x0, 0x0, 0x840, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) 10:19:47 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x20001) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x800) accept4$alg(r0, 0x0, 0x0, 0x800) [ 1061.601510] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1061.608763] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1061.616011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1061.623261] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1061.636522] qnx4: unable to read the superblock 10:19:47 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 31) 10:19:47 executing program 1: socket(0x24, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) 10:19:47 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f00000002c0)='./file1\x00', 0x0, 0x0, 0x0, 0x104001, 0x0) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x10100, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), r0) (async) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) socket$rxrpc(0x21, 0x2, 0x2) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x68, r1, 0x710, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x8d486ca24c9f80a6}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_MODE={0x5, 0x9, 0x2}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "9bd91a7aee"}, @NL80211_KEY_DEFAULT={0x4}]}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x14, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0x68}}, 0x0) 10:19:47 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file1\x00', 0x100000000004, 0x0, 0x0, 0x840, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) 10:19:47 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x20001) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x800) accept4$alg(r0, 0x0, 0x0, 0x800) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x20001) (async) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) (async) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x800) (async) accept4$alg(r0, 0x0, 0x0, 0x800) (async) [ 1061.795019] FAULT_INJECTION: forcing a failure. [ 1061.795019] name failslab, interval 1, probability 0, space 0, times 0 [ 1061.835167] CPU: 1 PID: 15130 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1061.843071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1061.852427] Call Trace: [ 1061.855025] dump_stack+0x1b2/0x281 [ 1061.858657] should_fail.cold+0x10a/0x149 [ 1061.862812] should_failslab+0xd6/0x130 [ 1061.866789] kmem_cache_alloc_node+0x263/0x410 [ 1061.871371] __alloc_skb+0x5c/0x510 [ 1061.875000] kobject_uevent_env+0x882/0xf30 [ 1061.879327] lo_ioctl+0x11a6/0x1cd0 10:19:47 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x20001) (async, rerun: 64) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) (async, rerun: 64) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async, rerun: 64) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (rerun: 64) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x800) (async) accept4$alg(r0, 0x0, 0x0, 0x800) 10:19:47 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000227bd0104fbdbdf256900000008000300bbbd5c3847b7", @ANYRES32=0x0, @ANYBLOB="0c00990007000000730000000600d400060000000500d300030000000500d2000f0000000600d400010000000500d30007000000"], 0x50}}, 0x48010) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1061.882956] ? loop_set_status64+0xe0/0xe0 [ 1061.887194] blkdev_ioctl+0x540/0x1830 [ 1061.891092] ? blkpg_ioctl+0x8d0/0x8d0 [ 1061.894972] ? trace_hardirqs_on+0x10/0x10 [ 1061.899208] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1061.904311] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1061.909329] block_ioctl+0xd9/0x120 [ 1061.912951] ? blkdev_fallocate+0x3a0/0x3a0 [ 1061.917285] do_vfs_ioctl+0x75a/0xff0 [ 1061.921085] ? lock_acquire+0x170/0x3f0 [ 1061.925056] ? ioctl_preallocate+0x1a0/0x1a0 [ 1061.929464] ? __fget+0x265/0x3e0 [ 1061.932916] ? do_vfs_ioctl+0xff0/0xff0 [ 1061.936887] ? security_file_ioctl+0x83/0xb0 [ 1061.941291] SyS_ioctl+0x7f/0xb0 [ 1061.944652] ? do_vfs_ioctl+0xff0/0xff0 [ 1061.948631] do_syscall_64+0x1d5/0x640 [ 1061.952522] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1061.957711] RIP: 0033:0x7f94265b4e07 [ 1061.961417] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1061.969120] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1061.976499] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1061.983763] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1061.991016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1061.998263] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1062.028213] FAULT_INJECTION: forcing a failure. [ 1062.028213] name failslab, interval 1, probability 0, space 0, times 0 [ 1062.045060] qnx4: unable to read the superblock [ 1062.056468] CPU: 1 PID: 15132 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1062.064365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1062.073711] Call Trace: [ 1062.076289] dump_stack+0x1b2/0x281 [ 1062.079900] should_fail.cold+0x10a/0x149 [ 1062.084030] should_failslab+0xd6/0x130 [ 1062.087983] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1062.093066] __kmalloc_node_track_caller+0x38/0x70 [ 1062.097974] __alloc_skb+0x96/0x510 [ 1062.101585] kobject_uevent_env+0x882/0xf30 [ 1062.105890] lo_ioctl+0x11a6/0x1cd0 [ 1062.109499] ? loop_set_status64+0xe0/0xe0 [ 1062.113725] blkdev_ioctl+0x540/0x1830 [ 1062.117595] ? blkpg_ioctl+0x8d0/0x8d0 [ 1062.121470] ? trace_hardirqs_on+0x10/0x10 [ 1062.125699] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1062.130818] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1062.135821] block_ioctl+0xd9/0x120 [ 1062.139442] ? blkdev_fallocate+0x3a0/0x3a0 [ 1062.143744] do_vfs_ioctl+0x75a/0xff0 [ 1062.147522] ? lock_acquire+0x170/0x3f0 [ 1062.151475] ? ioctl_preallocate+0x1a0/0x1a0 [ 1062.155863] ? __fget+0x265/0x3e0 [ 1062.159296] ? do_vfs_ioctl+0xff0/0xff0 [ 1062.163254] ? security_file_ioctl+0x83/0xb0 [ 1062.167740] SyS_ioctl+0x7f/0xb0 [ 1062.171089] ? do_vfs_ioctl+0xff0/0xff0 [ 1062.175054] do_syscall_64+0x1d5/0x640 [ 1062.178925] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1062.184093] RIP: 0033:0x7f2e61d65e07 [ 1062.187782] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.195470] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1062.202723] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1062.209982] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1062.217230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1062.224476] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1062.236343] qnx4: unable to read the superblock 10:19:47 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 23) 10:19:47 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x2, 0x408840) 10:19:47 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000227bd0104fbdbdf256900000008000300bbbd5c3847b7", @ANYRES32=0x0, @ANYBLOB="0c00990007000000730000000600d400060000000500d300030000000500d2000f0000000600d400010000000500d30007000000"], 0x50}}, 0x48010) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000227bd0104fbdbdf256900000008000300bbbd5c3847b7", @ANYRES32=0x0, @ANYBLOB="0c00990007000000730000000600d400060000000500d300030000000500d2000f0000000600d400010000000500d30007000000"], 0x50}}, 0x48010) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:47 executing program 1: socket(0x24, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) socket(0x24, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) (async) 10:19:47 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file1\x00', 0x100000000004, 0x0, 0x0, 0x840, 0x0) (async, rerun: 32) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) 10:19:47 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 32) [ 1062.348365] FAULT_INJECTION: forcing a failure. [ 1062.348365] name failslab, interval 1, probability 0, space 0, times 0 [ 1062.364055] CPU: 0 PID: 15184 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1062.371949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1062.381303] Call Trace: [ 1062.383892] dump_stack+0x1b2/0x281 [ 1062.387521] should_fail.cold+0x10a/0x149 [ 1062.391672] should_failslab+0xd6/0x130 [ 1062.395650] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1062.400754] __kmalloc_node_track_caller+0x38/0x70 [ 1062.405691] __alloc_skb+0x96/0x510 [ 1062.409318] kobject_uevent_env+0x882/0xf30 [ 1062.413646] lo_ioctl+0x11a6/0x1cd0 [ 1062.417278] ? loop_set_status64+0xe0/0xe0 [ 1062.421516] blkdev_ioctl+0x540/0x1830 [ 1062.425441] ? blkpg_ioctl+0x8d0/0x8d0 [ 1062.429414] ? trace_hardirqs_on+0x10/0x10 [ 1062.433652] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1062.438753] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1062.443774] block_ioctl+0xd9/0x120 [ 1062.447398] ? blkdev_fallocate+0x3a0/0x3a0 [ 1062.451808] do_vfs_ioctl+0x75a/0xff0 [ 1062.455608] ? lock_acquire+0x170/0x3f0 [ 1062.459581] ? ioctl_preallocate+0x1a0/0x1a0 [ 1062.463988] ? __fget+0x265/0x3e0 [ 1062.467438] ? do_vfs_ioctl+0xff0/0xff0 [ 1062.471405] ? security_file_ioctl+0x83/0xb0 [ 1062.475797] SyS_ioctl+0x7f/0xb0 [ 1062.479145] ? do_vfs_ioctl+0xff0/0xff0 [ 1062.483111] do_syscall_64+0x1d5/0x640 [ 1062.487105] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1062.492278] RIP: 0033:0x7f94265b4e07 10:19:47 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000227bd0104fbdbdf256900000008000300bbbd5c3847b7", @ANYRES32=0x0, @ANYBLOB="0c00990007000000730000000600d400060000000500d300030000000500d2000f0000000600d400010000000500d30007000000"], 0x50}}, 0x48010) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:47 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000008c0), 0x20502, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000000)="67fa6dd0f4e9", 0x6}, {&(0x7f0000000180)="6e0a1ca4f786fb0de9f1c829d915d7ebc5ada0eaeafc8a231045be4fb9ace019d162c70c54bed3e5394f7baff46c3dccc976bf4ef900", 0x36}, {&(0x7f00000001c0)="42bb686c2d156ae7671f732762ec5e465d6061a5cab77bdbdb50e801a836f412b71a4752a61689ee31830f32c4bfd0b130f228ed2985c8", 0x37}, {&(0x7f0000000200)="2e6552c8f9fe9d87573c72ef6c0420e8eab107091050aedc404da9e9609b5f060505fb19c283caf3e59f83ad33142bb616da00cc333c6cbde094ce692065847ed5cbc33c4df9f7b0a57b6720f577e8538771ee0a1fe0", 0x56}], 0x5, 0x0, 0x0, 0x1884c8f1d71413ed}, 0x24004800) ioctl$SNDCTL_SYNTH_INFO(r0, 0xc08c5102, &(0x7f00000000c0)={"639c11f281d654071562dddbf20dff7165e92661040679cf41b11a280c50", 0xffff, 0x1, 0x1, 0x2, 0x1f, 0x2, 0x7fffffff, 0x0, [0x685bdc59, 0x8, 0x1, 0x7, 0x8, 0xfffffff7, 0x2, 0x400, 0x4, 0x1, 0x429, 0x6, 0x850f, 0x0, 0x4, 0x8, 0x6, 0xfffffff8, 0x3]}) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x403, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:47 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_SEQ_TESTMIDI(r0, 0x40045108, &(0x7f0000000000)=0x1) socket(0x24, 0x0, 0x0) 10:19:47 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x2, 0x408840) syz_open_dev$media(&(0x7f0000000000), 0x2, 0x408840) (async) [ 1062.495965] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.503651] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1062.510960] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1062.518259] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1062.525506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1062.532757] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1062.575366] FAULT_INJECTION: forcing a failure. [ 1062.575366] name failslab, interval 1, probability 0, space 0, times 0 [ 1062.581696] qnx4: unable to read the superblock [ 1062.606988] CPU: 1 PID: 15189 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1062.615002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 10:19:48 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000008c0), 0x20502, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000000)="67fa6dd0f4e9", 0x6}, {&(0x7f0000000180)="6e0a1ca4f786fb0de9f1c829d915d7ebc5ada0eaeafc8a231045be4fb9ace019d162c70c54bed3e5394f7baff46c3dccc976bf4ef900", 0x36}, {&(0x7f00000001c0)="42bb686c2d156ae7671f732762ec5e465d6061a5cab77bdbdb50e801a836f412b71a4752a61689ee31830f32c4bfd0b130f228ed2985c8", 0x37}, {&(0x7f0000000200)="2e6552c8f9fe9d87573c72ef6c0420e8eab107091050aedc404da9e9609b5f060505fb19c283caf3e59f83ad33142bb616da00cc333c6cbde094ce692065847ed5cbc33c4df9f7b0a57b6720f577e8538771ee0a1fe0", 0x56}], 0x5, 0x0, 0x0, 0x1884c8f1d71413ed}, 0x24004800) (async) ioctl$SNDCTL_SYNTH_INFO(r0, 0xc08c5102, &(0x7f00000000c0)={"639c11f281d654071562dddbf20dff7165e92661040679cf41b11a280c50", 0xffff, 0x1, 0x1, 0x2, 0x1f, 0x2, 0x7fffffff, 0x0, [0x685bdc59, 0x8, 0x1, 0x7, 0x8, 0xfffffff7, 0x2, 0x400, 0x4, 0x1, 0x429, 0x6, 0x850f, 0x0, 0x4, 0x8, 0x6, 0xfffffff8, 0x3]}) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x403, 0x0) (async, rerun: 32) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) 10:19:48 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000008c0), 0x20502, 0x0) (async, rerun: 64) sendmsg$alg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000000)="67fa6dd0f4e9", 0x6}, {&(0x7f0000000180)="6e0a1ca4f786fb0de9f1c829d915d7ebc5ada0eaeafc8a231045be4fb9ace019d162c70c54bed3e5394f7baff46c3dccc976bf4ef900", 0x36}, {&(0x7f00000001c0)="42bb686c2d156ae7671f732762ec5e465d6061a5cab77bdbdb50e801a836f412b71a4752a61689ee31830f32c4bfd0b130f228ed2985c8", 0x37}, {&(0x7f0000000200)="2e6552c8f9fe9d87573c72ef6c0420e8eab107091050aedc404da9e9609b5f060505fb19c283caf3e59f83ad33142bb616da00cc333c6cbde094ce692065847ed5cbc33c4df9f7b0a57b6720f577e8538771ee0a1fe0", 0x56}], 0x5, 0x0, 0x0, 0x1884c8f1d71413ed}, 0x24004800) (rerun: 64) ioctl$SNDCTL_SYNTH_INFO(r0, 0xc08c5102, &(0x7f00000000c0)={"639c11f281d654071562dddbf20dff7165e92661040679cf41b11a280c50", 0xffff, 0x1, 0x1, 0x2, 0x1f, 0x2, 0x7fffffff, 0x0, [0x685bdc59, 0x8, 0x1, 0x7, 0x8, 0xfffffff7, 0x2, 0x400, 0x4, 0x1, 0x429, 0x6, 0x850f, 0x0, 0x4, 0x8, 0x6, 0xfffffff8, 0x3]}) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x403, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1062.624358] Call Trace: [ 1062.626951] dump_stack+0x1b2/0x281 [ 1062.630583] should_fail.cold+0x10a/0x149 [ 1062.634733] should_failslab+0xd6/0x130 [ 1062.638711] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1062.643819] __kmalloc_node_track_caller+0x38/0x70 [ 1062.648752] __alloc_skb+0x96/0x510 [ 1062.652381] kobject_uevent_env+0x882/0xf30 [ 1062.656713] lo_ioctl+0x11a6/0x1cd0 [ 1062.660341] ? loop_set_status64+0xe0/0xe0 [ 1062.664581] blkdev_ioctl+0x540/0x1830 [ 1062.668468] ? blkpg_ioctl+0x8d0/0x8d0 [ 1062.672357] ? trace_hardirqs_on+0x10/0x10 [ 1062.676590] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1062.681692] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1062.686707] block_ioctl+0xd9/0x120 [ 1062.690339] ? blkdev_fallocate+0x3a0/0x3a0 [ 1062.694657] do_vfs_ioctl+0x75a/0xff0 [ 1062.698456] ? lock_acquire+0x170/0x3f0 [ 1062.702429] ? ioctl_preallocate+0x1a0/0x1a0 [ 1062.706838] ? __fget+0x265/0x3e0 [ 1062.710288] ? do_vfs_ioctl+0xff0/0xff0 [ 1062.714259] ? security_file_ioctl+0x83/0xb0 [ 1062.718665] SyS_ioctl+0x7f/0xb0 [ 1062.722027] ? do_vfs_ioctl+0xff0/0xff0 [ 1062.725997] do_syscall_64+0x1d5/0x640 [ 1062.729887] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1062.735080] RIP: 0033:0x7f2e61d65e07 [ 1062.738788] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.746504] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1062.753840] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1062.761089] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1062.768340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 10:19:48 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 24) 10:19:48 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0) 10:19:48 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x3, 0x4, &(0x7f0000001240)=[{&(0x7f0000000100)="d328d71abd8016742336dd29f5", 0xd, 0xfffffffffffffffd}, {&(0x7f0000000140)="61d5ef28f99187c3ebe9c4b34c442c19078f54348c09602663665d39c8bbd6e00d4676858488149d990b6793bde0f42f644ba54766a636ec4b52e7e3093f69b1222451c502735bbedf4761e8be0fd83de45d7a9e0295acff6e128868f85d897db8cc2f9f209362b1668da2f4b867552baae0323d5c7ab62354e261322be953f7fc934a6572efbfe130e4da", 0x8b, 0x4}, {&(0x7f0000000200)="be55afd552f9b21b53ad43bcfa0aab556b5cc84251b96b770b695ff8a060d59b827442d0be2efc3c9cb89d3aa86cc3535ea744b2d795a147293bce3daa7e3901d0b0891ccbec86ca7cf9650d2d2d68a8db1377832bb6e1caf26bce63669e4bea45e15ce3f2c6e2302e8ec2cfa32e790ca8dbd03f5f664d78f07fb7423a70808a0b25c01d5ce2e2639a6a6fdbc82d8425e0dd928007a705f724f764669ad7bd6fcf53322d42fe4ca95df701be46f710b0b8db3f8e9b2d8f9be56c44669535f94724d278411fd5ef9a4401bf88a926d913fd4f7ba79b43074eeaf00f04fda54354c894a96adf5af63b1ac84977958bb68a188fe792f306253c5521d12343ff9917d4d902b1c29b4e177fcd909b7147de6332531cecc9e6b1c695d58bce72408b6f40191220dfecd15805e11048bea537fe32149a225b50eb3e05f649e07427b9efadad458a2ce8030bfdc3e8da27eb743a5258dc546fc84379f4c9aa3859b4934c415516442a1b474d3af1ad7e1465be7ed067b3a04c5342eb0dbe31048739ed0953cede75021147b881d2ce197154ff26a06f359711189f3f9ce122dc1e2ae0e359afeed401eaa45273a3bfc3d9b94644c3c35f364890d6597d85ce1b7cc60d85d4eeb868833b8bb5f5636d7df1f60be96f1e63ff040abeb44d9045eba1b1b62e478a59dbcdfeaa6587b3abe6e40becbad94d1cbd0779665dcfd8a93da7f9d65cd17e361d7f3e580c205f613bd46624ebdcd74d5d70a1e3b0003edd69d855a5590135e9c9ec37f9392f8e32144c2a0cbb0f60ad75d1467a734cbe4865746886693c8e8f5145af334d7030e09cd770ba0455209d056c5cccdd4c0308be7a3d8b338f012d2e4e22e396273885a543050afea8099767fe969253b79aea4edfe90140f2123872ce4890dfa4abf8da704b8c4bb19881b60aa35970f44f0f7897aa56d0d72a8c008398e31c3802ee4f0a86d2bcf7d133198be3b597be4106256224a38b2520a751fc2ac004e73f557249f5d3b560a42e18cfd1b47b34aca6a7ed7180160e303bc0e2e66e591ebc6b0e1825d6960bd90a6083d3f5ce5ceb1a45bda27abb0e0b7a5fbc5322c355d197ef34b8aa8e37100dd24a0eda3e7964c5f670cdad48bd54186d32603b27b2bfc6868fb268a2a87ddd840cf486e3293f922fb98f7ed450b8ca8dcfc782943c9536ddf02bf39ef8232082576aec886f4253239c71878ede57d260a1ba744babdc9e790658a1bd87acedf714ffe8786bb206f7e5ce744a18ba297754cfee9834c7e2a8f316e833558d3494c3ba8795d5ed8b6d012a3a3af9f623ae9f0daf5634dd2a36630ce4a828b37ffbc9c712d8e5e23a48049dd313110d155e34d330f0886cc01a8a21a273f3d9c0f4a53f16cec31944ddab37fe27843f193129168a354e02c618fcec98218644c74dd882250a3a41998a38f9093046faae0b4b272669721baff3ff04e63e7f6d42c3ef93ad9f4923ec13b6423d7e7df079900ed6c3cfa2e6e1b6ec7bb71d6620541c78f11489b7f7aa683846e0b02c0158aa83b6590e97d525773ba64a58216d76d2063525516de6d3ded7c687c41c2f41a0c1b0770ce7d17d288ac05d64662cb54201846a7489894577cfabb1a3f27075d92e0e3918079ec75222f18a83abc630fbbdcf433b567c2c57117a7f24c1e5de7a43f607f8c6b58a63ddbc2f905b97fb8f0b6bebfb593c9ba474ee3f74aa56e1cd1dac5e39106b877d4d0e9b7b1da97514f4c726e88a72ba9f038b6294852c4c8e3c351ebb79bcf3b5283883b0bf05f623d582877f855d7a5ec252bd6f4b12444be5bc9f5e0c2990a3110bb6010179133aef00bee4ab78401217a28f0c5e27be3feeaf9894df9e96360889f79e23ab084862c252f77b498ecf286d92c64da2e03703e64a33452306c38e0fddec8a3762dc7e7885b5fab11be319b56158649ccc332629f87a2204d508968154bed529018baf9beef070adc7eef638091ab97e99e8a33dab1c34500fd52a384e5a20cff582ceb5f1635799ce80e2a1c6da3c7653ffc2406380d18d5a1c8204187848e26735e42f7e773b19d927d5644b0de72df79c4a7fb797d8f8b6a2fc16acc621974df6cd0625caec16636d4cc259b4364721cae4e35f5baf6d1baeb6ebbfb721bac00f48c4caf4a80429f4df63737da6e3b3953184d8bb5caf94de6aa7fbe523ca0e0d12f794844147719540e41ec80e16d8480e1ff046516b92cb33b91683e61e1b637f047d5bad237b426d07b07bde3cdc315fecf8a0f942618abcc18e190a15efb9ba29f18475dfae3fbd983f23e63943ad03a4e2f7d0a9a41ae8fff3e1c5a660bbc7d3c8419e0f188c4ad400d1af4eba0f62726b91d75263b369ad556f3b0d9b11d9b8c66314dfb9481b0ae87b5c797a783927c388387d1009262cfae847b3495a34e891d166a56b31e209c935a88a8329e65c3b6648b84164e732c8b1399d70f821b5f441201d70864eaeb99f3797717c04071e2c68b369865ed645047a6642df99281fb6d7dbc42c283510819d0034040650bd90aa336706b00ef3ce14a272be011d8032f8f85409cda91ca53c05982cba7130a4f0c8c4bfa3dc603c72842bcd1035077bb90c0b9656964e9caf32ad57999ec0f618a0d8a47af0b77081d460b2b4e66b7dfe74a024dc7930da2b4f60d4755987feae0682c04a7399409dfa7332aec2898d6f11bcbbbd770c510884e54e6b5f68a7e0344521164273237db7971cd2b46ae7da65218c21fc73a2121b459ff824ec0c871ba24757f8f772b2be55f8f1bedcbd3a54612abe88855e8514e76f842d63b4d63cae01b337c89e5ea91532c4d44dac1310a7379cf04c8130d3861336ccd2289230f29abe9c08da6f2d1a3fbf32f66a76c636344c2725b0827ace65051ffda8f04332f8473141ae59630436183485c8f8aa835a3d6bfb1cdbfb0b3fbc3eb8b5582bae9a501f79703e3d8afc6633e03b1dbb53361081fc919683934e0fb07090b7e8d4bac182154e70566f42f51c639268fb4295b807ee6d5e53356991368da1c72d92530acbd85f54a53a5d73cb09dec845209bc3a4693ba757754382529f08daf902dcf075d3faf27023e86553e9bb15cb5c77b228c7be51605ae9f709ca5464293befdd4db0157db801d5ffc8e9a961eb355a5fdf961cddabf56c599dd4b6ad67de6f492ab2694a04e5cfae434c6f01c3eec9f8d6b40977ed19b978a5306524ff77c411e5f160878fcce55fccfd2fe6074b780ea4a7186553e9a65367f57fa3f4d7405a79210ef836c3299aedb1ce0f96af63db51fa7656e3e72e1c756feb10b1ece7416f34ad55786c04607132fad5759b35e8ffd918a7d5af07006e510ca4d025d994e6c7010bfdc572e738cf266893ad01e3f79396eb708a734846d9f43c9b634946c7fabc8100c6f46bafb7c099c0819c20b4e87d9b593d6617e4fcadce9109df3e9f05a5ad2c824253b7591ac2e604993386c46faa241e7b810313e0d3b6a400f1a3e0383f26c00c9ddd744852d8c95fcc567e8a41cd18d54a5950e857676ef5a5d379d6bad81f281a1b266126bf239a2cc1360471ceea343b0dabf44f36090fdf3b49d8862f85358b2c0f1740892004e50d589472a3d56bdd84b80ab602aa92d0079c1acb23a9e2971243b2b9f75601ffe3fe80930c1d33adc85065a44b44b017131999d500f919f2f1c21cff2158248432bcb5dd29fe7f3a2c435b8c066835f48508b387d5efee39f7d8c8d3db047101ba974a7cd963ca92e4e0c06a9a8cf43225a5ecfaf0a7a3a7cd0ed29fc0f6a0b442e3d5b88d40833223640feb485bd2bb9a2426ba2655a499f720196922c719613b319c28417a92f3c348110396a1c61b49d435c51a661397e5957cdb164b5c08e0113f8b748f52432b7f3c76e52bd32ba4b5d22f7b2a8ca15437192d7702319a0e0e212d2f1ba27ab924005a299c141000bc287594b74f8724c8c1c0acadbb38a7f99a38e1187c3f568073407b79fe519523d64c7479d534c72d19f5ec5d0a7266237ac6c18f027f6cc8f1199866a02bb14c498478dccb77f937522892143d87cb1c9186eeba71bf2357e61b76e5690976934445a90e5e4c385c2a63d77f77da9b9e6d07717b43562f777cbdaa1b5feb23c88f803f02feb843b3ef5619fe67452d9bfcd0e21ec31817b91f838ba83710e8ef394e2491a0f5651d3a85867e43d295b3ccfb692e5612eb04c4ea8efc5c00293c3c99eeb461cac3eab0a4b09785bdaee0c0a6508daf5a71d9d2183f5f9224029c93405269fb01faeb18fcf7814c881322512c6de241709e0206ab365741d1a0b4bc4db0726f59d4d4e6e75fc2cf9ad470664c931038529b049c7764ad9f5f18df39c0f8edb659b39fd34c09da4655d01f64a36549c42e84af848163e102ddeb3ddd52e6e9aa1da6cdeeb13d32936161b6be186fad17d922ee878932a2f478d0a3a3c10b24469ece3a97703c7bca77620a06e81b14ebe30442122d0d694f7e76b66991b054135599e1317313ac1a42eaa35b9c9d73b0c609a8573b9bca157a5fc671fdcafb11b4da34b840dbaf2c6acc9ecd624da4cbcd39c1aa40eebb72c9da493ba1eb58684eebb4d89fee00fe179873b816fdb94646aa83544b30a4caaa639bdab04df3357d684379930edf13d407d7542080d59b1e660ad66157ca3ce6ad39dd7881117b3991b86b297350b97d023cddfec7426532a1e5d77c8825dd186f093680b3a7a81de817dfb2c3c1b57f71586bae504a31e2d9ef15b878dd05eb0aa24fe0cdf1eb18659edcfc84957c11ec0c6b0d6e88636441a628184d5142931e892b53cfbe353ba2e4ae3436eeda9b716adb84da88639c1e427a12ea3acc609a38577a61f049b3101e38fe8a18dcb5a2f07c2a21b2d47f1d8bfbc9dab3d7cc8f3328d47869eaa9fe5cd1ea4fd851e096f14c60b73cba340cc1502f2645b9a2fe11e47671acf00429642481bf65950e674850ac1d2eae97c5677182bb4eeb21df27f3f819fb7289f99ada6e4998eaf746606cbcce110b4d3688c7043b46f0fbc3412679b120ca013ca1905cdf9b9cd299793446a6d724673e55a2fa25d050e2ba3ed6cbb2290d291c528a88140de38cf82faf860e630119f7ba301f1155e5b71c0498bd174b4c2ccdf2ec0d39c565180d5ccebcc20f62891b6c4a1354c5661cc5a9591b80dde23738278e88da1cec170384d6be630711d03f3f5b12e1d64df37aab2bd47291e1173bf18f84ed308f9c80ffdcbdc4251ece62949f9ce08cf5c7f280436313cbd07a4c0c3c38fc6e1539824d4b97818f430d9885e5038c435021843ab25885fdda896ea3318caaf1bc1cad05f9ff8b5c8ff4463b9132eb0ee40bc4d1d9000030834878f7db852fd590d5c53bc4916cc9c27c3251d576385e1249beb75d37b8dfc6e682efc9a2b468b1bd9a91a4731d7ded03c2e6e17e185165771bd41b209f0e26101c16f591fa23e7e9557255d385f970b8ad719dba2ddfb84728d3e0fd7a44e06a5d704d3efe2529ed8f70251892b36ab336a45344d776ab1351ead450ce3e49f3428795bd630d436858a2a7215ee50f841c10a416aeb8355c2039058a650b25f9e81ff11fd49655be4be5597c1fa373bb0750a90862f31c9a3fcfdfaaaeb03e846c3f9123315c9de1d45d8eb1eb7730112175248a8a3e0133c3aea01b55b6cbe5f147ba1cf167dfc28c60be8ce0e999f9cce9b61bc777515754047f5befd4109f127e3a1b4ac7c487fc41fbfbb3d5afa1d474c0b63907a21f09ed103cfb5773c0d8043c254e893fa93a0b18", 0x1000}, {&(0x7f0000001200)="efe86e0aafce7e07151f0e811767e767a1e4ad60ccbf6b81384f4ea6eb77", 0x1e, 0x4a}], 0x2100840, &(0x7f00000012c0)=ANY=[@ANYBLOB="da0ad5fe872c0000001139dadfbc348203d30e52db4998235653003ae14621707100"/49]) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001400)={&(0x7f00000014c0)=ANY=[@ANYBLOB="b6f32c00d20532000000e3", @ANYRES16=r0, @ANYBLOB="00022dbd7000fbdbdf25880000000c009900c6000000020000000a00060008021100000000000a000600ffffffffffff00000a000600ffffffffffff0000"], 0x44}, 0x1, 0x0, 0x0, 0x40088b5}, 0x20000040) syz_genetlink_get_family_id$ethtool(&(0x7f0000001480), 0xffffffffffffffff) 10:19:48 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$SNDCTL_SEQ_TESTMIDI(r0, 0x40045108, &(0x7f0000000000)=0x1) (async, rerun: 32) socket(0x24, 0x0, 0x0) (rerun: 32) 10:19:48 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x2, 0x408840) [ 1062.775589] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1062.811099] qnx4: unable to read the superblock 10:19:48 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 33) 10:19:48 executing program 3: sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000040)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/power', 0xc102, 0x8) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$NS_GET_NSTYPE(r0, 0xb703, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000003c0)=0xc) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) ioctl$IMSETDEVNAME(r2, 0x80184947, &(0x7f0000000480)={0x8, 'syz1\x00'}) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f00000000c0)=0x81) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10099, 0x6f}}}}, [@NL80211_ATTR_KEY_IDX={0x0, 0x8, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) r5 = socket(0x1e, 0x80810, 0x7fffffff) r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x80044943, &(0x7f0000000400)) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r7, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000125bdfbdadf25ff00ff0973d986ad", @ANYRES32=r8, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x3, 0x51}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x60}}, 0x20000000) 10:19:48 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0) 10:19:48 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$SNDCTL_SEQ_TESTMIDI(r0, 0x40045108, &(0x7f0000000000)=0x1) (async) socket(0x24, 0x0, 0x0) [ 1062.937881] FAULT_INJECTION: forcing a failure. [ 1062.937881] name failslab, interval 1, probability 0, space 0, times 0 [ 1062.963097] CPU: 1 PID: 15240 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1062.971005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1062.980357] Call Trace: [ 1062.982948] dump_stack+0x1b2/0x281 10:19:48 executing program 3: sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000040)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/power', 0xc102, 0x8) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$NS_GET_NSTYPE(r0, 0xb703, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000003c0)=0xc) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) ioctl$IMSETDEVNAME(r2, 0x80184947, &(0x7f0000000480)={0x8, 'syz1\x00'}) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f00000000c0)=0x81) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10099, 0x6f}}}}, [@NL80211_ATTR_KEY_IDX={0x0, 0x8, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) r5 = socket(0x1e, 0x80810, 0x7fffffff) r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x80044943, &(0x7f0000000400)) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r7, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000125bdfbdadf25ff00ff0973d986ad", @ANYRES32=r8, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x3, 0x51}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x60}}, 0x20000000) sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000040)) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/power', 0xc102, 0x8) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$NS_GET_NSTYPE(r0, 0xb703, 0x0) (async) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000003c0)=0xc) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) (async) ioctl$IMSETDEVNAME(r2, 0x80184947, &(0x7f0000000480)={0x8, 'syz1\x00'}) (async) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f00000000c0)=0x81) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10099, 0x6f}}}}, [@NL80211_ATTR_KEY_IDX={0x0, 0x8, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) socket(0x1e, 0x80810, 0x7fffffff) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x80044943, &(0x7f0000000400)) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r7, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000125bdfbdadf25ff00ff0973d986ad", @ANYRES32=r8, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x3, 0x51}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x60}}, 0x20000000) (async) 10:19:48 executing program 3: sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000040)) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/power', 0xc102, 0x8) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$NS_GET_NSTYPE(r0, 0xb703, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000003c0)=0xc) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) ioctl$IMSETDEVNAME(r2, 0x80184947, &(0x7f0000000480)={0x8, 'syz1\x00'}) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f00000000c0)=0x81) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10099, 0x6f}}}}, [@NL80211_ATTR_KEY_IDX={0x0, 0x8, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) r5 = socket(0x1e, 0x80810, 0x7fffffff) r6 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x80044943, &(0x7f0000000400)) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r7, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000125bdfbdadf25ff00ff0973d986ad", @ANYRES32=r8, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x3, 0x51}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x60}}, 0x20000000) sched_rr_get_interval(0xffffffffffffffff, &(0x7f0000000040)) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/power', 0xc102, 0x8) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$NS_GET_NSTYPE(r0, 0xb703, 0x0) (async) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240), &(0x7f00000003c0)=0xc) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000440), 0x40, 0x0) (async) ioctl$IMSETDEVNAME(r2, 0x80184947, &(0x7f0000000480)={0x8, 'syz1\x00'}) (async) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f00000000c0)=0x81) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r4, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r3, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x10099, 0x6f}}}}, [@NL80211_ATTR_KEY_IDX={0x0, 0x8, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) socket(0x1e, 0x80810, 0x7fffffff) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) ioctl$IMGETCOUNT(0xffffffffffffffff, 0x80044943, &(0x7f0000000400)) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r7, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000125bdfbdadf25ff00ff0973d986ad", @ANYRES32=r8, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) sendmsg$NL80211_CMD_SET_MCAST_RATE(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x60, r3, 0x1, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x3, 0x51}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x21c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x1e0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xf0}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x60}}, 0x20000000) (async) [ 1062.986587] should_fail.cold+0x10a/0x149 [ 1062.990764] should_failslab+0xd6/0x130 [ 1062.994744] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1062.999854] __kmalloc_node_track_caller+0x38/0x70 [ 1063.004788] __alloc_skb+0x96/0x510 [ 1063.008416] kobject_uevent_env+0x882/0xf30 [ 1063.012743] lo_ioctl+0x11a6/0x1cd0 [ 1063.016378] ? loop_set_status64+0xe0/0xe0 [ 1063.020619] blkdev_ioctl+0x540/0x1830 [ 1063.024507] ? blkpg_ioctl+0x8d0/0x8d0 [ 1063.028392] ? trace_hardirqs_on+0x10/0x10 [ 1063.032627] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1063.037729] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1063.042746] block_ioctl+0xd9/0x120 [ 1063.046369] ? blkdev_fallocate+0x3a0/0x3a0 [ 1063.050685] do_vfs_ioctl+0x75a/0xff0 [ 1063.054480] ? lock_acquire+0x170/0x3f0 [ 1063.058452] ? ioctl_preallocate+0x1a0/0x1a0 [ 1063.062864] ? __fget+0x265/0x3e0 [ 1063.066326] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.070299] ? security_file_ioctl+0x83/0xb0 [ 1063.074703] SyS_ioctl+0x7f/0xb0 [ 1063.078070] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.082041] do_syscall_64+0x1d5/0x640 10:19:48 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x26faeea2577733d3}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'batadv_slave_1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20048011}, 0x890) syz_open_dev$media(&(0x7f0000000140), 0x100000000, 0x1) syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$smc(&(0x7f00000002c0), r0) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r1, 0x100, 0x70bd21, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) [ 1063.085934] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1063.091115] RIP: 0033:0x7f94265b4e07 [ 1063.094818] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1063.102520] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1063.109787] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1063.117059] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1063.124317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1063.131568] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1063.168690] qnx4: unable to read the superblock [ 1063.170223] FAULT_INJECTION: forcing a failure. [ 1063.170223] name failslab, interval 1, probability 0, space 0, times 0 [ 1063.194788] CPU: 0 PID: 15245 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1063.202680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1063.212020] Call Trace: [ 1063.214598] dump_stack+0x1b2/0x281 [ 1063.218213] should_fail.cold+0x10a/0x149 [ 1063.222345] should_failslab+0xd6/0x130 [ 1063.226306] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1063.231397] __kmalloc_node_track_caller+0x38/0x70 [ 1063.236309] __alloc_skb+0x96/0x510 [ 1063.239922] kobject_uevent_env+0x882/0xf30 [ 1063.244235] lo_ioctl+0x11a6/0x1cd0 [ 1063.247849] ? loop_set_status64+0xe0/0xe0 [ 1063.252070] blkdev_ioctl+0x540/0x1830 [ 1063.255941] ? blkpg_ioctl+0x8d0/0x8d0 [ 1063.259810] ? trace_hardirqs_on+0x10/0x10 [ 1063.264029] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1063.269116] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1063.274116] block_ioctl+0xd9/0x120 [ 1063.277722] ? blkdev_fallocate+0x3a0/0x3a0 [ 1063.282025] do_vfs_ioctl+0x75a/0xff0 [ 1063.285808] ? lock_acquire+0x170/0x3f0 [ 1063.289763] ? ioctl_preallocate+0x1a0/0x1a0 [ 1063.294161] ? __fget+0x265/0x3e0 [ 1063.297598] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.301559] ? security_file_ioctl+0x83/0xb0 [ 1063.306040] SyS_ioctl+0x7f/0xb0 [ 1063.309405] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.313369] do_syscall_64+0x1d5/0x640 [ 1063.317244] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1063.322414] RIP: 0033:0x7f2e61d65e07 [ 1063.326106] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1063.333795] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1063.341046] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1063.348299] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1063.355553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 10:19:48 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 25) 10:19:48 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x26faeea2577733d3}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'batadv_slave_1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20048011}, 0x890) (async) syz_open_dev$media(&(0x7f0000000140), 0x100000000, 0x1) (async) syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff) (async) r1 = syz_genetlink_get_family_id$smc(&(0x7f00000002c0), r0) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r1, 0x100, 0x70bd21, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 10:19:48 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)) r1 = socket(0x24, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) 10:19:48 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x3, 0x4, &(0x7f0000001240)=[{&(0x7f0000000100)="d328d71abd8016742336dd29f5", 0xd, 0xfffffffffffffffd}, {&(0x7f0000000140)="61d5ef28f99187c3ebe9c4b34c442c19078f54348c09602663665d39c8bbd6e00d4676858488149d990b6793bde0f42f644ba54766a636ec4b52e7e3093f69b1222451c502735bbedf4761e8be0fd83de45d7a9e0295acff6e128868f85d897db8cc2f9f209362b1668da2f4b867552baae0323d5c7ab62354e261322be953f7fc934a6572efbfe130e4da", 0x8b, 0x4}, {&(0x7f0000000200)="be55afd552f9b21b53ad43bcfa0aab556b5cc84251b96b770b695ff8a060d59b827442d0be2efc3c9cb89d3aa86cc3535ea744b2d795a147293bce3daa7e3901d0b0891ccbec86ca7cf9650d2d2d68a8db1377832bb6e1caf26bce63669e4bea45e15ce3f2c6e2302e8ec2cfa32e790ca8dbd03f5f664d78f07fb7423a70808a0b25c01d5ce2e2639a6a6fdbc82d8425e0dd928007a705f724f764669ad7bd6fcf53322d42fe4ca95df701be46f710b0b8db3f8e9b2d8f9be56c44669535f94724d278411fd5ef9a4401bf88a926d913fd4f7ba79b43074eeaf00f04fda54354c894a96adf5af63b1ac84977958bb68a188fe792f306253c5521d12343ff9917d4d902b1c29b4e177fcd909b7147de6332531cecc9e6b1c695d58bce72408b6f40191220dfecd15805e11048bea537fe32149a225b50eb3e05f649e07427b9efadad458a2ce8030bfdc3e8da27eb743a5258dc546fc84379f4c9aa3859b4934c415516442a1b474d3af1ad7e1465be7ed067b3a04c5342eb0dbe31048739ed0953cede75021147b881d2ce197154ff26a06f359711189f3f9ce122dc1e2ae0e359afeed401eaa45273a3bfc3d9b94644c3c35f364890d6597d85ce1b7cc60d85d4eeb868833b8bb5f5636d7df1f60be96f1e63ff040abeb44d9045eba1b1b62e478a59dbcdfeaa6587b3abe6e40becbad94d1cbd0779665dcfd8a93da7f9d65cd17e361d7f3e580c205f613bd46624ebdcd74d5d70a1e3b0003edd69d855a5590135e9c9ec37f9392f8e32144c2a0cbb0f60ad75d1467a734cbe4865746886693c8e8f5145af334d7030e09cd770ba0455209d056c5cccdd4c0308be7a3d8b338f012d2e4e22e396273885a543050afea8099767fe969253b79aea4edfe90140f2123872ce4890dfa4abf8da704b8c4bb19881b60aa35970f44f0f7897aa56d0d72a8c008398e31c3802ee4f0a86d2bcf7d133198be3b597be4106256224a38b2520a751fc2ac004e73f557249f5d3b560a42e18cfd1b47b34aca6a7ed7180160e303bc0e2e66e591ebc6b0e1825d6960bd90a6083d3f5ce5ceb1a45bda27abb0e0b7a5fbc5322c355d197ef34b8aa8e37100dd24a0eda3e7964c5f670cdad48bd54186d32603b27b2bfc6868fb268a2a87ddd840cf486e3293f922fb98f7ed450b8ca8dcfc782943c9536ddf02bf39ef8232082576aec886f4253239c71878ede57d260a1ba744babdc9e790658a1bd87acedf714ffe8786bb206f7e5ce744a18ba297754cfee9834c7e2a8f316e833558d3494c3ba8795d5ed8b6d012a3a3af9f623ae9f0daf5634dd2a36630ce4a828b37ffbc9c712d8e5e23a48049dd313110d155e34d330f0886cc01a8a21a273f3d9c0f4a53f16cec31944ddab37fe27843f193129168a354e02c618fcec98218644c74dd882250a3a41998a38f9093046faae0b4b272669721baff3ff04e63e7f6d42c3ef93ad9f4923ec13b6423d7e7df079900ed6c3cfa2e6e1b6ec7bb71d6620541c78f11489b7f7aa683846e0b02c0158aa83b6590e97d525773ba64a58216d76d2063525516de6d3ded7c687c41c2f41a0c1b0770ce7d17d288ac05d64662cb54201846a7489894577cfabb1a3f27075d92e0e3918079ec75222f18a83abc630fbbdcf433b567c2c57117a7f24c1e5de7a43f607f8c6b58a63ddbc2f905b97fb8f0b6bebfb593c9ba474ee3f74aa56e1cd1dac5e39106b877d4d0e9b7b1da97514f4c726e88a72ba9f038b6294852c4c8e3c351ebb79bcf3b5283883b0bf05f623d582877f855d7a5ec252bd6f4b12444be5bc9f5e0c2990a3110bb6010179133aef00bee4ab78401217a28f0c5e27be3feeaf9894df9e96360889f79e23ab084862c252f77b498ecf286d92c64da2e03703e64a33452306c38e0fddec8a3762dc7e7885b5fab11be319b56158649ccc332629f87a2204d508968154bed529018baf9beef070adc7eef638091ab97e99e8a33dab1c34500fd52a384e5a20cff582ceb5f1635799ce80e2a1c6da3c7653ffc2406380d18d5a1c8204187848e26735e42f7e773b19d927d5644b0de72df79c4a7fb797d8f8b6a2fc16acc621974df6cd0625caec16636d4cc259b4364721cae4e35f5baf6d1baeb6ebbfb721bac00f48c4caf4a80429f4df63737da6e3b3953184d8bb5caf94de6aa7fbe523ca0e0d12f794844147719540e41ec80e16d8480e1ff046516b92cb33b91683e61e1b637f047d5bad237b426d07b07bde3cdc315fecf8a0f942618abcc18e190a15efb9ba29f18475dfae3fbd983f23e63943ad03a4e2f7d0a9a41ae8fff3e1c5a660bbc7d3c8419e0f188c4ad400d1af4eba0f62726b91d75263b369ad556f3b0d9b11d9b8c66314dfb9481b0ae87b5c797a783927c388387d1009262cfae847b3495a34e891d166a56b31e209c935a88a8329e65c3b6648b84164e732c8b1399d70f821b5f441201d70864eaeb99f3797717c04071e2c68b369865ed645047a6642df99281fb6d7dbc42c283510819d0034040650bd90aa336706b00ef3ce14a272be011d8032f8f85409cda91ca53c05982cba7130a4f0c8c4bfa3dc603c72842bcd1035077bb90c0b9656964e9caf32ad57999ec0f618a0d8a47af0b77081d460b2b4e66b7dfe74a024dc7930da2b4f60d4755987feae0682c04a7399409dfa7332aec2898d6f11bcbbbd770c510884e54e6b5f68a7e0344521164273237db7971cd2b46ae7da65218c21fc73a2121b459ff824ec0c871ba24757f8f772b2be55f8f1bedcbd3a54612abe88855e8514e76f842d63b4d63cae01b337c89e5ea91532c4d44dac1310a7379cf04c8130d3861336ccd2289230f29abe9c08da6f2d1a3fbf32f66a76c636344c2725b0827ace65051ffda8f04332f8473141ae59630436183485c8f8aa835a3d6bfb1cdbfb0b3fbc3eb8b5582bae9a501f79703e3d8afc6633e03b1dbb53361081fc919683934e0fb07090b7e8d4bac182154e70566f42f51c639268fb4295b807ee6d5e53356991368da1c72d92530acbd85f54a53a5d73cb09dec845209bc3a4693ba757754382529f08daf902dcf075d3faf27023e86553e9bb15cb5c77b228c7be51605ae9f709ca5464293befdd4db0157db801d5ffc8e9a961eb355a5fdf961cddabf56c599dd4b6ad67de6f492ab2694a04e5cfae434c6f01c3eec9f8d6b40977ed19b978a5306524ff77c411e5f160878fcce55fccfd2fe6074b780ea4a7186553e9a65367f57fa3f4d7405a79210ef836c3299aedb1ce0f96af63db51fa7656e3e72e1c756feb10b1ece7416f34ad55786c04607132fad5759b35e8ffd918a7d5af07006e510ca4d025d994e6c7010bfdc572e738cf266893ad01e3f79396eb708a734846d9f43c9b634946c7fabc8100c6f46bafb7c099c0819c20b4e87d9b593d6617e4fcadce9109df3e9f05a5ad2c824253b7591ac2e604993386c46faa241e7b810313e0d3b6a400f1a3e0383f26c00c9ddd744852d8c95fcc567e8a41cd18d54a5950e857676ef5a5d379d6bad81f281a1b266126bf239a2cc1360471ceea343b0dabf44f36090fdf3b49d8862f85358b2c0f1740892004e50d589472a3d56bdd84b80ab602aa92d0079c1acb23a9e2971243b2b9f75601ffe3fe80930c1d33adc85065a44b44b017131999d500f919f2f1c21cff2158248432bcb5dd29fe7f3a2c435b8c066835f48508b387d5efee39f7d8c8d3db047101ba974a7cd963ca92e4e0c06a9a8cf43225a5ecfaf0a7a3a7cd0ed29fc0f6a0b442e3d5b88d40833223640feb485bd2bb9a2426ba2655a499f720196922c719613b319c28417a92f3c348110396a1c61b49d435c51a661397e5957cdb164b5c08e0113f8b748f52432b7f3c76e52bd32ba4b5d22f7b2a8ca15437192d7702319a0e0e212d2f1ba27ab924005a299c141000bc287594b74f8724c8c1c0acadbb38a7f99a38e1187c3f568073407b79fe519523d64c7479d534c72d19f5ec5d0a7266237ac6c18f027f6cc8f1199866a02bb14c498478dccb77f937522892143d87cb1c9186eeba71bf2357e61b76e5690976934445a90e5e4c385c2a63d77f77da9b9e6d07717b43562f777cbdaa1b5feb23c88f803f02feb843b3ef5619fe67452d9bfcd0e21ec31817b91f838ba83710e8ef394e2491a0f5651d3a85867e43d295b3ccfb692e5612eb04c4ea8efc5c00293c3c99eeb461cac3eab0a4b09785bdaee0c0a6508daf5a71d9d2183f5f9224029c93405269fb01faeb18fcf7814c881322512c6de241709e0206ab365741d1a0b4bc4db0726f59d4d4e6e75fc2cf9ad470664c931038529b049c7764ad9f5f18df39c0f8edb659b39fd34c09da4655d01f64a36549c42e84af848163e102ddeb3ddd52e6e9aa1da6cdeeb13d32936161b6be186fad17d922ee878932a2f478d0a3a3c10b24469ece3a97703c7bca77620a06e81b14ebe30442122d0d694f7e76b66991b054135599e1317313ac1a42eaa35b9c9d73b0c609a8573b9bca157a5fc671fdcafb11b4da34b840dbaf2c6acc9ecd624da4cbcd39c1aa40eebb72c9da493ba1eb58684eebb4d89fee00fe179873b816fdb94646aa83544b30a4caaa639bdab04df3357d684379930edf13d407d7542080d59b1e660ad66157ca3ce6ad39dd7881117b3991b86b297350b97d023cddfec7426532a1e5d77c8825dd186f093680b3a7a81de817dfb2c3c1b57f71586bae504a31e2d9ef15b878dd05eb0aa24fe0cdf1eb18659edcfc84957c11ec0c6b0d6e88636441a628184d5142931e892b53cfbe353ba2e4ae3436eeda9b716adb84da88639c1e427a12ea3acc609a38577a61f049b3101e38fe8a18dcb5a2f07c2a21b2d47f1d8bfbc9dab3d7cc8f3328d47869eaa9fe5cd1ea4fd851e096f14c60b73cba340cc1502f2645b9a2fe11e47671acf00429642481bf65950e674850ac1d2eae97c5677182bb4eeb21df27f3f819fb7289f99ada6e4998eaf746606cbcce110b4d3688c7043b46f0fbc3412679b120ca013ca1905cdf9b9cd299793446a6d724673e55a2fa25d050e2ba3ed6cbb2290d291c528a88140de38cf82faf860e630119f7ba301f1155e5b71c0498bd174b4c2ccdf2ec0d39c565180d5ccebcc20f62891b6c4a1354c5661cc5a9591b80dde23738278e88da1cec170384d6be630711d03f3f5b12e1d64df37aab2bd47291e1173bf18f84ed308f9c80ffdcbdc4251ece62949f9ce08cf5c7f280436313cbd07a4c0c3c38fc6e1539824d4b97818f430d9885e5038c435021843ab25885fdda896ea3318caaf1bc1cad05f9ff8b5c8ff4463b9132eb0ee40bc4d1d9000030834878f7db852fd590d5c53bc4916cc9c27c3251d576385e1249beb75d37b8dfc6e682efc9a2b468b1bd9a91a4731d7ded03c2e6e17e185165771bd41b209f0e26101c16f591fa23e7e9557255d385f970b8ad719dba2ddfb84728d3e0fd7a44e06a5d704d3efe2529ed8f70251892b36ab336a45344d776ab1351ead450ce3e49f3428795bd630d436858a2a7215ee50f841c10a416aeb8355c2039058a650b25f9e81ff11fd49655be4be5597c1fa373bb0750a90862f31c9a3fcfdfaaaeb03e846c3f9123315c9de1d45d8eb1eb7730112175248a8a3e0133c3aea01b55b6cbe5f147ba1cf167dfc28c60be8ce0e999f9cce9b61bc777515754047f5befd4109f127e3a1b4ac7c487fc41fbfbb3d5afa1d474c0b63907a21f09ed103cfb5773c0d8043c254e893fa93a0b18", 0x1000}, {&(0x7f0000001200)="efe86e0aafce7e07151f0e811767e767a1e4ad60ccbf6b81384f4ea6eb77", 0x1e, 0x4a}], 0x2100840, &(0x7f00000012c0)=ANY=[@ANYBLOB="da0ad5fe872c0000001139dadfbc348203d30e52db4998235653003ae14621707100"/49]) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001400)={&(0x7f00000014c0)=ANY=[@ANYBLOB="b6f32c00d20532000000e3", @ANYRES16=r0, @ANYBLOB="00022dbd7000fbdbdf25880000000c009900c6000000020000000a00060008021100000000000a000600ffffffffffff00000a000600ffffffffffff0000"], 0x44}, 0x1, 0x0, 0x0, 0x40088b5}, 0x20000040) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000001480), 0xffffffffffffffff) 10:19:48 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0) (async) 10:19:48 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 34) [ 1063.362803] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1063.380709] qnx4: unable to read the superblock 10:19:48 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)) r1 = socket(0x24, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)) (async) socket(0x24, 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) (async) [ 1063.519357] FAULT_INJECTION: forcing a failure. [ 1063.519357] name failslab, interval 1, probability 0, space 0, times 0 [ 1063.545038] CPU: 0 PID: 15330 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1063.552941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1063.562293] Call Trace: [ 1063.564880] dump_stack+0x1b2/0x281 10:19:48 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x26faeea2577733d3}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'batadv_slave_1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20048011}, 0x890) (async) syz_open_dev$media(&(0x7f0000000140), 0x100000000, 0x1) (async) syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$smc(&(0x7f00000002c0), r0) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r1, 0x100, 0x70bd21, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan0\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) 10:19:48 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x200000000000000, 0x0, 0x0, 0x4041, 0x0) 10:19:49 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x200000000000000, 0x0, 0x0, 0x4041, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x200000000000000, 0x0, 0x0, 0x4041, 0x0) (async) [ 1063.568513] should_fail.cold+0x10a/0x149 [ 1063.572671] should_failslab+0xd6/0x130 [ 1063.576647] kmem_cache_alloc_node+0x263/0x410 [ 1063.581231] __alloc_skb+0x5c/0x510 [ 1063.584865] kobject_uevent_env+0x882/0xf30 [ 1063.589193] lo_ioctl+0x11a6/0x1cd0 [ 1063.592826] ? loop_set_status64+0xe0/0xe0 [ 1063.597063] blkdev_ioctl+0x540/0x1830 [ 1063.600948] ? blkpg_ioctl+0x8d0/0x8d0 [ 1063.604830] ? trace_hardirqs_on+0x10/0x10 [ 1063.609063] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1063.614164] ? debug_check_no_obj_freed+0x2c0/0x680 10:19:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xc0, 0x20}}}}}, 0x28}}, 0x30) clock_gettime(0x1, &(0x7f00000000c0)={0x0, 0x0}) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, r4, 0x0, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8, 0x11}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x80) r6 = gettid() sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x1e, 0x80810, 0x7fffffff) r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r9 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r9, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00', @ANYRES16=r8, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r10, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="08002bbd7000fddbd3460008000000000000faffffffffffffff00", @ANYRES32=r10, @ANYBLOB="0c0099000500000045000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) syz_open_procfs$namespace(r6, 0x0) sched_rr_get_interval(r6, &(0x7f00000002c0)) pselect6(0x40, &(0x7f0000000000)={0x8, 0x4, 0x1ff, 0x8000000000000000, 0x3, 0x1, 0x7ff, 0x5}, &(0x7f0000000040)={0x3, 0x9, 0x5, 0x6, 0x3, 0x10000, 0x1, 0x7a}, &(0x7f0000000080)={0x4, 0x6, 0x85c, 0x8000000000000, 0x401, 0xfffffffffffffff8, 0x10000, 0x1f}, &(0x7f0000000100)={r1, r2+60000000}, &(0x7f0000000180)={&(0x7f0000000140)={[0x4]}, 0x8}) [ 1063.619188] block_ioctl+0xd9/0x120 [ 1063.622816] ? blkdev_fallocate+0x3a0/0x3a0 [ 1063.627135] do_vfs_ioctl+0x75a/0xff0 [ 1063.630934] ? lock_acquire+0x170/0x3f0 [ 1063.634908] ? ioctl_preallocate+0x1a0/0x1a0 [ 1063.639316] ? __fget+0x265/0x3e0 [ 1063.642775] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.646749] ? security_file_ioctl+0x83/0xb0 [ 1063.651158] SyS_ioctl+0x7f/0xb0 [ 1063.654517] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.658490] do_syscall_64+0x1d5/0x640 [ 1063.662379] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:19:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xc0, 0x20}}}}}, 0x28}}, 0x30) clock_gettime(0x1, &(0x7f00000000c0)={0x0, 0x0}) (async) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, r4, 0x0, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8, 0x11}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x80) (async) r6 = gettid() sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) (async) r7 = socket(0x1e, 0x80810, 0x7fffffff) (async) r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r9 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r9, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00', @ANYRES16=r8, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r10, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="08002bbd7000fddbd3460008000000000000faffffffffffffff00", @ANYRES32=r10, @ANYBLOB="0c0099000500000045000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) (async) syz_open_procfs$namespace(r6, 0x0) (async) sched_rr_get_interval(r6, &(0x7f00000002c0)) pselect6(0x40, &(0x7f0000000000)={0x8, 0x4, 0x1ff, 0x8000000000000000, 0x3, 0x1, 0x7ff, 0x5}, &(0x7f0000000040)={0x3, 0x9, 0x5, 0x6, 0x3, 0x10000, 0x1, 0x7a}, &(0x7f0000000080)={0x4, 0x6, 0x85c, 0x8000000000000, 0x401, 0xfffffffffffffff8, 0x10000, 0x1f}, &(0x7f0000000100)={r1, r2+60000000}, &(0x7f0000000180)={&(0x7f0000000140)={[0x4]}, 0x8}) [ 1063.667560] RIP: 0033:0x7f94265b4e07 [ 1063.671306] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1063.679009] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1063.686276] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1063.693551] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1063.700901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1063.708164] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1063.724093] FAULT_INJECTION: forcing a failure. [ 1063.724093] name failslab, interval 1, probability 0, space 0, times 0 [ 1063.748334] qnx4: unable to read the superblock [ 1063.753388] CPU: 0 PID: 15345 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1063.761267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1063.770623] Call Trace: [ 1063.773213] dump_stack+0x1b2/0x281 [ 1063.776844] should_fail.cold+0x10a/0x149 [ 1063.780994] should_failslab+0xd6/0x130 [ 1063.784968] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1063.789636] ? kobj_ns_drop+0x80/0x80 [ 1063.793434] call_usermodehelper_setup+0x73/0x2e0 [ 1063.798277] kobject_uevent_env+0xc21/0xf30 [ 1063.802611] lo_ioctl+0x11a6/0x1cd0 [ 1063.806238] ? loop_set_status64+0xe0/0xe0 [ 1063.810470] blkdev_ioctl+0x540/0x1830 [ 1063.814358] ? blkpg_ioctl+0x8d0/0x8d0 [ 1063.818244] ? trace_hardirqs_on+0x10/0x10 [ 1063.822480] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1063.827584] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1063.832603] block_ioctl+0xd9/0x120 [ 1063.836226] ? blkdev_fallocate+0x3a0/0x3a0 [ 1063.840546] do_vfs_ioctl+0x75a/0xff0 [ 1063.844351] ? lock_acquire+0x170/0x3f0 [ 1063.848328] ? ioctl_preallocate+0x1a0/0x1a0 [ 1063.852735] ? __fget+0x265/0x3e0 [ 1063.856191] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.860166] ? security_file_ioctl+0x83/0xb0 [ 1063.864573] SyS_ioctl+0x7f/0xb0 [ 1063.867936] ? do_vfs_ioctl+0xff0/0xff0 [ 1063.871907] do_syscall_64+0x1d5/0x640 [ 1063.875799] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1063.880983] RIP: 0033:0x7f2e61d65e07 [ 1063.884688] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1063.892393] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1063.899662] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1063.906928] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1063.914198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1063.921456] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1063.930116] qnx4: unable to read the superblock 10:19:49 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 26) 10:19:49 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)) (async) r1 = socket(0x24, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) 10:19:49 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x200000000000000, 0x0, 0x0, 0x4041, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x200000000000000, 0x0, 0x0, 0x4041, 0x0) (async) 10:19:49 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x3, 0x4, &(0x7f0000001240)=[{&(0x7f0000000100)="d328d71abd8016742336dd29f5", 0xd, 0xfffffffffffffffd}, {&(0x7f0000000140)="61d5ef28f99187c3ebe9c4b34c442c19078f54348c09602663665d39c8bbd6e00d4676858488149d990b6793bde0f42f644ba54766a636ec4b52e7e3093f69b1222451c502735bbedf4761e8be0fd83de45d7a9e0295acff6e128868f85d897db8cc2f9f209362b1668da2f4b867552baae0323d5c7ab62354e261322be953f7fc934a6572efbfe130e4da", 0x8b, 0x4}, {&(0x7f0000000200)="be55afd552f9b21b53ad43bcfa0aab556b5cc84251b96b770b695ff8a060d59b827442d0be2efc3c9cb89d3aa86cc3535ea744b2d795a147293bce3daa7e3901d0b0891ccbec86ca7cf9650d2d2d68a8db1377832bb6e1caf26bce63669e4bea45e15ce3f2c6e2302e8ec2cfa32e790ca8dbd03f5f664d78f07fb7423a70808a0b25c01d5ce2e2639a6a6fdbc82d8425e0dd928007a705f724f764669ad7bd6fcf53322d42fe4ca95df701be46f710b0b8db3f8e9b2d8f9be56c44669535f94724d278411fd5ef9a4401bf88a926d913fd4f7ba79b43074eeaf00f04fda54354c894a96adf5af63b1ac84977958bb68a188fe792f306253c5521d12343ff9917d4d902b1c29b4e177fcd909b7147de6332531cecc9e6b1c695d58bce72408b6f40191220dfecd15805e11048bea537fe32149a225b50eb3e05f649e07427b9efadad458a2ce8030bfdc3e8da27eb743a5258dc546fc84379f4c9aa3859b4934c415516442a1b474d3af1ad7e1465be7ed067b3a04c5342eb0dbe31048739ed0953cede75021147b881d2ce197154ff26a06f359711189f3f9ce122dc1e2ae0e359afeed401eaa45273a3bfc3d9b94644c3c35f364890d6597d85ce1b7cc60d85d4eeb868833b8bb5f5636d7df1f60be96f1e63ff040abeb44d9045eba1b1b62e478a59dbcdfeaa6587b3abe6e40becbad94d1cbd0779665dcfd8a93da7f9d65cd17e361d7f3e580c205f613bd46624ebdcd74d5d70a1e3b0003edd69d855a5590135e9c9ec37f9392f8e32144c2a0cbb0f60ad75d1467a734cbe4865746886693c8e8f5145af334d7030e09cd770ba0455209d056c5cccdd4c0308be7a3d8b338f012d2e4e22e396273885a543050afea8099767fe969253b79aea4edfe90140f2123872ce4890dfa4abf8da704b8c4bb19881b60aa35970f44f0f7897aa56d0d72a8c008398e31c3802ee4f0a86d2bcf7d133198be3b597be4106256224a38b2520a751fc2ac004e73f557249f5d3b560a42e18cfd1b47b34aca6a7ed7180160e303bc0e2e66e591ebc6b0e1825d6960bd90a6083d3f5ce5ceb1a45bda27abb0e0b7a5fbc5322c355d197ef34b8aa8e37100dd24a0eda3e7964c5f670cdad48bd54186d32603b27b2bfc6868fb268a2a87ddd840cf486e3293f922fb98f7ed450b8ca8dcfc782943c9536ddf02bf39ef8232082576aec886f4253239c71878ede57d260a1ba744babdc9e790658a1bd87acedf714ffe8786bb206f7e5ce744a18ba297754cfee9834c7e2a8f316e833558d3494c3ba8795d5ed8b6d012a3a3af9f623ae9f0daf5634dd2a36630ce4a828b37ffbc9c712d8e5e23a48049dd313110d155e34d330f0886cc01a8a21a273f3d9c0f4a53f16cec31944ddab37fe27843f193129168a354e02c618fcec98218644c74dd882250a3a41998a38f9093046faae0b4b272669721baff3ff04e63e7f6d42c3ef93ad9f4923ec13b6423d7e7df079900ed6c3cfa2e6e1b6ec7bb71d6620541c78f11489b7f7aa683846e0b02c0158aa83b6590e97d525773ba64a58216d76d2063525516de6d3ded7c687c41c2f41a0c1b0770ce7d17d288ac05d64662cb54201846a7489894577cfabb1a3f27075d92e0e3918079ec75222f18a83abc630fbbdcf433b567c2c57117a7f24c1e5de7a43f607f8c6b58a63ddbc2f905b97fb8f0b6bebfb593c9ba474ee3f74aa56e1cd1dac5e39106b877d4d0e9b7b1da97514f4c726e88a72ba9f038b6294852c4c8e3c351ebb79bcf3b5283883b0bf05f623d582877f855d7a5ec252bd6f4b12444be5bc9f5e0c2990a3110bb6010179133aef00bee4ab78401217a28f0c5e27be3feeaf9894df9e96360889f79e23ab084862c252f77b498ecf286d92c64da2e03703e64a33452306c38e0fddec8a3762dc7e7885b5fab11be319b56158649ccc332629f87a2204d508968154bed529018baf9beef070adc7eef638091ab97e99e8a33dab1c34500fd52a384e5a20cff582ceb5f1635799ce80e2a1c6da3c7653ffc2406380d18d5a1c8204187848e26735e42f7e773b19d927d5644b0de72df79c4a7fb797d8f8b6a2fc16acc621974df6cd0625caec16636d4cc259b4364721cae4e35f5baf6d1baeb6ebbfb721bac00f48c4caf4a80429f4df63737da6e3b3953184d8bb5caf94de6aa7fbe523ca0e0d12f794844147719540e41ec80e16d8480e1ff046516b92cb33b91683e61e1b637f047d5bad237b426d07b07bde3cdc315fecf8a0f942618abcc18e190a15efb9ba29f18475dfae3fbd983f23e63943ad03a4e2f7d0a9a41ae8fff3e1c5a660bbc7d3c8419e0f188c4ad400d1af4eba0f62726b91d75263b369ad556f3b0d9b11d9b8c66314dfb9481b0ae87b5c797a783927c388387d1009262cfae847b3495a34e891d166a56b31e209c935a88a8329e65c3b6648b84164e732c8b1399d70f821b5f441201d70864eaeb99f3797717c04071e2c68b369865ed645047a6642df99281fb6d7dbc42c283510819d0034040650bd90aa336706b00ef3ce14a272be011d8032f8f85409cda91ca53c05982cba7130a4f0c8c4bfa3dc603c72842bcd1035077bb90c0b9656964e9caf32ad57999ec0f618a0d8a47af0b77081d460b2b4e66b7dfe74a024dc7930da2b4f60d4755987feae0682c04a7399409dfa7332aec2898d6f11bcbbbd770c510884e54e6b5f68a7e0344521164273237db7971cd2b46ae7da65218c21fc73a2121b459ff824ec0c871ba24757f8f772b2be55f8f1bedcbd3a54612abe88855e8514e76f842d63b4d63cae01b337c89e5ea91532c4d44dac1310a7379cf04c8130d3861336ccd2289230f29abe9c08da6f2d1a3fbf32f66a76c636344c2725b0827ace65051ffda8f04332f8473141ae59630436183485c8f8aa835a3d6bfb1cdbfb0b3fbc3eb8b5582bae9a501f79703e3d8afc6633e03b1dbb53361081fc919683934e0fb07090b7e8d4bac182154e70566f42f51c639268fb4295b807ee6d5e53356991368da1c72d92530acbd85f54a53a5d73cb09dec845209bc3a4693ba757754382529f08daf902dcf075d3faf27023e86553e9bb15cb5c77b228c7be51605ae9f709ca5464293befdd4db0157db801d5ffc8e9a961eb355a5fdf961cddabf56c599dd4b6ad67de6f492ab2694a04e5cfae434c6f01c3eec9f8d6b40977ed19b978a5306524ff77c411e5f160878fcce55fccfd2fe6074b780ea4a7186553e9a65367f57fa3f4d7405a79210ef836c3299aedb1ce0f96af63db51fa7656e3e72e1c756feb10b1ece7416f34ad55786c04607132fad5759b35e8ffd918a7d5af07006e510ca4d025d994e6c7010bfdc572e738cf266893ad01e3f79396eb708a734846d9f43c9b634946c7fabc8100c6f46bafb7c099c0819c20b4e87d9b593d6617e4fcadce9109df3e9f05a5ad2c824253b7591ac2e604993386c46faa241e7b810313e0d3b6a400f1a3e0383f26c00c9ddd744852d8c95fcc567e8a41cd18d54a5950e857676ef5a5d379d6bad81f281a1b266126bf239a2cc1360471ceea343b0dabf44f36090fdf3b49d8862f85358b2c0f1740892004e50d589472a3d56bdd84b80ab602aa92d0079c1acb23a9e2971243b2b9f75601ffe3fe80930c1d33adc85065a44b44b017131999d500f919f2f1c21cff2158248432bcb5dd29fe7f3a2c435b8c066835f48508b387d5efee39f7d8c8d3db047101ba974a7cd963ca92e4e0c06a9a8cf43225a5ecfaf0a7a3a7cd0ed29fc0f6a0b442e3d5b88d40833223640feb485bd2bb9a2426ba2655a499f720196922c719613b319c28417a92f3c348110396a1c61b49d435c51a661397e5957cdb164b5c08e0113f8b748f52432b7f3c76e52bd32ba4b5d22f7b2a8ca15437192d7702319a0e0e212d2f1ba27ab924005a299c141000bc287594b74f8724c8c1c0acadbb38a7f99a38e1187c3f568073407b79fe519523d64c7479d534c72d19f5ec5d0a7266237ac6c18f027f6cc8f1199866a02bb14c498478dccb77f937522892143d87cb1c9186eeba71bf2357e61b76e5690976934445a90e5e4c385c2a63d77f77da9b9e6d07717b43562f777cbdaa1b5feb23c88f803f02feb843b3ef5619fe67452d9bfcd0e21ec31817b91f838ba83710e8ef394e2491a0f5651d3a85867e43d295b3ccfb692e5612eb04c4ea8efc5c00293c3c99eeb461cac3eab0a4b09785bdaee0c0a6508daf5a71d9d2183f5f9224029c93405269fb01faeb18fcf7814c881322512c6de241709e0206ab365741d1a0b4bc4db0726f59d4d4e6e75fc2cf9ad470664c931038529b049c7764ad9f5f18df39c0f8edb659b39fd34c09da4655d01f64a36549c42e84af848163e102ddeb3ddd52e6e9aa1da6cdeeb13d32936161b6be186fad17d922ee878932a2f478d0a3a3c10b24469ece3a97703c7bca77620a06e81b14ebe30442122d0d694f7e76b66991b054135599e1317313ac1a42eaa35b9c9d73b0c609a8573b9bca157a5fc671fdcafb11b4da34b840dbaf2c6acc9ecd624da4cbcd39c1aa40eebb72c9da493ba1eb58684eebb4d89fee00fe179873b816fdb94646aa83544b30a4caaa639bdab04df3357d684379930edf13d407d7542080d59b1e660ad66157ca3ce6ad39dd7881117b3991b86b297350b97d023cddfec7426532a1e5d77c8825dd186f093680b3a7a81de817dfb2c3c1b57f71586bae504a31e2d9ef15b878dd05eb0aa24fe0cdf1eb18659edcfc84957c11ec0c6b0d6e88636441a628184d5142931e892b53cfbe353ba2e4ae3436eeda9b716adb84da88639c1e427a12ea3acc609a38577a61f049b3101e38fe8a18dcb5a2f07c2a21b2d47f1d8bfbc9dab3d7cc8f3328d47869eaa9fe5cd1ea4fd851e096f14c60b73cba340cc1502f2645b9a2fe11e47671acf00429642481bf65950e674850ac1d2eae97c5677182bb4eeb21df27f3f819fb7289f99ada6e4998eaf746606cbcce110b4d3688c7043b46f0fbc3412679b120ca013ca1905cdf9b9cd299793446a6d724673e55a2fa25d050e2ba3ed6cbb2290d291c528a88140de38cf82faf860e630119f7ba301f1155e5b71c0498bd174b4c2ccdf2ec0d39c565180d5ccebcc20f62891b6c4a1354c5661cc5a9591b80dde23738278e88da1cec170384d6be630711d03f3f5b12e1d64df37aab2bd47291e1173bf18f84ed308f9c80ffdcbdc4251ece62949f9ce08cf5c7f280436313cbd07a4c0c3c38fc6e1539824d4b97818f430d9885e5038c435021843ab25885fdda896ea3318caaf1bc1cad05f9ff8b5c8ff4463b9132eb0ee40bc4d1d9000030834878f7db852fd590d5c53bc4916cc9c27c3251d576385e1249beb75d37b8dfc6e682efc9a2b468b1bd9a91a4731d7ded03c2e6e17e185165771bd41b209f0e26101c16f591fa23e7e9557255d385f970b8ad719dba2ddfb84728d3e0fd7a44e06a5d704d3efe2529ed8f70251892b36ab336a45344d776ab1351ead450ce3e49f3428795bd630d436858a2a7215ee50f841c10a416aeb8355c2039058a650b25f9e81ff11fd49655be4be5597c1fa373bb0750a90862f31c9a3fcfdfaaaeb03e846c3f9123315c9de1d45d8eb1eb7730112175248a8a3e0133c3aea01b55b6cbe5f147ba1cf167dfc28c60be8ce0e999f9cce9b61bc777515754047f5befd4109f127e3a1b4ac7c487fc41fbfbb3d5afa1d474c0b63907a21f09ed103cfb5773c0d8043c254e893fa93a0b18", 0x1000}, {&(0x7f0000001200)="efe86e0aafce7e07151f0e811767e767a1e4ad60ccbf6b81384f4ea6eb77", 0x1e, 0x4a}], 0x2100840, &(0x7f00000012c0)=ANY=[@ANYBLOB="da0ad5fe872c0000001139dadfbc348203d30e52db4998235653003ae14621707100"/49]) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001400)={&(0x7f00000014c0)=ANY=[@ANYBLOB="b6f32c00d20532000000e3", @ANYRES16=r0, @ANYBLOB="00022dbd7000fbdbdf25880000000c009900c6000000020000000a00060008021100000000000a000600ffffffffffff00000a000600ffffffffffff0000"], 0x44}, 0x1, 0x0, 0x0, 0x40088b5}, 0x20000040) syz_genetlink_get_family_id$ethtool(&(0x7f0000001480), 0xffffffffffffffff) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x3, 0x4, &(0x7f0000001240)=[{&(0x7f0000000100)="d328d71abd8016742336dd29f5", 0xd, 0xfffffffffffffffd}, {&(0x7f0000000140)="61d5ef28f99187c3ebe9c4b34c442c19078f54348c09602663665d39c8bbd6e00d4676858488149d990b6793bde0f42f644ba54766a636ec4b52e7e3093f69b1222451c502735bbedf4761e8be0fd83de45d7a9e0295acff6e128868f85d897db8cc2f9f209362b1668da2f4b867552baae0323d5c7ab62354e261322be953f7fc934a6572efbfe130e4da", 0x8b, 0x4}, {&(0x7f0000000200)="be55afd552f9b21b53ad43bcfa0aab556b5cc84251b96b770b695ff8a060d59b827442d0be2efc3c9cb89d3aa86cc3535ea744b2d795a147293bce3daa7e3901d0b0891ccbec86ca7cf9650d2d2d68a8db1377832bb6e1caf26bce63669e4bea45e15ce3f2c6e2302e8ec2cfa32e790ca8dbd03f5f664d78f07fb7423a70808a0b25c01d5ce2e2639a6a6fdbc82d8425e0dd928007a705f724f764669ad7bd6fcf53322d42fe4ca95df701be46f710b0b8db3f8e9b2d8f9be56c44669535f94724d278411fd5ef9a4401bf88a926d913fd4f7ba79b43074eeaf00f04fda54354c894a96adf5af63b1ac84977958bb68a188fe792f306253c5521d12343ff9917d4d902b1c29b4e177fcd909b7147de6332531cecc9e6b1c695d58bce72408b6f40191220dfecd15805e11048bea537fe32149a225b50eb3e05f649e07427b9efadad458a2ce8030bfdc3e8da27eb743a5258dc546fc84379f4c9aa3859b4934c415516442a1b474d3af1ad7e1465be7ed067b3a04c5342eb0dbe31048739ed0953cede75021147b881d2ce197154ff26a06f359711189f3f9ce122dc1e2ae0e359afeed401eaa45273a3bfc3d9b94644c3c35f364890d6597d85ce1b7cc60d85d4eeb868833b8bb5f5636d7df1f60be96f1e63ff040abeb44d9045eba1b1b62e478a59dbcdfeaa6587b3abe6e40becbad94d1cbd0779665dcfd8a93da7f9d65cd17e361d7f3e580c205f613bd46624ebdcd74d5d70a1e3b0003edd69d855a5590135e9c9ec37f9392f8e32144c2a0cbb0f60ad75d1467a734cbe4865746886693c8e8f5145af334d7030e09cd770ba0455209d056c5cccdd4c0308be7a3d8b338f012d2e4e22e396273885a543050afea8099767fe969253b79aea4edfe90140f2123872ce4890dfa4abf8da704b8c4bb19881b60aa35970f44f0f7897aa56d0d72a8c008398e31c3802ee4f0a86d2bcf7d133198be3b597be4106256224a38b2520a751fc2ac004e73f557249f5d3b560a42e18cfd1b47b34aca6a7ed7180160e303bc0e2e66e591ebc6b0e1825d6960bd90a6083d3f5ce5ceb1a45bda27abb0e0b7a5fbc5322c355d197ef34b8aa8e37100dd24a0eda3e7964c5f670cdad48bd54186d32603b27b2bfc6868fb268a2a87ddd840cf486e3293f922fb98f7ed450b8ca8dcfc782943c9536ddf02bf39ef8232082576aec886f4253239c71878ede57d260a1ba744babdc9e790658a1bd87acedf714ffe8786bb206f7e5ce744a18ba297754cfee9834c7e2a8f316e833558d3494c3ba8795d5ed8b6d012a3a3af9f623ae9f0daf5634dd2a36630ce4a828b37ffbc9c712d8e5e23a48049dd313110d155e34d330f0886cc01a8a21a273f3d9c0f4a53f16cec31944ddab37fe27843f193129168a354e02c618fcec98218644c74dd882250a3a41998a38f9093046faae0b4b272669721baff3ff04e63e7f6d42c3ef93ad9f4923ec13b6423d7e7df079900ed6c3cfa2e6e1b6ec7bb71d6620541c78f11489b7f7aa683846e0b02c0158aa83b6590e97d525773ba64a58216d76d2063525516de6d3ded7c687c41c2f41a0c1b0770ce7d17d288ac05d64662cb54201846a7489894577cfabb1a3f27075d92e0e3918079ec75222f18a83abc630fbbdcf433b567c2c57117a7f24c1e5de7a43f607f8c6b58a63ddbc2f905b97fb8f0b6bebfb593c9ba474ee3f74aa56e1cd1dac5e39106b877d4d0e9b7b1da97514f4c726e88a72ba9f038b6294852c4c8e3c351ebb79bcf3b5283883b0bf05f623d582877f855d7a5ec252bd6f4b12444be5bc9f5e0c2990a3110bb6010179133aef00bee4ab78401217a28f0c5e27be3feeaf9894df9e96360889f79e23ab084862c252f77b498ecf286d92c64da2e03703e64a33452306c38e0fddec8a3762dc7e7885b5fab11be319b56158649ccc332629f87a2204d508968154bed529018baf9beef070adc7eef638091ab97e99e8a33dab1c34500fd52a384e5a20cff582ceb5f1635799ce80e2a1c6da3c7653ffc2406380d18d5a1c8204187848e26735e42f7e773b19d927d5644b0de72df79c4a7fb797d8f8b6a2fc16acc621974df6cd0625caec16636d4cc259b4364721cae4e35f5baf6d1baeb6ebbfb721bac00f48c4caf4a80429f4df63737da6e3b3953184d8bb5caf94de6aa7fbe523ca0e0d12f794844147719540e41ec80e16d8480e1ff046516b92cb33b91683e61e1b637f047d5bad237b426d07b07bde3cdc315fecf8a0f942618abcc18e190a15efb9ba29f18475dfae3fbd983f23e63943ad03a4e2f7d0a9a41ae8fff3e1c5a660bbc7d3c8419e0f188c4ad400d1af4eba0f62726b91d75263b369ad556f3b0d9b11d9b8c66314dfb9481b0ae87b5c797a783927c388387d1009262cfae847b3495a34e891d166a56b31e209c935a88a8329e65c3b6648b84164e732c8b1399d70f821b5f441201d70864eaeb99f3797717c04071e2c68b369865ed645047a6642df99281fb6d7dbc42c283510819d0034040650bd90aa336706b00ef3ce14a272be011d8032f8f85409cda91ca53c05982cba7130a4f0c8c4bfa3dc603c72842bcd1035077bb90c0b9656964e9caf32ad57999ec0f618a0d8a47af0b77081d460b2b4e66b7dfe74a024dc7930da2b4f60d4755987feae0682c04a7399409dfa7332aec2898d6f11bcbbbd770c510884e54e6b5f68a7e0344521164273237db7971cd2b46ae7da65218c21fc73a2121b459ff824ec0c871ba24757f8f772b2be55f8f1bedcbd3a54612abe88855e8514e76f842d63b4d63cae01b337c89e5ea91532c4d44dac1310a7379cf04c8130d3861336ccd2289230f29abe9c08da6f2d1a3fbf32f66a76c636344c2725b0827ace65051ffda8f04332f8473141ae59630436183485c8f8aa835a3d6bfb1cdbfb0b3fbc3eb8b5582bae9a501f79703e3d8afc6633e03b1dbb53361081fc919683934e0fb07090b7e8d4bac182154e70566f42f51c639268fb4295b807ee6d5e53356991368da1c72d92530acbd85f54a53a5d73cb09dec845209bc3a4693ba757754382529f08daf902dcf075d3faf27023e86553e9bb15cb5c77b228c7be51605ae9f709ca5464293befdd4db0157db801d5ffc8e9a961eb355a5fdf961cddabf56c599dd4b6ad67de6f492ab2694a04e5cfae434c6f01c3eec9f8d6b40977ed19b978a5306524ff77c411e5f160878fcce55fccfd2fe6074b780ea4a7186553e9a65367f57fa3f4d7405a79210ef836c3299aedb1ce0f96af63db51fa7656e3e72e1c756feb10b1ece7416f34ad55786c04607132fad5759b35e8ffd918a7d5af07006e510ca4d025d994e6c7010bfdc572e738cf266893ad01e3f79396eb708a734846d9f43c9b634946c7fabc8100c6f46bafb7c099c0819c20b4e87d9b593d6617e4fcadce9109df3e9f05a5ad2c824253b7591ac2e604993386c46faa241e7b810313e0d3b6a400f1a3e0383f26c00c9ddd744852d8c95fcc567e8a41cd18d54a5950e857676ef5a5d379d6bad81f281a1b266126bf239a2cc1360471ceea343b0dabf44f36090fdf3b49d8862f85358b2c0f1740892004e50d589472a3d56bdd84b80ab602aa92d0079c1acb23a9e2971243b2b9f75601ffe3fe80930c1d33adc85065a44b44b017131999d500f919f2f1c21cff2158248432bcb5dd29fe7f3a2c435b8c066835f48508b387d5efee39f7d8c8d3db047101ba974a7cd963ca92e4e0c06a9a8cf43225a5ecfaf0a7a3a7cd0ed29fc0f6a0b442e3d5b88d40833223640feb485bd2bb9a2426ba2655a499f720196922c719613b319c28417a92f3c348110396a1c61b49d435c51a661397e5957cdb164b5c08e0113f8b748f52432b7f3c76e52bd32ba4b5d22f7b2a8ca15437192d7702319a0e0e212d2f1ba27ab924005a299c141000bc287594b74f8724c8c1c0acadbb38a7f99a38e1187c3f568073407b79fe519523d64c7479d534c72d19f5ec5d0a7266237ac6c18f027f6cc8f1199866a02bb14c498478dccb77f937522892143d87cb1c9186eeba71bf2357e61b76e5690976934445a90e5e4c385c2a63d77f77da9b9e6d07717b43562f777cbdaa1b5feb23c88f803f02feb843b3ef5619fe67452d9bfcd0e21ec31817b91f838ba83710e8ef394e2491a0f5651d3a85867e43d295b3ccfb692e5612eb04c4ea8efc5c00293c3c99eeb461cac3eab0a4b09785bdaee0c0a6508daf5a71d9d2183f5f9224029c93405269fb01faeb18fcf7814c881322512c6de241709e0206ab365741d1a0b4bc4db0726f59d4d4e6e75fc2cf9ad470664c931038529b049c7764ad9f5f18df39c0f8edb659b39fd34c09da4655d01f64a36549c42e84af848163e102ddeb3ddd52e6e9aa1da6cdeeb13d32936161b6be186fad17d922ee878932a2f478d0a3a3c10b24469ece3a97703c7bca77620a06e81b14ebe30442122d0d694f7e76b66991b054135599e1317313ac1a42eaa35b9c9d73b0c609a8573b9bca157a5fc671fdcafb11b4da34b840dbaf2c6acc9ecd624da4cbcd39c1aa40eebb72c9da493ba1eb58684eebb4d89fee00fe179873b816fdb94646aa83544b30a4caaa639bdab04df3357d684379930edf13d407d7542080d59b1e660ad66157ca3ce6ad39dd7881117b3991b86b297350b97d023cddfec7426532a1e5d77c8825dd186f093680b3a7a81de817dfb2c3c1b57f71586bae504a31e2d9ef15b878dd05eb0aa24fe0cdf1eb18659edcfc84957c11ec0c6b0d6e88636441a628184d5142931e892b53cfbe353ba2e4ae3436eeda9b716adb84da88639c1e427a12ea3acc609a38577a61f049b3101e38fe8a18dcb5a2f07c2a21b2d47f1d8bfbc9dab3d7cc8f3328d47869eaa9fe5cd1ea4fd851e096f14c60b73cba340cc1502f2645b9a2fe11e47671acf00429642481bf65950e674850ac1d2eae97c5677182bb4eeb21df27f3f819fb7289f99ada6e4998eaf746606cbcce110b4d3688c7043b46f0fbc3412679b120ca013ca1905cdf9b9cd299793446a6d724673e55a2fa25d050e2ba3ed6cbb2290d291c528a88140de38cf82faf860e630119f7ba301f1155e5b71c0498bd174b4c2ccdf2ec0d39c565180d5ccebcc20f62891b6c4a1354c5661cc5a9591b80dde23738278e88da1cec170384d6be630711d03f3f5b12e1d64df37aab2bd47291e1173bf18f84ed308f9c80ffdcbdc4251ece62949f9ce08cf5c7f280436313cbd07a4c0c3c38fc6e1539824d4b97818f430d9885e5038c435021843ab25885fdda896ea3318caaf1bc1cad05f9ff8b5c8ff4463b9132eb0ee40bc4d1d9000030834878f7db852fd590d5c53bc4916cc9c27c3251d576385e1249beb75d37b8dfc6e682efc9a2b468b1bd9a91a4731d7ded03c2e6e17e185165771bd41b209f0e26101c16f591fa23e7e9557255d385f970b8ad719dba2ddfb84728d3e0fd7a44e06a5d704d3efe2529ed8f70251892b36ab336a45344d776ab1351ead450ce3e49f3428795bd630d436858a2a7215ee50f841c10a416aeb8355c2039058a650b25f9e81ff11fd49655be4be5597c1fa373bb0750a90862f31c9a3fcfdfaaaeb03e846c3f9123315c9de1d45d8eb1eb7730112175248a8a3e0133c3aea01b55b6cbe5f147ba1cf167dfc28c60be8ce0e999f9cce9b61bc777515754047f5befd4109f127e3a1b4ac7c487fc41fbfbb3d5afa1d474c0b63907a21f09ed103cfb5773c0d8043c254e893fa93a0b18", 0x1000}, {&(0x7f0000001200)="efe86e0aafce7e07151f0e811767e767a1e4ad60ccbf6b81384f4ea6eb77", 0x1e, 0x4a}], 0x2100840, &(0x7f00000012c0)=ANY=[@ANYBLOB="da0ad5fe872c0000001139dadfbc348203d30e52db4998235653003ae14621707100"/49]) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000001340), 0xffffffffffffffff) (async) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001400)={&(0x7f00000014c0)=ANY=[@ANYBLOB="b6f32c00d20532000000e3", @ANYRES16=r0, @ANYBLOB="00022dbd7000fbdbdf25880000000c009900c6000000020000000a00060008021100000000000a000600ffffffffffff00000a000600ffffffffffff0000"], 0x44}, 0x1, 0x0, 0x0, 0x40088b5}, 0x20000040) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000001480), 0xffffffffffffffff) (async) 10:19:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x0, 0x4, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0xc0, 0x20}}}}}, 0x28}}, 0x30) (async, rerun: 64) clock_gettime(0x1, &(0x7f00000000c0)={0x0, 0x0}) (async, rerun: 64) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, 0x0, 0x0) (async) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r5 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async, rerun: 32) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, r4, 0x0, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8, 0x11}}}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x80) (async, rerun: 32) r6 = gettid() sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) r7 = socket(0x1e, 0x80810, 0x7fffffff) r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r9 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r9, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00', @ANYRES16=r8, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r10, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="08002bbd7000fddbd3460008000000000000faffffffffffffff00", @ANYRES32=r10, @ANYBLOB="0c0099000500000045000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) syz_open_procfs$namespace(r6, 0x0) (async, rerun: 32) sched_rr_get_interval(r6, &(0x7f00000002c0)) (rerun: 32) pselect6(0x40, &(0x7f0000000000)={0x8, 0x4, 0x1ff, 0x8000000000000000, 0x3, 0x1, 0x7ff, 0x5}, &(0x7f0000000040)={0x3, 0x9, 0x5, 0x6, 0x3, 0x10000, 0x1, 0x7a}, &(0x7f0000000080)={0x4, 0x6, 0x85c, 0x8000000000000, 0x401, 0xfffffffffffffff8, 0x10000, 0x1f}, &(0x7f0000000100)={r1, r2+60000000}, &(0x7f0000000180)={&(0x7f0000000140)={[0x4]}, 0x8}) 10:19:49 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 35) 10:19:49 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, 0x0, 0x10, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x7b}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x4c}}, 0x11) r1 = socket(0x24, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), r1) sendmsg$TIPC_NL_LINK_RESET_STATS(r2, &(0x7f0000000680)={&(0x7f0000000400), 0xc, &(0x7f0000000640)={&(0x7f0000000480)={0x1a4, r3, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}]}, @TIPC_NLA_BEARER={0x24, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA={0x10, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4c3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7020}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK={0xd4, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x53}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1000}]}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x240}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x46}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xcdb}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x24000080}, 0x4194) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0x1d0, 0x0, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0x84, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x25800000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6b1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffff7cd}]}]}, @TIPC_NLA_SOCK={0x50, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xc9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x200}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x81}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1000}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) [ 1064.079798] FAULT_INJECTION: forcing a failure. [ 1064.079798] name failslab, interval 1, probability 0, space 0, times 0 [ 1064.108678] CPU: 0 PID: 15394 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1064.116581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1064.125930] Call Trace: 10:19:49 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x1) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x1, 0x0, 0x0, 0xa29800, 0x0) [ 1064.128522] dump_stack+0x1b2/0x281 [ 1064.132154] should_fail.cold+0x10a/0x149 [ 1064.136306] should_failslab+0xd6/0x130 [ 1064.140369] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1064.145474] __kmalloc_node_track_caller+0x38/0x70 [ 1064.150406] __alloc_skb+0x96/0x510 [ 1064.154040] kobject_uevent_env+0x882/0xf30 [ 1064.158371] lo_ioctl+0x11a6/0x1cd0 [ 1064.162001] ? loop_set_status64+0xe0/0xe0 [ 1064.166247] blkdev_ioctl+0x540/0x1830 [ 1064.170153] ? blkpg_ioctl+0x8d0/0x8d0 [ 1064.174041] ? trace_hardirqs_on+0x10/0x10 10:19:49 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, 0x0, 0x10, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x7b}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x4c}}, 0x11) (async) r1 = socket(0x24, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), r1) sendmsg$TIPC_NL_LINK_RESET_STATS(r2, &(0x7f0000000680)={&(0x7f0000000400), 0xc, &(0x7f0000000640)={&(0x7f0000000480)={0x1a4, r3, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}]}, @TIPC_NLA_BEARER={0x24, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA={0x10, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4c3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7020}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK={0xd4, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x53}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1000}]}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x240}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x46}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xcdb}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x24000080}, 0x4194) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0x1d0, 0x0, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0x84, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x25800000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6b1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffff7cd}]}]}, @TIPC_NLA_SOCK={0x50, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xc9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x200}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x81}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1000}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) 10:19:49 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x1) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x1, 0x0, 0x0, 0xa29800, 0x0) [ 1064.178277] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1064.183377] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1064.188396] block_ioctl+0xd9/0x120 [ 1064.192023] ? blkdev_fallocate+0x3a0/0x3a0 [ 1064.196343] do_vfs_ioctl+0x75a/0xff0 [ 1064.200139] ? lock_acquire+0x170/0x3f0 [ 1064.204113] ? ioctl_preallocate+0x1a0/0x1a0 [ 1064.208522] ? __fget+0x265/0x3e0 [ 1064.211983] ? do_vfs_ioctl+0xff0/0xff0 [ 1064.216006] ? security_file_ioctl+0x83/0xb0 [ 1064.220419] SyS_ioctl+0x7f/0xb0 [ 1064.223783] ? do_vfs_ioctl+0xff0/0xff0 10:19:49 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_MPATH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, 0x0, 0x10, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x7b}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x4c}}, 0x11) (async, rerun: 64) r1 = socket(0x24, 0x0, 0x0) (rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), r1) sendmsg$TIPC_NL_LINK_RESET_STATS(r2, &(0x7f0000000680)={&(0x7f0000000400), 0xc, &(0x7f0000000640)={&(0x7f0000000480)={0x1a4, r3, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x80000001}]}, @TIPC_NLA_BEARER={0x24, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA={0x10, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4c3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7020}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_SOCK={0xd4, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x53}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1000}]}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffffa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x800}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x240}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x46}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xcdb}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x24000080}, 0x4194) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0x1d0, 0x0, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x94, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_LINK={0x84, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x25800000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6b1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffff7cd}]}]}, @TIPC_NLA_SOCK={0x50, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xc9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x200}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x81}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1000}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000) [ 1064.227751] do_syscall_64+0x1d5/0x640 [ 1064.231642] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1064.236822] RIP: 0033:0x7f2e61d65e07 [ 1064.240526] RSP: 002b:00007f2e606daf28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1064.248230] RAX: ffffffffffffffda RBX: 00007f2e61daf9c8 RCX: 00007f2e61d65e07 [ 1064.255496] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1064.262763] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1064.270028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 10:19:49 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0xa8000, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="0c0099000000000023000000080001000400000008000100060000000800020000000000"], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) [ 1064.277379] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1064.320405] FAULT_INJECTION: forcing a failure. [ 1064.320405] name failslab, interval 1, probability 0, space 0, times 0 [ 1064.352787] qnx4: unable to read the superblock [ 1064.358653] CPU: 0 PID: 15404 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1064.366543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1064.375980] Call Trace: [ 1064.378555] dump_stack+0x1b2/0x281 [ 1064.382167] should_fail.cold+0x10a/0x149 [ 1064.386347] should_failslab+0xd6/0x130 [ 1064.390315] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1064.395407] __kmalloc_node_track_caller+0x38/0x70 [ 1064.400325] __alloc_skb+0x96/0x510 [ 1064.403952] kobject_uevent_env+0x882/0xf30 [ 1064.408261] lo_ioctl+0x11a6/0x1cd0 [ 1064.411884] ? loop_set_status64+0xe0/0xe0 [ 1064.416116] blkdev_ioctl+0x540/0x1830 [ 1064.419996] ? blkpg_ioctl+0x8d0/0x8d0 [ 1064.423876] ? trace_hardirqs_on+0x10/0x10 [ 1064.428145] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1064.433231] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1064.438232] block_ioctl+0xd9/0x120 [ 1064.441842] ? blkdev_fallocate+0x3a0/0x3a0 [ 1064.446154] do_vfs_ioctl+0x75a/0xff0 [ 1064.449945] ? lock_acquire+0x170/0x3f0 [ 1064.453908] ? ioctl_preallocate+0x1a0/0x1a0 [ 1064.458310] ? __fget+0x265/0x3e0 [ 1064.461744] ? do_vfs_ioctl+0xff0/0xff0 [ 1064.465697] ? security_file_ioctl+0x83/0xb0 [ 1064.470090] SyS_ioctl+0x7f/0xb0 [ 1064.473443] ? do_vfs_ioctl+0xff0/0xff0 [ 1064.477408] do_syscall_64+0x1d5/0x640 [ 1064.481290] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1064.486467] RIP: 0033:0x7f94265b4e07 [ 1064.490158] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1064.497854] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1064.505108] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1064.512359] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1064.519613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1064.526930] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1064.540319] qnx4: unable to read the superblock 10:19:50 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 27) 10:19:50 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x8, 0x1) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x1, 0x0, 0x0, 0xa29800, 0x0) 10:19:50 executing program 1: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/nf_conntrack', 0xc000, 0xb4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) r1 = socket(0x24, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x4000814) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="d10226bd7000fcfbdf25010000fb000000050037fb8001000005002d00000000000a000900aaaaaaaa91bb008adf4397f9b65dbe0000000000000060625826ad20aae2573c9bcdd9599b3b171ada2c7a92a416b78836b1a141420b5bbb29ff7af86b69ab76626db9d16d2d1d8034fe8408a8f8cffe34b3042cb6470ace324035ad37d36382ab5d7a928f91eb182cbb1b839ea1c8075e9a94b71fd8d62044152ed9447ec0e028ddd9990cfcd99184d225"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4000880) setns(r2, 0x20000000) 10:19:50 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0xa8000, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="0c0099000000000023000000080001000400000008000100060000000800020000000000"], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0xa8000, 0x0) (async) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="0c0099000000000023000000080001000400000008000100060000000800020000000000"], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) (async) 10:19:50 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r2, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x0, 0x4}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x40010c0}, 0x4000001) sendmsg$alg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="a3966b9ce7f1fa16c7cf5df9a3bbd48d0c64f16a6bbaad330754779d5f4e637167dce6ecfb49d44023d50a5d4b3e2882148cc5236b7aaa9ce7d874eb43cf588627e30f6bcad74d5543b7c83979f2c34ecff9b9c4cf226e49faaf8c2b3eba43093a560cd46280719b7e91e2aff45c9013ae729fd09364f965b40636f5c95a28ad8059b2611d1d9cbf1b818eb935b2f47a9f1e76c86898507a5709a86c1722e7", 0x9f}, {&(0x7f0000000180)="12ef460a9f8dd4c9f645c894800d2b9b2b7cf236ff197762a02421044ee2eb52fca8fa755677094eb60896a27a85721e60abccc89e5073742d2cfeb571ea2d9096f6abedfe038a2c7f25a30c3145a92087118d3e4cee522d97ff64f0f05c75f53c2429b539b144597d457d9aa4f0a5351b3a7692a22716b24eca2820cdad93170dae3f8016a2826dff8a9c19adfa773ded7303cd1e238a4e62e03b6bb631acae31c98a4c", 0xa4}], 0x2, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x6}, @op={0x18, 0x117, 0x3, 0x1}], 0x48, 0x4040080}, 0x804) 10:19:50 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 36) 10:19:50 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0xa8000, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="0c0099000000000023000000080001000400000008000100060000000800020000000000"], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0xa8000, 0x0) (async) sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=0x0, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="0c0099000000000023000000080001000400000008000100060000000800020000000000"], 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) (async) [ 1064.674300] FAULT_INJECTION: forcing a failure. [ 1064.674300] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1064.686138] CPU: 1 PID: 15455 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1064.694020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1064.703375] Call Trace: [ 1064.705967] dump_stack+0x1b2/0x281 [ 1064.709602] should_fail.cold+0x10a/0x149 [ 1064.713753] __alloc_pages_nodemask+0x22c/0x2720 [ 1064.718507] ? kobject_uevent_env+0x274/0xf30 [ 1064.723004] ? __lock_acquire+0x5fc/0x3f20 [ 1064.727245] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1064.732097] ? blkdev_ioctl+0xf4/0x1830 [ 1064.736081] ? blkpg_ioctl+0x8d0/0x8d0 [ 1064.739974] ? trace_hardirqs_on+0x10/0x10 [ 1064.744227] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1064.749331] cache_grow_begin+0x91/0x700 [ 1064.753390] ? fs_reclaim_release+0xd0/0x110 [ 1064.757801] ? check_preemption_disabled+0x35/0x240 [ 1064.762820] cache_alloc_refill+0x273/0x350 [ 1064.767155] kmem_cache_alloc+0x333/0x3c0 [ 1064.771306] getname_flags+0xc8/0x550 [ 1064.775111] SyS_mkdirat+0x83/0x270 [ 1064.778738] ? SyS_mknod+0x30/0x30 [ 1064.782278] ? fput_many+0xe/0x140 [ 1064.785819] ? do_syscall_64+0x4c/0x640 [ 1064.789793] ? SyS_mkdirat+0x270/0x270 [ 1064.793770] do_syscall_64+0x1d5/0x640 [ 1064.797661] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1064.802847] RIP: 0033:0x7f2e61d65157 [ 1064.806553] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1064.814266] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 10:19:50 executing program 1: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/nf_conntrack', 0xc000, 0xb4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) (async) r1 = socket(0x24, 0x0, 0x0) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x4000814) (async) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="d10226bd7000fcfbdf25010000fb000000050037fb8001000005002d00000000000a000900aaaaaaaa91bb008adf4397f9b65dbe0000000000000060625826ad20aae2573c9bcdd9599b3b171ada2c7a92a416b78836b1a141420b5bbb29ff7af86b69ab76626db9d16d2d1d8034fe8408a8f8cffe34b3042cb6470ace324035ad37d36382ab5d7a928f91eb182cbb1b839ea1c8075e9a94b71fd8d62044152ed9447ec0e028ddd9990cfcd99184d225"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4000880) (async) setns(r2, 0x20000000) 10:19:50 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x864480, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) 10:19:50 executing program 1: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/nf_conntrack', 0xc000, 0xb4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) r1 = socket(0x24, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x4000814) r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="d10226bd7000fcfbdf25010000fb000000050037fb8001000005002d00000000000a000900aaaaaaaa91bb008adf4397f9b65dbe0000000000000060625826ad20aae2573c9bcdd9599b3b171ada2c7a92a416b78836b1a141420b5bbb29ff7af86b69ab76626db9d16d2d1d8034fe8408a8f8cffe34b3042cb6470ace324035ad37d36382ab5d7a928f91eb182cbb1b839ea1c8075e9a94b71fd8d62044152ed9447ec0e028ddd9990cfcd99184d225"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4000880) setns(r2, 0x20000000) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/nf_conntrack', 0xc000, 0xb4) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) (async) socket(0x24, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x4000814) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) (async) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="d10226bd7000fcfbdf25010000fb000000050037fb8001000005002d00000000000a000900aaaaaaaa91bb008adf4397f9b65dbe0000000000000060625826ad20aae2573c9bcdd9599b3b171ada2c7a92a416b78836b1a141420b5bbb29ff7af86b69ab76626db9d16d2d1d8034fe8408a8f8cffe34b3042cb6470ace324035ad37d36382ab5d7a928f91eb182cbb1b839ea1c8075e9a94b71fd8d62044152ed9447ec0e028ddd9990cfcd99184d225"], 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x4000880) (async) setns(r2, 0x20000000) (async) 10:19:50 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async, rerun: 32) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) (rerun: 32) sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r2, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x0, 0x4}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x40010c0}, 0x4000001) sendmsg$alg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="a3966b9ce7f1fa16c7cf5df9a3bbd48d0c64f16a6bbaad330754779d5f4e637167dce6ecfb49d44023d50a5d4b3e2882148cc5236b7aaa9ce7d874eb43cf588627e30f6bcad74d5543b7c83979f2c34ecff9b9c4cf226e49faaf8c2b3eba43093a560cd46280719b7e91e2aff45c9013ae729fd09364f965b40636f5c95a28ad8059b2611d1d9cbf1b818eb935b2f47a9f1e76c86898507a5709a86c1722e7", 0x9f}, {&(0x7f0000000180)="12ef460a9f8dd4c9f645c894800d2b9b2b7cf236ff197762a02421044ee2eb52fca8fa755677094eb60896a27a85721e60abccc89e5073742d2cfeb571ea2d9096f6abedfe038a2c7f25a30c3145a92087118d3e4cee522d97ff64f0f05c75f53c2429b539b144597d457d9aa4f0a5351b3a7692a22716b24eca2820cdad93170dae3f8016a2826dff8a9c19adfa773ded7303cd1e238a4e62e03b6bb631acae31c98a4c", 0xa4}], 0x2, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x6}, @op={0x18, 0x117, 0x3, 0x1}], 0x48, 0x4040080}, 0x804) 10:19:50 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x864480, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) [ 1064.821531] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1064.828800] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1064.836071] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1064.843340] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1064.879784] FAULT_INJECTION: forcing a failure. [ 1064.879784] name failslab, interval 1, probability 0, space 0, times 0 [ 1064.905146] CPU: 1 PID: 15452 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1064.913056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1064.922412] Call Trace: [ 1064.925006] dump_stack+0x1b2/0x281 [ 1064.928640] should_fail.cold+0x10a/0x149 [ 1064.932790] should_failslab+0xd6/0x130 [ 1064.936768] kmem_cache_alloc_node+0x263/0x410 [ 1064.941357] __alloc_skb+0x5c/0x510 [ 1064.944988] kobject_uevent_env+0x882/0xf30 [ 1064.946380] qnx4: unable to read the superblock [ 1064.949311] lo_ioctl+0x11a6/0x1cd0 [ 1064.949327] ? loop_set_status64+0xe0/0xe0 [ 1064.949340] blkdev_ioctl+0x540/0x1830 [ 1064.949353] ? blkpg_ioctl+0x8d0/0x8d0 [ 1064.969587] ? trace_hardirqs_on+0x10/0x10 [ 1064.973832] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1064.978944] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1064.983962] block_ioctl+0xd9/0x120 [ 1064.987593] ? blkdev_fallocate+0x3a0/0x3a0 [ 1064.991920] do_vfs_ioctl+0x75a/0xff0 [ 1064.995721] ? lock_acquire+0x170/0x3f0 [ 1064.999691] ? ioctl_preallocate+0x1a0/0x1a0 [ 1065.004098] ? __fget+0x265/0x3e0 [ 1065.007536] ? do_vfs_ioctl+0xff0/0xff0 [ 1065.011489] ? security_file_ioctl+0x83/0xb0 [ 1065.015877] SyS_ioctl+0x7f/0xb0 [ 1065.019226] ? do_vfs_ioctl+0xff0/0xff0 [ 1065.023180] do_syscall_64+0x1d5/0x640 [ 1065.027049] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1065.032219] RIP: 0033:0x7f94265b4e07 [ 1065.035911] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1065.043603] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1065.050858] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1065.058113] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1065.065364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1065.072611] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1065.086622] qnx4: unable to read the superblock 10:19:50 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 28) 10:19:50 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 32) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, r2, 0x200, 0x70bd2a, 0x25dfdbfd, {{}, {@void, @void, @val={0xc, 0x99, {0x0, 0x4}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x40010c0}, 0x4000001) (async, rerun: 32) sendmsg$alg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="a3966b9ce7f1fa16c7cf5df9a3bbd48d0c64f16a6bbaad330754779d5f4e637167dce6ecfb49d44023d50a5d4b3e2882148cc5236b7aaa9ce7d874eb43cf588627e30f6bcad74d5543b7c83979f2c34ecff9b9c4cf226e49faaf8c2b3eba43093a560cd46280719b7e91e2aff45c9013ae729fd09364f965b40636f5c95a28ad8059b2611d1d9cbf1b818eb935b2f47a9f1e76c86898507a5709a86c1722e7", 0x9f}, {&(0x7f0000000180)="12ef460a9f8dd4c9f645c894800d2b9b2b7cf236ff197762a02421044ee2eb52fca8fa755677094eb60896a27a85721e60abccc89e5073742d2cfeb571ea2d9096f6abedfe038a2c7f25a30c3145a92087118d3e4cee522d97ff64f0f05c75f53c2429b539b144597d457d9aa4f0a5351b3a7692a22716b24eca2820cdad93170dae3f8016a2826dff8a9c19adfa773ded7303cd1e238a4e62e03b6bb631acae31c98a4c", 0xa4}], 0x2, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x6}, @op={0x18, 0x117, 0x3, 0x1}], 0x48, 0x4040080}, 0x804) (rerun: 32) 10:19:50 executing program 1: socket(0x1, 0x0, 0x0) 10:19:50 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x864480, 0x0) (async, rerun: 32) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 32) ioctl$SNDCTL_FM_LOAD_INSTR(r0, 0x40285107) (rerun: 32) 10:19:50 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 37) 10:19:50 executing program 3: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000001cf2ada0d3202c0de2917081bb5ca65781285c", @ANYRES16=r0, @ANYBLOB="040a27bd7000fddbdf2504000000050030000000000005002a0000000000050030000000000008002b00bc01000008003a00000000000a0009000000000000000000080034007600000008003a00070000000600280000000000"], 0x60}, 0x1, 0x0, 0x0, 0x40005}, 0x20008004) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:50 executing program 1: socket(0x1, 0x0, 0x0) 10:19:50 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x18, 0x0, &(0x7f0000000000)=[@exit_looper, @dead_binder_done, @enter_looper, @exit_looper], 0x4, 0x0, &(0x7f00000000c0)="e70e15e2"}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7f}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040}, 0x40000) 10:19:50 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f0000000000)=0xf8) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:50 executing program 3: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000001cf2ada0d3202c0de2917081bb5ca65781285c", @ANYRES16=r0, @ANYBLOB="040a27bd7000fddbdf2504000000050030000000000005002a0000000000050030000000000008002b00bc01000008003a00000000000a0009000000000000000000080034007600000008003a00070000000600280000000000"], 0x60}, 0x1, 0x0, 0x0, 0x40005}, 0x20008004) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1065.267917] FAULT_INJECTION: forcing a failure. [ 1065.267917] name failslab, interval 1, probability 0, space 0, times 0 [ 1065.306796] CPU: 1 PID: 15517 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 10:19:50 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f0000000000)=0xf8) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:50 executing program 3: r0 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000001cf2ada0d3202c0de2917081bb5ca65781285c", @ANYRES16=r0, @ANYBLOB="040a27bd7000fddbdf2504000000050030000000000005002a0000000000050030000000000008002b00bc01000008003a00000000000a0009000000000000000000080034007600000008003a00070000000600280000000000"], 0x60}, 0x1, 0x0, 0x0, 0x40005}, 0x20008004) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000001cf2ada0d3202c0de2917081bb5ca65781285c", @ANYRES16=r0, @ANYBLOB="040a27bd7000fddbdf2504000000050030000000000005002a0000000000050030000000000008002b00bc01000008003a00000000000a0009000000000000000000080034007600000008003a00070000000600280000000000"], 0x60}, 0x1, 0x0, 0x0, 0x40005}, 0x20008004) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) [ 1065.314692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1065.324043] Call Trace: [ 1065.326643] dump_stack+0x1b2/0x281 [ 1065.330282] should_fail.cold+0x10a/0x149 [ 1065.334436] should_failslab+0xd6/0x130 [ 1065.338417] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1065.343527] __kmalloc_node_track_caller+0x38/0x70 [ 1065.348453] __alloc_skb+0x96/0x510 [ 1065.352082] kobject_uevent_env+0x882/0xf30 [ 1065.356418] lo_ioctl+0x11a6/0x1cd0 [ 1065.360050] ? loop_set_status64+0xe0/0xe0 [ 1065.364283] blkdev_ioctl+0x540/0x1830 [ 1065.368166] ? blkpg_ioctl+0x8d0/0x8d0 [ 1065.372046] ? trace_hardirqs_on+0x10/0x10 [ 1065.376281] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1065.381384] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1065.386404] block_ioctl+0xd9/0x120 [ 1065.390029] ? blkdev_fallocate+0x3a0/0x3a0 [ 1065.394347] do_vfs_ioctl+0x75a/0xff0 [ 1065.398143] ? lock_acquire+0x170/0x3f0 [ 1065.402122] ? ioctl_preallocate+0x1a0/0x1a0 [ 1065.406530] ? __fget+0x265/0x3e0 [ 1065.409981] ? do_vfs_ioctl+0xff0/0xff0 [ 1065.413956] ? security_file_ioctl+0x83/0xb0 [ 1065.418362] SyS_ioctl+0x7f/0xb0 [ 1065.421733] ? do_vfs_ioctl+0xff0/0xff0 [ 1065.425714] do_syscall_64+0x1d5/0x640 [ 1065.429597] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1065.434766] RIP: 0033:0x7f94265b4e07 [ 1065.438457] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1065.446146] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1065.453395] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1065.460660] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1065.467908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1065.475207] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1065.495287] FAULT_INJECTION: forcing a failure. [ 1065.495287] name failslab, interval 1, probability 0, space 0, times 0 [ 1065.513713] CPU: 0 PID: 15516 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1065.520403] qnx4: unable to read the superblock [ 1065.521598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1065.521602] Call Trace: [ 1065.521615] dump_stack+0x1b2/0x281 [ 1065.521630] should_fail.cold+0x10a/0x149 [ 1065.545947] should_failslab+0xd6/0x130 [ 1065.549929] __kmalloc+0x2c1/0x400 [ 1065.553471] ? ext4_find_extent+0x879/0xbc0 [ 1065.557796] ext4_find_extent+0x879/0xbc0 [ 1065.561948] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1065.567406] ext4_ext_map_blocks+0x19a/0x6b10 [ 1065.571901] ? __lock_acquire+0x5fc/0x3f20 [ 1065.576136] ? __lock_acquire+0x5fc/0x3f20 [ 1065.580380] ? mark_buffer_dirty+0x95/0x480 [ 1065.584704] ? trace_hardirqs_on+0x10/0x10 [ 1065.588940] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1065.594305] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1065.599494] ? trace_hardirqs_on+0x10/0x10 [ 1065.603730] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1065.608581] ? ext4_es_lookup_extent+0x321/0xac0 [ 1065.613338] ? lock_acquire+0x170/0x3f0 [ 1065.617323] ? lock_acquire+0x170/0x3f0 [ 1065.621298] ? ext4_map_blocks+0x29f/0x1730 [ 1065.625715] ext4_map_blocks+0xb19/0x1730 [ 1065.629871] ? ext4_issue_zeroout+0x150/0x150 [ 1065.634361] ? __ext4_new_inode+0x27c/0x4eb0 [ 1065.638785] ext4_getblk+0x98/0x3f0 [ 1065.642413] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1065.646735] ext4_bread+0x6c/0x1a0 [ 1065.650272] ? ext4_getblk+0x3f0/0x3f0 [ 1065.654147] ? dquot_initialize_needed+0x240/0x240 [ 1065.659060] ext4_append+0x143/0x350 [ 1065.662754] ext4_mkdir+0x4c9/0xbd0 [ 1065.666367] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1065.671022] ? security_inode_mkdir+0xca/0x100 [ 1065.675585] vfs_mkdir+0x463/0x6e0 [ 1065.679105] SyS_mkdirat+0x1fd/0x270 [ 1065.682798] ? SyS_mknod+0x30/0x30 [ 1065.687358] ? fput_many+0xe/0x140 [ 1065.690882] ? do_syscall_64+0x4c/0x640 [ 1065.694834] ? SyS_mkdirat+0x270/0x270 [ 1065.698701] do_syscall_64+0x1d5/0x640 [ 1065.702569] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1065.707739] RIP: 0033:0x7f2e61d65157 [ 1065.711435] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 10:19:51 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 29) 10:19:51 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x40}]}, 0x24}}, 0x20000000) 10:19:51 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 64) ioctl$SNDCTL_SYNTH_MEMAVL(r0, 0xc004510e, &(0x7f0000000000)=0xf8) (async, rerun: 64) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 64) 10:19:51 executing program 1: socket(0x1, 0x0, 0x0) [ 1065.719121] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 [ 1065.726370] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1065.733618] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1065.740881] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1065.748128] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1065.756997] qnx4: unable to read the superblock 10:19:51 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 38) 10:19:51 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x18, 0x0, &(0x7f0000000000)=[@exit_looper, @dead_binder_done, @enter_looper, @exit_looper], 0x4, 0x0, &(0x7f00000000c0)="e70e15e2"}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7f}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040}, 0x40000) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x18, 0x0, &(0x7f0000000000)=[@exit_looper, @dead_binder_done, @enter_looper, @exit_looper], 0x4, 0x0, &(0x7f00000000c0)="e70e15e2"}) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7f}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040}, 0x40000) (async) 10:19:51 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x40}]}, 0x24}}, 0x20000000) 10:19:51 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x80408, 0x0) prctl$PR_SET_FPEXC(0xc, 0x20000) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x80280) 10:19:51 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x140e, 0x100, 0x70bd2d, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x4000050}, 0x4801) 10:19:51 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x18, 0x0, &(0x7f0000000000)=[@exit_looper, @dead_binder_done, @enter_looper, @exit_looper], 0x4, 0x0, &(0x7f00000000c0)="e70e15e2"}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x5c, 0x0, 0x800, 0x70bd2a, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7f}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4040}, 0x40000) [ 1065.927791] FAULT_INJECTION: forcing a failure. [ 1065.927791] name failslab, interval 1, probability 0, space 0, times 0 [ 1065.936578] FAULT_INJECTION: forcing a failure. [ 1065.936578] name failslab, interval 1, probability 0, space 0, times 0 [ 1065.959361] CPU: 1 PID: 15566 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1065.967268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 10:19:51 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x140e, 0x100, 0x70bd2d, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x4000050}, 0x4801) [ 1065.976621] Call Trace: [ 1065.979210] dump_stack+0x1b2/0x281 [ 1065.982844] should_fail.cold+0x10a/0x149 [ 1065.986989] should_failslab+0xd6/0x130 [ 1065.990953] kmem_cache_alloc+0x28e/0x3c0 [ 1065.995100] __d_alloc+0x2a/0xa20 [ 1065.998547] ? d_lookup+0x172/0x220 [ 1066.002172] d_alloc+0x46/0x240 [ 1066.005455] __lookup_hash+0x101/0x270 [ 1066.009340] filename_create+0x156/0x3f0 [ 1066.013392] ? kern_path_mountpoint+0x40/0x40 [ 1066.017894] SyS_mkdirat+0x95/0x270 [ 1066.021515] ? SyS_mknod+0x30/0x30 10:19:51 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x140e, 0x100, 0x70bd2d, 0x25dfdbfe}, 0x10}, 0x1, 0x0, 0x0, 0x4000050}, 0x4801) [ 1066.025041] ? fput_many+0xe/0x140 [ 1066.028570] ? do_syscall_64+0x4c/0x640 [ 1066.032530] ? SyS_mkdirat+0x270/0x270 [ 1066.036404] do_syscall_64+0x1d5/0x640 [ 1066.040287] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1066.045473] RIP: 0033:0x7f2e61d65157 [ 1066.049176] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1066.056870] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 [ 1066.064126] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1066.071387] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1066.078648] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1066.085907] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1066.093185] CPU: 0 PID: 15570 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1066.101064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1066.110414] Call Trace: [ 1066.112999] dump_stack+0x1b2/0x281 [ 1066.116624] should_fail.cold+0x10a/0x149 [ 1066.120771] should_failslab+0xd6/0x130 [ 1066.124743] kmem_cache_alloc_node+0x263/0x410 [ 1066.129324] __alloc_skb+0x5c/0x510 [ 1066.132962] kobject_uevent_env+0x882/0xf30 [ 1066.137296] lo_ioctl+0x11a6/0x1cd0 [ 1066.140929] ? loop_set_status64+0xe0/0xe0 [ 1066.145164] blkdev_ioctl+0x540/0x1830 [ 1066.149055] ? blkpg_ioctl+0x8d0/0x8d0 [ 1066.152944] ? trace_hardirqs_on+0x10/0x10 [ 1066.157184] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1066.162290] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1066.167322] block_ioctl+0xd9/0x120 [ 1066.170954] ? blkdev_fallocate+0x3a0/0x3a0 [ 1066.175275] do_vfs_ioctl+0x75a/0xff0 [ 1066.179085] ? lock_acquire+0x170/0x3f0 [ 1066.183053] ? ioctl_preallocate+0x1a0/0x1a0 [ 1066.187446] ? __fget+0x265/0x3e0 [ 1066.190887] ? do_vfs_ioctl+0xff0/0xff0 [ 1066.194851] ? security_file_ioctl+0x83/0xb0 [ 1066.199238] SyS_ioctl+0x7f/0xb0 [ 1066.202582] ? do_vfs_ioctl+0xff0/0xff0 [ 1066.206537] do_syscall_64+0x1d5/0x640 [ 1066.210417] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1066.215612] RIP: 0033:0x7f94265b4e07 [ 1066.219308] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1066.227002] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1066.234252] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1066.241508] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1066.248762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1066.256020] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1066.288693] qnx4: unable to read the superblock 10:19:51 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 30) 10:19:51 executing program 1: r0 = socket(0x25, 0x2, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000040)=[0x0, 0x2], 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="88000000031400012abd7000fddbdf250900120073797a31000000000800410073697700140033007465616d5f736c6176655f30000000000900020073796a30000000000800410073697700140033007665746831000073797a3100fa0000030041007278650014003300766574683100"/136], 0x88}, 0x1, 0x0, 0x0, 0x48000}, 0x4000014) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="07112cbd7000fedbdf251c000000080001007063690011000200303030303a30303a31302e300000000008000b0000000000c004d846bbacb42a9d93a00e3557cd0cd15805e5afefd37ca29b481ac4f352189e419ef536629d05db2f58a3f4cf6e53741f36594a1270d8b5f2cbaa40475ae83a7fc029b5e9c42eda6129ac578f55869957ed3e5cf429e0eb4b600ac5ea2687e1b47bb7c8f3d3132142f5e849e1f9d2f45b3027ec25369901ad66c550941246e47a8147ded1dbe9f036aef0388c3e8c0751ae9778ce2a26fae7784e2014d3eff11fab26692f9ffe4e38ce695ceab9bd"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x80) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) 10:19:51 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x80408, 0x0) prctl$PR_SET_FPEXC(0xc, 0x20000) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x80280) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x80408, 0x0) (async) prctl$PR_SET_FPEXC(0xc, 0x20000) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x80280) (async) 10:19:51 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="68030100", @ANYRES16=0x0, @ANYBLOB="040029bd7000fbdbdf25690000000a00060008021100000000000a00060008021100000000000600d400880600000500d300020000000500d200010000000500d2000a0000000500d200090000000a00060008021100000100000500d20009000000"], 0x68}, 0x1, 0x0, 0x0, 0x28044000}, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:51 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x800, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x40}]}, 0x24}}, 0x20000000) 10:19:51 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 39) 10:19:51 executing program 1: r0 = socket(0x25, 0x2, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000040)=[0x0, 0x2], 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="88000000031400012abd7000fddbdf250900120073797a31000000000800410073697700140033007465616d5f736c6176655f30000000000900020073796a30000000000800410073697700140033007665746831000073797a3100fa0000030041007278650014003300766574683100"/136], 0x88}, 0x1, 0x0, 0x0, 0x48000}, 0x4000014) (async) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="07112cbd7000fedbdf251c000000080001007063690011000200303030303a30303a31302e300000000008000b0000000000c004d846bbacb42a9d93a00e3557cd0cd15805e5afefd37ca29b481ac4f352189e419ef536629d05db2f58a3f4cf6e53741f36594a1270d8b5f2cbaa40475ae83a7fc029b5e9c42eda6129ac578f55869957ed3e5cf429e0eb4b600ac5ea2687e1b47bb7c8f3d3132142f5e849e1f9d2f45b3027ec25369901ad66c550941246e47a8147ded1dbe9f036aef0388c3e8c0751ae9778ce2a26fae7784e2014d3eff11fab26692f9ffe4e38ce695ceab9bd"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x80) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) 10:19:51 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="68030100", @ANYRES16=0x0, @ANYBLOB="040029bd7000fbdbdf25690000000a00060008021100000000000a00060008021100000000000600d400880600000500d300020000000500d200010000000500d2000a0000000500d200090000000a00060008021100000100000500d20009000000"], 0x68}, 0x1, 0x0, 0x0, 0x28044000}, 0x4) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:51 executing program 3: r0 = msgget$private(0x0, 0x6a) msgctl$IPC_RMID(r0, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x103000) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, 0x1406, 0x400, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x40841}, 0x44000) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340), 0x100, 0x0) ioctl$SNDCTL_TMR_SELECT(r2, 0x40045408) r3 = msgget(0x2, 0x240) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) ioctl$SNDCTL_SYNTH_ID(r4, 0xc08c5114, &(0x7f0000000480)={"3dea939ce6774df3e806f156525b1f657cb497f5e83d796190413874ae69", 0x7, 0x2127d9ba272c220d, 0x0, 0x4, 0x1000, 0x2, 0x9, 0x4, [0x3ff, 0x3, 0x7fffffff, 0x5, 0x10000, 0x1ff, 0x80, 0x2, 0x58b, 0x7fffffff, 0x8001, 0x1, 0x7, 0x8, 0xd, 0xd65, 0x7fffffff, 0xb1ed, 0x81]}) msgctl$MSG_STAT_ANY(r3, 0xd, &(0x7f0000000300)=""/13) accept4$alg(r1, 0x0, 0x0, 0x80000) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r5, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x100, 0x1403, 0x200, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'geneve0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'rose0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macsec0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip_vti0\x00'}}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000840}, 0x80) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="4000d25e0c14000128bd08000000000000000300020000010800030004000000080003000200b85494e2a1d90000080029000500000008003d000000000008003d0003000000"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x10000) [ 1066.456329] FAULT_INJECTION: forcing a failure. [ 1066.456329] name failslab, interval 1, probability 0, space 0, times 0 [ 1066.478844] CPU: 1 PID: 15611 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1066.486754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1066.496112] Call Trace: [ 1066.498702] dump_stack+0x1b2/0x281 [ 1066.502345] should_fail.cold+0x10a/0x149 10:19:51 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$NL80211_CMD_ADD_TX_TS(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="68030100", @ANYRES16=0x0, @ANYBLOB="040029bd7000fbdbdf25690000000a00060008021100000000000a00060008021100000000000600d400880600000500d300020000000500d200010000000500d2000a0000000500d200090000000a00060008021100000100000500d20009000000"], 0x68}, 0x1, 0x0, 0x0, 0x28044000}, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:51 executing program 3: r0 = msgget$private(0x0, 0x6a) msgctl$IPC_RMID(r0, 0x0) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x103000) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, 0x1406, 0x400, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x40841}, 0x44000) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340), 0x100, 0x0) ioctl$SNDCTL_TMR_SELECT(r2, 0x40045408) r3 = msgget(0x2, 0x240) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) ioctl$SNDCTL_SYNTH_ID(r4, 0xc08c5114, &(0x7f0000000480)={"3dea939ce6774df3e806f156525b1f657cb497f5e83d796190413874ae69", 0x7, 0x2127d9ba272c220d, 0x0, 0x4, 0x1000, 0x2, 0x9, 0x4, [0x3ff, 0x3, 0x7fffffff, 0x5, 0x10000, 0x1ff, 0x80, 0x2, 0x58b, 0x7fffffff, 0x8001, 0x1, 0x7, 0x8, 0xd, 0xd65, 0x7fffffff, 0xb1ed, 0x81]}) (async) msgctl$MSG_STAT_ANY(r3, 0xd, &(0x7f0000000300)=""/13) accept4$alg(r1, 0x0, 0x0, 0x80000) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r5, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x100, 0x1403, 0x200, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'geneve0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'rose0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macsec0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip_vti0\x00'}}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000840}, 0x80) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="4000d25e0c14000128bd08000000000000000300020000010800030004000000080003000200b85494e2a1d90000080029000500000008003d000000000008003d0003000000"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x10000) [ 1066.506504] should_failslab+0xd6/0x130 [ 1066.510479] kmem_cache_alloc_node+0x263/0x410 [ 1066.515072] __alloc_skb+0x5c/0x510 [ 1066.518712] kobject_uevent_env+0x882/0xf30 [ 1066.523040] lo_ioctl+0x11a6/0x1cd0 [ 1066.526677] ? loop_set_status64+0xe0/0xe0 [ 1066.530911] blkdev_ioctl+0x540/0x1830 [ 1066.534803] ? blkpg_ioctl+0x8d0/0x8d0 [ 1066.538690] ? trace_hardirqs_on+0x10/0x10 [ 1066.542931] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1066.548041] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1066.553062] block_ioctl+0xd9/0x120 [ 1066.556687] ? blkdev_fallocate+0x3a0/0x3a0 [ 1066.561007] do_vfs_ioctl+0x75a/0xff0 [ 1066.564804] ? lock_acquire+0x170/0x3f0 [ 1066.568778] ? ioctl_preallocate+0x1a0/0x1a0 [ 1066.573184] ? __fget+0x265/0x3e0 [ 1066.576637] ? do_vfs_ioctl+0xff0/0xff0 [ 1066.580615] ? security_file_ioctl+0x83/0xb0 [ 1066.585031] SyS_ioctl+0x7f/0xb0 [ 1066.588403] ? do_vfs_ioctl+0xff0/0xff0 [ 1066.592381] do_syscall_64+0x1d5/0x640 [ 1066.596276] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1066.601461] RIP: 0033:0x7f94265b4e07 [ 1066.605164] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1066.612873] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1066.620150] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1066.627423] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1066.634698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1066.641972] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 10:19:52 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000001340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001300)={&(0x7f00000000c0)={0x123c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1120, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xcc, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ')^+(-\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xe4\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ']]\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ',]-*]\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1f}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '^\\:\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x1004, 0x5, "05937f5c8a64f7c04fb863bd20fcbd7cb51658c1f2374312a39d24d993bd26c53a95fa1df7f2518b25868291961cce15a709879ea769ebc68e41ca3b7bb670bd0277e00f7dbda6faf34651247362ffbd399b9329f46f7e22f05d0f884462263602c49c867b1af717084eb7b3fa18b4e1818e66b717fe6ca9750d7cac0630b0a0815699b6f569dddcb687e53f23e0fd3cc62c4751a60da74a6f645a9605ba24d6b0298b95fa5610884e77ffc2fdf1c7fb57d5fb9d740cf8d50c5cfe0bf1bcccd20aa0905241e90e0c74b2472469bd1d1e6c309ab8607d23e036487f1d3de71cd7096383d85ad78b496f9abf5fa06576a11d8dacc4445aad2f944db29e17c716fbc8a791b7a6b8ff35a3da0e274e0f1502c157a27c4b9e1d66619926a609450aa20b099e6ca07892dbfc02e9c21ae0f0e269f925e5066683f3a8fdf0454a5a339570a92cbb59741d73fbff9df04894d4b28c7271b8a3c876716ab45db96a8d98e696a350ee81f9c423be22f0433e21664875f0ced3508733cbd9698019fe02c963442bb586cc789577773fbb1830db8b19aa46d6d6ac0c7b3b54fdecca8a0df5d29a0b7a4f8d8b6902f37bcd4dda13c76d078ec73cc1ae67c2254e2adfbaab400deb75ea84cd91d9fde7b6551be48cbcc0e682dfa2908e09b447dc45bdc8321ceb378a616819ae5ba96b6886047dc14980029b5b03996837d8aaf750a332a71e45d1f7ec0f86313958faea83340136178876b9de94cfc43ff2689bd295bfc167331d0bc5ec507ef857db9a6d80d87cfcc14308a5c605bfa00a4836215eb1735a81bf5da7eaed3f547b32b5e85a4f208e59eb73e117582141952308acb5370ba1d9450ccefb1d9a88c629ce717db528094efcee644225c40c68c0e2fc830064e7a0dd6f0ec6c6a11358515bfa1636cc18706dcbc95df0b83e23b9417b37cea1998e908a56539352076f82a522602d8aca2f6d2d356fbf0cad5960030311b00149c932a4144257b8c57011dc0124f86f8cc29c512d02823a3a4f0a64635c4c952c3e167f39d40b6e6bc03c2c1c689dc66fe3187edc0876c1f8cb0ec5ff8bbfa297f9a98d315559aaf18650aaba4d94faa2761bcc95611c7e0746b5f8f675f0cd082128070c1f7dddd0b3a5afbf3b53dce0d463b8c42569735e2ea05ab7ab67f4540524c6e0009d90090fa50795c1c32714770f6c21ec449b6ee8c9e4530021661c56007d2a88d05856e470322ffbc54c0e6231e7881a9a3a01ea604f747bc2c0ca15579b5a05bbb7a0086baaa51764f047509a0355142d4995bb5641a144706961881a9a8722d20d2c39235631c4cba35325000143fa1c0ac37223df5e8dedc67061d3be1bb769842f6b7c504642331649bfba017765ca8a839fd991f60027c1d2d0ed51d8fa7a18b1b18fc67c9337d7aed784ed55e5e187a9bfbd28f7a776939809ee93ce6a93dfc4ec47dc13d99f860f9e8771c9f203c16d16d57a8a74f8d5088eec055062f2f57beffc0a14da02ad8defa408a99cae86921890ea6c886e6fc8175fc521ded3c51dc997265f356cb17556a080c97a68d569b407f5abc868e26de66ffc7ba71e7ef469d24d18543639ee9310de11f94c104bbe8043c7efbc2d7f2c6ef6d3d8989292dd84ced04cf7be810d1dfd6160c55bc1e93e8c08568abe7206ad41ed435381c5c7713e9bf165fec24cfcfcb1df4413a34f42d00c69d06c7d9832cefd6094a5d0ec40955c14b5f7146d4f3701407b75edf04e79d447a61ab7272ec9c73e07dde3d5fbd3a72ccc3f313f9cb6afc8b2b83b6bf30afd4b34d0653f61db41e938e9f72c64e089243141c2063724028d76413824ef4beec3dbe95042429cb421aac8317ef2d69e82e38597a4e01907d39d2c4586536067606f2eeba46ededdb50a1946ce45ad530a4edd52e0953bcd979fcc902b8f96b21fd704aa1fe3d1d52324595bb95ec14340c20b5888b2045d982625c4a962c8c309223f5b179b1cfe8ed71dc3f16e407f1bcc9d01e3e4331b3c4cf6c132383c7937414bc3a6d4fefdfef0cf6b66f0d44ecb7e9f368172cf2e32dec26a8facc43ebd578155c3ca268482389af8148172cbd2b5decfae80bae8989b968f313cb5101fd47f0c6b08aa3dbcf71c7d589af3903837ee6b512a84def5879c9939179c1717952dc84bd923d981d6dff25fc225cfc8ee87f66641a5d55df4fb5b1a0bc26d76eaa2a295c552db6b12a5acb574368d21d925a80b43ba027fac2e680a0fe8d7c643b65685f5b81382eb4fded44ccff39e381e057091c4c4bf3db4d804f73c54ca9de7e7417364a5607763b8d807a27052a5e7a33290adc4d9e4916f3034e9353c16cb99448e03674f8da214c1b476a3c5b7af2eff2044b8ad15693554dbdbc8ed8a94b560a80611ef0169c058599872e6e9b6a164269e7965d35983725b9c9db7adeb85a67eee764cb1d32b3dddc51975f7461565a2db20d19284597958496188ff350a3da55393812b2e7314ff0c0208de568d2a68690a0217b905bce5a3491af7aaf4199318c731774d640a77b38d7c16587ac4478b031d957a2f342fcf8e9f356b2028343e066a02c5e89baf68d7226dfe0ff2cdc69357e0ff96fb2e497e343c904cd7d40bf8095c8f0463deb715a30575f5f23ca581c63a27bad1de491b286e9e5d674cd2aefca834e03de48061860c60ed1e6576f21ba1b087a823f5654b3bf62ae6cf45ce6fa216106207d26b19c2ae6f795d96d6057cd22868211bd613f4a2549dddfefac3c65c387b012fe616cbdc754b9b769eb1bb929550ee0cb74aea93d58536fcc19dbe2f13e2339fdd60c2057437abdb869d71757c8e05a1cf3cb4525db081a16af7ef5575c8b9d7642e260019ee71c090e078ec60ac5179444354a2fd62296568fbd2821ff691336ec8b92e2c67e8c14ba6f4e1dc11cfb671e5fe6b1c44eacc0d3bb88e8fb1a6fba1447d051aa0e31dd6a10091f62551c088aca27a69189c0b828b735e5830efbe82b622a7e2775cb20080a6f6c81cfff6ceaad0cdc0cf16162658a62d877cf7ae1209af65049e0c2130a2f8034eecff51f74b28aef5b27141e104c14e65fcdfb1173f71e4016da0d1c47a9e0a20204bde98afcf183365327118c2545ba7753715ba0f31fa13e561a2bd38789f6030b755fa83fdb31ee9af41d61515746b9df25f5e5d328ec66632fad5a62f2e5f47cc69dbf32b5b4a023a132b143f85373104a96686ece2517ef53a4e7f6124a951a381c5efc3db61c2f583af924a3844ba44c35f2df9f5062400a2cb3c5455f57b922eeb1cb33ed4aa565f0dfc79201eb9d7e92b682b13d0bf200b9e9fbf1107e8fb0884a1798742bff4779f01cf74a6f53153c8660230a4d281a70d9a44781a3dd339d9796017c1758f23e478cd0b0140d08d73e5034b91085b1933bcd3d562b74c854d4875d08d39dd128c3267e09ffe55d774644a37a1c3790598c104574a94455de553d0bebcd57999db210aa26dffd760819e24c50b700ab43753ea0e2d85bf533d28ad8f615fb8109e656c59dc44b019db06e3ebd18460a15d78c69c1c8f9358aa9a535c7496ab016977bc4090671a37839da19ad5a7991118a8e768ee584cdbbc5b2940802f7ceffd15db9aa0ab80899891cc3826fd3893346b25df8933c6fc0e4ac1cf7b3d20c240896b6838291a6f8ead2227767f86dcfc7e71f6ae245aa625e0ba89c451608a028df535d9c0bf6036aaa29376b47f855717ee3020f76e75961c080092cd37eaa2df1d646fab71420192a78c7fa936dac9d859aa1cd1f741737250208f7cd56854eb4a638608b3edc9ca4d8f707057b4b48dc45e05f1bedd8316deb4503ecefb900c205c883952c71308fbb23518887a1a8218d2bf6df5a60b526ce5952186300ddd80718b2433d25ced8db22d6e81e9b29669bb46dc96a76404b4d99e43c541a51ec62b99fb40aa981c7e54ca1468707c0782dd60db45b3e752b6d5ff0719b1d46c048edd256e06eaee553d26e1d1392876b43bca57017a0d9644ea22d63e0fa849df907c7c92255940d88835ad38f6686fb8cbaf0492f663b9096c2ab193b2f13c04a927b2cec12d11c30c07b98cae0a64b29f867d42854ff98603556b372f17a15033eb65bbcea390120f24926f0226f73512e001da5c5fb4d17c37d50943d743f87864f3ba22aa9e8520dfaf87730814fd514b8211378f4352904e64e8f6b684016b533744874386468386d1e5dc96d5853a9a5c722b41741fbc28c53b6cf2e78d19138ffb698b0e9dfeedf03abaece0b3e229d7aa811ad2bd1beb0a810e1b1a7709ba9bb30a0caf3c569d17485e03aa7610c0df5926fe69da3b2a43ae439286aaefdc373cc7510b17c14609bc5005bf7b31149c79ab2f987db79ddff2709f94cf91807a71dd81f181166e82779b876fe6fc1f0fd43dc0ac9c4c1ee1afa26e25af4932c93c16930453df14c3c3ab5bd8a4f202748e8b1d5752433c83a989c3e5fe524a0707da161c32ad008efe6b9b3c81d967b161c919645f8d4c4554b08c92606e3bfa71680a81dc48fcbdb206c24939a69dbe9ae002652749723f3a8a01fd4ad6120be248e231d6c844ceea3f0da4b52262c2addba34b86d851bebc88bcb33af4e60c9e73bee9009e665fa005454c91a9ea0ad16edbdb2f2d7ac2598fa637443aebdcc5734b68612d8c42be369be0787dfa78783621eb638c946b13d96b2307fe4a12a66d2efa1b0f53b3bec8c5aa59695dd2dd4719bdf0ade2cc3ac92e85310756486fd698bd4aab261ec8a5060950156d1622d6e135cb205934c41dba4e9b80f860ba6d593e01676186512baaf1021025787c236849da53e72d7597185f668218707b7879739578250ebdd1007821c8aa4b8214705b0655833f9da7b57acdfe55f9d7ba0af2ec953b843cbd1f455e0f73cef1d42213ee06f98f70a342c7f260596b80c7f2c5722f02feee44eeb39cd1545590324269342c347bfe01e15dd7a0871e91506bb55bab6bc1c1e280f2c61af6c168fe289065387470a377493dc4f59da52d7b0d61fc0edc023661a4a3898fbcfd1454b79ef8b092743874ba9d4bccb43effbcbd686eea5e7a48a9aff05ea15bbc3ee8e14eb744d58f1fb0b053c36cf9583b6856b7bcde9d1d8627aae2685adf00c989a856d836b5a82ce4c07e120ab121212f851d8b6837a293c7c7305f5b5f5186b9d6347a2cab10cae3b154e0df476140ce2f800b205ca37e7a5793907b1f911caa11f72b3258177e5c65cf09a2431b280305f27175d8fbdb24169c77ed0e2a379767a63f0b76ea26abe2cf8e91d9b0e484d975f202cabc3acb7be7b9f4d4e7f69e1f4409afb2ab88b129ed05e7d85b30a74e751635ba33e7993e63373f52e8e8aab4cb43a7f1c0714e75e0600215672a737f04d861f6267665c082e462b4378530e135aa6f4d178c375fee7a9c9b9f45f6858e663d7e7cb346196fbfae8e6219a3084341c0a81a02045deae545adf930fdd1e2ed1da3759565fd42fcae76cac7174485e436a0f7ad2c5eee1d5436a47414f10a83647874dec8c438fb0d822958421ae8a920d44b7cfeebce2fa96e06bfb5b3f243cde069d8908e0abe3eb224a85a8c202deeed966dad00889be6c38e67b5685ca2515020bc8566b5e576b866f10a39d012cbaa9c189573b11c6f4dc89891d6690ea091c815d19ce5dfb30955d44dceb4c8da303f54522ae269d2654f607011b4bd2ebd6f7d88294bb5b0335b6fa10254ca9a7558db9d140c618c3929a3f29ca1607e2c2e7d9193d3f0d4d1063c4c876e0bd2f066"}, @ETHTOOL_A_BITSET_MASK={0x41, 0x5, "cd35fe78f65364ad6e3c5b7beafcbfcef12bd1885fbaba9bb97d7e95a3f00f46cd1fb2855863efac8169fd83f62404db0616f7598d371a618e46ecdea2"}]}, @ETHTOOL_A_LINKMODES_OURS={0x100, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xc5, 0x4, "39d75951cfe77ed9514af92bb3eaba16d9b1e898651005b04b82e515aa89d2089a1cf52bee49708a66adeea0036a36185c001a89e35177b796ee8dfe1148fecb0b73bd179069e27ae68c18100b419258f97d047c0478c09697da957628c5394a6e3d64e0c6d20d7bc1d4826ec55096b9b15cacc6257dc527144a2403ced9d4257dafbaabe6bb5d896381fa71683ce615453ccce25832edf9cb5c5f759374caa295507df2398bf96fb770c00a99dcacd76853d960602264c984b68b15c27a70d58e"}, @ETHTOOL_A_BITSET_BITS={0x2c, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '(^\\*/\xa0%\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8a8b0dd}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x1f}]}, 0x123c}, 0x1, 0x0, 0x0, 0x24004080}, 0x24008814) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000001500)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)={0x70, r1, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x50}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x62}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}]}, 0x70}}, 0x20000000) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1066.658110] FAULT_INJECTION: forcing a failure. [ 1066.658110] name failslab, interval 1, probability 0, space 0, times 0 [ 1066.686797] qnx4: unable to read the superblock [ 1066.692682] CPU: 1 PID: 15612 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1066.700573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1066.709925] Call Trace: [ 1066.712512] dump_stack+0x1b2/0x281 [ 1066.716147] should_fail.cold+0x10a/0x149 [ 1066.720297] should_failslab+0xd6/0x130 [ 1066.724274] __kmalloc+0x2c1/0x400 [ 1066.727810] ? ext4_find_extent+0x879/0xbc0 [ 1066.732133] ext4_find_extent+0x879/0xbc0 [ 1066.736281] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1066.741732] ext4_ext_map_blocks+0x19a/0x6b10 [ 1066.746229] ? __lock_acquire+0x5fc/0x3f20 [ 1066.750466] ? __lock_acquire+0x5fc/0x3f20 [ 1066.754703] ? mark_buffer_dirty+0x95/0x480 [ 1066.759026] ? trace_hardirqs_on+0x10/0x10 [ 1066.763260] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1066.768629] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1066.773825] ? trace_hardirqs_on+0x10/0x10 [ 1066.778060] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1066.782918] ? ext4_es_lookup_extent+0x321/0xac0 [ 1066.787679] ? lock_acquire+0x170/0x3f0 [ 1066.791662] ? lock_acquire+0x170/0x3f0 [ 1066.795645] ? ext4_map_blocks+0x29f/0x1730 [ 1066.799978] ext4_map_blocks+0xb19/0x1730 [ 1066.804133] ? ext4_issue_zeroout+0x150/0x150 [ 1066.808624] ? __ext4_new_inode+0x27c/0x4eb0 [ 1066.813040] ext4_getblk+0x98/0x3f0 [ 1066.816668] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1066.820995] ext4_bread+0x6c/0x1a0 [ 1066.824538] ? ext4_getblk+0x3f0/0x3f0 [ 1066.828423] ? dquot_initialize_needed+0x240/0x240 [ 1066.833360] ext4_append+0x143/0x350 [ 1066.837075] ext4_mkdir+0x4c9/0xbd0 [ 1066.840712] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1066.845392] ? security_inode_mkdir+0xca/0x100 [ 1066.849975] vfs_mkdir+0x463/0x6e0 [ 1066.853529] SyS_mkdirat+0x1fd/0x270 [ 1066.857238] ? SyS_mknod+0x30/0x30 [ 1066.860765] ? fput_many+0xe/0x140 [ 1066.864296] ? do_syscall_64+0x4c/0x640 [ 1066.868251] ? SyS_mkdirat+0x270/0x270 [ 1066.872146] do_syscall_64+0x1d5/0x640 [ 1066.876018] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1066.881187] RIP: 0033:0x7f2e61d65157 [ 1066.884876] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1066.892562] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 [ 1066.899816] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 10:19:52 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 31) 10:19:52 executing program 3: r0 = msgget$private(0x0, 0x6a) msgctl$IPC_RMID(r0, 0x0) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x103000) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, 0x1406, 0x400, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x40841}, 0x44000) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340), 0x100, 0x0) ioctl$SNDCTL_TMR_SELECT(r2, 0x40045408) (async) r3 = msgget(0x2, 0x240) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) (async) ioctl$SNDCTL_SYNTH_ID(r4, 0xc08c5114, &(0x7f0000000480)={"3dea939ce6774df3e806f156525b1f657cb497f5e83d796190413874ae69", 0x7, 0x2127d9ba272c220d, 0x0, 0x4, 0x1000, 0x2, 0x9, 0x4, [0x3ff, 0x3, 0x7fffffff, 0x5, 0x10000, 0x1ff, 0x80, 0x2, 0x58b, 0x7fffffff, 0x8001, 0x1, 0x7, 0x8, 0xd, 0xd65, 0x7fffffff, 0xb1ed, 0x81]}) msgctl$MSG_STAT_ANY(r3, 0xd, &(0x7f0000000300)=""/13) (async) accept4$alg(r1, 0x0, 0x0, 0x80000) r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r5, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x100, 0x1403, 0x200, 0x70bd26, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'geneve0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'rose0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vlan0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'macsec0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge_slave_0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip_vti0\x00'}}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000840}, 0x80) (async) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="4000d25e0c14000128bd08000000000000000300020000010800030004000000080003000200b85494e2a1d90000080029000500000008003d000000000008003d0003000000"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x10000) 10:19:52 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000001340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001300)={&(0x7f00000000c0)={0x123c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1120, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xcc, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ')^+(-\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xe4\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ']]\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ',]-*]\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1f}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '^\\:\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x1004, 0x5, "05937f5c8a64f7c04fb863bd20fcbd7cb51658c1f2374312a39d24d993bd26c53a95fa1df7f2518b25868291961cce15a709879ea769ebc68e41ca3b7bb670bd0277e00f7dbda6faf34651247362ffbd399b9329f46f7e22f05d0f884462263602c49c867b1af717084eb7b3fa18b4e1818e66b717fe6ca9750d7cac0630b0a0815699b6f569dddcb687e53f23e0fd3cc62c4751a60da74a6f645a9605ba24d6b0298b95fa5610884e77ffc2fdf1c7fb57d5fb9d740cf8d50c5cfe0bf1bcccd20aa0905241e90e0c74b2472469bd1d1e6c309ab8607d23e036487f1d3de71cd7096383d85ad78b496f9abf5fa06576a11d8dacc4445aad2f944db29e17c716fbc8a791b7a6b8ff35a3da0e274e0f1502c157a27c4b9e1d66619926a609450aa20b099e6ca07892dbfc02e9c21ae0f0e269f925e5066683f3a8fdf0454a5a339570a92cbb59741d73fbff9df04894d4b28c7271b8a3c876716ab45db96a8d98e696a350ee81f9c423be22f0433e21664875f0ced3508733cbd9698019fe02c963442bb586cc789577773fbb1830db8b19aa46d6d6ac0c7b3b54fdecca8a0df5d29a0b7a4f8d8b6902f37bcd4dda13c76d078ec73cc1ae67c2254e2adfbaab400deb75ea84cd91d9fde7b6551be48cbcc0e682dfa2908e09b447dc45bdc8321ceb378a616819ae5ba96b6886047dc14980029b5b03996837d8aaf750a332a71e45d1f7ec0f86313958faea83340136178876b9de94cfc43ff2689bd295bfc167331d0bc5ec507ef857db9a6d80d87cfcc14308a5c605bfa00a4836215eb1735a81bf5da7eaed3f547b32b5e85a4f208e59eb73e117582141952308acb5370ba1d9450ccefb1d9a88c629ce717db528094efcee644225c40c68c0e2fc830064e7a0dd6f0ec6c6a11358515bfa1636cc18706dcbc95df0b83e23b9417b37cea1998e908a56539352076f82a522602d8aca2f6d2d356fbf0cad5960030311b00149c932a4144257b8c57011dc0124f86f8cc29c512d02823a3a4f0a64635c4c952c3e167f39d40b6e6bc03c2c1c689dc66fe3187edc0876c1f8cb0ec5ff8bbfa297f9a98d315559aaf18650aaba4d94faa2761bcc95611c7e0746b5f8f675f0cd082128070c1f7dddd0b3a5afbf3b53dce0d463b8c42569735e2ea05ab7ab67f4540524c6e0009d90090fa50795c1c32714770f6c21ec449b6ee8c9e4530021661c56007d2a88d05856e470322ffbc54c0e6231e7881a9a3a01ea604f747bc2c0ca15579b5a05bbb7a0086baaa51764f047509a0355142d4995bb5641a144706961881a9a8722d20d2c39235631c4cba35325000143fa1c0ac37223df5e8dedc67061d3be1bb769842f6b7c504642331649bfba017765ca8a839fd991f60027c1d2d0ed51d8fa7a18b1b18fc67c9337d7aed784ed55e5e187a9bfbd28f7a776939809ee93ce6a93dfc4ec47dc13d99f860f9e8771c9f203c16d16d57a8a74f8d5088eec055062f2f57beffc0a14da02ad8defa408a99cae86921890ea6c886e6fc8175fc521ded3c51dc997265f356cb17556a080c97a68d569b407f5abc868e26de66ffc7ba71e7ef469d24d18543639ee9310de11f94c104bbe8043c7efbc2d7f2c6ef6d3d8989292dd84ced04cf7be810d1dfd6160c55bc1e93e8c08568abe7206ad41ed435381c5c7713e9bf165fec24cfcfcb1df4413a34f42d00c69d06c7d9832cefd6094a5d0ec40955c14b5f7146d4f3701407b75edf04e79d447a61ab7272ec9c73e07dde3d5fbd3a72ccc3f313f9cb6afc8b2b83b6bf30afd4b34d0653f61db41e938e9f72c64e089243141c2063724028d76413824ef4beec3dbe95042429cb421aac8317ef2d69e82e38597a4e01907d39d2c4586536067606f2eeba46ededdb50a1946ce45ad530a4edd52e0953bcd979fcc902b8f96b21fd704aa1fe3d1d52324595bb95ec14340c20b5888b2045d982625c4a962c8c309223f5b179b1cfe8ed71dc3f16e407f1bcc9d01e3e4331b3c4cf6c132383c7937414bc3a6d4fefdfef0cf6b66f0d44ecb7e9f368172cf2e32dec26a8facc43ebd578155c3ca268482389af8148172cbd2b5decfae80bae8989b968f313cb5101fd47f0c6b08aa3dbcf71c7d589af3903837ee6b512a84def5879c9939179c1717952dc84bd923d981d6dff25fc225cfc8ee87f66641a5d55df4fb5b1a0bc26d76eaa2a295c552db6b12a5acb574368d21d925a80b43ba027fac2e680a0fe8d7c643b65685f5b81382eb4fded44ccff39e381e057091c4c4bf3db4d804f73c54ca9de7e7417364a5607763b8d807a27052a5e7a33290adc4d9e4916f3034e9353c16cb99448e03674f8da214c1b476a3c5b7af2eff2044b8ad15693554dbdbc8ed8a94b560a80611ef0169c058599872e6e9b6a164269e7965d35983725b9c9db7adeb85a67eee764cb1d32b3dddc51975f7461565a2db20d19284597958496188ff350a3da55393812b2e7314ff0c0208de568d2a68690a0217b905bce5a3491af7aaf4199318c731774d640a77b38d7c16587ac4478b031d957a2f342fcf8e9f356b2028343e066a02c5e89baf68d7226dfe0ff2cdc69357e0ff96fb2e497e343c904cd7d40bf8095c8f0463deb715a30575f5f23ca581c63a27bad1de491b286e9e5d674cd2aefca834e03de48061860c60ed1e6576f21ba1b087a823f5654b3bf62ae6cf45ce6fa216106207d26b19c2ae6f795d96d6057cd22868211bd613f4a2549dddfefac3c65c387b012fe616cbdc754b9b769eb1bb929550ee0cb74aea93d58536fcc19dbe2f13e2339fdd60c2057437abdb869d71757c8e05a1cf3cb4525db081a16af7ef5575c8b9d7642e260019ee71c090e078ec60ac5179444354a2fd62296568fbd2821ff691336ec8b92e2c67e8c14ba6f4e1dc11cfb671e5fe6b1c44eacc0d3bb88e8fb1a6fba1447d051aa0e31dd6a10091f62551c088aca27a69189c0b828b735e5830efbe82b622a7e2775cb20080a6f6c81cfff6ceaad0cdc0cf16162658a62d877cf7ae1209af65049e0c2130a2f8034eecff51f74b28aef5b27141e104c14e65fcdfb1173f71e4016da0d1c47a9e0a20204bde98afcf183365327118c2545ba7753715ba0f31fa13e561a2bd38789f6030b755fa83fdb31ee9af41d61515746b9df25f5e5d328ec66632fad5a62f2e5f47cc69dbf32b5b4a023a132b143f85373104a96686ece2517ef53a4e7f6124a951a381c5efc3db61c2f583af924a3844ba44c35f2df9f5062400a2cb3c5455f57b922eeb1cb33ed4aa565f0dfc79201eb9d7e92b682b13d0bf200b9e9fbf1107e8fb0884a1798742bff4779f01cf74a6f53153c8660230a4d281a70d9a44781a3dd339d9796017c1758f23e478cd0b0140d08d73e5034b91085b1933bcd3d562b74c854d4875d08d39dd128c3267e09ffe55d774644a37a1c3790598c104574a94455de553d0bebcd57999db210aa26dffd760819e24c50b700ab43753ea0e2d85bf533d28ad8f615fb8109e656c59dc44b019db06e3ebd18460a15d78c69c1c8f9358aa9a535c7496ab016977bc4090671a37839da19ad5a7991118a8e768ee584cdbbc5b2940802f7ceffd15db9aa0ab80899891cc3826fd3893346b25df8933c6fc0e4ac1cf7b3d20c240896b6838291a6f8ead2227767f86dcfc7e71f6ae245aa625e0ba89c451608a028df535d9c0bf6036aaa29376b47f855717ee3020f76e75961c080092cd37eaa2df1d646fab71420192a78c7fa936dac9d859aa1cd1f741737250208f7cd56854eb4a638608b3edc9ca4d8f707057b4b48dc45e05f1bedd8316deb4503ecefb900c205c883952c71308fbb23518887a1a8218d2bf6df5a60b526ce5952186300ddd80718b2433d25ced8db22d6e81e9b29669bb46dc96a76404b4d99e43c541a51ec62b99fb40aa981c7e54ca1468707c0782dd60db45b3e752b6d5ff0719b1d46c048edd256e06eaee553d26e1d1392876b43bca57017a0d9644ea22d63e0fa849df907c7c92255940d88835ad38f6686fb8cbaf0492f663b9096c2ab193b2f13c04a927b2cec12d11c30c07b98cae0a64b29f867d42854ff98603556b372f17a15033eb65bbcea390120f24926f0226f73512e001da5c5fb4d17c37d50943d743f87864f3ba22aa9e8520dfaf87730814fd514b8211378f4352904e64e8f6b684016b533744874386468386d1e5dc96d5853a9a5c722b41741fbc28c53b6cf2e78d19138ffb698b0e9dfeedf03abaece0b3e229d7aa811ad2bd1beb0a810e1b1a7709ba9bb30a0caf3c569d17485e03aa7610c0df5926fe69da3b2a43ae439286aaefdc373cc7510b17c14609bc5005bf7b31149c79ab2f987db79ddff2709f94cf91807a71dd81f181166e82779b876fe6fc1f0fd43dc0ac9c4c1ee1afa26e25af4932c93c16930453df14c3c3ab5bd8a4f202748e8b1d5752433c83a989c3e5fe524a0707da161c32ad008efe6b9b3c81d967b161c919645f8d4c4554b08c92606e3bfa71680a81dc48fcbdb206c24939a69dbe9ae002652749723f3a8a01fd4ad6120be248e231d6c844ceea3f0da4b52262c2addba34b86d851bebc88bcb33af4e60c9e73bee9009e665fa005454c91a9ea0ad16edbdb2f2d7ac2598fa637443aebdcc5734b68612d8c42be369be0787dfa78783621eb638c946b13d96b2307fe4a12a66d2efa1b0f53b3bec8c5aa59695dd2dd4719bdf0ade2cc3ac92e85310756486fd698bd4aab261ec8a5060950156d1622d6e135cb205934c41dba4e9b80f860ba6d593e01676186512baaf1021025787c236849da53e72d7597185f668218707b7879739578250ebdd1007821c8aa4b8214705b0655833f9da7b57acdfe55f9d7ba0af2ec953b843cbd1f455e0f73cef1d42213ee06f98f70a342c7f260596b80c7f2c5722f02feee44eeb39cd1545590324269342c347bfe01e15dd7a0871e91506bb55bab6bc1c1e280f2c61af6c168fe289065387470a377493dc4f59da52d7b0d61fc0edc023661a4a3898fbcfd1454b79ef8b092743874ba9d4bccb43effbcbd686eea5e7a48a9aff05ea15bbc3ee8e14eb744d58f1fb0b053c36cf9583b6856b7bcde9d1d8627aae2685adf00c989a856d836b5a82ce4c07e120ab121212f851d8b6837a293c7c7305f5b5f5186b9d6347a2cab10cae3b154e0df476140ce2f800b205ca37e7a5793907b1f911caa11f72b3258177e5c65cf09a2431b280305f27175d8fbdb24169c77ed0e2a379767a63f0b76ea26abe2cf8e91d9b0e484d975f202cabc3acb7be7b9f4d4e7f69e1f4409afb2ab88b129ed05e7d85b30a74e751635ba33e7993e63373f52e8e8aab4cb43a7f1c0714e75e0600215672a737f04d861f6267665c082e462b4378530e135aa6f4d178c375fee7a9c9b9f45f6858e663d7e7cb346196fbfae8e6219a3084341c0a81a02045deae545adf930fdd1e2ed1da3759565fd42fcae76cac7174485e436a0f7ad2c5eee1d5436a47414f10a83647874dec8c438fb0d822958421ae8a920d44b7cfeebce2fa96e06bfb5b3f243cde069d8908e0abe3eb224a85a8c202deeed966dad00889be6c38e67b5685ca2515020bc8566b5e576b866f10a39d012cbaa9c189573b11c6f4dc89891d6690ea091c815d19ce5dfb30955d44dceb4c8da303f54522ae269d2654f607011b4bd2ebd6f7d88294bb5b0335b6fa10254ca9a7558db9d140c618c3929a3f29ca1607e2c2e7d9193d3f0d4d1063c4c876e0bd2f066"}, @ETHTOOL_A_BITSET_MASK={0x41, 0x5, "cd35fe78f65364ad6e3c5b7beafcbfcef12bd1885fbaba9bb97d7e95a3f00f46cd1fb2855863efac8169fd83f62404db0616f7598d371a618e46ecdea2"}]}, @ETHTOOL_A_LINKMODES_OURS={0x100, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xc5, 0x4, "39d75951cfe77ed9514af92bb3eaba16d9b1e898651005b04b82e515aa89d2089a1cf52bee49708a66adeea0036a36185c001a89e35177b796ee8dfe1148fecb0b73bd179069e27ae68c18100b419258f97d047c0478c09697da957628c5394a6e3d64e0c6d20d7bc1d4826ec55096b9b15cacc6257dc527144a2403ced9d4257dafbaabe6bb5d896381fa71683ce615453ccce25832edf9cb5c5f759374caa295507df2398bf96fb770c00a99dcacd76853d960602264c984b68b15c27a70d58e"}, @ETHTOOL_A_BITSET_BITS={0x2c, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '(^\\*/\xa0%\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8a8b0dd}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x1f}]}, 0x123c}, 0x1, 0x0, 0x0, 0x24004080}, 0x24008814) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000001500)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)={0x70, r1, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x50}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x62}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}]}, 0x70}}, 0x20000000) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000001340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001300)={&(0x7f00000000c0)={0x123c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1120, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xcc, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ')^+(-\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xe4\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ']]\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ',]-*]\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1f}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '^\\:\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x1004, 0x5, "05937f5c8a64f7c04fb863bd20fcbd7cb51658c1f2374312a39d24d993bd26c53a95fa1df7f2518b25868291961cce15a709879ea769ebc68e41ca3b7bb670bd0277e00f7dbda6faf34651247362ffbd399b9329f46f7e22f05d0f884462263602c49c867b1af717084eb7b3fa18b4e1818e66b717fe6ca9750d7cac0630b0a0815699b6f569dddcb687e53f23e0fd3cc62c4751a60da74a6f645a9605ba24d6b0298b95fa5610884e77ffc2fdf1c7fb57d5fb9d740cf8d50c5cfe0bf1bcccd20aa0905241e90e0c74b2472469bd1d1e6c309ab8607d23e036487f1d3de71cd7096383d85ad78b496f9abf5fa06576a11d8dacc4445aad2f944db29e17c716fbc8a791b7a6b8ff35a3da0e274e0f1502c157a27c4b9e1d66619926a609450aa20b099e6ca07892dbfc02e9c21ae0f0e269f925e5066683f3a8fdf0454a5a339570a92cbb59741d73fbff9df04894d4b28c7271b8a3c876716ab45db96a8d98e696a350ee81f9c423be22f0433e21664875f0ced3508733cbd9698019fe02c963442bb586cc789577773fbb1830db8b19aa46d6d6ac0c7b3b54fdecca8a0df5d29a0b7a4f8d8b6902f37bcd4dda13c76d078ec73cc1ae67c2254e2adfbaab400deb75ea84cd91d9fde7b6551be48cbcc0e682dfa2908e09b447dc45bdc8321ceb378a616819ae5ba96b6886047dc14980029b5b03996837d8aaf750a332a71e45d1f7ec0f86313958faea83340136178876b9de94cfc43ff2689bd295bfc167331d0bc5ec507ef857db9a6d80d87cfcc14308a5c605bfa00a4836215eb1735a81bf5da7eaed3f547b32b5e85a4f208e59eb73e117582141952308acb5370ba1d9450ccefb1d9a88c629ce717db528094efcee644225c40c68c0e2fc830064e7a0dd6f0ec6c6a11358515bfa1636cc18706dcbc95df0b83e23b9417b37cea1998e908a56539352076f82a522602d8aca2f6d2d356fbf0cad5960030311b00149c932a4144257b8c57011dc0124f86f8cc29c512d02823a3a4f0a64635c4c952c3e167f39d40b6e6bc03c2c1c689dc66fe3187edc0876c1f8cb0ec5ff8bbfa297f9a98d315559aaf18650aaba4d94faa2761bcc95611c7e0746b5f8f675f0cd082128070c1f7dddd0b3a5afbf3b53dce0d463b8c42569735e2ea05ab7ab67f4540524c6e0009d90090fa50795c1c32714770f6c21ec449b6ee8c9e4530021661c56007d2a88d05856e470322ffbc54c0e6231e7881a9a3a01ea604f747bc2c0ca15579b5a05bbb7a0086baaa51764f047509a0355142d4995bb5641a144706961881a9a8722d20d2c39235631c4cba35325000143fa1c0ac37223df5e8dedc67061d3be1bb769842f6b7c504642331649bfba017765ca8a839fd991f60027c1d2d0ed51d8fa7a18b1b18fc67c9337d7aed784ed55e5e187a9bfbd28f7a776939809ee93ce6a93dfc4ec47dc13d99f860f9e8771c9f203c16d16d57a8a74f8d5088eec055062f2f57beffc0a14da02ad8defa408a99cae86921890ea6c886e6fc8175fc521ded3c51dc997265f356cb17556a080c97a68d569b407f5abc868e26de66ffc7ba71e7ef469d24d18543639ee9310de11f94c104bbe8043c7efbc2d7f2c6ef6d3d8989292dd84ced04cf7be810d1dfd6160c55bc1e93e8c08568abe7206ad41ed435381c5c7713e9bf165fec24cfcfcb1df4413a34f42d00c69d06c7d9832cefd6094a5d0ec40955c14b5f7146d4f3701407b75edf04e79d447a61ab7272ec9c73e07dde3d5fbd3a72ccc3f313f9cb6afc8b2b83b6bf30afd4b34d0653f61db41e938e9f72c64e089243141c2063724028d76413824ef4beec3dbe95042429cb421aac8317ef2d69e82e38597a4e01907d39d2c4586536067606f2eeba46ededdb50a1946ce45ad530a4edd52e0953bcd979fcc902b8f96b21fd704aa1fe3d1d52324595bb95ec14340c20b5888b2045d982625c4a962c8c309223f5b179b1cfe8ed71dc3f16e407f1bcc9d01e3e4331b3c4cf6c132383c7937414bc3a6d4fefdfef0cf6b66f0d44ecb7e9f368172cf2e32dec26a8facc43ebd578155c3ca268482389af8148172cbd2b5decfae80bae8989b968f313cb5101fd47f0c6b08aa3dbcf71c7d589af3903837ee6b512a84def5879c9939179c1717952dc84bd923d981d6dff25fc225cfc8ee87f66641a5d55df4fb5b1a0bc26d76eaa2a295c552db6b12a5acb574368d21d925a80b43ba027fac2e680a0fe8d7c643b65685f5b81382eb4fded44ccff39e381e057091c4c4bf3db4d804f73c54ca9de7e7417364a5607763b8d807a27052a5e7a33290adc4d9e4916f3034e9353c16cb99448e03674f8da214c1b476a3c5b7af2eff2044b8ad15693554dbdbc8ed8a94b560a80611ef0169c058599872e6e9b6a164269e7965d35983725b9c9db7adeb85a67eee764cb1d32b3dddc51975f7461565a2db20d19284597958496188ff350a3da55393812b2e7314ff0c0208de568d2a68690a0217b905bce5a3491af7aaf4199318c731774d640a77b38d7c16587ac4478b031d957a2f342fcf8e9f356b2028343e066a02c5e89baf68d7226dfe0ff2cdc69357e0ff96fb2e497e343c904cd7d40bf8095c8f0463deb715a30575f5f23ca581c63a27bad1de491b286e9e5d674cd2aefca834e03de48061860c60ed1e6576f21ba1b087a823f5654b3bf62ae6cf45ce6fa216106207d26b19c2ae6f795d96d6057cd22868211bd613f4a2549dddfefac3c65c387b012fe616cbdc754b9b769eb1bb929550ee0cb74aea93d58536fcc19dbe2f13e2339fdd60c2057437abdb869d71757c8e05a1cf3cb4525db081a16af7ef5575c8b9d7642e260019ee71c090e078ec60ac5179444354a2fd62296568fbd2821ff691336ec8b92e2c67e8c14ba6f4e1dc11cfb671e5fe6b1c44eacc0d3bb88e8fb1a6fba1447d051aa0e31dd6a10091f62551c088aca27a69189c0b828b735e5830efbe82b622a7e2775cb20080a6f6c81cfff6ceaad0cdc0cf16162658a62d877cf7ae1209af65049e0c2130a2f8034eecff51f74b28aef5b27141e104c14e65fcdfb1173f71e4016da0d1c47a9e0a20204bde98afcf183365327118c2545ba7753715ba0f31fa13e561a2bd38789f6030b755fa83fdb31ee9af41d61515746b9df25f5e5d328ec66632fad5a62f2e5f47cc69dbf32b5b4a023a132b143f85373104a96686ece2517ef53a4e7f6124a951a381c5efc3db61c2f583af924a3844ba44c35f2df9f5062400a2cb3c5455f57b922eeb1cb33ed4aa565f0dfc79201eb9d7e92b682b13d0bf200b9e9fbf1107e8fb0884a1798742bff4779f01cf74a6f53153c8660230a4d281a70d9a44781a3dd339d9796017c1758f23e478cd0b0140d08d73e5034b91085b1933bcd3d562b74c854d4875d08d39dd128c3267e09ffe55d774644a37a1c3790598c104574a94455de553d0bebcd57999db210aa26dffd760819e24c50b700ab43753ea0e2d85bf533d28ad8f615fb8109e656c59dc44b019db06e3ebd18460a15d78c69c1c8f9358aa9a535c7496ab016977bc4090671a37839da19ad5a7991118a8e768ee584cdbbc5b2940802f7ceffd15db9aa0ab80899891cc3826fd3893346b25df8933c6fc0e4ac1cf7b3d20c240896b6838291a6f8ead2227767f86dcfc7e71f6ae245aa625e0ba89c451608a028df535d9c0bf6036aaa29376b47f855717ee3020f76e75961c080092cd37eaa2df1d646fab71420192a78c7fa936dac9d859aa1cd1f741737250208f7cd56854eb4a638608b3edc9ca4d8f707057b4b48dc45e05f1bedd8316deb4503ecefb900c205c883952c71308fbb23518887a1a8218d2bf6df5a60b526ce5952186300ddd80718b2433d25ced8db22d6e81e9b29669bb46dc96a76404b4d99e43c541a51ec62b99fb40aa981c7e54ca1468707c0782dd60db45b3e752b6d5ff0719b1d46c048edd256e06eaee553d26e1d1392876b43bca57017a0d9644ea22d63e0fa849df907c7c92255940d88835ad38f6686fb8cbaf0492f663b9096c2ab193b2f13c04a927b2cec12d11c30c07b98cae0a64b29f867d42854ff98603556b372f17a15033eb65bbcea390120f24926f0226f73512e001da5c5fb4d17c37d50943d743f87864f3ba22aa9e8520dfaf87730814fd514b8211378f4352904e64e8f6b684016b533744874386468386d1e5dc96d5853a9a5c722b41741fbc28c53b6cf2e78d19138ffb698b0e9dfeedf03abaece0b3e229d7aa811ad2bd1beb0a810e1b1a7709ba9bb30a0caf3c569d17485e03aa7610c0df5926fe69da3b2a43ae439286aaefdc373cc7510b17c14609bc5005bf7b31149c79ab2f987db79ddff2709f94cf91807a71dd81f181166e82779b876fe6fc1f0fd43dc0ac9c4c1ee1afa26e25af4932c93c16930453df14c3c3ab5bd8a4f202748e8b1d5752433c83a989c3e5fe524a0707da161c32ad008efe6b9b3c81d967b161c919645f8d4c4554b08c92606e3bfa71680a81dc48fcbdb206c24939a69dbe9ae002652749723f3a8a01fd4ad6120be248e231d6c844ceea3f0da4b52262c2addba34b86d851bebc88bcb33af4e60c9e73bee9009e665fa005454c91a9ea0ad16edbdb2f2d7ac2598fa637443aebdcc5734b68612d8c42be369be0787dfa78783621eb638c946b13d96b2307fe4a12a66d2efa1b0f53b3bec8c5aa59695dd2dd4719bdf0ade2cc3ac92e85310756486fd698bd4aab261ec8a5060950156d1622d6e135cb205934c41dba4e9b80f860ba6d593e01676186512baaf1021025787c236849da53e72d7597185f668218707b7879739578250ebdd1007821c8aa4b8214705b0655833f9da7b57acdfe55f9d7ba0af2ec953b843cbd1f455e0f73cef1d42213ee06f98f70a342c7f260596b80c7f2c5722f02feee44eeb39cd1545590324269342c347bfe01e15dd7a0871e91506bb55bab6bc1c1e280f2c61af6c168fe289065387470a377493dc4f59da52d7b0d61fc0edc023661a4a3898fbcfd1454b79ef8b092743874ba9d4bccb43effbcbd686eea5e7a48a9aff05ea15bbc3ee8e14eb744d58f1fb0b053c36cf9583b6856b7bcde9d1d8627aae2685adf00c989a856d836b5a82ce4c07e120ab121212f851d8b6837a293c7c7305f5b5f5186b9d6347a2cab10cae3b154e0df476140ce2f800b205ca37e7a5793907b1f911caa11f72b3258177e5c65cf09a2431b280305f27175d8fbdb24169c77ed0e2a379767a63f0b76ea26abe2cf8e91d9b0e484d975f202cabc3acb7be7b9f4d4e7f69e1f4409afb2ab88b129ed05e7d85b30a74e751635ba33e7993e63373f52e8e8aab4cb43a7f1c0714e75e0600215672a737f04d861f6267665c082e462b4378530e135aa6f4d178c375fee7a9c9b9f45f6858e663d7e7cb346196fbfae8e6219a3084341c0a81a02045deae545adf930fdd1e2ed1da3759565fd42fcae76cac7174485e436a0f7ad2c5eee1d5436a47414f10a83647874dec8c438fb0d822958421ae8a920d44b7cfeebce2fa96e06bfb5b3f243cde069d8908e0abe3eb224a85a8c202deeed966dad00889be6c38e67b5685ca2515020bc8566b5e576b866f10a39d012cbaa9c189573b11c6f4dc89891d6690ea091c815d19ce5dfb30955d44dceb4c8da303f54522ae269d2654f607011b4bd2ebd6f7d88294bb5b0335b6fa10254ca9a7558db9d140c618c3929a3f29ca1607e2c2e7d9193d3f0d4d1063c4c876e0bd2f066"}, @ETHTOOL_A_BITSET_MASK={0x41, 0x5, "cd35fe78f65364ad6e3c5b7beafcbfcef12bd1885fbaba9bb97d7e95a3f00f46cd1fb2855863efac8169fd83f62404db0616f7598d371a618e46ecdea2"}]}, @ETHTOOL_A_LINKMODES_OURS={0x100, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xc5, 0x4, "39d75951cfe77ed9514af92bb3eaba16d9b1e898651005b04b82e515aa89d2089a1cf52bee49708a66adeea0036a36185c001a89e35177b796ee8dfe1148fecb0b73bd179069e27ae68c18100b419258f97d047c0478c09697da957628c5394a6e3d64e0c6d20d7bc1d4826ec55096b9b15cacc6257dc527144a2403ced9d4257dafbaabe6bb5d896381fa71683ce615453ccce25832edf9cb5c5f759374caa295507df2398bf96fb770c00a99dcacd76853d960602264c984b68b15c27a70d58e"}, @ETHTOOL_A_BITSET_BITS={0x2c, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '(^\\*/\xa0%\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8a8b0dd}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x1f}]}, 0x123c}, 0x1, 0x0, 0x0, 0x24004080}, 0x24008814) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), r0) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001400)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000001500)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)={0x70, r1, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x50}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x62}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}]}, 0x70}}, 0x20000000) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:52 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x80408, 0x0) prctl$PR_SET_FPEXC(0xc, 0x20000) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x80280) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x80408, 0x0) (async) prctl$PR_SET_FPEXC(0xc, 0x20000) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x80280) (async) 10:19:52 executing program 1: r0 = socket(0x25, 0x2, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000040)=[0x0, 0x2], 0x2) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async, rerun: 32) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async, rerun: 64) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="88000000031400012abd7000fddbdf250900120073797a31000000000800410073697700140033007465616d5f736c6176655f30000000000900020073796a30000000000800410073697700140033007665746831000073797a3100fa0000030041007278650014003300766574683100"/136], 0x88}, 0x1, 0x0, 0x0, 0x48000}, 0x4000014) (async, rerun: 64) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="07112cbd7000fedbdf251c000000080001007063690011000200303030303a30303a31302e300000000008000b0000000000c004d846bbacb42a9d93a00e3557cd0cd15805e5afefd37ca29b481ac4f352189e419ef536629d05db2f58a3f4cf6e53741f36594a1270d8b5f2cbaa40475ae83a7fc029b5e9c42eda6129ac578f55869957ed3e5cf429e0eb4b600ac5ea2687e1b47bb7c8f3d3132142f5e849e1f9d2f45b3027ec25369901ad66c550941246e47a8147ded1dbe9f036aef0388c3e8c0751ae9778ce2a26fae7784e2014d3eff11fab26692f9ffe4e38ce695ceab9bd"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x80) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)) 10:19:52 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 40) [ 1066.907071] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1066.914427] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1066.921677] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1066.930662] qnx4: unable to read the superblock 10:19:52 executing program 3: r0 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x244, r0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x20}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x1}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0xffd7}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffff}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x80000000}, {0x6, 0x16, 0xd674}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x13e}, {0x6, 0x16, 0xd36}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x7}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x2}, {0x5, 0x12, 0x1}}]}, 0x244}, 0x1, 0x0, 0x0, 0x4004}, 0x24) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x604000) ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) ioctl$SNDCTL_SEQ_CTRLRATE(0xffffffffffffffff, 0xc0045103, &(0x7f0000000040)=0x8001) 10:19:52 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000001340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001300)={&(0x7f00000000c0)={0x123c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1120, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xcc, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ')^+(-\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xe4\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ']]\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ',]-*]\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1f}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '^\\:\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x1004, 0x5, "05937f5c8a64f7c04fb863bd20fcbd7cb51658c1f2374312a39d24d993bd26c53a95fa1df7f2518b25868291961cce15a709879ea769ebc68e41ca3b7bb670bd0277e00f7dbda6faf34651247362ffbd399b9329f46f7e22f05d0f884462263602c49c867b1af717084eb7b3fa18b4e1818e66b717fe6ca9750d7cac0630b0a0815699b6f569dddcb687e53f23e0fd3cc62c4751a60da74a6f645a9605ba24d6b0298b95fa5610884e77ffc2fdf1c7fb57d5fb9d740cf8d50c5cfe0bf1bcccd20aa0905241e90e0c74b2472469bd1d1e6c309ab8607d23e036487f1d3de71cd7096383d85ad78b496f9abf5fa06576a11d8dacc4445aad2f944db29e17c716fbc8a791b7a6b8ff35a3da0e274e0f1502c157a27c4b9e1d66619926a609450aa20b099e6ca07892dbfc02e9c21ae0f0e269f925e5066683f3a8fdf0454a5a339570a92cbb59741d73fbff9df04894d4b28c7271b8a3c876716ab45db96a8d98e696a350ee81f9c423be22f0433e21664875f0ced3508733cbd9698019fe02c963442bb586cc789577773fbb1830db8b19aa46d6d6ac0c7b3b54fdecca8a0df5d29a0b7a4f8d8b6902f37bcd4dda13c76d078ec73cc1ae67c2254e2adfbaab400deb75ea84cd91d9fde7b6551be48cbcc0e682dfa2908e09b447dc45bdc8321ceb378a616819ae5ba96b6886047dc14980029b5b03996837d8aaf750a332a71e45d1f7ec0f86313958faea83340136178876b9de94cfc43ff2689bd295bfc167331d0bc5ec507ef857db9a6d80d87cfcc14308a5c605bfa00a4836215eb1735a81bf5da7eaed3f547b32b5e85a4f208e59eb73e117582141952308acb5370ba1d9450ccefb1d9a88c629ce717db528094efcee644225c40c68c0e2fc830064e7a0dd6f0ec6c6a11358515bfa1636cc18706dcbc95df0b83e23b9417b37cea1998e908a56539352076f82a522602d8aca2f6d2d356fbf0cad5960030311b00149c932a4144257b8c57011dc0124f86f8cc29c512d02823a3a4f0a64635c4c952c3e167f39d40b6e6bc03c2c1c689dc66fe3187edc0876c1f8cb0ec5ff8bbfa297f9a98d315559aaf18650aaba4d94faa2761bcc95611c7e0746b5f8f675f0cd082128070c1f7dddd0b3a5afbf3b53dce0d463b8c42569735e2ea05ab7ab67f4540524c6e0009d90090fa50795c1c32714770f6c21ec449b6ee8c9e4530021661c56007d2a88d05856e470322ffbc54c0e6231e7881a9a3a01ea604f747bc2c0ca15579b5a05bbb7a0086baaa51764f047509a0355142d4995bb5641a144706961881a9a8722d20d2c39235631c4cba35325000143fa1c0ac37223df5e8dedc67061d3be1bb769842f6b7c504642331649bfba017765ca8a839fd991f60027c1d2d0ed51d8fa7a18b1b18fc67c9337d7aed784ed55e5e187a9bfbd28f7a776939809ee93ce6a93dfc4ec47dc13d99f860f9e8771c9f203c16d16d57a8a74f8d5088eec055062f2f57beffc0a14da02ad8defa408a99cae86921890ea6c886e6fc8175fc521ded3c51dc997265f356cb17556a080c97a68d569b407f5abc868e26de66ffc7ba71e7ef469d24d18543639ee9310de11f94c104bbe8043c7efbc2d7f2c6ef6d3d8989292dd84ced04cf7be810d1dfd6160c55bc1e93e8c08568abe7206ad41ed435381c5c7713e9bf165fec24cfcfcb1df4413a34f42d00c69d06c7d9832cefd6094a5d0ec40955c14b5f7146d4f3701407b75edf04e79d447a61ab7272ec9c73e07dde3d5fbd3a72ccc3f313f9cb6afc8b2b83b6bf30afd4b34d0653f61db41e938e9f72c64e089243141c2063724028d76413824ef4beec3dbe95042429cb421aac8317ef2d69e82e38597a4e01907d39d2c4586536067606f2eeba46ededdb50a1946ce45ad530a4edd52e0953bcd979fcc902b8f96b21fd704aa1fe3d1d52324595bb95ec14340c20b5888b2045d982625c4a962c8c309223f5b179b1cfe8ed71dc3f16e407f1bcc9d01e3e4331b3c4cf6c132383c7937414bc3a6d4fefdfef0cf6b66f0d44ecb7e9f368172cf2e32dec26a8facc43ebd578155c3ca268482389af8148172cbd2b5decfae80bae8989b968f313cb5101fd47f0c6b08aa3dbcf71c7d589af3903837ee6b512a84def5879c9939179c1717952dc84bd923d981d6dff25fc225cfc8ee87f66641a5d55df4fb5b1a0bc26d76eaa2a295c552db6b12a5acb574368d21d925a80b43ba027fac2e680a0fe8d7c643b65685f5b81382eb4fded44ccff39e381e057091c4c4bf3db4d804f73c54ca9de7e7417364a5607763b8d807a27052a5e7a33290adc4d9e4916f3034e9353c16cb99448e03674f8da214c1b476a3c5b7af2eff2044b8ad15693554dbdbc8ed8a94b560a80611ef0169c058599872e6e9b6a164269e7965d35983725b9c9db7adeb85a67eee764cb1d32b3dddc51975f7461565a2db20d19284597958496188ff350a3da55393812b2e7314ff0c0208de568d2a68690a0217b905bce5a3491af7aaf4199318c731774d640a77b38d7c16587ac4478b031d957a2f342fcf8e9f356b2028343e066a02c5e89baf68d7226dfe0ff2cdc69357e0ff96fb2e497e343c904cd7d40bf8095c8f0463deb715a30575f5f23ca581c63a27bad1de491b286e9e5d674cd2aefca834e03de48061860c60ed1e6576f21ba1b087a823f5654b3bf62ae6cf45ce6fa216106207d26b19c2ae6f795d96d6057cd22868211bd613f4a2549dddfefac3c65c387b012fe616cbdc754b9b769eb1bb929550ee0cb74aea93d58536fcc19dbe2f13e2339fdd60c2057437abdb869d71757c8e05a1cf3cb4525db081a16af7ef5575c8b9d7642e260019ee71c090e078ec60ac5179444354a2fd62296568fbd2821ff691336ec8b92e2c67e8c14ba6f4e1dc11cfb671e5fe6b1c44eacc0d3bb88e8fb1a6fba1447d051aa0e31dd6a10091f62551c088aca27a69189c0b828b735e5830efbe82b622a7e2775cb20080a6f6c81cfff6ceaad0cdc0cf16162658a62d877cf7ae1209af65049e0c2130a2f8034eecff51f74b28aef5b27141e104c14e65fcdfb1173f71e4016da0d1c47a9e0a20204bde98afcf183365327118c2545ba7753715ba0f31fa13e561a2bd38789f6030b755fa83fdb31ee9af41d61515746b9df25f5e5d328ec66632fad5a62f2e5f47cc69dbf32b5b4a023a132b143f85373104a96686ece2517ef53a4e7f6124a951a381c5efc3db61c2f583af924a3844ba44c35f2df9f5062400a2cb3c5455f57b922eeb1cb33ed4aa565f0dfc79201eb9d7e92b682b13d0bf200b9e9fbf1107e8fb0884a1798742bff4779f01cf74a6f53153c8660230a4d281a70d9a44781a3dd339d9796017c1758f23e478cd0b0140d08d73e5034b91085b1933bcd3d562b74c854d4875d08d39dd128c3267e09ffe55d774644a37a1c3790598c104574a94455de553d0bebcd57999db210aa26dffd760819e24c50b700ab43753ea0e2d85bf533d28ad8f615fb8109e656c59dc44b019db06e3ebd18460a15d78c69c1c8f9358aa9a535c7496ab016977bc4090671a37839da19ad5a7991118a8e768ee584cdbbc5b2940802f7ceffd15db9aa0ab80899891cc3826fd3893346b25df8933c6fc0e4ac1cf7b3d20c240896b6838291a6f8ead2227767f86dcfc7e71f6ae245aa625e0ba89c451608a028df535d9c0bf6036aaa29376b47f855717ee3020f76e75961c080092cd37eaa2df1d646fab71420192a78c7fa936dac9d859aa1cd1f741737250208f7cd56854eb4a638608b3edc9ca4d8f707057b4b48dc45e05f1bedd8316deb4503ecefb900c205c883952c71308fbb23518887a1a8218d2bf6df5a60b526ce5952186300ddd80718b2433d25ced8db22d6e81e9b29669bb46dc96a76404b4d99e43c541a51ec62b99fb40aa981c7e54ca1468707c0782dd60db45b3e752b6d5ff0719b1d46c048edd256e06eaee553d26e1d1392876b43bca57017a0d9644ea22d63e0fa849df907c7c92255940d88835ad38f6686fb8cbaf0492f663b9096c2ab193b2f13c04a927b2cec12d11c30c07b98cae0a64b29f867d42854ff98603556b372f17a15033eb65bbcea390120f24926f0226f73512e001da5c5fb4d17c37d50943d743f87864f3ba22aa9e8520dfaf87730814fd514b8211378f4352904e64e8f6b684016b533744874386468386d1e5dc96d5853a9a5c722b41741fbc28c53b6cf2e78d19138ffb698b0e9dfeedf03abaece0b3e229d7aa811ad2bd1beb0a810e1b1a7709ba9bb30a0caf3c569d17485e03aa7610c0df5926fe69da3b2a43ae439286aaefdc373cc7510b17c14609bc5005bf7b31149c79ab2f987db79ddff2709f94cf91807a71dd81f181166e82779b876fe6fc1f0fd43dc0ac9c4c1ee1afa26e25af4932c93c16930453df14c3c3ab5bd8a4f202748e8b1d5752433c83a989c3e5fe524a0707da161c32ad008efe6b9b3c81d967b161c919645f8d4c4554b08c92606e3bfa71680a81dc48fcbdb206c24939a69dbe9ae002652749723f3a8a01fd4ad6120be248e231d6c844ceea3f0da4b52262c2addba34b86d851bebc88bcb33af4e60c9e73bee9009e665fa005454c91a9ea0ad16edbdb2f2d7ac2598fa637443aebdcc5734b68612d8c42be369be0787dfa78783621eb638c946b13d96b2307fe4a12a66d2efa1b0f53b3bec8c5aa59695dd2dd4719bdf0ade2cc3ac92e85310756486fd698bd4aab261ec8a5060950156d1622d6e135cb205934c41dba4e9b80f860ba6d593e01676186512baaf1021025787c236849da53e72d7597185f668218707b7879739578250ebdd1007821c8aa4b8214705b0655833f9da7b57acdfe55f9d7ba0af2ec953b843cbd1f455e0f73cef1d42213ee06f98f70a342c7f260596b80c7f2c5722f02feee44eeb39cd1545590324269342c347bfe01e15dd7a0871e91506bb55bab6bc1c1e280f2c61af6c168fe289065387470a377493dc4f59da52d7b0d61fc0edc023661a4a3898fbcfd1454b79ef8b092743874ba9d4bccb43effbcbd686eea5e7a48a9aff05ea15bbc3ee8e14eb744d58f1fb0b053c36cf9583b6856b7bcde9d1d8627aae2685adf00c989a856d836b5a82ce4c07e120ab121212f851d8b6837a293c7c7305f5b5f5186b9d6347a2cab10cae3b154e0df476140ce2f800b205ca37e7a5793907b1f911caa11f72b3258177e5c65cf09a2431b280305f27175d8fbdb24169c77ed0e2a379767a63f0b76ea26abe2cf8e91d9b0e484d975f202cabc3acb7be7b9f4d4e7f69e1f4409afb2ab88b129ed05e7d85b30a74e751635ba33e7993e63373f52e8e8aab4cb43a7f1c0714e75e0600215672a737f04d861f6267665c082e462b4378530e135aa6f4d178c375fee7a9c9b9f45f6858e663d7e7cb346196fbfae8e6219a3084341c0a81a02045deae545adf930fdd1e2ed1da3759565fd42fcae76cac7174485e436a0f7ad2c5eee1d5436a47414f10a83647874dec8c438fb0d822958421ae8a920d44b7cfeebce2fa96e06bfb5b3f243cde069d8908e0abe3eb224a85a8c202deeed966dad00889be6c38e67b5685ca2515020bc8566b5e576b866f10a39d012cbaa9c189573b11c6f4dc89891d6690ea091c815d19ce5dfb30955d44dceb4c8da303f54522ae269d2654f607011b4bd2ebd6f7d88294bb5b0335b6fa10254ca9a7558db9d140c618c3929a3f29ca1607e2c2e7d9193d3f0d4d1063c4c876e0bd2f066"}, @ETHTOOL_A_BITSET_MASK={0x41, 0x5, "cd35fe78f65364ad6e3c5b7beafcbfcef12bd1885fbaba9bb97d7e95a3f00f46cd1fb2855863efac8169fd83f62404db0616f7598d371a618e46ecdea2"}]}, @ETHTOOL_A_LINKMODES_OURS={0x100, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xc5, 0x4, "39d75951cfe77ed9514af92bb3eaba16d9b1e898651005b04b82e515aa89d2089a1cf52bee49708a66adeea0036a36185c001a89e35177b796ee8dfe1148fecb0b73bd179069e27ae68c18100b419258f97d047c0478c09697da957628c5394a6e3d64e0c6d20d7bc1d4826ec55096b9b15cacc6257dc527144a2403ced9d4257dafbaabe6bb5d896381fa71683ce615453ccce25832edf9cb5c5f759374caa295507df2398bf96fb770c00a99dcacd76853d960602264c984b68b15c27a70d58e"}, @ETHTOOL_A_BITSET_BITS={0x2c, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '(^\\*/\xa0%\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8a8b0dd}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x1f}]}, 0x123c}, 0x1, 0x0, 0x0, 0x24004080}, 0x24008814) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001400)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000001500)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)={0x70, r1, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x50}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x62}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}]}, 0x70}}, 0x20000000) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000001340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001300)={&(0x7f00000000c0)={0x123c, 0x0, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1120, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xcc, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ')^+(-\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xe4\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ']]\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3f}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ',]-*]\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1f}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x4}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '^\\:\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8001}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}]}, @ETHTOOL_A_BITSET_MASK={0x1004, 0x5, "05937f5c8a64f7c04fb863bd20fcbd7cb51658c1f2374312a39d24d993bd26c53a95fa1df7f2518b25868291961cce15a709879ea769ebc68e41ca3b7bb670bd0277e00f7dbda6faf34651247362ffbd399b9329f46f7e22f05d0f884462263602c49c867b1af717084eb7b3fa18b4e1818e66b717fe6ca9750d7cac0630b0a0815699b6f569dddcb687e53f23e0fd3cc62c4751a60da74a6f645a9605ba24d6b0298b95fa5610884e77ffc2fdf1c7fb57d5fb9d740cf8d50c5cfe0bf1bcccd20aa0905241e90e0c74b2472469bd1d1e6c309ab8607d23e036487f1d3de71cd7096383d85ad78b496f9abf5fa06576a11d8dacc4445aad2f944db29e17c716fbc8a791b7a6b8ff35a3da0e274e0f1502c157a27c4b9e1d66619926a609450aa20b099e6ca07892dbfc02e9c21ae0f0e269f925e5066683f3a8fdf0454a5a339570a92cbb59741d73fbff9df04894d4b28c7271b8a3c876716ab45db96a8d98e696a350ee81f9c423be22f0433e21664875f0ced3508733cbd9698019fe02c963442bb586cc789577773fbb1830db8b19aa46d6d6ac0c7b3b54fdecca8a0df5d29a0b7a4f8d8b6902f37bcd4dda13c76d078ec73cc1ae67c2254e2adfbaab400deb75ea84cd91d9fde7b6551be48cbcc0e682dfa2908e09b447dc45bdc8321ceb378a616819ae5ba96b6886047dc14980029b5b03996837d8aaf750a332a71e45d1f7ec0f86313958faea83340136178876b9de94cfc43ff2689bd295bfc167331d0bc5ec507ef857db9a6d80d87cfcc14308a5c605bfa00a4836215eb1735a81bf5da7eaed3f547b32b5e85a4f208e59eb73e117582141952308acb5370ba1d9450ccefb1d9a88c629ce717db528094efcee644225c40c68c0e2fc830064e7a0dd6f0ec6c6a11358515bfa1636cc18706dcbc95df0b83e23b9417b37cea1998e908a56539352076f82a522602d8aca2f6d2d356fbf0cad5960030311b00149c932a4144257b8c57011dc0124f86f8cc29c512d02823a3a4f0a64635c4c952c3e167f39d40b6e6bc03c2c1c689dc66fe3187edc0876c1f8cb0ec5ff8bbfa297f9a98d315559aaf18650aaba4d94faa2761bcc95611c7e0746b5f8f675f0cd082128070c1f7dddd0b3a5afbf3b53dce0d463b8c42569735e2ea05ab7ab67f4540524c6e0009d90090fa50795c1c32714770f6c21ec449b6ee8c9e4530021661c56007d2a88d05856e470322ffbc54c0e6231e7881a9a3a01ea604f747bc2c0ca15579b5a05bbb7a0086baaa51764f047509a0355142d4995bb5641a144706961881a9a8722d20d2c39235631c4cba35325000143fa1c0ac37223df5e8dedc67061d3be1bb769842f6b7c504642331649bfba017765ca8a839fd991f60027c1d2d0ed51d8fa7a18b1b18fc67c9337d7aed784ed55e5e187a9bfbd28f7a776939809ee93ce6a93dfc4ec47dc13d99f860f9e8771c9f203c16d16d57a8a74f8d5088eec055062f2f57beffc0a14da02ad8defa408a99cae86921890ea6c886e6fc8175fc521ded3c51dc997265f356cb17556a080c97a68d569b407f5abc868e26de66ffc7ba71e7ef469d24d18543639ee9310de11f94c104bbe8043c7efbc2d7f2c6ef6d3d8989292dd84ced04cf7be810d1dfd6160c55bc1e93e8c08568abe7206ad41ed435381c5c7713e9bf165fec24cfcfcb1df4413a34f42d00c69d06c7d9832cefd6094a5d0ec40955c14b5f7146d4f3701407b75edf04e79d447a61ab7272ec9c73e07dde3d5fbd3a72ccc3f313f9cb6afc8b2b83b6bf30afd4b34d0653f61db41e938e9f72c64e089243141c2063724028d76413824ef4beec3dbe95042429cb421aac8317ef2d69e82e38597a4e01907d39d2c4586536067606f2eeba46ededdb50a1946ce45ad530a4edd52e0953bcd979fcc902b8f96b21fd704aa1fe3d1d52324595bb95ec14340c20b5888b2045d982625c4a962c8c309223f5b179b1cfe8ed71dc3f16e407f1bcc9d01e3e4331b3c4cf6c132383c7937414bc3a6d4fefdfef0cf6b66f0d44ecb7e9f368172cf2e32dec26a8facc43ebd578155c3ca268482389af8148172cbd2b5decfae80bae8989b968f313cb5101fd47f0c6b08aa3dbcf71c7d589af3903837ee6b512a84def5879c9939179c1717952dc84bd923d981d6dff25fc225cfc8ee87f66641a5d55df4fb5b1a0bc26d76eaa2a295c552db6b12a5acb574368d21d925a80b43ba027fac2e680a0fe8d7c643b65685f5b81382eb4fded44ccff39e381e057091c4c4bf3db4d804f73c54ca9de7e7417364a5607763b8d807a27052a5e7a33290adc4d9e4916f3034e9353c16cb99448e03674f8da214c1b476a3c5b7af2eff2044b8ad15693554dbdbc8ed8a94b560a80611ef0169c058599872e6e9b6a164269e7965d35983725b9c9db7adeb85a67eee764cb1d32b3dddc51975f7461565a2db20d19284597958496188ff350a3da55393812b2e7314ff0c0208de568d2a68690a0217b905bce5a3491af7aaf4199318c731774d640a77b38d7c16587ac4478b031d957a2f342fcf8e9f356b2028343e066a02c5e89baf68d7226dfe0ff2cdc69357e0ff96fb2e497e343c904cd7d40bf8095c8f0463deb715a30575f5f23ca581c63a27bad1de491b286e9e5d674cd2aefca834e03de48061860c60ed1e6576f21ba1b087a823f5654b3bf62ae6cf45ce6fa216106207d26b19c2ae6f795d96d6057cd22868211bd613f4a2549dddfefac3c65c387b012fe616cbdc754b9b769eb1bb929550ee0cb74aea93d58536fcc19dbe2f13e2339fdd60c2057437abdb869d71757c8e05a1cf3cb4525db081a16af7ef5575c8b9d7642e260019ee71c090e078ec60ac5179444354a2fd62296568fbd2821ff691336ec8b92e2c67e8c14ba6f4e1dc11cfb671e5fe6b1c44eacc0d3bb88e8fb1a6fba1447d051aa0e31dd6a10091f62551c088aca27a69189c0b828b735e5830efbe82b622a7e2775cb20080a6f6c81cfff6ceaad0cdc0cf16162658a62d877cf7ae1209af65049e0c2130a2f8034eecff51f74b28aef5b27141e104c14e65fcdfb1173f71e4016da0d1c47a9e0a20204bde98afcf183365327118c2545ba7753715ba0f31fa13e561a2bd38789f6030b755fa83fdb31ee9af41d61515746b9df25f5e5d328ec66632fad5a62f2e5f47cc69dbf32b5b4a023a132b143f85373104a96686ece2517ef53a4e7f6124a951a381c5efc3db61c2f583af924a3844ba44c35f2df9f5062400a2cb3c5455f57b922eeb1cb33ed4aa565f0dfc79201eb9d7e92b682b13d0bf200b9e9fbf1107e8fb0884a1798742bff4779f01cf74a6f53153c8660230a4d281a70d9a44781a3dd339d9796017c1758f23e478cd0b0140d08d73e5034b91085b1933bcd3d562b74c854d4875d08d39dd128c3267e09ffe55d774644a37a1c3790598c104574a94455de553d0bebcd57999db210aa26dffd760819e24c50b700ab43753ea0e2d85bf533d28ad8f615fb8109e656c59dc44b019db06e3ebd18460a15d78c69c1c8f9358aa9a535c7496ab016977bc4090671a37839da19ad5a7991118a8e768ee584cdbbc5b2940802f7ceffd15db9aa0ab80899891cc3826fd3893346b25df8933c6fc0e4ac1cf7b3d20c240896b6838291a6f8ead2227767f86dcfc7e71f6ae245aa625e0ba89c451608a028df535d9c0bf6036aaa29376b47f855717ee3020f76e75961c080092cd37eaa2df1d646fab71420192a78c7fa936dac9d859aa1cd1f741737250208f7cd56854eb4a638608b3edc9ca4d8f707057b4b48dc45e05f1bedd8316deb4503ecefb900c205c883952c71308fbb23518887a1a8218d2bf6df5a60b526ce5952186300ddd80718b2433d25ced8db22d6e81e9b29669bb46dc96a76404b4d99e43c541a51ec62b99fb40aa981c7e54ca1468707c0782dd60db45b3e752b6d5ff0719b1d46c048edd256e06eaee553d26e1d1392876b43bca57017a0d9644ea22d63e0fa849df907c7c92255940d88835ad38f6686fb8cbaf0492f663b9096c2ab193b2f13c04a927b2cec12d11c30c07b98cae0a64b29f867d42854ff98603556b372f17a15033eb65bbcea390120f24926f0226f73512e001da5c5fb4d17c37d50943d743f87864f3ba22aa9e8520dfaf87730814fd514b8211378f4352904e64e8f6b684016b533744874386468386d1e5dc96d5853a9a5c722b41741fbc28c53b6cf2e78d19138ffb698b0e9dfeedf03abaece0b3e229d7aa811ad2bd1beb0a810e1b1a7709ba9bb30a0caf3c569d17485e03aa7610c0df5926fe69da3b2a43ae439286aaefdc373cc7510b17c14609bc5005bf7b31149c79ab2f987db79ddff2709f94cf91807a71dd81f181166e82779b876fe6fc1f0fd43dc0ac9c4c1ee1afa26e25af4932c93c16930453df14c3c3ab5bd8a4f202748e8b1d5752433c83a989c3e5fe524a0707da161c32ad008efe6b9b3c81d967b161c919645f8d4c4554b08c92606e3bfa71680a81dc48fcbdb206c24939a69dbe9ae002652749723f3a8a01fd4ad6120be248e231d6c844ceea3f0da4b52262c2addba34b86d851bebc88bcb33af4e60c9e73bee9009e665fa005454c91a9ea0ad16edbdb2f2d7ac2598fa637443aebdcc5734b68612d8c42be369be0787dfa78783621eb638c946b13d96b2307fe4a12a66d2efa1b0f53b3bec8c5aa59695dd2dd4719bdf0ade2cc3ac92e85310756486fd698bd4aab261ec8a5060950156d1622d6e135cb205934c41dba4e9b80f860ba6d593e01676186512baaf1021025787c236849da53e72d7597185f668218707b7879739578250ebdd1007821c8aa4b8214705b0655833f9da7b57acdfe55f9d7ba0af2ec953b843cbd1f455e0f73cef1d42213ee06f98f70a342c7f260596b80c7f2c5722f02feee44eeb39cd1545590324269342c347bfe01e15dd7a0871e91506bb55bab6bc1c1e280f2c61af6c168fe289065387470a377493dc4f59da52d7b0d61fc0edc023661a4a3898fbcfd1454b79ef8b092743874ba9d4bccb43effbcbd686eea5e7a48a9aff05ea15bbc3ee8e14eb744d58f1fb0b053c36cf9583b6856b7bcde9d1d8627aae2685adf00c989a856d836b5a82ce4c07e120ab121212f851d8b6837a293c7c7305f5b5f5186b9d6347a2cab10cae3b154e0df476140ce2f800b205ca37e7a5793907b1f911caa11f72b3258177e5c65cf09a2431b280305f27175d8fbdb24169c77ed0e2a379767a63f0b76ea26abe2cf8e91d9b0e484d975f202cabc3acb7be7b9f4d4e7f69e1f4409afb2ab88b129ed05e7d85b30a74e751635ba33e7993e63373f52e8e8aab4cb43a7f1c0714e75e0600215672a737f04d861f6267665c082e462b4378530e135aa6f4d178c375fee7a9c9b9f45f6858e663d7e7cb346196fbfae8e6219a3084341c0a81a02045deae545adf930fdd1e2ed1da3759565fd42fcae76cac7174485e436a0f7ad2c5eee1d5436a47414f10a83647874dec8c438fb0d822958421ae8a920d44b7cfeebce2fa96e06bfb5b3f243cde069d8908e0abe3eb224a85a8c202deeed966dad00889be6c38e67b5685ca2515020bc8566b5e576b866f10a39d012cbaa9c189573b11c6f4dc89891d6690ea091c815d19ce5dfb30955d44dceb4c8da303f54522ae269d2654f607011b4bd2ebd6f7d88294bb5b0335b6fa10254ca9a7558db9d140c618c3929a3f29ca1607e2c2e7d9193d3f0d4d1063c4c876e0bd2f066"}, @ETHTOOL_A_BITSET_MASK={0x41, 0x5, "cd35fe78f65364ad6e3c5b7beafcbfcef12bd1885fbaba9bb97d7e95a3f00f46cd1fb2855863efac8169fd83f62404db0616f7598d371a618e46ecdea2"}]}, @ETHTOOL_A_LINKMODES_OURS={0x100, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xc5, 0x4, "39d75951cfe77ed9514af92bb3eaba16d9b1e898651005b04b82e515aa89d2089a1cf52bee49708a66adeea0036a36185c001a89e35177b796ee8dfe1148fecb0b73bd179069e27ae68c18100b419258f97d047c0478c09697da957628c5394a6e3d64e0c6d20d7bc1d4826ec55096b9b15cacc6257dc527144a2403ced9d4257dafbaabe6bb5d896381fa71683ce615453ccce25832edf9cb5c5f759374caa295507df2398bf96fb770c00a99dcacd76853d960602264c984b68b15c27a70d58e"}, @ETHTOOL_A_BITSET_BITS={0x2c, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, '(^\\*/\xa0%\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x8a8b0dd}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x1f}]}, 0x123c}, 0x1, 0x0, 0x0, 0x24004080}, 0x24008814) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), r0) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001400)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000001500)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000014c0)={&(0x7f0000001440)={0x70, r1, 0x2, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x50}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x62}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x61}]}, 0x70}}, 0x20000000) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:52 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0}) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x8, 0x0, 0x0, 0x80434, 0x0) 10:19:52 executing program 1: r0 = socket(0x24, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r0, 0xfffffffffffffffd, 0x4004081) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) 10:19:52 executing program 3: r0 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x244, r0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x20}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x1}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0xffd7}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffff}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x80000000}, {0x6, 0x16, 0xd674}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x13e}, {0x6, 0x16, 0xd36}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x7}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x2}, {0x5, 0x12, 0x1}}]}, 0x244}, 0x1, 0x0, 0x0, 0x4004}, 0x24) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x604000) (async) ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) (async, rerun: 64) ioctl$SNDCTL_SEQ_CTRLRATE(0xffffffffffffffff, 0xc0045103, &(0x7f0000000040)=0x8001) (rerun: 64) [ 1067.136652] FAULT_INJECTION: forcing a failure. [ 1067.136652] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.155097] FAULT_INJECTION: forcing a failure. [ 1067.155097] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.183706] CPU: 0 PID: 15685 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1067.191611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1067.200962] Call Trace: [ 1067.203552] dump_stack+0x1b2/0x281 [ 1067.207187] should_fail.cold+0x10a/0x149 [ 1067.211345] should_failslab+0xd6/0x130 [ 1067.215326] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1067.220431] __kmalloc_node_track_caller+0x38/0x70 [ 1067.225359] __alloc_skb+0x96/0x510 [ 1067.228993] kobject_uevent_env+0x882/0xf30 [ 1067.233324] lo_ioctl+0x11a6/0x1cd0 [ 1067.236941] ? loop_set_status64+0xe0/0xe0 [ 1067.241173] blkdev_ioctl+0x540/0x1830 [ 1067.245062] ? blkpg_ioctl+0x8d0/0x8d0 [ 1067.248938] ? trace_hardirqs_on+0x10/0x10 [ 1067.253159] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1067.258248] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1067.263257] block_ioctl+0xd9/0x120 [ 1067.266868] ? blkdev_fallocate+0x3a0/0x3a0 [ 1067.271174] do_vfs_ioctl+0x75a/0xff0 [ 1067.274970] ? lock_acquire+0x170/0x3f0 [ 1067.278929] ? ioctl_preallocate+0x1a0/0x1a0 [ 1067.283327] ? __fget+0x265/0x3e0 [ 1067.286768] ? do_vfs_ioctl+0xff0/0xff0 [ 1067.290729] ? security_file_ioctl+0x83/0xb0 [ 1067.295133] SyS_ioctl+0x7f/0xb0 [ 1067.298482] ? do_vfs_ioctl+0xff0/0xff0 [ 1067.302450] do_syscall_64+0x1d5/0x640 [ 1067.306329] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1067.311507] RIP: 0033:0x7f94265b4e07 [ 1067.315206] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1067.322903] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1067.330156] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 10:19:52 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000002800), r1) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000002900)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000028c0)={&(0x7f0000002c80)=ANY=[@ANYBLOB="2c0047000000000000005782857a7f7e1f551942fd77b8ac04ff4a78f3d236dc088d7e7ecec31625024d6a3c0f21ad2a3b6d4ff1a66c4a36e233ae207cbdccb1f97b3b43960289dd7db5d2cd90770c8d57f82f522f7c8b4816e56c75baa08b181a4f30be4d55ec5e308d777baab08ac9c55b15a184ed781f40d386b16b99c8c7713bb72e1daa8ba66c4b9244c8da26eebc321b1cc0baa0675b28e01899404cdaec", @ANYRES16=0x0, @ANYBLOB="04002bbd7000fddbdf250000000900000000000000000000000000320000000000004a155e8665b439effede8c5130e2f999d55e5cbdbda5b4668898eab66028dc7ca7942a59c24642fff936b963e4af7da4f2859c1b153730672f661c2f2a97c2c3afdcc434c08c4d00000000f46808188a0c60a734090cf4a906a40c34f7fbb28a5cefb1b190077416ad41cfcfd920ee51475845533e6d8f9238125919b2c696e474338f3697fb62dec8eb244dd6c73564796e64bd3180deda245e6aaac47d8ce09cebd13513991283e32ce600000080000000000e6a29ec2b2d29af705dbea1d73c306088afb2b49b922c222e8a49e3b8395bc19e5f6fdea4feaf05f6aae8e7ab53c02c9244343d1b4ff32cd6d726cb2e5ed9a416bd208c9bccb141f53fda4033eb15f23710609f3ad8641be589526979260090"], 0x2c}, 0x1, 0x0, 0x0, 0x80d0}, 0x10) syz_mount_image$qnx4(&(0x7f0000002980), &(0x7f00000029c0)='./file1\x00', 0x62, 0x5, &(0x7f00000030c0)=[{&(0x7f0000002a00)="664172f77bb6bfb7efa31aa6e7f7a38fbebadbd0d562fa83cb899e92579c9ff54d114b82fd7e832584b054a3b74615d56187ce1a00888224918280486c8fca49dc793a73dbe785a606357878416c49521b01a7091e7b7a54bd9a9b11423764339bdf201921ce898a71af924a767b9bafc226e1", 0x73, 0x7}, {&(0x7f0000002e80)="236cbaa46982d72055ca9e8ae19d7727452510f528162794e12089ca48ee115d0ae3eb1222efef02914a61565b98bf07926653ec3f06c067bcf1dff08b84956c14855e790b9227c153345c7dfd7ad871265a5c85c40691ecaf72b65570583b61934f687c1d7c2deba7d3dacd608d12a935af41b878bc746a070c2960c6a7fc7d3c8ecd84866f6c4dff8a69d672cc0f760aca64a5fd5a21e4dbec6ec6cc1e3d54575395e5d53d641d16988d7a16600b647454f27f781b9ce23ba54443c03d1fbb69b78866c4bac7e623ea3038b8ea53f89eb07304528ef8b93d6e33683575fd0a8605ca724e436dd53fcab8e69446a9ab8f", 0xf1, 0x6}, {&(0x7f0000002f80)="6215822ae71497d156c7", 0xa, 0x24000000000}, {&(0x7f0000002fc0)="9e11b690eca2d4fcc1187f2f18f024a4be7832e5cf6d99637d85bb4e39eefad250602d6344ed407be67401b7da26de2129", 0x31, 0x9}, {&(0x7f0000003000)="d4cb1a2a1fd167b55d7c6b21803d4999f78b8f7654a738e849395919f06c35c58672ef34bb9c1fd075f748956cc11cfe1b31b80f590ed55e24b019c76d6ad30fb1971dba236ffeb7124872fbbdaacfd302c2a2bf5f79d6618fa2a12be91b218784319827d325d12b4907ff0953468e64f6850f16c939fc22e0e490870cf48e562a97102df4cdb29fd90113c45e45792286d6cd9a36cc19ed", 0x98, 0x7f}], 0x1, &(0x7f0000003140)={[{'$,^./%/'}, {'-'}], [{@fsuuid={'fsuuid', 0x3d, {[0x35, 0x64, 0x64, 0x64, 0x39, 0x34, 0x39, 0x62], 0x2d, [0x65, 0x64, 0x35, 0x63], 0x2d, [0x36, 0x61, 0x34, 0x34], 0x2d, [0x32, 0x64, 0x35, 0xf5], 0x2d, [0x65, 0x64, 0x35, 0x39, 0x30, 0x31, 0x30, 0x61]}}}, {@dont_appraise}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}]}) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$alg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000024c0)=[{&(0x7f00000000c0)="5447adbe7381690b2843cf3d902a3ce32ee32be0c9e5e4eabe55623038a797469a8d21f094326aa22dcc76c929e4d0a5ddee7602613b3665ddc73ac4b611af178b5d232155c45f338fb5f380f5c1cc57125fca01ea8e6312eca397cf95e6be9aadd9e242", 0x64}, {&(0x7f0000000140)="070a250a37a502f28430aaeb34e46b5e674cd2ed39664de149fdf2a06f26bd2da3cb5a48ee8e7344f8529c8d2ed381668439fd7ab1492339981e44fa92a4076489fc791b69385dba6c6c47e1f623e2e8af3b1c4fce4602ca37b05b3fff65504b2829ec74b71e2239255683f84c440208835c30f79ecfd0c0356291713ba60a098efae42f9cf4207c6c6724e31493fdb3e25ffa9ea67d941a49c8cc09d66582b65d8442d1510a30adc2d4f27ca0863376b7aab8f2a8585c536d712cd5760d2fd3218b80", 0xc3}, {&(0x7f0000000240)="bc7de100222c21963ac9aa1049dbafd6de9b4875753d39394ccf9419607536e102efdc15b49b289a28f504b1b726a3edd117ab089e96e8b2573aa2bd6465225b6b7dc7358e09fd26a114b9d7559139979f05264a61468065820ff2c8905f74d3533f1feb3c1ff4adccad4c75d1dacda716f95a27012042d63074e653345de76df7adfb7fd8eba5796a6d2831ac69e2ddf7e30c8360ab5820fdcf3bacc6d0f922e33d0b056265426e41349c10e9e09bb6cd82ca4a9a9d3655f608674e3c284c4803d67f9cd9a775a992e5c919f0213a9e89420636f1d571eeeced91c6878a56d43c8db2bea7580e444d68ed4ab9d60b404b19869d7088d213ca044f7081d219d33000dbe3c41ce9918d603bccfd6062b5713a082cd31f106b5c81995e3345a2fa042f45d9b09941c25cb6b53b66ad08521e674423c3730eaa03341d4780f4b7ce2ab4468f337e60cd9642f9f820949dcaf2b11754567e9d2f904442864e1fba1d6845e315c164a7bb9ce8edb902541586836bcb7c0e5d74b80cff3d016851d08f736d0bb9f1020bd13a42608aeb04f3cd2c925ad5611a3e803d71784d3be40ee5d07c13b76e9590c37e651b0e9a003746032c3bfda5d28cff9ce5fff759d86f0efac5d566d8c970b7bc7b4164c8ed716f819bf5c3976b4c7d0d1be242345a5a9859f5af4d17e8f953d69c28ae1655d1589f743d0efda7bd5f8f7691d9bf71f42e7970700995bcccd41b4e60806720a2e99465636d5400c3f39a1c5a20fb9a558332dda12d10e7b20d1f3ee094fddac236154ef811e387ffc379ba3bf80db7b83900e13b379f64f94220bbded539294d132198267364a98c90a0b7ce794612445947d4b23a817815d8f83a548c61fdf599b9b1bb5853fb9ef48b30024d2e393518755f817f1736f89dad10b0f4280c3fa1a61e76a950dab5630cdd00c5ef0d605f4af3c7e9de5e41e095f749cddf757baeebf7c675fdeffb13d2702dac6d0fd38b852317781c998058ade85ad0d1267f850855edd6871b9fa02ca2ce76c2b05a691d7d1acdaf3ce5b7ea364c8eab1738517b66790ff96f08f7231248ee7f0f78b496aa79a0734015fe932b867bba5a27c1b044bb0ba7cb12c3dc839c9ca9b468a5c013023d14caaa55d963354b413538dec53814920282d59ffbb105671f53afffc3c80d9f69f1cb4c2b6604f5ce18f70353867eabbf7277c346702b60a853fc7d14fd7beb8f4e3b19f0dc83cbdaa9c8b6935000855991e47159929988d103f8f9c9fe8a6cf294bdfaaa416c69fb378c547fba8344f226e1fbd1ca5831e9dfda6956ecaeaa27b0a74ba505d5205a8cd8531162481d687c8dd125d77d98ec9a93e4f4ce0c88d9a5ab97fcbf293000839556f6509f26d690528c58ebe9c221a2b5f2f3130edfd993eddae38d2db97ab67d86fb78527be8edbd222962848873bafc09cd8e1de7a48933875c3f21e2efb6557ce0d2a71f72003fb1e39222e0532969228785ab94d41783ce3e1ee7658a1b23ea40b6d799a96147b870bba66aa69bcd91d474862c7afcd5ac3b23601bbdf0ac4e7300d60b4727505bc2bd40c366c2477174c49014688c469312a7f093804a3d90e3786acfec5241d5354bfc7f65302cfa94347d116d0c9f04b039269663933a0e48c10f6df3f15737b4e63a7a20b3708c36bbf123a8eb6801b7b0a0925b36f3fb017c5f1354b3404802737e1b329ee52027c39cc9967d54860c7a64df96e1334c95af265f83779936c7ff0d586a369c0bb677cfb75cce2eff9d08df12ce60445c116abc5eb98ef6f9b7e3521cc7db15c87ac26131da29ce521a723063fdef68e70094031bd6a09d06f78aeb8ef1c341da9ff74bc3b8f258ed9a3e62f407d3af7177745c32b074b8af710d94aa15e58441685b8386d68f1832eebd4a5282deed48f74d847f9c83f3f9bf8412e02b35a443f8eca04a4b5c26e3874938fa1e8e84f7b630cf37e07b4f2216ae449947e9f0fea4e6b57f9a96a81b396b973db59e0ff133a8c77f9343ac9ab5b6a145ea1293fdd65561795fbf3d839db9dc089318b7c413b567b19520afaf71e31048e558b408f97c68ef618fcd3125863f59c4fa5479702849f65a7aefad19a60235e38edbfd4a1f1b18f4417244783468088ff68a1cc539bcc2dd3ecaffcaf63ac9f1a9ca9a49bf14e40f61da9bfe8c03aca8a02e262bc2e0caad68fbf32a970b1cfe90d35cb50d1cddc0813799c621baec128719382b3e1d21540a7fb0d883008497bdc6a285865335c59d4f9b3c9ec60f60936c7fb9bad76c7493b141957345bd0c7fe7bad714352909cf0a4f38e066029780b28415a00b134a8a0e0976aa2a8c2488b10b7d61c4a44f634a8e41fe14ceb46bd431b47c805fe0e14e19d6e0d53dd9832fe366b9d4417c69efe7be16d25f35966106fdad60a8a0af1b0040dd7d42cbda892b88a3c9cf3ddbb4c1576177919322e99880634c5442a364037d2105a589f1f4e8aeed39b702fa7e9fe73f3d65c91d9d23bf598c0f0a4b78272ab2ae88bb0083c0d7b65c65ad463f81af6a8895ffe5a4cb17a9d2689850aadc0f7da8354a8ec055eac88b764701ef086d8e76a1fe32dc680cdc6da0555ab8ff98d37a2422ae92d0b0fbf57aef830a1db9b896cfe5db19d70d41e50dc4bc96067f8ebb8eea765ce6411bebb19543e5ccb4c5d742ac7567e84fdb300cc9a6d502d9246f58c5d95b517c6064c406a378a848d99f3160d4fa2980d99474190812bc9bd6a829b338ad3c8c370356eef8143dd62132571bc6cc2631eb3970c56f62af6cd0f6fd95dada59f39ef7ab05c693a24a79d89cd14fd13f5b58daaa4b8dfeca709bfbbf7b83218d7e36e2e6eaeabe9e6e145fba4398e22891756dcdfaaf953455898527785c1a737821d3eccf48cf16e106bb42a072c597753e67f1865cf6b065c0b36eeeb4ed9e487f9834f76581cf634ed66d309f08307e34bee6f137af08ae70c35a30d92f268728f561e1c89e313300db0a1bacca57096cbdd3b8b982d413f4818778af7662972125f56e9e589493823a642e189c87a821e6991a91361063bfe2d5d37fd21df66cb9f18d00409b24941081dfdf1187909a82b9cf8553512c495d36ee26777fafd40f5a1268a34f5b62e509bd1fb867f764a477eaa039a9b01cdf3fd70381a33b6714433fcfbf9b8fd3d28e7d475feff9feb1423614d00a4d7506fd24825b4ea120fd2a0d961c3fc9846aaf2b4fb5d50aff95c3c83903957e4351393d737c49e165b7e936ea97534b28e9bbbed9621821d8ca749bea480ff45e49871c2a9e4d3a3f0ea5cd3a1e4d12dd524691d74c6e0195d3dad75c68fef168f35f5e2588b61db8ebc1e16fd79648ebd68d77cdfcef801437ffad5aefc9e3e289970a9f6da20e66d26a19f83b323e9c8a816c1d7b8d0b6a8abd45187b67113cb885f2ee6e874f34982e9a0999a49eda60e007afe8def9630d0e4b46ffd96f9eb9323072afc1828515713cd9a30d09c218431108fe84c195e1d316a86e22dd16f0d07f1906f982e31539bad06ced6f875e8bb53eebd17f6c73ddea15d198bffe2b9767d999db505ec3b8e5aebd19e3eca666d11fabdb28359516322052b71572ae1ee8d88c410d0d5583bbdd76dab6b19b6dff099aae341bd57c589999032342257e96983356b61884cf3b2f8d9389ccfb1ad7ee6afaa615e95a33cb058ee90d9ccdcab265cba4e47cbec595fbd613512337f8414d192c8b85e57076a42d20cd134ee991417510530006477c70d1d09f242a0ad036e3e0755858c70fa8a0f2f10a783659bbc40ca49e8223c7e8deb6e7a9e825fb1fedbc0e1b896549114815623491b937d66f06efc5eed6ea7733da4aa8d5dffac9b92e3f59ce2abeaeb6018b4a91f3876b95a5e68a50726e3d02a5187a1fe91ca1af1b687c30cbf1e0cfac515d320b875be13e385d00de2ab1f52dcf800b7778602976d217933d39ffe9624123958d489e5aaf378fa77ed670ad19fb7b6b3ea03f83a5b1844023f48626f695f0727081add515495e154b173429d6f6d0a3c6f5882c55685bbae40c39db098fca1f9d323c0c1aa340f7f04f0bce1353bdc71d7f876fca3aa745f7c92b791a648a60aa748b2f7fe374bbd007c9ef550989d1284caa624edac89cf1908c643019274155a81d7123ef1b2593e55dba7d44389c4f82c8bd5ae07f75de8bc5d947a947080daeb23da5a7d0fcf93ce05a33ecefab5eb62656843eee7248c6b35b1663e2b3744d9dd81f01aa72c666f0ec538b0db7af6f15770030a4cf69edd54e3e5d9d6d0e58a4f1e3b396173964967ea90d3164e1f36554454b47a947de042094e702b07d263ae2af8b44536ce14609ac7a84349e8bcc60f0910aa550edf94dc40accfb85449ac267bbeb3f108fe2f6ae5521a5b05c522c428826482b1db0f327028e377c5fd1d88b18204168a1251cc7aff69b3f480e6441b0b9721843062140c172a5a0a9c1957c20be63226da3e22bb6d18a6a4422c04a5560cd54690bed317a881f695ba3607bd2aa03cc7f2415312b34fe2fbfa3c4860c494ef1987446c71a12024eb44e6ca2d69e440bda62d92b6ae13f4a5ac7dec82a8d41739d690127463bd93da02c36aa854536eeb99783fb3b8eec83aa307d4d785a72826f07e3de5d0343106b34221b9eb2c89651cc8b36e845c3692d4560ffff3dfc614badace0de9eeb9cb7636c430a391d93be11de6b3cbce1ab47df6922085a6e111a984795f70c77bc092172467ae17c148def9e663f2ab61726f3b62be4ecb631f15f8f470b872c2d0b3d9064a0890573dc13dec3a80d05b0dd8947aba2ab5e7a688b875eeb4583e4dea3be9cd158384888f0201dbc2db046df2d67460160e258a99499781b28410b171a3809a96babe48992e1e4011e4f14f288f8c8d68c8e0f055a2da5fc4bd1316cccbd67c603399dfd67879a85e12f82d62318a74a1c950d36537d3db5cb8bb4d68947c23ce65d483c8dbe0ab1186326e7027a11722136c67a1ec79d227ce395a11c536c689eed58e029842717f953c6d8288e029b1491545c2b13357ef052711b6aeb08cffb363842a5e098d089fda2c20ee7ab327c82e4461928424eef302e481fff6bcd7b20d50207ebd3a3aebce7d28021a2eb494a6aeadb2efc03ad380ebc17d769c2fb251bc770099c79706820936083dbac49d0e377fda7c5c5588b2cebc038d3eff5183fc1723702e220e30fb13e934fa677a82642d5b52be9b7b2f5e1a29422314071723a9f42ee99c1d99d5e445dc030f296c9957cbae372399baee5ca1310e918f52f342222dd9b988a1a3fd00d6e21391c7ca31fa7480c2b82d8436ba03866ad3e03b0197e330f4036d0d796d49c220a3bc7542abe3992d082bec9487e4dbb76edb5eb904ff2d120aca33865a260b6b78f85cc26f19f391948071445cb65a1df206bb635567e17bd3bad39f9331696106fd4a243cd27d3a9c79dcef9b86cf0696b3c7cca1463d03b73db5fc66d77c540fd90dce5e649d6e6bf271bf49cc054b4e09b3675121641c71666541c16d6a7be5c71c87451e73b650c2083ffa48d15c9dc8ff55669e381a604d20c54e3402d5e0733d708072f0e5adced3024850d30238b3516e03bf555a0cfd8e897cd780fe87263d1c9e74e75c6efe5dbeea9fd4a356573dc734062f078e978372d76b5bc47925dbbbb800d221f7c68bdfd6ddec65a82a46dc43c6475bd716106aab2a1994805e8974a919a5b514b4eeb0f9f7d07ceeec459350ec057e1e57446c11154d94a85f31018354c3da351186ff6cd", 0x1000}, {&(0x7f0000001240)="548ded53c17781699b1e2b2ded158137ed57be33730c4aa372113680bb70fcf459ab61614d7f4036cfafa0490b2b8e2730e65a436736e0b4d014f7b333d615b298deb9610dfd4329ad9750a9f737d4e5083cc74aab9007943831d13f25e6d2ddf79f17a90c21713907cf2e6babd70a98ae23a81d98b7d3b2d54cf20cc0b0bb4e33093ac2dcaaddcb41af6e51c770577a8d751144dd3fa28eaf8befc001907435033ad3da6661bfdee682455fca55461a18dd70843905bb7ca4d439700066abd48653cff3be632d062e2da6514c13556e80c47a23f0261b28b253049bcde3e20bba4088da382a5c35efa99248cfcf6f9e978441141980f9f390cb3f59d2fa6cce7aba1632f6d1e4c8bd91e97d65efa3806cf8ac959ccda20342de8acb6653c2c03a9e703d66824c807349a70b1dde7a38bbadd61f9be04fc2f599f71e96c6a17bdd1b76aa3638578c58097a9a13e98da5386404ab0047178b31c2dd1b0e9817f551bf721ec9c24e4242722b0456bbf741b19ae2e4d1e0cb38d7d6c8e7d79b4075d42aedbd8169f2478d35125f8385f0b9de10ef210bb2919cf25ca30a111c243716c4eb235b1e07b9f503a80696a84fd1a6cbae24c2a2c7ccfe6a82eaede01f23a90d33d968baacbf4eb0291cb02ec4b2085e5cd722cdbd0af45e522b5e7d37e1a497a5b51846c6eb009bead114dccb546e8c0a7029aef14b1aca983b451a04d51174f881770af8e36bc8f8b50f8e41ff2c3576963f19f160307a8f565b2b492524dabce9f9128b146548893c6dff9bc8a9d1e801d8c2d398ce5f58478824ac69fc15e3e4e0f3c235363b5a09736f10266eed34acf674dca8a4c700470478d9e13325b7c62281b0b2aa5defcb3090cf054c10f2e52b1365c05479f2e77552af51ed12fb306311179ae7771fd31265c3705c2e6e54f4621ec25b85e84536993889979871fc1e4edc3e3442069b42e6022d73de0e96b462b340ebc643cdec69864670bd75bb4633dbcf9b2dd52dc2f778cd47522bcc903b6c810c41bce9cd6c7cf8bc43213882ff98ffb962b0199cb6f8c556b6dc82f5bad47676ef5bec628811cf8e416770d2e88dd8cd602a63908c341db282f8318633869db8a538f91bba63c853fc2834fa6c1f208ed7ccdc69b19acaea9efdac0f153a3d6769e45620500b560831ab212c34f7c24261a72817f8c343ed3e29fc65dae6530175952c03e03e8ae0841f2a7eda3d993a8d446537a7f845dadfba5394c584f3913428551ef35009a3bd4d59677794d909fc8410c5ef8b6bffc4329610b3d30c34df96b69ab3e1a08bd2d9a58d4cef76ccd61ffc2fc43f70ed9c44714435da0e00115e15335adb53ece5fcd85902a5f5b216cb9989e4ab38e152a2469b116bb2a66414adc9026d4cf83510ac368282fab61fa1406fbe265b09ab642ceb139b8a5b5c6dc135c1ed0e8941da37a1fc74c9791ef5f194b159b89b3c66291299b48b42504a1743afb0de2ae65b60eb33f3d54de1c1e927e06d6b26afd44a01b776147ee0022a59a1933f618f5416f2d6003ad8523bf833eca479e312a1d4d01d80128ddb9ced421bcdd4b8e5bfa1065ebd521cfa2ba4bb45e06bc0561b5e436f3b6d14c9e4a09180cd1d1f97c8b4661fd9ea3b1b719655babbf9db8cbe261c3b10633861430c3572588780e2a81389d3e909478ee80a26abda508ec07fcf1a69f5933dcc1e237408a67296a56267f3f4e8846bf0dd8ea5035f2763dfcb27ebbec2f96ea5fe40ec3935984bdd820657b2ac532ac53826138c73c97b668a050e5445de7f9f65d7daa747bdf37aa8837bc752cfcd62f8b0a737ee61ed98d88e99543c5f90bdece25b1bf8ca7610f8ac5cee6850b8187d0c0fbc7df73155b3ec9c58b4ff160acb8e56a4d929af47e8564999b630762ffa9fe15166e9f53d124ad1c74c762a333e9d8144bb33bb4a8374bd5df54e72b73e2d7977398056b01646d48dfb75f755f3475f1e0d3367e88b15cb638fc944e0a54e522b4bb7bc1d44d8c9a05c4053207192e66011c32b87aeeb5b14fd52c4df8a5a05f8b646c6aadf0eed7026ea7fddbbeceb6436bbd5aeeafdaa57032f21823255cb6d4d805251f9f62c78e77ab99446fb82f60d03e5b139329f7f97cbf5f3b5c42f77a4345d7d7393ba2bbee033c17cd3daf52dff9c540c1851fdca12b49f9b949b1a18345a38ececb956d653e12b772b0a828adb47e97031903f4aef755b5776c60653d91c185693bdc8a10eb4cdc6460f7c09752c4102e96f1f536b1fb74a3b4c7c00e2d51374d36ae524128de4f02f60ce60f02bcf75b3474591c6951f25d24edbfc57702174950d71e9389ebdcf82dd29556466b2110279c7624857b83e1b28cc8a34e33b328ccd42770eaa470bfeefe56aad47113336aec9da35928e18a47e8bdaf4d6cd5c7f08db268b2d60cccc76d2cc6e2b854be66cabc242e4aa827631cbd0f612f10d2e6ce5c417f80523c3d5988b6d171b055f15056223952b2a9bb63df0e98fa3d7556dafe2d02d39ffea3688ff25170591fd66a335066e1ccba27eb545bcbf1b242681469108dfd2c3109c418caed9bd9fdfe1a1db4143beba1c2f69aaedba12115cf05338b994749b43affb9f9eb69f1fae466a1ccbd4ecf4d9d3824684dcb747113db5fed20a848f25e2943af45d7d97f09bbcb4f174859497664f304d89045d0f0884a42183820281ee47a5726768ced18476c1a2511bcade3e5a2187ba1a9eae5b2ec77853234794c001f5397ccb927c268472ee3da4e7ec5055cf60eb595c04fefb3f0469d02c99e93abe953f594119dcfe2a98436c8e4643b052231f42cc20736721b997d8f1e1953ffe38de9d07d891fcaf09f79e5376ee2150488b5bf3ceff7245b54306bd11fcc7011b703e8e32696b02a7afb89404e2eccec5cff7137f6d8d8eb4e42908b707b5711b6aa918ce7d8475b38b11288e7eeac2df00d2b3cb57c91b95d589b93c133d6d8f9ef345b1dc881f2eac4a38cbbb5430fc1c2a33d9d9044a4f8d51bfcfce0181e2d9e8cf980f08c7b371a5182b3ffac8942c496a50467110961decb19f1af12a7837f936ee4e5373197ddaf8c9874120c28bbefb8c9a2585766f1762d95a47cf4ec9bc030ecdae99e6309d5e9411c0e4cb4df19ffc624b9700d32ed348bbb046fb2f600ca3498fc1d5248fa37b74e6912fb7b4ef4e8bc536c85612ee6b709914b9d5304446e7d5b07971d6f419ad1f74e273112ad41b090b5951029d435c59ce9759bf92a197d9a8d8445cab3c9cd6bcd7e9ccbd970e90f62f077c840bd7af5af94b1add802a30d0735e66a03a82d7ab830c77d885b3429c6eb9afd4fe270958d9fa0532c9d1b9ecb1c0ff25707a0326fc337649b360bf584d68ac346e53ba794802ad28997d0e0bb96b59f33e8414bd40fdfe0e50dfa011a68634b6b56dcca9a251cb284bf122b25354d708e109c5dfe58a49552641870c088e181ea8c527dfd661aa6c42f6b6f15a6363f0365ca0ccac0510ce41c3cb80a36ac0c241284bb44149e4e13bb9163d0c8568c53a97ebfecfff8d6f1528edb14458271091c21a58f897858573c54d6888e420f02dc59120ced373dea074ae4e039cb96bb41ba359f0ad068e51598ef848fe38eeed992cb9b9f0b5c3909dd7de11a870f594765b6cfb312ae599953829399c96c3c8bb2ad2793c173b51e74ce9674c50473579810f8a21134f6a81624c930c0d26c31f7751e334edd3313c166f30b87e1121377b1f973bc2a9b31f63660805fcb1175b217f483f162c96270cc3efe37410fbf3f62f27ea15cc8bd555549cb8aec334a02faba97505977f140db788dd0e141c1e76547dd8d0fa32ae60b5b952c6e3d9fcf523fc019584464740067eab2232bf37de83a694d4a9dd4a8b7ef24983eb013cf1e0e18bb33428acc9ad5af83607e02bc26335c8367bbd689b072e1f50f097d3e2dce4b6931220984ac3d79f46fa4b7495e0e98bd781ac4e0e947fa1fb4d7c75006ea7e14d02f09cf18ecc77d281aa9ddf27e919fd590d205ead03a04cec6a7a078a23af2079715fcc017f4c8a013362cfe4a7aa815d222797c55b3e406af555ed63839c4ce86b738cbc9d96a950821ced0eaba2c78f6b0be4efb48c63baaef8f3530963f859b84315926e84890888c7b51bca631c9657c6f780225683ae92d29e7a3b9ec29a80cd72c40d4c8cacea3ef808a5afa7ce683901be7787027e8e1f457388f422835bf107ad1e6587353793753d26a9292f025552fa72d79f61b7d3f41e80a4a225887e5b320527ff3858cee69431acb3ff264b5f1d0132011710a50aa8ee7e1e5cbd4474a496473ef9b5bfb3b93e8f23d509d78aa5263b8f7c56ec4141e5f959184578cfb1ff3f633d75c82a42b88bc388bc07d9fd13343d0c19959cae2776891281fbd2a3052ab0ddae85d30022a935933fbec754e59f3cb7c6c5829eb71b8921d2d1769b6214a9f58599afde11892b9d42f96cd5bad68597e9aed6a6ff6166572c42eaf5982482f8300964ef84334992eff06c4f2f044752c3b3992f58e29e6e7da3af5fcc729db82814e2299b4fee2d1ce31905d01b7250cb618fdc3d9383d90a7fa93176f59924b60a3fdcae4a9dd5a3be570fb31b169e905813be7c3cd6bf560e1842dde6e79a54ad021c0996712efbddd2f8eab3ea34d887799009374433143302e7fa10471d3687fa8881bf78500b1efa2df65c2b17f5aae2afbad3146a1c4add0850496e4fb4346fe7d5b9a33663d0f7c1fb822a657a67a80bcd6cc0ec3485b434f64a3c1d38dbf9d1775df1467a1d0301c2561a48b19162b8b7b5bb552c8a819ff32b99882c5ba56c298f9d356fe065f53c5e61266b860856c05e8c1b3a3387384c8d572f35c8d6bfc0fcba74788bf0ed95e411ed733794879ea4adbaf2bbf2eb9bba057bb4939741dad940c19515680a9e0ddc930e157765c6e8375aa0a9a0b79c7a6bf46db8703b7e0423eee4ee6e5dbedab0471ca95d4840a6a35618b851c5933d239f664674de2299d22d854e8f3a9860957a6cf3273ebbcc31f1fc6da1e044775fd572d1901f3fb105ac6d16f27a6ffd8fd53d7bfa827da342d34212cc18937d9262ab6be80859e40216bf6f4450e0efaa2522a953f08b78df2bb4be02fce9fbbb833360fbdab8816be63794a2b666f7624dc34384e85096baae8befc19948004fcf07644aa048da8bc52db62fa8da83a8f0746d9d8b6682a8e2ad3e926434a09bd7ee96c8c0e283e6482313319b6c899971c5d177fd35490f3c6f4b2ef51846c2bf724738b731d438ec78b910d78bd871cb4037314f5d63fa12920bb0ca1e4803622cbdf488eff18679530d7e5b8e211255a3435f6f9de55c5031cee4078241d2e0518198e17c89399346850880cadb8fe7530075ccc0c10750d135ad5bad3619bd8e4f1cc38daaf94dd5157372fbb7c72b3702adcdb3c28a102c16486970082245df7d58a8cc1b78e69299217f34aa1c22bbbe2a65452fa35925d8b22137c78afed325c55d86fca7da0987b7ecafd42f930aadf00511fdb4801a397c9dc6ad1598d4bdcc05a7c9e7c6cd861db8f67318457aea1305745c44a80f0abf7ff149d35c25e455734509b90bb2a4008ee75f06153e97a1962ca3701bced84827e5a9a7d24dbea2ee5b27908a5a734cf14c328e7350d5ffef6ced2a6576fa59040225609e27e6a35bdefa996af3f800ed29806e6ee83414b4e77c0dc0addb45cbe8e650471e7903206c5759d4db21bc7aeb932e4618e50937862a442b4f3971a43acf57447aea4150a5", 0x1000}, {&(0x7f0000002240)="6539404b698ac927d306b5e3acc5049af675cd0fed67ab34e3a73d2cd1d6b16fff9b73064320503fef3dc5984f7071919ee35fb5bc574a82682f9c4cff175d29a7b5134a81cc42f7f2fb648129b8eea348ab67fc630fa9a2659acc30b617aa21960db4ec9a56835214ce3f49a8ea9d29d8999fb13588d5c3b163f36ce977730417535b9f6f9c6ff60578d4e0ec24356dcab4a0ea89a2e23a7539715a", 0x9c}, {&(0x7f0000002300)="a7b0708eaf1f48f66a15d1a6f38416d61c7a1c0c94f29b0295d79b7547c9f8b2571ca5a33488ab15d40cc5710add86dc46a9865d358dc4575d04b1f5f637cdc530d4de77b255815715189577396a7c94c91f0a17d4c0ad52a18d509c3a0cbf16bce55f10fc7cac9b987cac399eb3a01314a816045e936cecf6e4c78fa5d4323f58a775d05c3100bd4f78", 0x8a}, {&(0x7f00000023c0)="112d27e33de4a2f5481600a1c0881e42228803b816a7632a914b3f9d82defb5d0d06672e5e5510c0819a8ad1460fbff12b2306c4b9bc1e63b32b3ae1a412677ff24127d638de7624f5bc9b63d06c760c6421d02fc3fa18d35b51ab9081dbc8389c8dd199dcca749267fa9b421bcbd55bdd93ff3ef481a150beb936ede7663e8357cb18a4e12c0d555c34e0ca27e2d64dbc6bdca3a297d402070ae17d7feba1eaa40ea1c162db25957d5b073ab86138b61396918eebaa14449593da95f5a647219aa8e993081c065d5bfc54a4d4bb84d261fa06ee3c6bfb63074f", 0xda}], 0x7, &(0x7f0000002540)=[@iv={0x20, 0x117, 0x2, 0x9, "2736248db73e641321"}, @assoc={0x18, 0x117, 0x4, 0x6}, @iv={0xb0, 0x117, 0x2, 0x99, "4c0b070ca8032ddf02dbd52af87b7621e1f3ec34ed40b8428247dbc87c6384326b020204fa5e8d88765c1987c9bfa56c66b352f1884b9ef9e890b987c42ea15e90a3cd689fa1794a4ac15dd7fbf26bb730befd3986cb0ccb5f601e89e23e3956a4b02772abe5b94445fb8aa09505c57dd5b26f1222b0d42ba5d413c01e28c74ffab7784ef014f65fa9f18d3e7f4dff13cc3647e95c7d055f68"}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x10000}, @iv={0xc0, 0x117, 0x2, 0xab, "e087f498672b7f375994b53c4248098bddce92e072578b621813b814bd7a9531ec510db38d4225db48045b438c949ee677cd50cf66015eb92450990497cb25a552666a757bae08e83717800a4900edff09e5f93fecd50902da8e40335b72ecbe37b25789f02ae59d7593b48e69de90f23660e08620efb344e611c7cbaba0953a9998607140b6cd01c735220c1cce1f3bdb18ea6a2304cc64832398b20184c84a95800c66c163e24272a44b"}, @assoc={0x18, 0x117, 0x4, 0x2}, @assoc={0x18, 0x117, 0x4, 0x80000001}, @iv={0xa0, 0x117, 0x2, 0x89, "66720ae2fd0c88aed861a0bd50677d87ee0b14a12dd045e6bc13bfd8274d808ec916764d41206a4356f2bc7b36ceb72815ce5fb09590e97a379dfd7178231990ef0308bf31309a4a00adef338937c2d8268d28ba0e64474357610f7390a0088858af5515a45b366e506ea8abf41833b1f082894fe18fcd2e6dd988e820b8da87f8dde4dd53581c64b4"}, @assoc={0x18, 0x117, 0x4, 0x4e92c2a5}], 0x2c0}, 0x20020005) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000002c40)={&(0x7f0000002880)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000002940)={&(0x7f0000002a80)={0x1b8, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x68, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x400}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb0f}]}, @TIPC_NLA_SOCK={0x78, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x456}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10001}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffbd0}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x87}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5b}]}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffffffff}]}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1eda}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x20040081}, 0x20040080) [ 1067.337406] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1067.344658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1067.351910] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1067.386881] qnx4: unable to read the superblock [ 1067.392743] CPU: 1 PID: 15681 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1067.400638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1067.409989] Call Trace: [ 1067.412575] dump_stack+0x1b2/0x281 [ 1067.416206] should_fail.cold+0x10a/0x149 [ 1067.420362] should_failslab+0xd6/0x130 [ 1067.424337] __kmalloc+0x2c1/0x400 [ 1067.427874] ? ext4_find_extent+0x879/0xbc0 [ 1067.432197] ext4_find_extent+0x879/0xbc0 [ 1067.436349] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1067.441807] ext4_ext_map_blocks+0x19a/0x6b10 [ 1067.446304] ? __lock_acquire+0x5fc/0x3f20 [ 1067.450546] ? __lock_acquire+0x5fc/0x3f20 [ 1067.454784] ? mark_buffer_dirty+0x95/0x480 [ 1067.459138] ? trace_hardirqs_on+0x10/0x10 [ 1067.463370] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1067.468737] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1067.473929] ? trace_hardirqs_on+0x10/0x10 [ 1067.478162] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1067.483006] ? ext4_es_lookup_extent+0x321/0xac0 [ 1067.487765] ? lock_acquire+0x170/0x3f0 [ 1067.491742] ? lock_acquire+0x170/0x3f0 [ 1067.495715] ? ext4_map_blocks+0x29f/0x1730 [ 1067.500042] ext4_map_blocks+0xb19/0x1730 [ 1067.504194] ? ext4_issue_zeroout+0x150/0x150 [ 1067.508684] ? __ext4_new_inode+0x27c/0x4eb0 [ 1067.513097] ext4_getblk+0x98/0x3f0 [ 1067.516723] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1067.521051] ext4_bread+0x6c/0x1a0 [ 1067.524592] ? ext4_getblk+0x3f0/0x3f0 [ 1067.528476] ? dquot_initialize_needed+0x240/0x240 [ 1067.533400] ext4_append+0x143/0x350 [ 1067.537110] ext4_mkdir+0x4c9/0xbd0 [ 1067.540726] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1067.545377] ? security_inode_mkdir+0xca/0x100 [ 1067.549941] vfs_mkdir+0x463/0x6e0 [ 1067.553462] SyS_mkdirat+0x1fd/0x270 [ 1067.557159] ? SyS_mknod+0x30/0x30 [ 1067.560679] ? fput_many+0xe/0x140 [ 1067.564196] ? do_syscall_64+0x4c/0x640 [ 1067.568150] ? SyS_mkdirat+0x270/0x270 [ 1067.572015] do_syscall_64+0x1d5/0x640 [ 1067.575885] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1067.581061] RIP: 0033:0x7f2e61d65157 [ 1067.584761] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1067.592456] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 [ 1067.599704] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1067.606960] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1067.614222] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1067.621477] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:53 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 32) 10:19:53 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0}) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x8, 0x0, 0x0, 0x80434, 0x0) 10:19:53 executing program 1: r0 = socket(0x24, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r0, 0xfffffffffffffffd, 0x4004081) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) 10:19:53 executing program 3: r0 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x244, r0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x20}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x1}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0xffd7}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffff}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x80000000}, {0x6, 0x16, 0xd674}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x13e}, {0x6, 0x16, 0xd36}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x7}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x2}, {0x5, 0x12, 0x1}}]}, 0x244}, 0x1, 0x0, 0x0, 0x4004}, 0x24) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x604000) ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) ioctl$SNDCTL_SEQ_CTRLRATE(0xffffffffffffffff, 0xc0045103, &(0x7f0000000040)=0x8001) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)={0x244, r0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x3}, {0x6, 0x16, 0x20}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x1}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0xffd7}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xffff}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x80000000}, {0x6, 0x16, 0xd674}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x13e}, {0x6, 0x16, 0xd36}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x7}, {0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x2}, {0x5, 0x12, 0x1}}]}, 0x244}, 0x1, 0x0, 0x0, 0x4004}, 0x24) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x604000) (async) ioctl$BLKTRACESTART(0xffffffffffffffff, 0x1274, 0x0) (async) ioctl$SNDCTL_SEQ_CTRLRATE(0xffffffffffffffff, 0xc0045103, &(0x7f0000000040)=0x8001) (async) [ 1067.637224] qnx4: unable to read the superblock 10:19:53 executing program 1: r0 = socket(0x24, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r0, 0xfffffffffffffffd, 0x4004081) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) socket(0x24, 0x0, 0x0) (async) sendmsg$TIPC_NL_PEER_REMOVE(r0, 0xfffffffffffffffd, 0x4004081) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) (async) [ 1067.664436] qnx4: no qnx4 filesystem (no root dir). [ 1067.677589] FAULT_INJECTION: forcing a failure. [ 1067.677589] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.690194] CPU: 1 PID: 15737 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1067.698109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1067.707464] Call Trace: [ 1067.710057] dump_stack+0x1b2/0x281 [ 1067.713704] should_fail.cold+0x10a/0x149 [ 1067.717864] should_failslab+0xd6/0x130 [ 1067.721845] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1067.726942] __kmalloc_node_track_caller+0x38/0x70 [ 1067.731859] __alloc_skb+0x96/0x510 [ 1067.735468] kobject_uevent_env+0x882/0xf30 [ 1067.739775] lo_ioctl+0x11a6/0x1cd0 [ 1067.743384] ? loop_set_status64+0xe0/0xe0 [ 1067.747717] blkdev_ioctl+0x540/0x1830 [ 1067.751596] ? blkpg_ioctl+0x8d0/0x8d0 [ 1067.755480] ? trace_hardirqs_on+0x10/0x10 [ 1067.759708] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1067.764794] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1067.769801] block_ioctl+0xd9/0x120 [ 1067.773422] ? blkdev_fallocate+0x3a0/0x3a0 [ 1067.777736] do_vfs_ioctl+0x75a/0xff0 [ 1067.781525] ? lock_acquire+0x170/0x3f0 [ 1067.785521] ? ioctl_preallocate+0x1a0/0x1a0 [ 1067.790041] ? __fget+0x265/0x3e0 [ 1067.793502] ? do_vfs_ioctl+0xff0/0xff0 [ 1067.797468] ? security_file_ioctl+0x83/0xb0 [ 1067.801865] SyS_ioctl+0x7f/0xb0 [ 1067.805213] ? do_vfs_ioctl+0xff0/0xff0 [ 1067.809184] do_syscall_64+0x1d5/0x640 [ 1067.813079] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1067.818260] RIP: 0033:0x7f94265b4e07 [ 1067.821955] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1067.829756] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1067.837019] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1067.844281] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1067.851541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 10:19:53 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 41) 10:19:53 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) (async) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) (async, rerun: 64) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 64) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000000)={0x0, 0x0, r0}) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x8, 0x0, 0x0, 0x80434, 0x0) 10:19:53 executing program 1: socket(0x24, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) 10:19:53 executing program 3: accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x20, 0x101000) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x200500, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x3) [ 1067.858795] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1067.868646] qnx4: unable to read the superblock 10:19:53 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 33) 10:19:53 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000002800), r1) (async) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000002900)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000028c0)={&(0x7f0000002c80)=ANY=[@ANYBLOB="2c0047000000000000005782857a7f7e1f551942fd77b8ac04ff4a78f3d236dc088d7e7ecec31625024d6a3c0f21ad2a3b6d4ff1a66c4a36e233ae207cbdccb1f97b3b43960289dd7db5d2cd90770c8d57f82f522f7c8b4816e56c75baa08b181a4f30be4d55ec5e308d777baab08ac9c55b15a184ed781f40d386b16b99c8c7713bb72e1daa8ba66c4b9244c8da26eebc321b1cc0baa0675b28e01899404cdaec", @ANYRES16=0x0, @ANYBLOB="04002bbd7000fddbdf250000000900000000000000000000000000320000000000004a155e8665b439effede8c5130e2f999d55e5cbdbda5b4668898eab66028dc7ca7942a59c24642fff936b963e4af7da4f2859c1b153730672f661c2f2a97c2c3afdcc434c08c4d00000000f46808188a0c60a734090cf4a906a40c34f7fbb28a5cefb1b190077416ad41cfcfd920ee51475845533e6d8f9238125919b2c696e474338f3697fb62dec8eb244dd6c73564796e64bd3180deda245e6aaac47d8ce09cebd13513991283e32ce600000080000000000e6a29ec2b2d29af705dbea1d73c306088afb2b49b922c222e8a49e3b8395bc19e5f6fdea4feaf05f6aae8e7ab53c02c9244343d1b4ff32cd6d726cb2e5ed9a416bd208c9bccb141f53fda4033eb15f23710609f3ad8641be589526979260090"], 0x2c}, 0x1, 0x0, 0x0, 0x80d0}, 0x10) (async, rerun: 64) syz_mount_image$qnx4(&(0x7f0000002980), &(0x7f00000029c0)='./file1\x00', 0x62, 0x5, &(0x7f00000030c0)=[{&(0x7f0000002a00)="664172f77bb6bfb7efa31aa6e7f7a38fbebadbd0d562fa83cb899e92579c9ff54d114b82fd7e832584b054a3b74615d56187ce1a00888224918280486c8fca49dc793a73dbe785a606357878416c49521b01a7091e7b7a54bd9a9b11423764339bdf201921ce898a71af924a767b9bafc226e1", 0x73, 0x7}, {&(0x7f0000002e80)="236cbaa46982d72055ca9e8ae19d7727452510f528162794e12089ca48ee115d0ae3eb1222efef02914a61565b98bf07926653ec3f06c067bcf1dff08b84956c14855e790b9227c153345c7dfd7ad871265a5c85c40691ecaf72b65570583b61934f687c1d7c2deba7d3dacd608d12a935af41b878bc746a070c2960c6a7fc7d3c8ecd84866f6c4dff8a69d672cc0f760aca64a5fd5a21e4dbec6ec6cc1e3d54575395e5d53d641d16988d7a16600b647454f27f781b9ce23ba54443c03d1fbb69b78866c4bac7e623ea3038b8ea53f89eb07304528ef8b93d6e33683575fd0a8605ca724e436dd53fcab8e69446a9ab8f", 0xf1, 0x6}, {&(0x7f0000002f80)="6215822ae71497d156c7", 0xa, 0x24000000000}, {&(0x7f0000002fc0)="9e11b690eca2d4fcc1187f2f18f024a4be7832e5cf6d99637d85bb4e39eefad250602d6344ed407be67401b7da26de2129", 0x31, 0x9}, {&(0x7f0000003000)="d4cb1a2a1fd167b55d7c6b21803d4999f78b8f7654a738e849395919f06c35c58672ef34bb9c1fd075f748956cc11cfe1b31b80f590ed55e24b019c76d6ad30fb1971dba236ffeb7124872fbbdaacfd302c2a2bf5f79d6618fa2a12be91b218784319827d325d12b4907ff0953468e64f6850f16c939fc22e0e490870cf48e562a97102df4cdb29fd90113c45e45792286d6cd9a36cc19ed", 0x98, 0x7f}], 0x1, &(0x7f0000003140)={[{'$,^./%/'}, {'-'}], [{@fsuuid={'fsuuid', 0x3d, {[0x35, 0x64, 0x64, 0x64, 0x39, 0x34, 0x39, 0x62], 0x2d, [0x65, 0x64, 0x35, 0x63], 0x2d, [0x36, 0x61, 0x34, 0x34], 0x2d, [0x32, 0x64, 0x35, 0xf5], 0x2d, [0x65, 0x64, 0x35, 0x39, 0x30, 0x31, 0x30, 0x61]}}}, {@dont_appraise}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}]}) (rerun: 64) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$alg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000024c0)=[{&(0x7f00000000c0)="5447adbe7381690b2843cf3d902a3ce32ee32be0c9e5e4eabe55623038a797469a8d21f094326aa22dcc76c929e4d0a5ddee7602613b3665ddc73ac4b611af178b5d232155c45f338fb5f380f5c1cc57125fca01ea8e6312eca397cf95e6be9aadd9e242", 0x64}, {&(0x7f0000000140)="070a250a37a502f28430aaeb34e46b5e674cd2ed39664de149fdf2a06f26bd2da3cb5a48ee8e7344f8529c8d2ed381668439fd7ab1492339981e44fa92a4076489fc791b69385dba6c6c47e1f623e2e8af3b1c4fce4602ca37b05b3fff65504b2829ec74b71e2239255683f84c440208835c30f79ecfd0c0356291713ba60a098efae42f9cf4207c6c6724e31493fdb3e25ffa9ea67d941a49c8cc09d66582b65d8442d1510a30adc2d4f27ca0863376b7aab8f2a8585c536d712cd5760d2fd3218b80", 0xc3}, {&(0x7f0000000240)="bc7de100222c21963ac9aa1049dbafd6de9b4875753d39394ccf9419607536e102efdc15b49b289a28f504b1b726a3edd117ab089e96e8b2573aa2bd6465225b6b7dc7358e09fd26a114b9d7559139979f05264a61468065820ff2c8905f74d3533f1feb3c1ff4adccad4c75d1dacda716f95a27012042d63074e653345de76df7adfb7fd8eba5796a6d2831ac69e2ddf7e30c8360ab5820fdcf3bacc6d0f922e33d0b056265426e41349c10e9e09bb6cd82ca4a9a9d3655f608674e3c284c4803d67f9cd9a775a992e5c919f0213a9e89420636f1d571eeeced91c6878a56d43c8db2bea7580e444d68ed4ab9d60b404b19869d7088d213ca044f7081d219d33000dbe3c41ce9918d603bccfd6062b5713a082cd31f106b5c81995e3345a2fa042f45d9b09941c25cb6b53b66ad08521e674423c3730eaa03341d4780f4b7ce2ab4468f337e60cd9642f9f820949dcaf2b11754567e9d2f904442864e1fba1d6845e315c164a7bb9ce8edb902541586836bcb7c0e5d74b80cff3d016851d08f736d0bb9f1020bd13a42608aeb04f3cd2c925ad5611a3e803d71784d3be40ee5d07c13b76e9590c37e651b0e9a003746032c3bfda5d28cff9ce5fff759d86f0efac5d566d8c970b7bc7b4164c8ed716f819bf5c3976b4c7d0d1be242345a5a9859f5af4d17e8f953d69c28ae1655d1589f743d0efda7bd5f8f7691d9bf71f42e7970700995bcccd41b4e60806720a2e99465636d5400c3f39a1c5a20fb9a558332dda12d10e7b20d1f3ee094fddac236154ef811e387ffc379ba3bf80db7b83900e13b379f64f94220bbded539294d132198267364a98c90a0b7ce794612445947d4b23a817815d8f83a548c61fdf599b9b1bb5853fb9ef48b30024d2e393518755f817f1736f89dad10b0f4280c3fa1a61e76a950dab5630cdd00c5ef0d605f4af3c7e9de5e41e095f749cddf757baeebf7c675fdeffb13d2702dac6d0fd38b852317781c998058ade85ad0d1267f850855edd6871b9fa02ca2ce76c2b05a691d7d1acdaf3ce5b7ea364c8eab1738517b66790ff96f08f7231248ee7f0f78b496aa79a0734015fe932b867bba5a27c1b044bb0ba7cb12c3dc839c9ca9b468a5c013023d14caaa55d963354b413538dec53814920282d59ffbb105671f53afffc3c80d9f69f1cb4c2b6604f5ce18f70353867eabbf7277c346702b60a853fc7d14fd7beb8f4e3b19f0dc83cbdaa9c8b6935000855991e47159929988d103f8f9c9fe8a6cf294bdfaaa416c69fb378c547fba8344f226e1fbd1ca5831e9dfda6956ecaeaa27b0a74ba505d5205a8cd8531162481d687c8dd125d77d98ec9a93e4f4ce0c88d9a5ab97fcbf293000839556f6509f26d690528c58ebe9c221a2b5f2f3130edfd993eddae38d2db97ab67d86fb78527be8edbd222962848873bafc09cd8e1de7a48933875c3f21e2efb6557ce0d2a71f72003fb1e39222e0532969228785ab94d41783ce3e1ee7658a1b23ea40b6d799a96147b870bba66aa69bcd91d474862c7afcd5ac3b23601bbdf0ac4e7300d60b4727505bc2bd40c366c2477174c49014688c469312a7f093804a3d90e3786acfec5241d5354bfc7f65302cfa94347d116d0c9f04b039269663933a0e48c10f6df3f15737b4e63a7a20b3708c36bbf123a8eb6801b7b0a0925b36f3fb017c5f1354b3404802737e1b329ee52027c39cc9967d54860c7a64df96e1334c95af265f83779936c7ff0d586a369c0bb677cfb75cce2eff9d08df12ce60445c116abc5eb98ef6f9b7e3521cc7db15c87ac26131da29ce521a723063fdef68e70094031bd6a09d06f78aeb8ef1c341da9ff74bc3b8f258ed9a3e62f407d3af7177745c32b074b8af710d94aa15e58441685b8386d68f1832eebd4a5282deed48f74d847f9c83f3f9bf8412e02b35a443f8eca04a4b5c26e3874938fa1e8e84f7b630cf37e07b4f2216ae449947e9f0fea4e6b57f9a96a81b396b973db59e0ff133a8c77f9343ac9ab5b6a145ea1293fdd65561795fbf3d839db9dc089318b7c413b567b19520afaf71e31048e558b408f97c68ef618fcd3125863f59c4fa5479702849f65a7aefad19a60235e38edbfd4a1f1b18f4417244783468088ff68a1cc539bcc2dd3ecaffcaf63ac9f1a9ca9a49bf14e40f61da9bfe8c03aca8a02e262bc2e0caad68fbf32a970b1cfe90d35cb50d1cddc0813799c621baec128719382b3e1d21540a7fb0d883008497bdc6a285865335c59d4f9b3c9ec60f60936c7fb9bad76c7493b141957345bd0c7fe7bad714352909cf0a4f38e066029780b28415a00b134a8a0e0976aa2a8c2488b10b7d61c4a44f634a8e41fe14ceb46bd431b47c805fe0e14e19d6e0d53dd9832fe366b9d4417c69efe7be16d25f35966106fdad60a8a0af1b0040dd7d42cbda892b88a3c9cf3ddbb4c1576177919322e99880634c5442a364037d2105a589f1f4e8aeed39b702fa7e9fe73f3d65c91d9d23bf598c0f0a4b78272ab2ae88bb0083c0d7b65c65ad463f81af6a8895ffe5a4cb17a9d2689850aadc0f7da8354a8ec055eac88b764701ef086d8e76a1fe32dc680cdc6da0555ab8ff98d37a2422ae92d0b0fbf57aef830a1db9b896cfe5db19d70d41e50dc4bc96067f8ebb8eea765ce6411bebb19543e5ccb4c5d742ac7567e84fdb300cc9a6d502d9246f58c5d95b517c6064c406a378a848d99f3160d4fa2980d99474190812bc9bd6a829b338ad3c8c370356eef8143dd62132571bc6cc2631eb3970c56f62af6cd0f6fd95dada59f39ef7ab05c693a24a79d89cd14fd13f5b58daaa4b8dfeca709bfbbf7b83218d7e36e2e6eaeabe9e6e145fba4398e22891756dcdfaaf953455898527785c1a737821d3eccf48cf16e106bb42a072c597753e67f1865cf6b065c0b36eeeb4ed9e487f9834f76581cf634ed66d309f08307e34bee6f137af08ae70c35a30d92f268728f561e1c89e313300db0a1bacca57096cbdd3b8b982d413f4818778af7662972125f56e9e589493823a642e189c87a821e6991a91361063bfe2d5d37fd21df66cb9f18d00409b24941081dfdf1187909a82b9cf8553512c495d36ee26777fafd40f5a1268a34f5b62e509bd1fb867f764a477eaa039a9b01cdf3fd70381a33b6714433fcfbf9b8fd3d28e7d475feff9feb1423614d00a4d7506fd24825b4ea120fd2a0d961c3fc9846aaf2b4fb5d50aff95c3c83903957e4351393d737c49e165b7e936ea97534b28e9bbbed9621821d8ca749bea480ff45e49871c2a9e4d3a3f0ea5cd3a1e4d12dd524691d74c6e0195d3dad75c68fef168f35f5e2588b61db8ebc1e16fd79648ebd68d77cdfcef801437ffad5aefc9e3e289970a9f6da20e66d26a19f83b323e9c8a816c1d7b8d0b6a8abd45187b67113cb885f2ee6e874f34982e9a0999a49eda60e007afe8def9630d0e4b46ffd96f9eb9323072afc1828515713cd9a30d09c218431108fe84c195e1d316a86e22dd16f0d07f1906f982e31539bad06ced6f875e8bb53eebd17f6c73ddea15d198bffe2b9767d999db505ec3b8e5aebd19e3eca666d11fabdb28359516322052b71572ae1ee8d88c410d0d5583bbdd76dab6b19b6dff099aae341bd57c589999032342257e96983356b61884cf3b2f8d9389ccfb1ad7ee6afaa615e95a33cb058ee90d9ccdcab265cba4e47cbec595fbd613512337f8414d192c8b85e57076a42d20cd134ee991417510530006477c70d1d09f242a0ad036e3e0755858c70fa8a0f2f10a783659bbc40ca49e8223c7e8deb6e7a9e825fb1fedbc0e1b896549114815623491b937d66f06efc5eed6ea7733da4aa8d5dffac9b92e3f59ce2abeaeb6018b4a91f3876b95a5e68a50726e3d02a5187a1fe91ca1af1b687c30cbf1e0cfac515d320b875be13e385d00de2ab1f52dcf800b7778602976d217933d39ffe9624123958d489e5aaf378fa77ed670ad19fb7b6b3ea03f83a5b1844023f48626f695f0727081add515495e154b173429d6f6d0a3c6f5882c55685bbae40c39db098fca1f9d323c0c1aa340f7f04f0bce1353bdc71d7f876fca3aa745f7c92b791a648a60aa748b2f7fe374bbd007c9ef550989d1284caa624edac89cf1908c643019274155a81d7123ef1b2593e55dba7d44389c4f82c8bd5ae07f75de8bc5d947a947080daeb23da5a7d0fcf93ce05a33ecefab5eb62656843eee7248c6b35b1663e2b3744d9dd81f01aa72c666f0ec538b0db7af6f15770030a4cf69edd54e3e5d9d6d0e58a4f1e3b396173964967ea90d3164e1f36554454b47a947de042094e702b07d263ae2af8b44536ce14609ac7a84349e8bcc60f0910aa550edf94dc40accfb85449ac267bbeb3f108fe2f6ae5521a5b05c522c428826482b1db0f327028e377c5fd1d88b18204168a1251cc7aff69b3f480e6441b0b9721843062140c172a5a0a9c1957c20be63226da3e22bb6d18a6a4422c04a5560cd54690bed317a881f695ba3607bd2aa03cc7f2415312b34fe2fbfa3c4860c494ef1987446c71a12024eb44e6ca2d69e440bda62d92b6ae13f4a5ac7dec82a8d41739d690127463bd93da02c36aa854536eeb99783fb3b8eec83aa307d4d785a72826f07e3de5d0343106b34221b9eb2c89651cc8b36e845c3692d4560ffff3dfc614badace0de9eeb9cb7636c430a391d93be11de6b3cbce1ab47df6922085a6e111a984795f70c77bc092172467ae17c148def9e663f2ab61726f3b62be4ecb631f15f8f470b872c2d0b3d9064a0890573dc13dec3a80d05b0dd8947aba2ab5e7a688b875eeb4583e4dea3be9cd158384888f0201dbc2db046df2d67460160e258a99499781b28410b171a3809a96babe48992e1e4011e4f14f288f8c8d68c8e0f055a2da5fc4bd1316cccbd67c603399dfd67879a85e12f82d62318a74a1c950d36537d3db5cb8bb4d68947c23ce65d483c8dbe0ab1186326e7027a11722136c67a1ec79d227ce395a11c536c689eed58e029842717f953c6d8288e029b1491545c2b13357ef052711b6aeb08cffb363842a5e098d089fda2c20ee7ab327c82e4461928424eef302e481fff6bcd7b20d50207ebd3a3aebce7d28021a2eb494a6aeadb2efc03ad380ebc17d769c2fb251bc770099c79706820936083dbac49d0e377fda7c5c5588b2cebc038d3eff5183fc1723702e220e30fb13e934fa677a82642d5b52be9b7b2f5e1a29422314071723a9f42ee99c1d99d5e445dc030f296c9957cbae372399baee5ca1310e918f52f342222dd9b988a1a3fd00d6e21391c7ca31fa7480c2b82d8436ba03866ad3e03b0197e330f4036d0d796d49c220a3bc7542abe3992d082bec9487e4dbb76edb5eb904ff2d120aca33865a260b6b78f85cc26f19f391948071445cb65a1df206bb635567e17bd3bad39f9331696106fd4a243cd27d3a9c79dcef9b86cf0696b3c7cca1463d03b73db5fc66d77c540fd90dce5e649d6e6bf271bf49cc054b4e09b3675121641c71666541c16d6a7be5c71c87451e73b650c2083ffa48d15c9dc8ff55669e381a604d20c54e3402d5e0733d708072f0e5adced3024850d30238b3516e03bf555a0cfd8e897cd780fe87263d1c9e74e75c6efe5dbeea9fd4a356573dc734062f078e978372d76b5bc47925dbbbb800d221f7c68bdfd6ddec65a82a46dc43c6475bd716106aab2a1994805e8974a919a5b514b4eeb0f9f7d07ceeec459350ec057e1e57446c11154d94a85f31018354c3da351186ff6cd", 0x1000}, {&(0x7f0000001240)="548ded53c17781699b1e2b2ded158137ed57be33730c4aa372113680bb70fcf459ab61614d7f4036cfafa0490b2b8e2730e65a436736e0b4d014f7b333d615b298deb9610dfd4329ad9750a9f737d4e5083cc74aab9007943831d13f25e6d2ddf79f17a90c21713907cf2e6babd70a98ae23a81d98b7d3b2d54cf20cc0b0bb4e33093ac2dcaaddcb41af6e51c770577a8d751144dd3fa28eaf8befc001907435033ad3da6661bfdee682455fca55461a18dd70843905bb7ca4d439700066abd48653cff3be632d062e2da6514c13556e80c47a23f0261b28b253049bcde3e20bba4088da382a5c35efa99248cfcf6f9e978441141980f9f390cb3f59d2fa6cce7aba1632f6d1e4c8bd91e97d65efa3806cf8ac959ccda20342de8acb6653c2c03a9e703d66824c807349a70b1dde7a38bbadd61f9be04fc2f599f71e96c6a17bdd1b76aa3638578c58097a9a13e98da5386404ab0047178b31c2dd1b0e9817f551bf721ec9c24e4242722b0456bbf741b19ae2e4d1e0cb38d7d6c8e7d79b4075d42aedbd8169f2478d35125f8385f0b9de10ef210bb2919cf25ca30a111c243716c4eb235b1e07b9f503a80696a84fd1a6cbae24c2a2c7ccfe6a82eaede01f23a90d33d968baacbf4eb0291cb02ec4b2085e5cd722cdbd0af45e522b5e7d37e1a497a5b51846c6eb009bead114dccb546e8c0a7029aef14b1aca983b451a04d51174f881770af8e36bc8f8b50f8e41ff2c3576963f19f160307a8f565b2b492524dabce9f9128b146548893c6dff9bc8a9d1e801d8c2d398ce5f58478824ac69fc15e3e4e0f3c235363b5a09736f10266eed34acf674dca8a4c700470478d9e13325b7c62281b0b2aa5defcb3090cf054c10f2e52b1365c05479f2e77552af51ed12fb306311179ae7771fd31265c3705c2e6e54f4621ec25b85e84536993889979871fc1e4edc3e3442069b42e6022d73de0e96b462b340ebc643cdec69864670bd75bb4633dbcf9b2dd52dc2f778cd47522bcc903b6c810c41bce9cd6c7cf8bc43213882ff98ffb962b0199cb6f8c556b6dc82f5bad47676ef5bec628811cf8e416770d2e88dd8cd602a63908c341db282f8318633869db8a538f91bba63c853fc2834fa6c1f208ed7ccdc69b19acaea9efdac0f153a3d6769e45620500b560831ab212c34f7c24261a72817f8c343ed3e29fc65dae6530175952c03e03e8ae0841f2a7eda3d993a8d446537a7f845dadfba5394c584f3913428551ef35009a3bd4d59677794d909fc8410c5ef8b6bffc4329610b3d30c34df96b69ab3e1a08bd2d9a58d4cef76ccd61ffc2fc43f70ed9c44714435da0e00115e15335adb53ece5fcd85902a5f5b216cb9989e4ab38e152a2469b116bb2a66414adc9026d4cf83510ac368282fab61fa1406fbe265b09ab642ceb139b8a5b5c6dc135c1ed0e8941da37a1fc74c9791ef5f194b159b89b3c66291299b48b42504a1743afb0de2ae65b60eb33f3d54de1c1e927e06d6b26afd44a01b776147ee0022a59a1933f618f5416f2d6003ad8523bf833eca479e312a1d4d01d80128ddb9ced421bcdd4b8e5bfa1065ebd521cfa2ba4bb45e06bc0561b5e436f3b6d14c9e4a09180cd1d1f97c8b4661fd9ea3b1b719655babbf9db8cbe261c3b10633861430c3572588780e2a81389d3e909478ee80a26abda508ec07fcf1a69f5933dcc1e237408a67296a56267f3f4e8846bf0dd8ea5035f2763dfcb27ebbec2f96ea5fe40ec3935984bdd820657b2ac532ac53826138c73c97b668a050e5445de7f9f65d7daa747bdf37aa8837bc752cfcd62f8b0a737ee61ed98d88e99543c5f90bdece25b1bf8ca7610f8ac5cee6850b8187d0c0fbc7df73155b3ec9c58b4ff160acb8e56a4d929af47e8564999b630762ffa9fe15166e9f53d124ad1c74c762a333e9d8144bb33bb4a8374bd5df54e72b73e2d7977398056b01646d48dfb75f755f3475f1e0d3367e88b15cb638fc944e0a54e522b4bb7bc1d44d8c9a05c4053207192e66011c32b87aeeb5b14fd52c4df8a5a05f8b646c6aadf0eed7026ea7fddbbeceb6436bbd5aeeafdaa57032f21823255cb6d4d805251f9f62c78e77ab99446fb82f60d03e5b139329f7f97cbf5f3b5c42f77a4345d7d7393ba2bbee033c17cd3daf52dff9c540c1851fdca12b49f9b949b1a18345a38ececb956d653e12b772b0a828adb47e97031903f4aef755b5776c60653d91c185693bdc8a10eb4cdc6460f7c09752c4102e96f1f536b1fb74a3b4c7c00e2d51374d36ae524128de4f02f60ce60f02bcf75b3474591c6951f25d24edbfc57702174950d71e9389ebdcf82dd29556466b2110279c7624857b83e1b28cc8a34e33b328ccd42770eaa470bfeefe56aad47113336aec9da35928e18a47e8bdaf4d6cd5c7f08db268b2d60cccc76d2cc6e2b854be66cabc242e4aa827631cbd0f612f10d2e6ce5c417f80523c3d5988b6d171b055f15056223952b2a9bb63df0e98fa3d7556dafe2d02d39ffea3688ff25170591fd66a335066e1ccba27eb545bcbf1b242681469108dfd2c3109c418caed9bd9fdfe1a1db4143beba1c2f69aaedba12115cf05338b994749b43affb9f9eb69f1fae466a1ccbd4ecf4d9d3824684dcb747113db5fed20a848f25e2943af45d7d97f09bbcb4f174859497664f304d89045d0f0884a42183820281ee47a5726768ced18476c1a2511bcade3e5a2187ba1a9eae5b2ec77853234794c001f5397ccb927c268472ee3da4e7ec5055cf60eb595c04fefb3f0469d02c99e93abe953f594119dcfe2a98436c8e4643b052231f42cc20736721b997d8f1e1953ffe38de9d07d891fcaf09f79e5376ee2150488b5bf3ceff7245b54306bd11fcc7011b703e8e32696b02a7afb89404e2eccec5cff7137f6d8d8eb4e42908b707b5711b6aa918ce7d8475b38b11288e7eeac2df00d2b3cb57c91b95d589b93c133d6d8f9ef345b1dc881f2eac4a38cbbb5430fc1c2a33d9d9044a4f8d51bfcfce0181e2d9e8cf980f08c7b371a5182b3ffac8942c496a50467110961decb19f1af12a7837f936ee4e5373197ddaf8c9874120c28bbefb8c9a2585766f1762d95a47cf4ec9bc030ecdae99e6309d5e9411c0e4cb4df19ffc624b9700d32ed348bbb046fb2f600ca3498fc1d5248fa37b74e6912fb7b4ef4e8bc536c85612ee6b709914b9d5304446e7d5b07971d6f419ad1f74e273112ad41b090b5951029d435c59ce9759bf92a197d9a8d8445cab3c9cd6bcd7e9ccbd970e90f62f077c840bd7af5af94b1add802a30d0735e66a03a82d7ab830c77d885b3429c6eb9afd4fe270958d9fa0532c9d1b9ecb1c0ff25707a0326fc337649b360bf584d68ac346e53ba794802ad28997d0e0bb96b59f33e8414bd40fdfe0e50dfa011a68634b6b56dcca9a251cb284bf122b25354d708e109c5dfe58a49552641870c088e181ea8c527dfd661aa6c42f6b6f15a6363f0365ca0ccac0510ce41c3cb80a36ac0c241284bb44149e4e13bb9163d0c8568c53a97ebfecfff8d6f1528edb14458271091c21a58f897858573c54d6888e420f02dc59120ced373dea074ae4e039cb96bb41ba359f0ad068e51598ef848fe38eeed992cb9b9f0b5c3909dd7de11a870f594765b6cfb312ae599953829399c96c3c8bb2ad2793c173b51e74ce9674c50473579810f8a21134f6a81624c930c0d26c31f7751e334edd3313c166f30b87e1121377b1f973bc2a9b31f63660805fcb1175b217f483f162c96270cc3efe37410fbf3f62f27ea15cc8bd555549cb8aec334a02faba97505977f140db788dd0e141c1e76547dd8d0fa32ae60b5b952c6e3d9fcf523fc019584464740067eab2232bf37de83a694d4a9dd4a8b7ef24983eb013cf1e0e18bb33428acc9ad5af83607e02bc26335c8367bbd689b072e1f50f097d3e2dce4b6931220984ac3d79f46fa4b7495e0e98bd781ac4e0e947fa1fb4d7c75006ea7e14d02f09cf18ecc77d281aa9ddf27e919fd590d205ead03a04cec6a7a078a23af2079715fcc017f4c8a013362cfe4a7aa815d222797c55b3e406af555ed63839c4ce86b738cbc9d96a950821ced0eaba2c78f6b0be4efb48c63baaef8f3530963f859b84315926e84890888c7b51bca631c9657c6f780225683ae92d29e7a3b9ec29a80cd72c40d4c8cacea3ef808a5afa7ce683901be7787027e8e1f457388f422835bf107ad1e6587353793753d26a9292f025552fa72d79f61b7d3f41e80a4a225887e5b320527ff3858cee69431acb3ff264b5f1d0132011710a50aa8ee7e1e5cbd4474a496473ef9b5bfb3b93e8f23d509d78aa5263b8f7c56ec4141e5f959184578cfb1ff3f633d75c82a42b88bc388bc07d9fd13343d0c19959cae2776891281fbd2a3052ab0ddae85d30022a935933fbec754e59f3cb7c6c5829eb71b8921d2d1769b6214a9f58599afde11892b9d42f96cd5bad68597e9aed6a6ff6166572c42eaf5982482f8300964ef84334992eff06c4f2f044752c3b3992f58e29e6e7da3af5fcc729db82814e2299b4fee2d1ce31905d01b7250cb618fdc3d9383d90a7fa93176f59924b60a3fdcae4a9dd5a3be570fb31b169e905813be7c3cd6bf560e1842dde6e79a54ad021c0996712efbddd2f8eab3ea34d887799009374433143302e7fa10471d3687fa8881bf78500b1efa2df65c2b17f5aae2afbad3146a1c4add0850496e4fb4346fe7d5b9a33663d0f7c1fb822a657a67a80bcd6cc0ec3485b434f64a3c1d38dbf9d1775df1467a1d0301c2561a48b19162b8b7b5bb552c8a819ff32b99882c5ba56c298f9d356fe065f53c5e61266b860856c05e8c1b3a3387384c8d572f35c8d6bfc0fcba74788bf0ed95e411ed733794879ea4adbaf2bbf2eb9bba057bb4939741dad940c19515680a9e0ddc930e157765c6e8375aa0a9a0b79c7a6bf46db8703b7e0423eee4ee6e5dbedab0471ca95d4840a6a35618b851c5933d239f664674de2299d22d854e8f3a9860957a6cf3273ebbcc31f1fc6da1e044775fd572d1901f3fb105ac6d16f27a6ffd8fd53d7bfa827da342d34212cc18937d9262ab6be80859e40216bf6f4450e0efaa2522a953f08b78df2bb4be02fce9fbbb833360fbdab8816be63794a2b666f7624dc34384e85096baae8befc19948004fcf07644aa048da8bc52db62fa8da83a8f0746d9d8b6682a8e2ad3e926434a09bd7ee96c8c0e283e6482313319b6c899971c5d177fd35490f3c6f4b2ef51846c2bf724738b731d438ec78b910d78bd871cb4037314f5d63fa12920bb0ca1e4803622cbdf488eff18679530d7e5b8e211255a3435f6f9de55c5031cee4078241d2e0518198e17c89399346850880cadb8fe7530075ccc0c10750d135ad5bad3619bd8e4f1cc38daaf94dd5157372fbb7c72b3702adcdb3c28a102c16486970082245df7d58a8cc1b78e69299217f34aa1c22bbbe2a65452fa35925d8b22137c78afed325c55d86fca7da0987b7ecafd42f930aadf00511fdb4801a397c9dc6ad1598d4bdcc05a7c9e7c6cd861db8f67318457aea1305745c44a80f0abf7ff149d35c25e455734509b90bb2a4008ee75f06153e97a1962ca3701bced84827e5a9a7d24dbea2ee5b27908a5a734cf14c328e7350d5ffef6ced2a6576fa59040225609e27e6a35bdefa996af3f800ed29806e6ee83414b4e77c0dc0addb45cbe8e650471e7903206c5759d4db21bc7aeb932e4618e50937862a442b4f3971a43acf57447aea4150a5", 0x1000}, {&(0x7f0000002240)="6539404b698ac927d306b5e3acc5049af675cd0fed67ab34e3a73d2cd1d6b16fff9b73064320503fef3dc5984f7071919ee35fb5bc574a82682f9c4cff175d29a7b5134a81cc42f7f2fb648129b8eea348ab67fc630fa9a2659acc30b617aa21960db4ec9a56835214ce3f49a8ea9d29d8999fb13588d5c3b163f36ce977730417535b9f6f9c6ff60578d4e0ec24356dcab4a0ea89a2e23a7539715a", 0x9c}, {&(0x7f0000002300)="a7b0708eaf1f48f66a15d1a6f38416d61c7a1c0c94f29b0295d79b7547c9f8b2571ca5a33488ab15d40cc5710add86dc46a9865d358dc4575d04b1f5f637cdc530d4de77b255815715189577396a7c94c91f0a17d4c0ad52a18d509c3a0cbf16bce55f10fc7cac9b987cac399eb3a01314a816045e936cecf6e4c78fa5d4323f58a775d05c3100bd4f78", 0x8a}, {&(0x7f00000023c0)="112d27e33de4a2f5481600a1c0881e42228803b816a7632a914b3f9d82defb5d0d06672e5e5510c0819a8ad1460fbff12b2306c4b9bc1e63b32b3ae1a412677ff24127d638de7624f5bc9b63d06c760c6421d02fc3fa18d35b51ab9081dbc8389c8dd199dcca749267fa9b421bcbd55bdd93ff3ef481a150beb936ede7663e8357cb18a4e12c0d555c34e0ca27e2d64dbc6bdca3a297d402070ae17d7feba1eaa40ea1c162db25957d5b073ab86138b61396918eebaa14449593da95f5a647219aa8e993081c065d5bfc54a4d4bb84d261fa06ee3c6bfb63074f", 0xda}], 0x7, &(0x7f0000002540)=[@iv={0x20, 0x117, 0x2, 0x9, "2736248db73e641321"}, @assoc={0x18, 0x117, 0x4, 0x6}, @iv={0xb0, 0x117, 0x2, 0x99, "4c0b070ca8032ddf02dbd52af87b7621e1f3ec34ed40b8428247dbc87c6384326b020204fa5e8d88765c1987c9bfa56c66b352f1884b9ef9e890b987c42ea15e90a3cd689fa1794a4ac15dd7fbf26bb730befd3986cb0ccb5f601e89e23e3956a4b02772abe5b94445fb8aa09505c57dd5b26f1222b0d42ba5d413c01e28c74ffab7784ef014f65fa9f18d3e7f4dff13cc3647e95c7d055f68"}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x10000}, @iv={0xc0, 0x117, 0x2, 0xab, "e087f498672b7f375994b53c4248098bddce92e072578b621813b814bd7a9531ec510db38d4225db48045b438c949ee677cd50cf66015eb92450990497cb25a552666a757bae08e83717800a4900edff09e5f93fecd50902da8e40335b72ecbe37b25789f02ae59d7593b48e69de90f23660e08620efb344e611c7cbaba0953a9998607140b6cd01c735220c1cce1f3bdb18ea6a2304cc64832398b20184c84a95800c66c163e24272a44b"}, @assoc={0x18, 0x117, 0x4, 0x2}, @assoc={0x18, 0x117, 0x4, 0x80000001}, @iv={0xa0, 0x117, 0x2, 0x89, "66720ae2fd0c88aed861a0bd50677d87ee0b14a12dd045e6bc13bfd8274d808ec916764d41206a4356f2bc7b36ceb72815ce5fb09590e97a379dfd7178231990ef0308bf31309a4a00adef338937c2d8268d28ba0e64474357610f7390a0088858af5515a45b366e506ea8abf41833b1f082894fe18fcd2e6dd988e820b8da87f8dde4dd53581c64b4"}, @assoc={0x18, 0x117, 0x4, 0x4e92c2a5}], 0x2c0}, 0x20020005) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000002c40)={&(0x7f0000002880)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000002940)={&(0x7f0000002a80)={0x1b8, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x68, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x400}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb0f}]}, @TIPC_NLA_SOCK={0x78, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x456}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10001}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffbd0}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x87}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5b}]}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffffffff}]}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1eda}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x20040081}, 0x20040080) 10:19:53 executing program 1: socket(0x24, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) socket(0x24, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) (async) 10:19:53 executing program 3: accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0x20, 0x101000) (async, rerun: 64) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 64) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x200500, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x3) 10:19:53 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/snd_usb_hiface', 0x4000, 0xbe) [ 1067.974269] FAULT_INJECTION: forcing a failure. [ 1067.974269] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.982643] qnx4: no qnx4 filesystem (no root dir). [ 1067.986266] FAULT_INJECTION: forcing a failure. [ 1067.986266] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.006600] CPU: 1 PID: 15774 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1068.014505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1068.023860] Call Trace: [ 1068.026440] dump_stack+0x1b2/0x281 [ 1068.030065] should_fail.cold+0x10a/0x149 [ 1068.034203] should_failslab+0xd6/0x130 [ 1068.038166] kmem_cache_alloc+0x28e/0x3c0 [ 1068.042300] ext4_mb_new_blocks+0x514/0x3db0 [ 1068.046695] ? ext4_find_extent+0x6f7/0xbc0 [ 1068.050997] ? ext4_ext_search_right+0x2bc/0xaa0 [ 1068.055743] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 1068.060743] ext4_ext_map_blocks+0x2845/0x6b10 [ 1068.065313] ? __lock_acquire+0x5fc/0x3f20 [ 1068.069536] ? mark_buffer_dirty+0x95/0x480 [ 1068.073838] ? trace_hardirqs_on+0x10/0x10 [ 1068.078057] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1068.083403] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1068.088574] ? trace_hardirqs_on+0x10/0x10 [ 1068.092793] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1068.097623] ? ext4_es_lookup_extent+0x321/0xac0 [ 1068.102365] ? lock_acquire+0x170/0x3f0 [ 1068.106330] ext4_map_blocks+0x675/0x1730 [ 1068.110463] ? ext4_issue_zeroout+0x150/0x150 [ 1068.114942] ? __ext4_new_inode+0x27c/0x4eb0 [ 1068.119345] ext4_getblk+0x98/0x3f0 [ 1068.122958] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1068.127267] ext4_bread+0x6c/0x1a0 [ 1068.130792] ? ext4_getblk+0x3f0/0x3f0 [ 1068.134664] ? dquot_initialize_needed+0x240/0x240 [ 1068.139579] ext4_append+0x143/0x350 [ 1068.143284] ext4_mkdir+0x4c9/0xbd0 [ 1068.146903] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1068.151556] ? security_inode_mkdir+0xca/0x100 [ 1068.156121] vfs_mkdir+0x463/0x6e0 [ 1068.159646] SyS_mkdirat+0x1fd/0x270 [ 1068.163347] ? SyS_mknod+0x30/0x30 [ 1068.166868] ? fput_many+0xe/0x140 [ 1068.170402] ? do_syscall_64+0x4c/0x640 [ 1068.174367] ? SyS_mkdirat+0x270/0x270 [ 1068.178237] do_syscall_64+0x1d5/0x640 [ 1068.182111] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1068.187287] RIP: 0033:0x7f2e61d65157 [ 1068.190981] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1068.198672] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 [ 1068.205921] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1068.213180] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1068.220429] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1068.227682] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1068.234946] CPU: 0 PID: 15773 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1068.242830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1068.252182] Call Trace: [ 1068.254768] dump_stack+0x1b2/0x281 [ 1068.258397] should_fail.cold+0x10a/0x149 [ 1068.262544] should_failslab+0xd6/0x130 [ 1068.266519] kmem_cache_alloc_node_trace+0x25a/0x400 10:19:53 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/snd_usb_hiface', 0x4000, 0xbe) 10:19:53 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/snd_usb_hiface', 0x4000, 0xbe) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000000)) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/snd_usb_hiface', 0x4000, 0xbe) (async) 10:19:53 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1068.271622] __kmalloc_node_track_caller+0x38/0x70 [ 1068.276647] __alloc_skb+0x96/0x510 [ 1068.280277] kobject_uevent_env+0x882/0xf30 [ 1068.284671] lo_ioctl+0x11a6/0x1cd0 [ 1068.288299] ? loop_set_status64+0xe0/0xe0 [ 1068.292534] blkdev_ioctl+0x540/0x1830 [ 1068.296424] ? blkpg_ioctl+0x8d0/0x8d0 [ 1068.300316] ? trace_hardirqs_on+0x10/0x10 [ 1068.304549] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1068.309657] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1068.314681] block_ioctl+0xd9/0x120 [ 1068.318304] ? blkdev_fallocate+0x3a0/0x3a0 [ 1068.322626] do_vfs_ioctl+0x75a/0xff0 [ 1068.326428] ? lock_acquire+0x170/0x3f0 [ 1068.330395] ? ioctl_preallocate+0x1a0/0x1a0 [ 1068.334788] ? __fget+0x265/0x3e0 [ 1068.338220] ? do_vfs_ioctl+0xff0/0xff0 [ 1068.342184] ? security_file_ioctl+0x83/0xb0 [ 1068.346601] SyS_ioctl+0x7f/0xb0 [ 1068.349957] ? do_vfs_ioctl+0xff0/0xff0 [ 1068.353979] do_syscall_64+0x1d5/0x640 [ 1068.357870] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1068.363054] RIP: 0033:0x7f94265b4e07 [ 1068.366751] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1068.374441] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1068.381697] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1068.388960] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1068.396210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1068.403460] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1068.412704] qnx4: unable to read the superblock 10:19:53 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 42) 10:19:53 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:53 executing program 1: socket(0x24, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) socket(0x24, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) (async) 10:19:53 executing program 3: accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) syz_open_dev$media(&(0x7f0000000040), 0x20, 0x101000) (async, rerun: 32) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) (async, rerun: 64) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x200500, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async, rerun: 32) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x3) (rerun: 32) 10:19:53 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 34) [ 1068.450539] qnx4: no qnx4 filesystem (no root dir). [ 1068.497583] FAULT_INJECTION: forcing a failure. [ 1068.497583] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.503909] FAULT_INJECTION: forcing a failure. [ 1068.503909] name failslab, interval 1, probability 0, space 0, times 0 [ 1068.529031] CPU: 0 PID: 15828 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1068.536928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1068.546272] Call Trace: [ 1068.548850] dump_stack+0x1b2/0x281 [ 1068.552462] should_fail.cold+0x10a/0x149 [ 1068.556596] should_failslab+0xd6/0x130 [ 1068.560561] __kmalloc+0x2c1/0x400 [ 1068.564086] ? ext4_find_extent+0x879/0xbc0 [ 1068.568390] ext4_find_extent+0x879/0xbc0 [ 1068.572522] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1068.577953] ext4_ext_map_blocks+0x19a/0x6b10 [ 1068.582436] ? __lock_acquire+0x5fc/0x3f20 [ 1068.586656] ? mark_buffer_dirty+0x95/0x480 [ 1068.590958] ? trace_hardirqs_on+0x10/0x10 [ 1068.595178] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1068.600523] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1068.605696] ? trace_hardirqs_on+0x10/0x10 [ 1068.609913] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1068.614741] ? ext4_es_lookup_extent+0x321/0xac0 [ 1068.619482] ? lock_acquire+0x170/0x3f0 [ 1068.623439] ? lock_acquire+0x170/0x3f0 [ 1068.627417] ? ext4_map_blocks+0x623/0x1730 [ 1068.631741] ext4_map_blocks+0x675/0x1730 [ 1068.635904] ? ext4_issue_zeroout+0x150/0x150 [ 1068.640386] ? __ext4_new_inode+0x27c/0x4eb0 [ 1068.644795] ext4_getblk+0x98/0x3f0 [ 1068.648406] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1068.652716] ext4_bread+0x6c/0x1a0 [ 1068.656241] ? ext4_getblk+0x3f0/0x3f0 [ 1068.660122] ? dquot_initialize_needed+0x240/0x240 [ 1068.665041] ext4_append+0x143/0x350 [ 1068.668746] ext4_mkdir+0x4c9/0xbd0 [ 1068.672367] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1068.677027] ? security_inode_mkdir+0xca/0x100 [ 1068.681594] vfs_mkdir+0x463/0x6e0 [ 1068.685123] SyS_mkdirat+0x1fd/0x270 [ 1068.688820] ? SyS_mknod+0x30/0x30 [ 1068.692342] ? fput_many+0xe/0x140 [ 1068.695866] ? do_syscall_64+0x4c/0x640 [ 1068.699824] ? SyS_mkdirat+0x270/0x270 [ 1068.703692] do_syscall_64+0x1d5/0x640 [ 1068.707571] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1068.712744] RIP: 0033:0x7f2e61d65157 [ 1068.716432] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1068.724123] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 [ 1068.731373] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1068.738624] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 [ 1068.745873] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1068.753121] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1068.771478] qnx4: no qnx4 filesystem (no root dir). [ 1068.777134] CPU: 1 PID: 15829 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1068.785023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1068.794375] Call Trace: [ 1068.796963] dump_stack+0x1b2/0x281 [ 1068.800601] should_fail.cold+0x10a/0x149 [ 1068.804754] should_failslab+0xd6/0x130 [ 1068.808732] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1068.813401] ? kobj_ns_drop+0x80/0x80 [ 1068.817208] call_usermodehelper_setup+0x73/0x2e0 [ 1068.822053] kobject_uevent_env+0xc21/0xf30 [ 1068.826383] lo_ioctl+0x11a6/0x1cd0 [ 1068.830011] ? loop_set_status64+0xe0/0xe0 [ 1068.834253] blkdev_ioctl+0x540/0x1830 [ 1068.838142] ? blkpg_ioctl+0x8d0/0x8d0 [ 1068.842025] ? trace_hardirqs_on+0x10/0x10 [ 1068.846260] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1068.851363] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1068.856383] block_ioctl+0xd9/0x120 [ 1068.860006] ? blkdev_fallocate+0x3a0/0x3a0 [ 1068.864331] do_vfs_ioctl+0x75a/0xff0 [ 1068.868134] ? lock_acquire+0x170/0x3f0 [ 1068.872107] ? ioctl_preallocate+0x1a0/0x1a0 [ 1068.876515] ? __fget+0x265/0x3e0 [ 1068.879968] ? do_vfs_ioctl+0xff0/0xff0 [ 1068.883943] ? security_file_ioctl+0x83/0xb0 [ 1068.888350] SyS_ioctl+0x7f/0xb0 [ 1068.891709] ? do_vfs_ioctl+0xff0/0xff0 [ 1068.895664] do_syscall_64+0x1d5/0x640 [ 1068.899534] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1068.904710] RIP: 0033:0x7f94265b4e07 [ 1068.908404] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1068.916102] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1068.923357] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1068.930603] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1068.937863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 10:19:54 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x1, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:54 executing program 1: r0 = socket(0x2e, 0x1, 0x17fa58dc) r1 = socket(0x25, 0x1, 0x40) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000080)=0x1ff, 0x4) sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x20002040) 10:19:54 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000002800), r1) (async) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000002900)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000028c0)={&(0x7f0000002c80)=ANY=[@ANYBLOB="2c0047000000000000005782857a7f7e1f551942fd77b8ac04ff4a78f3d236dc088d7e7ecec31625024d6a3c0f21ad2a3b6d4ff1a66c4a36e233ae207cbdccb1f97b3b43960289dd7db5d2cd90770c8d57f82f522f7c8b4816e56c75baa08b181a4f30be4d55ec5e308d777baab08ac9c55b15a184ed781f40d386b16b99c8c7713bb72e1daa8ba66c4b9244c8da26eebc321b1cc0baa0675b28e01899404cdaec", @ANYRES16=0x0, @ANYBLOB="04002bbd7000fddbdf250000000900000000000000000000000000320000000000004a155e8665b439effede8c5130e2f999d55e5cbdbda5b4668898eab66028dc7ca7942a59c24642fff936b963e4af7da4f2859c1b153730672f661c2f2a97c2c3afdcc434c08c4d00000000f46808188a0c60a734090cf4a906a40c34f7fbb28a5cefb1b190077416ad41cfcfd920ee51475845533e6d8f9238125919b2c696e474338f3697fb62dec8eb244dd6c73564796e64bd3180deda245e6aaac47d8ce09cebd13513991283e32ce600000080000000000e6a29ec2b2d29af705dbea1d73c306088afb2b49b922c222e8a49e3b8395bc19e5f6fdea4feaf05f6aae8e7ab53c02c9244343d1b4ff32cd6d726cb2e5ed9a416bd208c9bccb141f53fda4033eb15f23710609f3ad8641be589526979260090"], 0x2c}, 0x1, 0x0, 0x0, 0x80d0}, 0x10) syz_mount_image$qnx4(&(0x7f0000002980), &(0x7f00000029c0)='./file1\x00', 0x62, 0x5, &(0x7f00000030c0)=[{&(0x7f0000002a00)="664172f77bb6bfb7efa31aa6e7f7a38fbebadbd0d562fa83cb899e92579c9ff54d114b82fd7e832584b054a3b74615d56187ce1a00888224918280486c8fca49dc793a73dbe785a606357878416c49521b01a7091e7b7a54bd9a9b11423764339bdf201921ce898a71af924a767b9bafc226e1", 0x73, 0x7}, {&(0x7f0000002e80)="236cbaa46982d72055ca9e8ae19d7727452510f528162794e12089ca48ee115d0ae3eb1222efef02914a61565b98bf07926653ec3f06c067bcf1dff08b84956c14855e790b9227c153345c7dfd7ad871265a5c85c40691ecaf72b65570583b61934f687c1d7c2deba7d3dacd608d12a935af41b878bc746a070c2960c6a7fc7d3c8ecd84866f6c4dff8a69d672cc0f760aca64a5fd5a21e4dbec6ec6cc1e3d54575395e5d53d641d16988d7a16600b647454f27f781b9ce23ba54443c03d1fbb69b78866c4bac7e623ea3038b8ea53f89eb07304528ef8b93d6e33683575fd0a8605ca724e436dd53fcab8e69446a9ab8f", 0xf1, 0x6}, {&(0x7f0000002f80)="6215822ae71497d156c7", 0xa, 0x24000000000}, {&(0x7f0000002fc0)="9e11b690eca2d4fcc1187f2f18f024a4be7832e5cf6d99637d85bb4e39eefad250602d6344ed407be67401b7da26de2129", 0x31, 0x9}, {&(0x7f0000003000)="d4cb1a2a1fd167b55d7c6b21803d4999f78b8f7654a738e849395919f06c35c58672ef34bb9c1fd075f748956cc11cfe1b31b80f590ed55e24b019c76d6ad30fb1971dba236ffeb7124872fbbdaacfd302c2a2bf5f79d6618fa2a12be91b218784319827d325d12b4907ff0953468e64f6850f16c939fc22e0e490870cf48e562a97102df4cdb29fd90113c45e45792286d6cd9a36cc19ed", 0x98, 0x7f}], 0x1, &(0x7f0000003140)={[{'$,^./%/'}, {'-'}], [{@fsuuid={'fsuuid', 0x3d, {[0x35, 0x64, 0x64, 0x64, 0x39, 0x34, 0x39, 0x62], 0x2d, [0x65, 0x64, 0x35, 0x63], 0x2d, [0x36, 0x61, 0x34, 0x34], 0x2d, [0x32, 0x64, 0x35, 0xf5], 0x2d, [0x65, 0x64, 0x35, 0x39, 0x30, 0x31, 0x30, 0x61]}}}, {@dont_appraise}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}]}) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$alg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000024c0)=[{&(0x7f00000000c0)="5447adbe7381690b2843cf3d902a3ce32ee32be0c9e5e4eabe55623038a797469a8d21f094326aa22dcc76c929e4d0a5ddee7602613b3665ddc73ac4b611af178b5d232155c45f338fb5f380f5c1cc57125fca01ea8e6312eca397cf95e6be9aadd9e242", 0x64}, {&(0x7f0000000140)="070a250a37a502f28430aaeb34e46b5e674cd2ed39664de149fdf2a06f26bd2da3cb5a48ee8e7344f8529c8d2ed381668439fd7ab1492339981e44fa92a4076489fc791b69385dba6c6c47e1f623e2e8af3b1c4fce4602ca37b05b3fff65504b2829ec74b71e2239255683f84c440208835c30f79ecfd0c0356291713ba60a098efae42f9cf4207c6c6724e31493fdb3e25ffa9ea67d941a49c8cc09d66582b65d8442d1510a30adc2d4f27ca0863376b7aab8f2a8585c536d712cd5760d2fd3218b80", 0xc3}, {&(0x7f0000000240)="bc7de100222c21963ac9aa1049dbafd6de9b4875753d39394ccf9419607536e102efdc15b49b289a28f504b1b726a3edd117ab089e96e8b2573aa2bd6465225b6b7dc7358e09fd26a114b9d7559139979f05264a61468065820ff2c8905f74d3533f1feb3c1ff4adccad4c75d1dacda716f95a27012042d63074e653345de76df7adfb7fd8eba5796a6d2831ac69e2ddf7e30c8360ab5820fdcf3bacc6d0f922e33d0b056265426e41349c10e9e09bb6cd82ca4a9a9d3655f608674e3c284c4803d67f9cd9a775a992e5c919f0213a9e89420636f1d571eeeced91c6878a56d43c8db2bea7580e444d68ed4ab9d60b404b19869d7088d213ca044f7081d219d33000dbe3c41ce9918d603bccfd6062b5713a082cd31f106b5c81995e3345a2fa042f45d9b09941c25cb6b53b66ad08521e674423c3730eaa03341d4780f4b7ce2ab4468f337e60cd9642f9f820949dcaf2b11754567e9d2f904442864e1fba1d6845e315c164a7bb9ce8edb902541586836bcb7c0e5d74b80cff3d016851d08f736d0bb9f1020bd13a42608aeb04f3cd2c925ad5611a3e803d71784d3be40ee5d07c13b76e9590c37e651b0e9a003746032c3bfda5d28cff9ce5fff759d86f0efac5d566d8c970b7bc7b4164c8ed716f819bf5c3976b4c7d0d1be242345a5a9859f5af4d17e8f953d69c28ae1655d1589f743d0efda7bd5f8f7691d9bf71f42e7970700995bcccd41b4e60806720a2e99465636d5400c3f39a1c5a20fb9a558332dda12d10e7b20d1f3ee094fddac236154ef811e387ffc379ba3bf80db7b83900e13b379f64f94220bbded539294d132198267364a98c90a0b7ce794612445947d4b23a817815d8f83a548c61fdf599b9b1bb5853fb9ef48b30024d2e393518755f817f1736f89dad10b0f4280c3fa1a61e76a950dab5630cdd00c5ef0d605f4af3c7e9de5e41e095f749cddf757baeebf7c675fdeffb13d2702dac6d0fd38b852317781c998058ade85ad0d1267f850855edd6871b9fa02ca2ce76c2b05a691d7d1acdaf3ce5b7ea364c8eab1738517b66790ff96f08f7231248ee7f0f78b496aa79a0734015fe932b867bba5a27c1b044bb0ba7cb12c3dc839c9ca9b468a5c013023d14caaa55d963354b413538dec53814920282d59ffbb105671f53afffc3c80d9f69f1cb4c2b6604f5ce18f70353867eabbf7277c346702b60a853fc7d14fd7beb8f4e3b19f0dc83cbdaa9c8b6935000855991e47159929988d103f8f9c9fe8a6cf294bdfaaa416c69fb378c547fba8344f226e1fbd1ca5831e9dfda6956ecaeaa27b0a74ba505d5205a8cd8531162481d687c8dd125d77d98ec9a93e4f4ce0c88d9a5ab97fcbf293000839556f6509f26d690528c58ebe9c221a2b5f2f3130edfd993eddae38d2db97ab67d86fb78527be8edbd222962848873bafc09cd8e1de7a48933875c3f21e2efb6557ce0d2a71f72003fb1e39222e0532969228785ab94d41783ce3e1ee7658a1b23ea40b6d799a96147b870bba66aa69bcd91d474862c7afcd5ac3b23601bbdf0ac4e7300d60b4727505bc2bd40c366c2477174c49014688c469312a7f093804a3d90e3786acfec5241d5354bfc7f65302cfa94347d116d0c9f04b039269663933a0e48c10f6df3f15737b4e63a7a20b3708c36bbf123a8eb6801b7b0a0925b36f3fb017c5f1354b3404802737e1b329ee52027c39cc9967d54860c7a64df96e1334c95af265f83779936c7ff0d586a369c0bb677cfb75cce2eff9d08df12ce60445c116abc5eb98ef6f9b7e3521cc7db15c87ac26131da29ce521a723063fdef68e70094031bd6a09d06f78aeb8ef1c341da9ff74bc3b8f258ed9a3e62f407d3af7177745c32b074b8af710d94aa15e58441685b8386d68f1832eebd4a5282deed48f74d847f9c83f3f9bf8412e02b35a443f8eca04a4b5c26e3874938fa1e8e84f7b630cf37e07b4f2216ae449947e9f0fea4e6b57f9a96a81b396b973db59e0ff133a8c77f9343ac9ab5b6a145ea1293fdd65561795fbf3d839db9dc089318b7c413b567b19520afaf71e31048e558b408f97c68ef618fcd3125863f59c4fa5479702849f65a7aefad19a60235e38edbfd4a1f1b18f4417244783468088ff68a1cc539bcc2dd3ecaffcaf63ac9f1a9ca9a49bf14e40f61da9bfe8c03aca8a02e262bc2e0caad68fbf32a970b1cfe90d35cb50d1cddc0813799c621baec128719382b3e1d21540a7fb0d883008497bdc6a285865335c59d4f9b3c9ec60f60936c7fb9bad76c7493b141957345bd0c7fe7bad714352909cf0a4f38e066029780b28415a00b134a8a0e0976aa2a8c2488b10b7d61c4a44f634a8e41fe14ceb46bd431b47c805fe0e14e19d6e0d53dd9832fe366b9d4417c69efe7be16d25f35966106fdad60a8a0af1b0040dd7d42cbda892b88a3c9cf3ddbb4c1576177919322e99880634c5442a364037d2105a589f1f4e8aeed39b702fa7e9fe73f3d65c91d9d23bf598c0f0a4b78272ab2ae88bb0083c0d7b65c65ad463f81af6a8895ffe5a4cb17a9d2689850aadc0f7da8354a8ec055eac88b764701ef086d8e76a1fe32dc680cdc6da0555ab8ff98d37a2422ae92d0b0fbf57aef830a1db9b896cfe5db19d70d41e50dc4bc96067f8ebb8eea765ce6411bebb19543e5ccb4c5d742ac7567e84fdb300cc9a6d502d9246f58c5d95b517c6064c406a378a848d99f3160d4fa2980d99474190812bc9bd6a829b338ad3c8c370356eef8143dd62132571bc6cc2631eb3970c56f62af6cd0f6fd95dada59f39ef7ab05c693a24a79d89cd14fd13f5b58daaa4b8dfeca709bfbbf7b83218d7e36e2e6eaeabe9e6e145fba4398e22891756dcdfaaf953455898527785c1a737821d3eccf48cf16e106bb42a072c597753e67f1865cf6b065c0b36eeeb4ed9e487f9834f76581cf634ed66d309f08307e34bee6f137af08ae70c35a30d92f268728f561e1c89e313300db0a1bacca57096cbdd3b8b982d413f4818778af7662972125f56e9e589493823a642e189c87a821e6991a91361063bfe2d5d37fd21df66cb9f18d00409b24941081dfdf1187909a82b9cf8553512c495d36ee26777fafd40f5a1268a34f5b62e509bd1fb867f764a477eaa039a9b01cdf3fd70381a33b6714433fcfbf9b8fd3d28e7d475feff9feb1423614d00a4d7506fd24825b4ea120fd2a0d961c3fc9846aaf2b4fb5d50aff95c3c83903957e4351393d737c49e165b7e936ea97534b28e9bbbed9621821d8ca749bea480ff45e49871c2a9e4d3a3f0ea5cd3a1e4d12dd524691d74c6e0195d3dad75c68fef168f35f5e2588b61db8ebc1e16fd79648ebd68d77cdfcef801437ffad5aefc9e3e289970a9f6da20e66d26a19f83b323e9c8a816c1d7b8d0b6a8abd45187b67113cb885f2ee6e874f34982e9a0999a49eda60e007afe8def9630d0e4b46ffd96f9eb9323072afc1828515713cd9a30d09c218431108fe84c195e1d316a86e22dd16f0d07f1906f982e31539bad06ced6f875e8bb53eebd17f6c73ddea15d198bffe2b9767d999db505ec3b8e5aebd19e3eca666d11fabdb28359516322052b71572ae1ee8d88c410d0d5583bbdd76dab6b19b6dff099aae341bd57c589999032342257e96983356b61884cf3b2f8d9389ccfb1ad7ee6afaa615e95a33cb058ee90d9ccdcab265cba4e47cbec595fbd613512337f8414d192c8b85e57076a42d20cd134ee991417510530006477c70d1d09f242a0ad036e3e0755858c70fa8a0f2f10a783659bbc40ca49e8223c7e8deb6e7a9e825fb1fedbc0e1b896549114815623491b937d66f06efc5eed6ea7733da4aa8d5dffac9b92e3f59ce2abeaeb6018b4a91f3876b95a5e68a50726e3d02a5187a1fe91ca1af1b687c30cbf1e0cfac515d320b875be13e385d00de2ab1f52dcf800b7778602976d217933d39ffe9624123958d489e5aaf378fa77ed670ad19fb7b6b3ea03f83a5b1844023f48626f695f0727081add515495e154b173429d6f6d0a3c6f5882c55685bbae40c39db098fca1f9d323c0c1aa340f7f04f0bce1353bdc71d7f876fca3aa745f7c92b791a648a60aa748b2f7fe374bbd007c9ef550989d1284caa624edac89cf1908c643019274155a81d7123ef1b2593e55dba7d44389c4f82c8bd5ae07f75de8bc5d947a947080daeb23da5a7d0fcf93ce05a33ecefab5eb62656843eee7248c6b35b1663e2b3744d9dd81f01aa72c666f0ec538b0db7af6f15770030a4cf69edd54e3e5d9d6d0e58a4f1e3b396173964967ea90d3164e1f36554454b47a947de042094e702b07d263ae2af8b44536ce14609ac7a84349e8bcc60f0910aa550edf94dc40accfb85449ac267bbeb3f108fe2f6ae5521a5b05c522c428826482b1db0f327028e377c5fd1d88b18204168a1251cc7aff69b3f480e6441b0b9721843062140c172a5a0a9c1957c20be63226da3e22bb6d18a6a4422c04a5560cd54690bed317a881f695ba3607bd2aa03cc7f2415312b34fe2fbfa3c4860c494ef1987446c71a12024eb44e6ca2d69e440bda62d92b6ae13f4a5ac7dec82a8d41739d690127463bd93da02c36aa854536eeb99783fb3b8eec83aa307d4d785a72826f07e3de5d0343106b34221b9eb2c89651cc8b36e845c3692d4560ffff3dfc614badace0de9eeb9cb7636c430a391d93be11de6b3cbce1ab47df6922085a6e111a984795f70c77bc092172467ae17c148def9e663f2ab61726f3b62be4ecb631f15f8f470b872c2d0b3d9064a0890573dc13dec3a80d05b0dd8947aba2ab5e7a688b875eeb4583e4dea3be9cd158384888f0201dbc2db046df2d67460160e258a99499781b28410b171a3809a96babe48992e1e4011e4f14f288f8c8d68c8e0f055a2da5fc4bd1316cccbd67c603399dfd67879a85e12f82d62318a74a1c950d36537d3db5cb8bb4d68947c23ce65d483c8dbe0ab1186326e7027a11722136c67a1ec79d227ce395a11c536c689eed58e029842717f953c6d8288e029b1491545c2b13357ef052711b6aeb08cffb363842a5e098d089fda2c20ee7ab327c82e4461928424eef302e481fff6bcd7b20d50207ebd3a3aebce7d28021a2eb494a6aeadb2efc03ad380ebc17d769c2fb251bc770099c79706820936083dbac49d0e377fda7c5c5588b2cebc038d3eff5183fc1723702e220e30fb13e934fa677a82642d5b52be9b7b2f5e1a29422314071723a9f42ee99c1d99d5e445dc030f296c9957cbae372399baee5ca1310e918f52f342222dd9b988a1a3fd00d6e21391c7ca31fa7480c2b82d8436ba03866ad3e03b0197e330f4036d0d796d49c220a3bc7542abe3992d082bec9487e4dbb76edb5eb904ff2d120aca33865a260b6b78f85cc26f19f391948071445cb65a1df206bb635567e17bd3bad39f9331696106fd4a243cd27d3a9c79dcef9b86cf0696b3c7cca1463d03b73db5fc66d77c540fd90dce5e649d6e6bf271bf49cc054b4e09b3675121641c71666541c16d6a7be5c71c87451e73b650c2083ffa48d15c9dc8ff55669e381a604d20c54e3402d5e0733d708072f0e5adced3024850d30238b3516e03bf555a0cfd8e897cd780fe87263d1c9e74e75c6efe5dbeea9fd4a356573dc734062f078e978372d76b5bc47925dbbbb800d221f7c68bdfd6ddec65a82a46dc43c6475bd716106aab2a1994805e8974a919a5b514b4eeb0f9f7d07ceeec459350ec057e1e57446c11154d94a85f31018354c3da351186ff6cd", 0x1000}, {&(0x7f0000001240)="548ded53c17781699b1e2b2ded158137ed57be33730c4aa372113680bb70fcf459ab61614d7f4036cfafa0490b2b8e2730e65a436736e0b4d014f7b333d615b298deb9610dfd4329ad9750a9f737d4e5083cc74aab9007943831d13f25e6d2ddf79f17a90c21713907cf2e6babd70a98ae23a81d98b7d3b2d54cf20cc0b0bb4e33093ac2dcaaddcb41af6e51c770577a8d751144dd3fa28eaf8befc001907435033ad3da6661bfdee682455fca55461a18dd70843905bb7ca4d439700066abd48653cff3be632d062e2da6514c13556e80c47a23f0261b28b253049bcde3e20bba4088da382a5c35efa99248cfcf6f9e978441141980f9f390cb3f59d2fa6cce7aba1632f6d1e4c8bd91e97d65efa3806cf8ac959ccda20342de8acb6653c2c03a9e703d66824c807349a70b1dde7a38bbadd61f9be04fc2f599f71e96c6a17bdd1b76aa3638578c58097a9a13e98da5386404ab0047178b31c2dd1b0e9817f551bf721ec9c24e4242722b0456bbf741b19ae2e4d1e0cb38d7d6c8e7d79b4075d42aedbd8169f2478d35125f8385f0b9de10ef210bb2919cf25ca30a111c243716c4eb235b1e07b9f503a80696a84fd1a6cbae24c2a2c7ccfe6a82eaede01f23a90d33d968baacbf4eb0291cb02ec4b2085e5cd722cdbd0af45e522b5e7d37e1a497a5b51846c6eb009bead114dccb546e8c0a7029aef14b1aca983b451a04d51174f881770af8e36bc8f8b50f8e41ff2c3576963f19f160307a8f565b2b492524dabce9f9128b146548893c6dff9bc8a9d1e801d8c2d398ce5f58478824ac69fc15e3e4e0f3c235363b5a09736f10266eed34acf674dca8a4c700470478d9e13325b7c62281b0b2aa5defcb3090cf054c10f2e52b1365c05479f2e77552af51ed12fb306311179ae7771fd31265c3705c2e6e54f4621ec25b85e84536993889979871fc1e4edc3e3442069b42e6022d73de0e96b462b340ebc643cdec69864670bd75bb4633dbcf9b2dd52dc2f778cd47522bcc903b6c810c41bce9cd6c7cf8bc43213882ff98ffb962b0199cb6f8c556b6dc82f5bad47676ef5bec628811cf8e416770d2e88dd8cd602a63908c341db282f8318633869db8a538f91bba63c853fc2834fa6c1f208ed7ccdc69b19acaea9efdac0f153a3d6769e45620500b560831ab212c34f7c24261a72817f8c343ed3e29fc65dae6530175952c03e03e8ae0841f2a7eda3d993a8d446537a7f845dadfba5394c584f3913428551ef35009a3bd4d59677794d909fc8410c5ef8b6bffc4329610b3d30c34df96b69ab3e1a08bd2d9a58d4cef76ccd61ffc2fc43f70ed9c44714435da0e00115e15335adb53ece5fcd85902a5f5b216cb9989e4ab38e152a2469b116bb2a66414adc9026d4cf83510ac368282fab61fa1406fbe265b09ab642ceb139b8a5b5c6dc135c1ed0e8941da37a1fc74c9791ef5f194b159b89b3c66291299b48b42504a1743afb0de2ae65b60eb33f3d54de1c1e927e06d6b26afd44a01b776147ee0022a59a1933f618f5416f2d6003ad8523bf833eca479e312a1d4d01d80128ddb9ced421bcdd4b8e5bfa1065ebd521cfa2ba4bb45e06bc0561b5e436f3b6d14c9e4a09180cd1d1f97c8b4661fd9ea3b1b719655babbf9db8cbe261c3b10633861430c3572588780e2a81389d3e909478ee80a26abda508ec07fcf1a69f5933dcc1e237408a67296a56267f3f4e8846bf0dd8ea5035f2763dfcb27ebbec2f96ea5fe40ec3935984bdd820657b2ac532ac53826138c73c97b668a050e5445de7f9f65d7daa747bdf37aa8837bc752cfcd62f8b0a737ee61ed98d88e99543c5f90bdece25b1bf8ca7610f8ac5cee6850b8187d0c0fbc7df73155b3ec9c58b4ff160acb8e56a4d929af47e8564999b630762ffa9fe15166e9f53d124ad1c74c762a333e9d8144bb33bb4a8374bd5df54e72b73e2d7977398056b01646d48dfb75f755f3475f1e0d3367e88b15cb638fc944e0a54e522b4bb7bc1d44d8c9a05c4053207192e66011c32b87aeeb5b14fd52c4df8a5a05f8b646c6aadf0eed7026ea7fddbbeceb6436bbd5aeeafdaa57032f21823255cb6d4d805251f9f62c78e77ab99446fb82f60d03e5b139329f7f97cbf5f3b5c42f77a4345d7d7393ba2bbee033c17cd3daf52dff9c540c1851fdca12b49f9b949b1a18345a38ececb956d653e12b772b0a828adb47e97031903f4aef755b5776c60653d91c185693bdc8a10eb4cdc6460f7c09752c4102e96f1f536b1fb74a3b4c7c00e2d51374d36ae524128de4f02f60ce60f02bcf75b3474591c6951f25d24edbfc57702174950d71e9389ebdcf82dd29556466b2110279c7624857b83e1b28cc8a34e33b328ccd42770eaa470bfeefe56aad47113336aec9da35928e18a47e8bdaf4d6cd5c7f08db268b2d60cccc76d2cc6e2b854be66cabc242e4aa827631cbd0f612f10d2e6ce5c417f80523c3d5988b6d171b055f15056223952b2a9bb63df0e98fa3d7556dafe2d02d39ffea3688ff25170591fd66a335066e1ccba27eb545bcbf1b242681469108dfd2c3109c418caed9bd9fdfe1a1db4143beba1c2f69aaedba12115cf05338b994749b43affb9f9eb69f1fae466a1ccbd4ecf4d9d3824684dcb747113db5fed20a848f25e2943af45d7d97f09bbcb4f174859497664f304d89045d0f0884a42183820281ee47a5726768ced18476c1a2511bcade3e5a2187ba1a9eae5b2ec77853234794c001f5397ccb927c268472ee3da4e7ec5055cf60eb595c04fefb3f0469d02c99e93abe953f594119dcfe2a98436c8e4643b052231f42cc20736721b997d8f1e1953ffe38de9d07d891fcaf09f79e5376ee2150488b5bf3ceff7245b54306bd11fcc7011b703e8e32696b02a7afb89404e2eccec5cff7137f6d8d8eb4e42908b707b5711b6aa918ce7d8475b38b11288e7eeac2df00d2b3cb57c91b95d589b93c133d6d8f9ef345b1dc881f2eac4a38cbbb5430fc1c2a33d9d9044a4f8d51bfcfce0181e2d9e8cf980f08c7b371a5182b3ffac8942c496a50467110961decb19f1af12a7837f936ee4e5373197ddaf8c9874120c28bbefb8c9a2585766f1762d95a47cf4ec9bc030ecdae99e6309d5e9411c0e4cb4df19ffc624b9700d32ed348bbb046fb2f600ca3498fc1d5248fa37b74e6912fb7b4ef4e8bc536c85612ee6b709914b9d5304446e7d5b07971d6f419ad1f74e273112ad41b090b5951029d435c59ce9759bf92a197d9a8d8445cab3c9cd6bcd7e9ccbd970e90f62f077c840bd7af5af94b1add802a30d0735e66a03a82d7ab830c77d885b3429c6eb9afd4fe270958d9fa0532c9d1b9ecb1c0ff25707a0326fc337649b360bf584d68ac346e53ba794802ad28997d0e0bb96b59f33e8414bd40fdfe0e50dfa011a68634b6b56dcca9a251cb284bf122b25354d708e109c5dfe58a49552641870c088e181ea8c527dfd661aa6c42f6b6f15a6363f0365ca0ccac0510ce41c3cb80a36ac0c241284bb44149e4e13bb9163d0c8568c53a97ebfecfff8d6f1528edb14458271091c21a58f897858573c54d6888e420f02dc59120ced373dea074ae4e039cb96bb41ba359f0ad068e51598ef848fe38eeed992cb9b9f0b5c3909dd7de11a870f594765b6cfb312ae599953829399c96c3c8bb2ad2793c173b51e74ce9674c50473579810f8a21134f6a81624c930c0d26c31f7751e334edd3313c166f30b87e1121377b1f973bc2a9b31f63660805fcb1175b217f483f162c96270cc3efe37410fbf3f62f27ea15cc8bd555549cb8aec334a02faba97505977f140db788dd0e141c1e76547dd8d0fa32ae60b5b952c6e3d9fcf523fc019584464740067eab2232bf37de83a694d4a9dd4a8b7ef24983eb013cf1e0e18bb33428acc9ad5af83607e02bc26335c8367bbd689b072e1f50f097d3e2dce4b6931220984ac3d79f46fa4b7495e0e98bd781ac4e0e947fa1fb4d7c75006ea7e14d02f09cf18ecc77d281aa9ddf27e919fd590d205ead03a04cec6a7a078a23af2079715fcc017f4c8a013362cfe4a7aa815d222797c55b3e406af555ed63839c4ce86b738cbc9d96a950821ced0eaba2c78f6b0be4efb48c63baaef8f3530963f859b84315926e84890888c7b51bca631c9657c6f780225683ae92d29e7a3b9ec29a80cd72c40d4c8cacea3ef808a5afa7ce683901be7787027e8e1f457388f422835bf107ad1e6587353793753d26a9292f025552fa72d79f61b7d3f41e80a4a225887e5b320527ff3858cee69431acb3ff264b5f1d0132011710a50aa8ee7e1e5cbd4474a496473ef9b5bfb3b93e8f23d509d78aa5263b8f7c56ec4141e5f959184578cfb1ff3f633d75c82a42b88bc388bc07d9fd13343d0c19959cae2776891281fbd2a3052ab0ddae85d30022a935933fbec754e59f3cb7c6c5829eb71b8921d2d1769b6214a9f58599afde11892b9d42f96cd5bad68597e9aed6a6ff6166572c42eaf5982482f8300964ef84334992eff06c4f2f044752c3b3992f58e29e6e7da3af5fcc729db82814e2299b4fee2d1ce31905d01b7250cb618fdc3d9383d90a7fa93176f59924b60a3fdcae4a9dd5a3be570fb31b169e905813be7c3cd6bf560e1842dde6e79a54ad021c0996712efbddd2f8eab3ea34d887799009374433143302e7fa10471d3687fa8881bf78500b1efa2df65c2b17f5aae2afbad3146a1c4add0850496e4fb4346fe7d5b9a33663d0f7c1fb822a657a67a80bcd6cc0ec3485b434f64a3c1d38dbf9d1775df1467a1d0301c2561a48b19162b8b7b5bb552c8a819ff32b99882c5ba56c298f9d356fe065f53c5e61266b860856c05e8c1b3a3387384c8d572f35c8d6bfc0fcba74788bf0ed95e411ed733794879ea4adbaf2bbf2eb9bba057bb4939741dad940c19515680a9e0ddc930e157765c6e8375aa0a9a0b79c7a6bf46db8703b7e0423eee4ee6e5dbedab0471ca95d4840a6a35618b851c5933d239f664674de2299d22d854e8f3a9860957a6cf3273ebbcc31f1fc6da1e044775fd572d1901f3fb105ac6d16f27a6ffd8fd53d7bfa827da342d34212cc18937d9262ab6be80859e40216bf6f4450e0efaa2522a953f08b78df2bb4be02fce9fbbb833360fbdab8816be63794a2b666f7624dc34384e85096baae8befc19948004fcf07644aa048da8bc52db62fa8da83a8f0746d9d8b6682a8e2ad3e926434a09bd7ee96c8c0e283e6482313319b6c899971c5d177fd35490f3c6f4b2ef51846c2bf724738b731d438ec78b910d78bd871cb4037314f5d63fa12920bb0ca1e4803622cbdf488eff18679530d7e5b8e211255a3435f6f9de55c5031cee4078241d2e0518198e17c89399346850880cadb8fe7530075ccc0c10750d135ad5bad3619bd8e4f1cc38daaf94dd5157372fbb7c72b3702adcdb3c28a102c16486970082245df7d58a8cc1b78e69299217f34aa1c22bbbe2a65452fa35925d8b22137c78afed325c55d86fca7da0987b7ecafd42f930aadf00511fdb4801a397c9dc6ad1598d4bdcc05a7c9e7c6cd861db8f67318457aea1305745c44a80f0abf7ff149d35c25e455734509b90bb2a4008ee75f06153e97a1962ca3701bced84827e5a9a7d24dbea2ee5b27908a5a734cf14c328e7350d5ffef6ced2a6576fa59040225609e27e6a35bdefa996af3f800ed29806e6ee83414b4e77c0dc0addb45cbe8e650471e7903206c5759d4db21bc7aeb932e4618e50937862a442b4f3971a43acf57447aea4150a5", 0x1000}, {&(0x7f0000002240)="6539404b698ac927d306b5e3acc5049af675cd0fed67ab34e3a73d2cd1d6b16fff9b73064320503fef3dc5984f7071919ee35fb5bc574a82682f9c4cff175d29a7b5134a81cc42f7f2fb648129b8eea348ab67fc630fa9a2659acc30b617aa21960db4ec9a56835214ce3f49a8ea9d29d8999fb13588d5c3b163f36ce977730417535b9f6f9c6ff60578d4e0ec24356dcab4a0ea89a2e23a7539715a", 0x9c}, {&(0x7f0000002300)="a7b0708eaf1f48f66a15d1a6f38416d61c7a1c0c94f29b0295d79b7547c9f8b2571ca5a33488ab15d40cc5710add86dc46a9865d358dc4575d04b1f5f637cdc530d4de77b255815715189577396a7c94c91f0a17d4c0ad52a18d509c3a0cbf16bce55f10fc7cac9b987cac399eb3a01314a816045e936cecf6e4c78fa5d4323f58a775d05c3100bd4f78", 0x8a}, {&(0x7f00000023c0)="112d27e33de4a2f5481600a1c0881e42228803b816a7632a914b3f9d82defb5d0d06672e5e5510c0819a8ad1460fbff12b2306c4b9bc1e63b32b3ae1a412677ff24127d638de7624f5bc9b63d06c760c6421d02fc3fa18d35b51ab9081dbc8389c8dd199dcca749267fa9b421bcbd55bdd93ff3ef481a150beb936ede7663e8357cb18a4e12c0d555c34e0ca27e2d64dbc6bdca3a297d402070ae17d7feba1eaa40ea1c162db25957d5b073ab86138b61396918eebaa14449593da95f5a647219aa8e993081c065d5bfc54a4d4bb84d261fa06ee3c6bfb63074f", 0xda}], 0x7, &(0x7f0000002540)=[@iv={0x20, 0x117, 0x2, 0x9, "2736248db73e641321"}, @assoc={0x18, 0x117, 0x4, 0x6}, @iv={0xb0, 0x117, 0x2, 0x99, "4c0b070ca8032ddf02dbd52af87b7621e1f3ec34ed40b8428247dbc87c6384326b020204fa5e8d88765c1987c9bfa56c66b352f1884b9ef9e890b987c42ea15e90a3cd689fa1794a4ac15dd7fbf26bb730befd3986cb0ccb5f601e89e23e3956a4b02772abe5b94445fb8aa09505c57dd5b26f1222b0d42ba5d413c01e28c74ffab7784ef014f65fa9f18d3e7f4dff13cc3647e95c7d055f68"}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x10000}, @iv={0xc0, 0x117, 0x2, 0xab, "e087f498672b7f375994b53c4248098bddce92e072578b621813b814bd7a9531ec510db38d4225db48045b438c949ee677cd50cf66015eb92450990497cb25a552666a757bae08e83717800a4900edff09e5f93fecd50902da8e40335b72ecbe37b25789f02ae59d7593b48e69de90f23660e08620efb344e611c7cbaba0953a9998607140b6cd01c735220c1cce1f3bdb18ea6a2304cc64832398b20184c84a95800c66c163e24272a44b"}, @assoc={0x18, 0x117, 0x4, 0x2}, @assoc={0x18, 0x117, 0x4, 0x80000001}, @iv={0xa0, 0x117, 0x2, 0x89, "66720ae2fd0c88aed861a0bd50677d87ee0b14a12dd045e6bc13bfd8274d808ec916764d41206a4356f2bc7b36ceb72815ce5fb09590e97a379dfd7178231990ef0308bf31309a4a00adef338937c2d8268d28ba0e64474357610f7390a0088858af5515a45b366e506ea8abf41833b1f082894fe18fcd2e6dd988e820b8da87f8dde4dd53581c64b4"}, @assoc={0x18, 0x117, 0x4, 0x4e92c2a5}], 0x2c0}, 0x20020005) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000002c40)={&(0x7f0000002880)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000002940)={&(0x7f0000002a80)={0x1b8, 0x0, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x68, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8000000000000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x400}]}, @TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xb0f}]}, @TIPC_NLA_SOCK={0x78, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x456}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x10001}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffbd0}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x87}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5b}]}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0xffffffff}]}]}, @TIPC_NLA_NET={0x64, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1ff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10001}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1eda}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fffffff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x20040081}, 0x20040080) 10:19:54 executing program 3: sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xd0, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x2d}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_batadv\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffff9c5a}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3ff}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4800}, 0x11) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) 10:19:54 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 43) 10:19:54 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 35) [ 1068.945110] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1068.956015] qnx4: unable to read the superblock 10:19:54 executing program 3: sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xd0, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x2d}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_batadv\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffff9c5a}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3ff}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4800}, 0x11) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xd0, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x2d}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_batadv\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffff9c5a}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3ff}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4800}, 0x11) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) [ 1069.024696] qnx4: no qnx4 filesystem (no root dir). 10:19:54 executing program 1: r0 = socket(0x2e, 0x1, 0x17fa58dc) r1 = socket(0x25, 0x1, 0x40) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000080)=0x1ff, 0x4) (async) sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x20002040) 10:19:54 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1069.045119] FAULT_INJECTION: forcing a failure. [ 1069.045119] name failslab, interval 1, probability 0, space 0, times 0 [ 1069.084573] FAULT_INJECTION: forcing a failure. [ 1069.084573] name failslab, interval 1, probability 0, space 0, times 0 [ 1069.087153] CPU: 0 PID: 15868 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1069.103652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1069.112990] Call Trace: [ 1069.115565] dump_stack+0x1b2/0x281 [ 1069.119182] should_fail.cold+0x10a/0x149 [ 1069.123315] should_failslab+0xd6/0x130 [ 1069.127275] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1069.131931] ? kobj_ns_drop+0x80/0x80 [ 1069.135720] call_usermodehelper_setup+0x73/0x2e0 [ 1069.140544] kobject_uevent_env+0xc21/0xf30 [ 1069.144857] lo_ioctl+0x11a6/0x1cd0 [ 1069.148465] ? loop_set_status64+0xe0/0xe0 [ 1069.152681] blkdev_ioctl+0x540/0x1830 [ 1069.156548] ? blkpg_ioctl+0x8d0/0x8d0 [ 1069.160415] ? trace_hardirqs_on+0x10/0x10 [ 1069.164650] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1069.169735] ? debug_check_no_obj_freed+0x2c0/0x680 [ 1069.174736] block_ioctl+0xd9/0x120 [ 1069.178343] ? blkdev_fallocate+0x3a0/0x3a0 [ 1069.182644] do_vfs_ioctl+0x75a/0xff0 [ 1069.186426] ? lock_acquire+0x170/0x3f0 [ 1069.190378] ? ioctl_preallocate+0x1a0/0x1a0 [ 1069.194767] ? __fget+0x265/0x3e0 [ 1069.198200] ? do_vfs_ioctl+0xff0/0xff0 [ 1069.202154] ? security_file_ioctl+0x83/0xb0 [ 1069.206546] SyS_ioctl+0x7f/0xb0 [ 1069.209891] ? do_vfs_ioctl+0xff0/0xff0 [ 1069.213847] do_syscall_64+0x1d5/0x640 [ 1069.217720] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1069.222890] RIP: 0033:0x7f94265b4e07 [ 1069.226580] RSP: 002b:00007f9424f29f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1069.234269] RAX: ffffffffffffffda RBX: 00007f94265fe9c8 RCX: 00007f94265b4e07 [ 1069.241518] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1069.248768] RBP: 0000000000000005 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1069.256019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 1069.263267] R13: 0000000000000004 R14: 0000000020000e98 R15: 0000000000000001 [ 1069.270614] CPU: 1 PID: 15866 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1069.278497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1069.287846] Call Trace: [ 1069.290436] dump_stack+0x1b2/0x281 [ 1069.294063] should_fail.cold+0x10a/0x149 [ 1069.298210] should_failslab+0xd6/0x130 [ 1069.302186] kmem_cache_alloc+0x40/0x3c0 [ 1069.306242] __es_insert_extent+0x338/0x1360 [ 1069.310659] ext4_es_insert_extent+0x1b9/0x530 [ 1069.315240] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 1069.321041] ext4_map_blocks+0x887/0x1730 [ 1069.324672] qnx4: unable to read the superblock [ 1069.325183] ? ext4_issue_zeroout+0x150/0x150 [ 1069.325194] ? __ext4_new_inode+0x27c/0x4eb0 [ 1069.325213] ext4_getblk+0x98/0x3f0 [ 1069.325225] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1069.325241] ext4_bread+0x6c/0x1a0 [ 1069.350209] ? ext4_getblk+0x3f0/0x3f0 [ 1069.354092] ? dquot_initialize_needed+0x240/0x240 [ 1069.359023] ext4_append+0x143/0x350 [ 1069.362736] ext4_mkdir+0x4c9/0xbd0 [ 1069.366369] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1069.371045] ? security_inode_mkdir+0xca/0x100 [ 1069.375615] vfs_mkdir+0x463/0x6e0 [ 1069.379134] SyS_mkdirat+0x1fd/0x270 [ 1069.382830] ? SyS_mknod+0x30/0x30 [ 1069.386440] ? fput_many+0xe/0x140 [ 1069.389967] ? do_syscall_64+0x4c/0x640 [ 1069.393920] ? SyS_mkdirat+0x270/0x270 [ 1069.397785] do_syscall_64+0x1d5/0x640 [ 1069.401661] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1069.406832] RIP: 0033:0x7f2e61d65157 [ 1069.410533] RSP: 002b:00007f2e606daf88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1069.418233] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d65157 [ 1069.425499] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1069.432766] RBP: 00007f2e606db020 R08: 0000000000000000 R09: 00007f2e606db1d0 10:19:54 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000229bd7000fbdbdf25040000007800018008000300000000004c0002800800020000fcffff080001000900000008000200060000000800010019000000080003000300000008000200010000000800010000000000080001000d0000000800030006000000150001006574683a626f6e645f736c6176655f3000000000080003000800000010000680040002000800010081000000340004800900010073797a300000000024000780088004000400000008000400000000000800040005000cee2c00020000000100240007800c00030000000000000000000c00040009000000000000000800020000000000380005802400028008000100030000000800010006000000080003000300000008000400060000000800010075647000070001006962000030000280140003800800020009000000080001000400000008000100fbffffff080002000010000008000100070000008684e2805a7fd8fc9e45176b3721249dec7f0273f912a457ee10940791b86a"], 0x15c}, 0x1, 0x0, 0x0, 0x8800}, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x6, 0x1, &(0x7f0000000280)=[{&(0x7f0000000240)="ae36", 0x2, 0x5}], 0x400, &(0x7f00000002c0)={[{'syz2\x00'}, {'syz2\x00'}, {'syz2\x00'}, {'/#}-\x00'}, {'syz2\x00'}, {'syz0\x00'}], [{@fowner_eq={'fowner', 0x3d, 0xee01}}, {@dont_measure}, {@obj_role={'obj_role', 0x3d, 'syz2\x00'}}, {@smackfshat={'smackfshat', 0x3d, '^^'}}]}) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4c020}, 0x20000010) 10:19:54 executing program 1: r0 = socket(0x2e, 0x1, 0x17fa58dc) (async) r1 = socket(0x25, 0x1, 0x40) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000080)=0x1ff, 0x4) sendmsg$NL80211_CMD_NOTIFY_RADAR(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x0, 0x300, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x20002040) 10:19:54 executing program 1: sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40c5}, 0xc811) r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) r2 = socket(0x1e, 0x80810, 0x7fffffff) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r0, 0x300, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfffffffd, 0x5}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x800c005) 10:19:54 executing program 1: sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40c5}, 0xc811) (async, rerun: 64) r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) r2 = socket(0x1e, 0x80810, 0x7fffffff) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 64) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r0, 0x300, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfffffffd, 0x5}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x800c005) 10:19:54 executing program 1: sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40c5}, 0xc811) r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) r2 = socket(0x1e, 0x80810, 0x7fffffff) r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r0, 0x300, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfffffffd, 0x5}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x800c005) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x10, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40c5}, 0xc811) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) socket(0x1a, 0x80000, 0xa3) (async) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) socket(0x1e, 0x80810, 0x7fffffff) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan1\x00'}) (async) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd70e9fbdadf258700000008000300", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) sendmsg$NL80211_CMD_SET_MCAST_RATE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, r0, 0x300, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfffffffd, 0x5}}}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xb4}]}, 0x30}, 0x1, 0x0, 0x0, 0x5}, 0x800c005) (async) 10:19:54 executing program 1: sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void, @val={0xc, 0x99, {0x7, 0x13}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x801}, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x1402, 0x4, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x40000080) socket(0x21, 0x9, 0x9) 10:19:54 executing program 3: sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xd0, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x32}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x2d}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast2}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_batadv\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffff9c5a}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@local}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3ff}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}]}, 0xd0}, 0x1, 0x0, 0x0, 0x4800}, 0x11) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1069.440031] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1069.447293] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1069.451800] qnx4: no qnx4 filesystem (no root dir). [ 1069.553956] qnx4: unable to read the superblock 10:19:55 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 44) 10:19:55 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 36) 10:19:55 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000229bd7000fbdbdf25040000007800018008000300000000004c0002800800020000fcffff080001000900000008000200060000000800010019000000080003000300000008000200010000000800010000000000080001000d0000000800030006000000150001006574683a626f6e645f736c6176655f3000000000080003000800000010000680040002000800010081000000340004800900010073797a300000000024000780088004000400000008000400000000000800040005000cee2c00020000000100240007800c00030000000000000000000c00040009000000000000000800020000000000380005802400028008000100030000000800010006000000080003000300000008000400060000000800010075647000070001006962000030000280140003800800020009000000080001000400000008000100fbffffff080002000010000008000100070000008684e2805a7fd8fc9e45176b3721249dec7f0273f912a457ee10940791b86a"], 0x15c}, 0x1, 0x0, 0x0, 0x8800}, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x6, 0x1, &(0x7f0000000280)=[{&(0x7f0000000240)="ae36", 0x2, 0x5}], 0x400, &(0x7f00000002c0)={[{'syz2\x00'}, {'syz2\x00'}, {'syz2\x00'}, {'/#}-\x00'}, {'syz2\x00'}, {'syz0\x00'}], [{@fowner_eq={'fowner', 0x3d, 0xee01}}, {@dont_measure}, {@obj_role={'obj_role', 0x3d, 'syz2\x00'}}, {@smackfshat={'smackfshat', 0x3d, '^^'}}]}) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4c020}, 0x20000010) 10:19:55 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:55 executing program 1: sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void, @val={0xc, 0x99, {0x7, 0x13}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x801}, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x1402, 0x4, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x40000080) (async) socket(0x21, 0x9, 0x9) 10:19:55 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x8, 0x252000) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000140)={0x0, 0x0, r1}) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x140e, 0x10, 0x70bd2d, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x8890) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x90320004}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4a}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000) 10:19:55 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x8, 0x252000) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000140)={0x0, 0x0, r1}) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x140e, 0x10, 0x70bd2d, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x8890) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x90320004}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4a}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000) syz_open_dev$media(&(0x7f0000000000), 0x8, 0x252000) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r0) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000140)={0x0, 0x0, r1}) (async) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x140e, 0x10, 0x70bd2d, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x8890) (async) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x90320004}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4a}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000) (async) [ 1069.646962] FAULT_INJECTION: forcing a failure. [ 1069.646962] name failslab, interval 1, probability 0, space 0, times 0 [ 1069.674637] FAULT_INJECTION: forcing a failure. [ 1069.674637] name failslab, interval 1, probability 0, space 0, times 0 [ 1069.691993] CPU: 1 PID: 15934 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1069.699888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1069.709251] Call Trace: [ 1069.711835] dump_stack+0x1b2/0x281 [ 1069.715500] should_fail.cold+0x10a/0x149 [ 1069.719654] should_failslab+0xd6/0x130 [ 1069.723630] kmem_cache_alloc+0x28e/0x3c0 [ 1069.727780] getname_flags+0xc8/0x550 [ 1069.731614] SyS_mkdirat+0x83/0x270 [ 1069.735244] ? SyS_mknod+0x30/0x30 [ 1069.738780] ? fput_many+0xe/0x140 [ 1069.742316] ? do_syscall_64+0x4c/0x640 [ 1069.746294] ? SyS_mkdirat+0x270/0x270 [ 1069.750182] do_syscall_64+0x1d5/0x640 [ 1069.754072] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1069.759258] RIP: 0033:0x7f94265b4157 [ 1069.762956] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1069.770659] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1069.777923] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1069.785192] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 10:19:55 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000000)) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:55 executing program 1: sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @void, @val={0xc, 0x99, {0x7, 0x13}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x801}, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x1402, 0x4, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x8000}, 0x40000080) socket(0x21, 0x9, 0x9) [ 1069.792457] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1069.799720] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1069.810102] CPU: 1 PID: 15936 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1069.817985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1069.827337] Call Trace: [ 1069.829932] dump_stack+0x1b2/0x281 [ 1069.833560] should_fail.cold+0x10a/0x149 [ 1069.837706] should_failslab+0xd6/0x130 [ 1069.841678] __kmalloc_track_caller+0x2bc/0x400 10:19:55 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000002200)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000021c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="9800000062d5a10144d0654b7752dfa7d55071a13df1a39f14e601e0ef1f4a22cb6ba49807640a01b828703e9afc2fc9daa9c5d5ceccd3eb9b63626a6e7962a89046f25ee2a4002775b869071b3a6694b152e2d73866daa954b3166ae03db8753b8446684e209eb4f178", @ANYRES16=r0, @ANYBLOB="10002cbd7000ffdbdf250b0000000c009900fbffffff5a0000000800090001ac0f0018006e8004000100040002000400010004000100040002000500080002000000080037000000000004000b000800090001ac0f0024006e8004000100040001000400010004000100040001000400020004000100040002000a000600ffffffffffff000009000700d54700ffc0000000"], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x200040c0) r2 = socket(0x24, 0x0, 0x0) setsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, &(0x7f0000000040)=0x5, 0x4) r3 = socket(0x2c, 0x6, 0x1) ioctl$IMGETCOUNT(r3, 0x80044943, &(0x7f0000000000)) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) read$FUSE(r4, &(0x7f0000000080)={0x2020}, 0x2020) 10:19:55 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000002200)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000021c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="9800000062d5a10144d0654b7752dfa7d55071a13df1a39f14e601e0ef1f4a22cb6ba49807640a01b828703e9afc2fc9daa9c5d5ceccd3eb9b63626a6e7962a89046f25ee2a4002775b869071b3a6694b152e2d73866daa954b3166ae03db8753b8446684e209eb4f178", @ANYRES16=r0, @ANYBLOB="10002cbd7000ffdbdf250b0000000c009900fbffffff5a0000000800090001ac0f0018006e8004000100040002000400010004000100040002000500080002000000080037000000000004000b000800090001ac0f0024006e8004000100040001000400010004000100040001000400020004000100040002000a000600ffffffffffff000009000700d54700ffc0000000"], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x200040c0) (async) r2 = socket(0x24, 0x0, 0x0) setsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, &(0x7f0000000040)=0x5, 0x4) (async) r3 = socket(0x2c, 0x6, 0x1) ioctl$IMGETCOUNT(r3, 0x80044943, &(0x7f0000000000)) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) read$FUSE(r4, &(0x7f0000000080)={0x2020}, 0x2020) [ 1069.846339] ? strndup_user+0x5b/0xf0 [ 1069.850137] memdup_user+0x22/0xa0 [ 1069.853670] strndup_user+0x5b/0xf0 [ 1069.857292] ? copy_mnt_ns+0xa30/0xa30 [ 1069.861179] SyS_mount+0x39/0x120 [ 1069.864634] ? copy_mnt_ns+0xa30/0xa30 [ 1069.868518] do_syscall_64+0x1d5/0x640 [ 1069.872407] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1069.878009] RIP: 0033:0x7f2e61d6757a [ 1069.881711] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1069.889412] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a 10:19:55 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async, rerun: 32) r1 = socket(0x1a, 0x80000, 0xa3) (rerun: 32) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000002200)={&(0x7f00000020c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000021c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="9800000062d5a10144d0654b7752dfa7d55071a13df1a39f14e601e0ef1f4a22cb6ba49807640a01b828703e9afc2fc9daa9c5d5ceccd3eb9b63626a6e7962a89046f25ee2a4002775b869071b3a6694b152e2d73866daa954b3166ae03db8753b8446684e209eb4f178", @ANYRES16=r0, @ANYBLOB="10002cbd7000ffdbdf250b0000000c009900fbffffff5a0000000800090001ac0f0018006e8004000100040002000400010004000100040002000500080002000000080037000000000004000b000800090001ac0f0024006e8004000100040001000400010004000100040001000400020004000100040002000a000600ffffffffffff000009000700d54700ffc0000000"], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x200040c0) (async) r2 = socket(0x24, 0x0, 0x0) setsockopt$PNPIPE_HANDLE(r2, 0x113, 0x3, &(0x7f0000000040)=0x5, 0x4) r3 = socket(0x2c, 0x6, 0x1) ioctl$IMGETCOUNT(r3, 0x80044943, &(0x7f0000000000)) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, 0x0, 0x0) read$FUSE(r4, &(0x7f0000000080)={0x2020}, 0x2020) [ 1069.896674] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1069.904022] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1069.911284] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1069.918554] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1069.934479] qnx4: no qnx4 filesystem (no root dir). 10:19:55 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 45) 10:19:55 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x8, 0x252000) (async, rerun: 32) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (rerun: 32) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r0) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000140)={0x0, 0x0, r1}) (async) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x140e, 0x10, 0x70bd2d, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x8890) (async) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x90320004}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4a}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000) 10:19:55 executing program 0: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x38, 0x1406, 0x10, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:55 executing program 1: socket(0x24, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x254, r0, 0x20, 0x80000001, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x3b}}}}, [@NL80211_ATTR_IE={0x229, 0x2a, [@perr={0x84, 0xf6, {0x4d, 0x10, [@not_ext={{}, @device_a, 0x2, "", 0x23}, @ext={{}, @device_a, 0x6, @device_b, 0xa}, @ext={{}, @device_b, 0x3, @broadcast, 0x19}, @ext={{}, @broadcast, 0x3, @device_b, 0x23}, @ext={{}, @device_a, 0x5731b78c, @device_a, 0x3a}, @not_ext={{}, @device_b, 0x7fff, "", 0x37}, @not_ext={{}, @broadcast, 0xfffffffb, "", 0x2f}, @not_ext={{}, @device_b, 0x7, "", 0x16}, @ext={{}, @device_b, 0x4, @device_b, 0x32}, @ext={{}, @device_b, 0x0, @broadcast, 0xb}, @not_ext={{}, @device_a, 0xb138, "", 0xc}, @not_ext={{}, @broadcast, 0x80000000, "", 0x13}, @not_ext={{}, @broadcast, 0x7, "", 0xd}, @not_ext={{}, @device_a, 0x1546, "", 0xe}, @not_ext={{}, @device_b, 0x0, "", 0x36}, @not_ext={{}, @device_a, 0x5, "", 0x24}]}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0xf8, 0xe5, 0x6}}, @random={0x83, 0x10, "4f8c6bf86b6f608b96cbd47337168b23"}, @cf={0x4, 0x6, {0x2, 0x6c, 0x83a1, 0x2}}, @tim={0x5, 0xfa, {0x3, 0xe2, 0x9, "104a09513f421f19ba4bc3ab31dcc94070b728b151d3f3bf7bf0036a403e6cbc0fe10c0dbd708a52a74489028ee1f6389b6a263045dd1dc3a88542ba5cb893f6a46642fc330140057d3f97aadbf33d58e4ee426b010b291922f0bddf09cdc6876ce7a9acc1d1df82ffdc49c4be4386f4f04a399556f7ed38498d49609c764b26d205c109779e4aad0b32d5df759d93412f3510dfb80a8907c2524ccc14e39174a83e515a59b6e780f4fed62d6c99281d7e559b9370dc599eafef78f1f5be9eb8e821e8443ad3f0b56fae256a78fd78bf065c629713494898e140bb9c84c826d2e21fdd8348043d715c52b503c7dd3191453569419628fb"}}, @mesh_config={0x71, 0x7, {0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xa, 0x40}}, @mesh_id={0x72, 0x6}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x810}, 0x44094) 10:19:55 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 37) 10:19:55 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5c010000", @ANYRES16=0x0, @ANYBLOB="000229bd7000fbdbdf25040000007800018008000300000000004c0002800800020000fcffff080001000900000008000200060000000800010019000000080003000300000008000200010000000800010000000000080001000d0000000800030006000000150001006574683a626f6e645f736c6176655f3000000000080003000800000010000680040002000800010081000000340004800900010073797a300000000024000780088004000400000008000400000000000800040005000cee2c00020000000100240007800c00030000000000000000000c00040009000000000000000800020000000000380005802400028008000100030000000800010006000000080003000300000008000400060000000800010075647000070001006962000030000280140003800800020009000000080001000400000008000100fbffffff080002000010000008000100070000008684e2805a7fd8fc9e45176b3721249dec7f0273f912a457ee10940791b86a"], 0x15c}, 0x1, 0x0, 0x0, 0x8800}, 0x4) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x6, 0x1, &(0x7f0000000280)=[{&(0x7f0000000240)="ae36", 0x2, 0x5}], 0x400, &(0x7f00000002c0)={[{'syz2\x00'}, {'syz2\x00'}, {'syz2\x00'}, {'/#}-\x00'}, {'syz2\x00'}, {'syz0\x00'}], [{@fowner_eq={'fowner', 0x3d, 0xee01}}, {@dont_measure}, {@obj_role={'obj_role', 0x3d, 'syz2\x00'}}, {@smackfshat={'smackfshat', 0x3d, '^^'}}]}) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x4c020}, 0x20000010) 10:19:55 executing program 1: socket(0x24, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x254, r0, 0x20, 0x80000001, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x3b}}}}, [@NL80211_ATTR_IE={0x229, 0x2a, [@perr={0x84, 0xf6, {0x4d, 0x10, [@not_ext={{}, @device_a, 0x2, "", 0x23}, @ext={{}, @device_a, 0x6, @device_b, 0xa}, @ext={{}, @device_b, 0x3, @broadcast, 0x19}, @ext={{}, @broadcast, 0x3, @device_b, 0x23}, @ext={{}, @device_a, 0x5731b78c, @device_a, 0x3a}, @not_ext={{}, @device_b, 0x7fff, "", 0x37}, @not_ext={{}, @broadcast, 0xfffffffb, "", 0x2f}, @not_ext={{}, @device_b, 0x7, "", 0x16}, @ext={{}, @device_b, 0x4, @device_b, 0x32}, @ext={{}, @device_b, 0x0, @broadcast, 0xb}, @not_ext={{}, @device_a, 0xb138, "", 0xc}, @not_ext={{}, @broadcast, 0x80000000, "", 0x13}, @not_ext={{}, @broadcast, 0x7, "", 0xd}, @not_ext={{}, @device_a, 0x1546, "", 0xe}, @not_ext={{}, @device_b, 0x0, "", 0x36}, @not_ext={{}, @device_a, 0x5, "", 0x24}]}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0xf8, 0xe5, 0x6}}, @random={0x83, 0x10, "4f8c6bf86b6f608b96cbd47337168b23"}, @cf={0x4, 0x6, {0x2, 0x6c, 0x83a1, 0x2}}, @tim={0x5, 0xfa, {0x3, 0xe2, 0x9, "104a09513f421f19ba4bc3ab31dcc94070b728b151d3f3bf7bf0036a403e6cbc0fe10c0dbd708a52a74489028ee1f6389b6a263045dd1dc3a88542ba5cb893f6a46642fc330140057d3f97aadbf33d58e4ee426b010b291922f0bddf09cdc6876ce7a9acc1d1df82ffdc49c4be4386f4f04a399556f7ed38498d49609c764b26d205c109779e4aad0b32d5df759d93412f3510dfb80a8907c2524ccc14e39174a83e515a59b6e780f4fed62d6c99281d7e559b9370dc599eafef78f1f5be9eb8e821e8443ad3f0b56fae256a78fd78bf065c629713494898e140bb9c84c826d2e21fdd8348043d715c52b503c7dd3191453569419628fb"}}, @mesh_config={0x71, 0x7, {0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xa, 0x40}}, @mesh_id={0x72, 0x6}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x810}, 0x44094) [ 1070.052045] FAULT_INJECTION: forcing a failure. [ 1070.052045] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.066553] CPU: 1 PID: 16005 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1070.074446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.079053] FAULT_INJECTION: forcing a failure. [ 1070.079053] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.083796] Call Trace: [ 1070.083813] dump_stack+0x1b2/0x281 10:19:55 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r2, @ANYBLOB="040027bd7000ffdbdf25110000000c0099000500000037000000a800be008ac9544f655422d4cd1cd32727ffc4834a0e1c19b9b93f8cfc22208fed1a911c4a9907f7d16aefc0fa0924b102d6bbb5211495c4b3170833ebc8b4479ed1b51dd1fe98eb19ec04dc8dc910a3f5768725d0309f8c4e27b9f1114a377829e6961fa7a16899b06ce531c376e4cefc2a4db26e026d0c065052735abf04d9b917135dee98e05f2fbb964f03398b599052f5df681a049945f1158db172000811ccbb0d7c548bea1b001300e099160189892484094000000000000000e4851830a4c800061b1a0102000000e94919ad8c08837328cb599f3aa21ca8c53810a36fec5fe1a9b1ccfaaff424bcc8882afcf2ccba7e639fdfcb913ff8e52618682b4ce2ef244f25ea8bb5c9c9fd31007dedab2dfe2bcf2ac1ca36cc1d7e56fdf2bbb5c9c9374a134a790b33f04c45"], 0xec}, 0x1, 0x0, 0x0, 0x4004000}, 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0, 0x80}}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r3, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="88000000", @ANYRES16=0x0, @ANYBLOB="01032abd7000ffdbdf251200000008000700008000005c000180080003000100000014000200626f6e64300000000000000000000000080003001100000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468315f746f5f7465616d00000008000700020000000800080009000000"], 0x88}, 0x1, 0x0, 0x0, 0x24048090}, 0x4000) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) sendmsg$ETHTOOL_MSG_RINGS_GET(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48c0}, 0x4) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x28, r7, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x28}}, 0x0) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r7, 0x210, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x26}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x41}, 0x1) 10:19:55 executing program 0: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x38, 0x1406, 0x10, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) (async) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x38, 0x1406, 0x10, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1070.083828] should_fail.cold+0x10a/0x149 [ 1070.083841] should_failslab+0xd6/0x130 [ 1070.083857] kmem_cache_alloc+0x28e/0x3c0 [ 1070.113446] __d_alloc+0x2a/0xa20 [ 1070.116918] ? d_lookup+0x172/0x220 [ 1070.120544] d_alloc+0x46/0x240 [ 1070.123832] __lookup_hash+0x101/0x270 [ 1070.127716] filename_create+0x156/0x3f0 [ 1070.131777] ? kern_path_mountpoint+0x40/0x40 [ 1070.136273] SyS_mkdirat+0x95/0x270 [ 1070.139899] ? SyS_mknod+0x30/0x30 [ 1070.143432] ? fput_many+0xe/0x140 [ 1070.146967] ? do_syscall_64+0x4c/0x640 [ 1070.150936] ? SyS_mkdirat+0x270/0x270 [ 1070.154819] do_syscall_64+0x1d5/0x640 [ 1070.158706] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1070.163891] RIP: 0033:0x7f94265b4157 [ 1070.167592] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1070.175290] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1070.182561] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1070.189818] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1070.197078] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1070.204341] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1070.212453] CPU: 0 PID: 16003 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1070.220337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.229681] Call Trace: [ 1070.232265] dump_stack+0x1b2/0x281 [ 1070.235516] qnx4: no qnx4 filesystem (no root dir). [ 1070.235896] should_fail.cold+0x10a/0x149 [ 1070.245026] should_failslab+0xd6/0x130 [ 1070.248999] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1070.253664] ? copy_mnt_ns+0xa30/0xa30 [ 1070.257557] copy_mount_options+0x59/0x2f0 [ 1070.261791] ? copy_mnt_ns+0xa30/0xa30 [ 1070.265678] SyS_mount+0x84/0x120 [ 1070.269134] ? copy_mnt_ns+0xa30/0xa30 [ 1070.273018] do_syscall_64+0x1d5/0x640 [ 1070.277343] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1070.282539] RIP: 0033:0x7f2e61d6757a [ 1070.286241] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1070.293942] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a 10:19:55 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r2, @ANYBLOB="040027bd7000ffdbdf25110000000c0099000500000037000000a800be008ac9544f655422d4cd1cd32727ffc4834a0e1c19b9b93f8cfc22208fed1a911c4a9907f7d16aefc0fa0924b102d6bbb5211495c4b3170833ebc8b4479ed1b51dd1fe98eb19ec04dc8dc910a3f5768725d0309f8c4e27b9f1114a377829e6961fa7a16899b06ce531c376e4cefc2a4db26e026d0c065052735abf04d9b917135dee98e05f2fbb964f03398b599052f5df681a049945f1158db172000811ccbb0d7c548bea1b001300e099160189892484094000000000000000e4851830a4c800061b1a0102000000e94919ad8c08837328cb599f3aa21ca8c53810a36fec5fe1a9b1ccfaaff424bcc8882afcf2ccba7e639fdfcb913ff8e52618682b4ce2ef244f25ea8bb5c9c9fd31007dedab2dfe2bcf2ac1ca36cc1d7e56fdf2bbb5c9c9374a134a790b33f04c45"], 0xec}, 0x1, 0x0, 0x0, 0x4004000}, 0x1) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0, 0x80}}) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r3, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) (async) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="88000000", @ANYRES16=0x0, @ANYBLOB="01032abd7000ffdbdf251200000008000700008000005c000180080003000100000014000200626f6e64300000000000000000000000080003001100000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468315f746f5f7465616d00000008000700020000000800080009000000"], 0x88}, 0x1, 0x0, 0x0, 0x24048090}, 0x4000) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) (async) sendmsg$ETHTOOL_MSG_RINGS_GET(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48c0}, 0x4) (async) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x28, r7, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x28}}, 0x0) (async) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r7, 0x210, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x26}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x41}, 0x1) 10:19:55 executing program 1: socket(0x24, 0x0, 0x0) (async) r0 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket(0x1a, 0x80000, 0xa3) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x99, 0x6f}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "f0c5f66c6e"}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000000) (async) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x254, r0, 0x20, 0x80000001, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x5, 0x3b}}}}, [@NL80211_ATTR_IE={0x229, 0x2a, [@perr={0x84, 0xf6, {0x4d, 0x10, [@not_ext={{}, @device_a, 0x2, "", 0x23}, @ext={{}, @device_a, 0x6, @device_b, 0xa}, @ext={{}, @device_b, 0x3, @broadcast, 0x19}, @ext={{}, @broadcast, 0x3, @device_b, 0x23}, @ext={{}, @device_a, 0x5731b78c, @device_a, 0x3a}, @not_ext={{}, @device_b, 0x7fff, "", 0x37}, @not_ext={{}, @broadcast, 0xfffffffb, "", 0x2f}, @not_ext={{}, @device_b, 0x7, "", 0x16}, @ext={{}, @device_b, 0x4, @device_b, 0x32}, @ext={{}, @device_b, 0x0, @broadcast, 0xb}, @not_ext={{}, @device_a, 0xb138, "", 0xc}, @not_ext={{}, @broadcast, 0x80000000, "", 0x13}, @not_ext={{}, @broadcast, 0x7, "", 0xd}, @not_ext={{}, @device_a, 0x1546, "", 0xe}, @not_ext={{}, @device_b, 0x0, "", 0x36}, @not_ext={{}, @device_a, 0x5, "", 0x24}]}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0xf8, 0xe5, 0x6}}, @random={0x83, 0x10, "4f8c6bf86b6f608b96cbd47337168b23"}, @cf={0x4, 0x6, {0x2, 0x6c, 0x83a1, 0x2}}, @tim={0x5, 0xfa, {0x3, 0xe2, 0x9, "104a09513f421f19ba4bc3ab31dcc94070b728b151d3f3bf7bf0036a403e6cbc0fe10c0dbd708a52a74489028ee1f6389b6a263045dd1dc3a88542ba5cb893f6a46642fc330140057d3f97aadbf33d58e4ee426b010b291922f0bddf09cdc6876ce7a9acc1d1df82ffdc49c4be4386f4f04a399556f7ed38498d49609c764b26d205c109779e4aad0b32d5df759d93412f3510dfb80a8907c2524ccc14e39174a83e515a59b6e780f4fed62d6c99281d7e559b9370dc599eafef78f1f5be9eb8e821e8443ad3f0b56fae256a78fd78bf065c629713494898e140bb9c84c826d2e21fdd8348043d715c52b503c7dd3191453569419628fb"}}, @mesh_config={0x71, 0x7, {0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xa, 0x40}}, @mesh_id={0x72, 0x6}]}]}, 0x254}, 0x1, 0x0, 0x0, 0x810}, 0x44094) 10:19:55 executing program 0: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x38, 0x1406, 0x10, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) (async) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x38, 0x1406, 0x10, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4001}, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1070.301212] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1070.308480] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1070.315884] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1070.323137] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:55 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 46) 10:19:55 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x11000, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x14b100, 0x0) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x6400, 0xfff, &(0x7f0000000100)) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/snd_ua101', 0x42000, 0xe4) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000240)=0x2, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:55 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) 10:19:55 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 38) 10:19:55 executing program 1: socket(0x24, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "2b05c16816173d1d02ddf4e4787567511297afac"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffff1f62}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4080}, 0x4000084) 10:19:55 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) 10:19:55 executing program 1: socket(0x24, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "2b05c16816173d1d02ddf4e4787567511297afac"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffff1f62}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4080}, 0x4000084) socket(0x24, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "2b05c16816173d1d02ddf4e4787567511297afac"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffff1f62}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4080}, 0x4000084) (async) [ 1070.454266] FAULT_INJECTION: forcing a failure. [ 1070.454266] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.472610] FAULT_INJECTION: forcing a failure. [ 1070.472610] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.490214] CPU: 0 PID: 16061 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1070.498112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.507463] Call Trace: [ 1070.510049] dump_stack+0x1b2/0x281 [ 1070.513677] should_fail.cold+0x10a/0x149 [ 1070.517821] should_failslab+0xd6/0x130 [ 1070.521790] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1070.526452] ? copy_mnt_ns+0xa30/0xa30 [ 1070.530342] copy_mount_options+0x59/0x2f0 [ 1070.534573] ? copy_mnt_ns+0xa30/0xa30 [ 1070.538460] SyS_mount+0x84/0x120 [ 1070.541905] ? copy_mnt_ns+0xa30/0xa30 [ 1070.545798] do_syscall_64+0x1d5/0x640 [ 1070.549700] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1070.554883] RIP: 0033:0x7f2e61d6757a [ 1070.558586] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1070.566291] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1070.573913] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1070.581172] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1070.588438] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1070.595704] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:56 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x11000, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x14b100, 0x0) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x6400, 0xfff, &(0x7f0000000100)) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/snd_ua101', 0x42000, 0xe4) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000240)=0x2, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x11000, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x14b100, 0x0) (async) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x6400, 0xfff, &(0x7f0000000100)) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/snd_ua101', 0x42000, 0xe4) (async) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000240)=0x2, 0x4) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:56 executing program 1: socket(0x24, 0x0, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "2b05c16816173d1d02ddf4e4787567511297afac"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0xffff1f62}]}, @TIPC_NLA_LINK={0x2c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4080}, 0x4000084) [ 1070.604020] CPU: 1 PID: 16065 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1070.612018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.621367] Call Trace: [ 1070.623951] dump_stack+0x1b2/0x281 [ 1070.627578] should_fail.cold+0x10a/0x149 [ 1070.631731] should_failslab+0xd6/0x130 [ 1070.635710] kmem_cache_alloc+0x28e/0x3c0 [ 1070.639864] ? ext4_sync_fs+0x7e0/0x7e0 [ 1070.643844] ext4_alloc_inode+0x1a/0x640 [ 1070.647902] ? ext4_sync_fs+0x7e0/0x7e0 [ 1070.651870] alloc_inode+0x5d/0x170 10:19:56 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_STATION(r1, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000006c0)=ANY=[@ANYBLOB="ec000000", @ANYRES16=r2, @ANYBLOB="040027bd7000ffdbdf25110000000c0099000500000037000000a800be008ac9544f655422d4cd1cd32727ffc4834a0e1c19b9b93f8cfc22208fed1a911c4a9907f7d16aefc0fa0924b102d6bbb5211495c4b3170833ebc8b4479ed1b51dd1fe98eb19ec04dc8dc910a3f5768725d0309f8c4e27b9f1114a377829e6961fa7a16899b06ce531c376e4cefc2a4db26e026d0c065052735abf04d9b917135dee98e05f2fbb964f03398b599052f5df681a049945f1158db172000811ccbb0d7c548bea1b001300e099160189892484094000000000000000e4851830a4c800061b1a0102000000e94919ad8c08837328cb599f3aa21ca8c53810a36fec5fe1a9b1ccfaaff424bcc8882afcf2ccba7e639fdfcb913ff8e52618682b4ce2ef244f25ea8bb5c9c9fd31007dedab2dfe2bcf2ac1ca36cc1d7e56fdf2bbb5c9c9374a134a790b33f04c45"], 0xec}, 0x1, 0x0, 0x0, 0x4004000}, 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0, 0x80}}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x4301, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) (async) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x4) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', r3, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="88000000", @ANYRES16=0x0, @ANYBLOB="01032abd7000ffdbdf251200000008000700008000005c000180080003000100000014000200626f6e64300000000000000000000000080003001100000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="1400020076657468315f746f5f7465616d00000008000700020000000800080009000000"], 0x88}, 0x1, 0x0, 0x0, 0x24048090}, 0x4000) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x4, 0xb9, 0x6, 0xb0, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x1, 0xfffffffa, 0x34}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x94, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8a8ca1c0e888700a}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x10040}, 0x40094) (async) sendmsg$ETHTOOL_MSG_RINGS_GET(r1, &(0x7f0000000600)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x14, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x48c0}, 0x4) (async) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_DEST(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x28, r7, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x28}}, 0x0) (async) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r7, 0x210, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x401}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_hsr\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x26}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x41}, 0x1) 10:19:56 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) (async) 10:19:56 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x11000, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x14b100, 0x0) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x6400, 0xfff, &(0x7f0000000100)) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/snd_ua101', 0x42000, 0xe4) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000240)=0x2, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x11000, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x14b100, 0x0) (async) statx(r0, &(0x7f00000000c0)='./file0/../file0\x00', 0x6400, 0xfff, &(0x7f0000000100)) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/module/snd_ua101', 0x42000, 0xe4) (async) setsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000240)=0x2, 0x4) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1070.655493] new_inode+0x1d/0xf0 [ 1070.658853] __ext4_new_inode+0x360/0x4eb0 [ 1070.663095] ? kmem_cache_free+0x7c/0x2b0 [ 1070.667239] ? putname+0xcd/0x110 [ 1070.670686] ? SyS_mkdirat+0x95/0x270 [ 1070.674481] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1070.679848] ? ext4_free_inode+0x1460/0x1460 [ 1070.684254] ? lock_downgrade+0x740/0x740 [ 1070.688408] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1070.693509] ? dquot_initialize_needed+0x240/0x240 [ 1070.698442] ext4_mkdir+0x2e4/0xbd0 [ 1070.702076] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1070.706745] ? security_inode_mkdir+0xca/0x100 [ 1070.711330] vfs_mkdir+0x463/0x6e0 [ 1070.714871] SyS_mkdirat+0x1fd/0x270 [ 1070.718585] ? SyS_mknod+0x30/0x30 [ 1070.722124] ? fput_many+0xe/0x140 [ 1070.725661] ? do_syscall_64+0x4c/0x640 [ 1070.729636] ? SyS_mkdirat+0x270/0x270 [ 1070.733519] do_syscall_64+0x1d5/0x640 [ 1070.737411] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1070.742592] RIP: 0033:0x7f94265b4157 [ 1070.746292] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1070.753996] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1070.761256] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1070.768518] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1070.775779] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1070.783040] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 10:19:56 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 47) 10:19:56 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x0, 0xd, 0x21, 0xecb}) socket(0x24, 0x0, 0x0) 10:19:56 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x40, 0x140e, 0x100, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008040}, 0x4010) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x1, "6ffd7c7664e224b30a37a38c720d1bbc6939d1a540306b44de5e956b360ba454"}) r1 = syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(r1, &(0x7f0000000280)='./file0/../file0/file0\x00', 0x800, 0x200, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$qnx4(&(0x7f00000000c0), &(0x7f0000000100)='./file0/../file0\x00', 0xfff, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="4c2e8b25136c6a1b90e161c68bafedd609b6cf7427998ff60688986533dba3628a09e4b87d1acebd5c90c6b239b5bd5fc0700f4f70fff7c00b8c3e", 0x3b, 0x5}, {&(0x7f0000000180)="5ee48f8cda34bf5b0298e9e7c7243befeca9aff9cf58ba6de2ac909d6b4a1c88002d5d9fc0b10af8a497726e15aeb9ec5b2420f4174a621d20239f2a61c71ef3dd5c55d2207afceb6c283b578b435c6a8b633114285eab4823b323fd354309cb3b7245a707411960edc4bb935f1ea7987e7409450e23e7ebf2441a2ae3c16be4ca1433eb4b592558858ac03d6394eddd3abdccaad0dfb41d83bd8a4af1355dc21a93c4583c76d0350948", 0xaa}], 0x20022, &(0x7f00000003c0)={[{'&:)@*(\x00'}, {}, {']!@]\xc5)^'}, {'@%'}, {',%\'&\'}('}, {'/$\xa9{-.%#'}], [{@uid_eq={'uid', 0x3d, r2}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}) 10:19:56 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 39) 10:19:56 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x40000, 0x0) 10:19:56 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x200) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000c9c801000000000000002a964556195975bf2300af935a1d8514f2315b9fdf1603006d73205b", @ANYRES16=0x0, @ANYBLOB="040029bd7000fbdbdf251000000038000280080002000009000014000380080001000000000008000200040000000400040008000100060000000400040008000200040000000c0009800800020006000000"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2d, 0xc0, 0x75, 0x2, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40, 0x7800, 0x7, 0x80}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x130, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x40000}, 0x4008004) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$SNDCTL_SEQ_NRSYNTHS(r1, 0x8004510a, &(0x7f0000000640)) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) ioctl$SNDCTL_SYNTH_INFO(r2, 0xc08c5102, &(0x7f0000000580)={"201dc8ffac937231929e1c4c93111d9e05908ba4b6e0b07702a7e49296bc", 0x9, 0x1, 0x401, 0x7fff, 0x3, 0x3400, 0x9, 0x1, [0x8000, 0x3, 0x0, 0x0, 0x5, 0x7, 0x0, 0xffffffff, 0x2, 0x0, 0x2, 0x6, 0x37cf, 0xfff, 0x9, 0xffff22c2, 0x2b, 0x7, 0x6]}) sendmsg$NL80211_CMD_SET_WDS_PEER(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x627, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x50}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="238b071f0675"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @random="67eddaede960"}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) 10:19:56 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x0, 0xd, 0x21, 0xecb}) (async) socket(0x24, 0x0, 0x0) 10:19:56 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x0, 0xd, 0x21, 0xecb}) (async) socket(0x24, 0x0, 0x0) 10:19:56 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x40, 0x140e, 0x100, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008040}, 0x4010) (async, rerun: 32) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x1, "6ffd7c7664e224b30a37a38c720d1bbc6939d1a540306b44de5e956b360ba454"}) (async) r1 = syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(r1, &(0x7f0000000280)='./file0/../file0/file0\x00', 0x800, 0x200, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$qnx4(&(0x7f00000000c0), &(0x7f0000000100)='./file0/../file0\x00', 0xfff, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="4c2e8b25136c6a1b90e161c68bafedd609b6cf7427998ff60688986533dba3628a09e4b87d1acebd5c90c6b239b5bd5fc0700f4f70fff7c00b8c3e", 0x3b, 0x5}, {&(0x7f0000000180)="5ee48f8cda34bf5b0298e9e7c7243befeca9aff9cf58ba6de2ac909d6b4a1c88002d5d9fc0b10af8a497726e15aeb9ec5b2420f4174a621d20239f2a61c71ef3dd5c55d2207afceb6c283b578b435c6a8b633114285eab4823b323fd354309cb3b7245a707411960edc4bb935f1ea7987e7409450e23e7ebf2441a2ae3c16be4ca1433eb4b592558858ac03d6394eddd3abdccaad0dfb41d83bd8a4af1355dc21a93c4583c76d0350948", 0xaa}], 0x20022, &(0x7f00000003c0)={[{'&:)@*(\x00'}, {}, {']!@]\xc5)^'}, {'@%'}, {',%\'&\'}('}, {'/$\xa9{-.%#'}], [{@uid_eq={'uid', 0x3d, r2}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}) [ 1070.929214] FAULT_INJECTION: forcing a failure. [ 1070.929214] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.945662] FAULT_INJECTION: forcing a failure. [ 1070.945662] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.958234] CPU: 0 PID: 16135 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1070.966126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.975474] Call Trace: [ 1070.978055] dump_stack+0x1b2/0x281 [ 1070.981682] should_fail.cold+0x10a/0x149 [ 1070.985828] should_failslab+0xd6/0x130 [ 1070.989799] __kmalloc_track_caller+0x2bc/0x400 [ 1070.994549] ? strndup_user+0x5b/0xf0 [ 1070.998338] memdup_user+0x22/0xa0 [ 1071.001865] strndup_user+0x5b/0xf0 [ 1071.005487] ? copy_mnt_ns+0xa30/0xa30 [ 1071.009367] SyS_mount+0x68/0x120 [ 1071.012815] ? copy_mnt_ns+0xa30/0xa30 [ 1071.016702] do_syscall_64+0x1d5/0x640 [ 1071.020595] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1071.025779] RIP: 0033:0x7f2e61d6757a [ 1071.029488] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1071.037187] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1071.044457] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1071.051715] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1071.058968] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1071.066225] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:56 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x200) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000c9c801000000000000002a964556195975bf2300af935a1d8514f2315b9fdf1603006d73205b", @ANYRES16=0x0, @ANYBLOB="040029bd7000fbdbdf251000000038000280080002000009000014000380080001000000000008000200040000000400040008000100060000000400040008000200040000000c0009800800020006000000"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2d, 0xc0, 0x75, 0x2, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40, 0x7800, 0x7, 0x80}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x130, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x40000}, 0x4008004) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$SNDCTL_SEQ_NRSYNTHS(r1, 0x8004510a, &(0x7f0000000640)) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) ioctl$SNDCTL_SYNTH_INFO(r2, 0xc08c5102, &(0x7f0000000580)={"201dc8ffac937231929e1c4c93111d9e05908ba4b6e0b07702a7e49296bc", 0x9, 0x1, 0x401, 0x7fff, 0x3, 0x3400, 0x9, 0x1, [0x8000, 0x3, 0x0, 0x0, 0x5, 0x7, 0x0, 0xffffffff, 0x2, 0x0, 0x2, 0x6, 0x37cf, 0xfff, 0x9, 0xffff22c2, 0x2b, 0x7, 0x6]}) sendmsg$NL80211_CMD_SET_WDS_PEER(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x627, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x50}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="238b071f0675"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @random="67eddaede960"}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x200) (async) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000c9c801000000000000002a964556195975bf2300af935a1d8514f2315b9fdf1603006d73205b", @ANYRES16=0x0, @ANYBLOB="040029bd7000fbdbdf251000000038000280080002000009000014000380080001000000000008000200040000000400040008000100060000000400040008000200040000000c0009800800020006000000"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2d, 0xc0, 0x75, 0x2, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40, 0x7800, 0x7, 0x80}}) (async) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x130, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x40000}, 0x4008004) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) ioctl$SNDCTL_SEQ_NRSYNTHS(r1, 0x8004510a, &(0x7f0000000640)) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async) ioctl$SNDCTL_SYNTH_INFO(r2, 0xc08c5102, &(0x7f0000000580)={"201dc8ffac937231929e1c4c93111d9e05908ba4b6e0b07702a7e49296bc", 0x9, 0x1, 0x401, 0x7fff, 0x3, 0x3400, 0x9, 0x1, [0x8000, 0x3, 0x0, 0x0, 0x5, 0x7, 0x0, 0xffffffff, 0x2, 0x0, 0x2, 0x6, 0x37cf, 0xfff, 0x9, 0xffff22c2, 0x2b, 0x7, 0x6]}) (async) sendmsg$NL80211_CMD_SET_WDS_PEER(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x627, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x50}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="238b071f0675"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @random="67eddaede960"}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) (async) 10:19:56 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x40000, 0x0) 10:19:56 executing program 1: socket(0x24, 0x0, 0x0) r0 = msgget(0x3, 0x200) msgsnd(r0, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000000)=""/148) r1 = msgget(0x2, 0x100) msgctl$MSG_STAT(r1, 0xb, &(0x7f00000000c0)=""/231) [ 1071.074852] CPU: 1 PID: 16140 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1071.082740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1071.092083] Call Trace: [ 1071.094667] dump_stack+0x1b2/0x281 [ 1071.098291] should_fail.cold+0x10a/0x149 [ 1071.102445] should_failslab+0xd6/0x130 [ 1071.106506] __kmalloc+0x2c1/0x400 [ 1071.110048] ? ext4_find_extent+0x879/0xbc0 [ 1071.114368] ext4_find_extent+0x879/0xbc0 [ 1071.118512] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1071.123960] ext4_ext_map_blocks+0x19a/0x6b10 [ 1071.128456] ? __lock_acquire+0x5fc/0x3f20 [ 1071.132692] ? __lock_acquire+0x5fc/0x3f20 [ 1071.136929] ? mark_buffer_dirty+0x95/0x480 [ 1071.141244] ? trace_hardirqs_on+0x10/0x10 [ 1071.145477] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1071.150837] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1071.156020] ? trace_hardirqs_on+0x10/0x10 [ 1071.160249] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1071.165093] ? ext4_es_lookup_extent+0x321/0xac0 [ 1071.169850] ? lock_acquire+0x170/0x3f0 [ 1071.174083] ? lock_acquire+0x170/0x3f0 [ 1071.178055] ? ext4_map_blocks+0x29f/0x1730 [ 1071.182378] ext4_map_blocks+0xb19/0x1730 [ 1071.186526] ? ext4_issue_zeroout+0x150/0x150 [ 1071.191020] ? __ext4_new_inode+0x27c/0x4eb0 [ 1071.195441] ext4_getblk+0x98/0x3f0 [ 1071.199071] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1071.203406] ext4_bread+0x6c/0x1a0 [ 1071.206953] ? ext4_getblk+0x3f0/0x3f0 [ 1071.210839] ? dquot_initialize_needed+0x240/0x240 [ 1071.215780] ext4_append+0x143/0x350 [ 1071.219499] ext4_mkdir+0x4c9/0xbd0 [ 1071.223133] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1071.227800] ? security_inode_mkdir+0xca/0x100 [ 1071.232376] vfs_mkdir+0x463/0x6e0 [ 1071.235909] SyS_mkdirat+0x1fd/0x270 [ 1071.239609] ? SyS_mknod+0x30/0x30 [ 1071.243145] ? fput_many+0xe/0x140 [ 1071.246667] ? do_syscall_64+0x4c/0x640 [ 1071.250626] ? SyS_mkdirat+0x270/0x270 [ 1071.254498] do_syscall_64+0x1d5/0x640 [ 1071.258381] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1071.263650] RIP: 0033:0x7f94265b4157 [ 1071.267340] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1071.275476] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1071.282736] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1071.290003] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1071.297249] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1071.304497] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1071.315038] qnx4: unable to read the superblock 10:19:56 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 48) 10:19:56 executing program 1: socket(0x24, 0x0, 0x0) (async) r0 = msgget(0x3, 0x200) msgsnd(r0, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000000)=""/148) (async) r1 = msgget(0x2, 0x100) msgctl$MSG_STAT(r1, 0xb, &(0x7f00000000c0)=""/231) 10:19:56 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x40000, 0x0) 10:19:56 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 40) 10:19:56 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x200) (async) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000c9c801000000000000002a964556195975bf2300af935a1d8514f2315b9fdf1603006d73205b", @ANYRES16=0x0, @ANYBLOB="040029bd7000fbdbdf251000000038000280080002000009000014000380080001000000000008000200040000000400040008000100060000000400040008000200040000000c0009800800020006000000"], 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x40) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x2d, 0xc0, 0x75, 0x2, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40, 0x7800, 0x7, 0x80}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x130, 0x0, 0x8, 0x70bd28, 0x25dfdbfb, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x130}, 0x1, 0x0, 0x0, 0x40000}, 0x4008004) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) ioctl$SNDCTL_SEQ_NRSYNTHS(r1, 0x8004510a, &(0x7f0000000640)) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async) ioctl$SNDCTL_SYNTH_INFO(r2, 0xc08c5102, &(0x7f0000000580)={"201dc8ffac937231929e1c4c93111d9e05908ba4b6e0b07702a7e49296bc", 0x9, 0x1, 0x401, 0x7fff, 0x3, 0x3400, 0x9, 0x1, [0x8000, 0x3, 0x0, 0x0, 0x5, 0x7, 0x0, 0xffffffff, 0x2, 0x0, 0x2, 0x6, 0x37cf, 0xfff, 0x9, 0xffff22c2, 0x2b, 0x7, 0x6]}) (async) sendmsg$NL80211_CMD_SET_WDS_PEER(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x70, 0x0, 0x627, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x50}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="238b071f0675"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @random="67eddaede960"}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) 10:19:56 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000500)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x40, 0x140e, 0x100, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008040}, 0x4010) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000000)={0x1, "6ffd7c7664e224b30a37a38c720d1bbc6939d1a540306b44de5e956b360ba454"}) (async) r1 = syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) statx(r1, &(0x7f0000000280)='./file0/../file0/file0\x00', 0x800, 0x200, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$qnx4(&(0x7f00000000c0), &(0x7f0000000100)='./file0/../file0\x00', 0xfff, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="4c2e8b25136c6a1b90e161c68bafedd609b6cf7427998ff60688986533dba3628a09e4b87d1acebd5c90c6b239b5bd5fc0700f4f70fff7c00b8c3e", 0x3b, 0x5}, {&(0x7f0000000180)="5ee48f8cda34bf5b0298e9e7c7243befeca9aff9cf58ba6de2ac909d6b4a1c88002d5d9fc0b10af8a497726e15aeb9ec5b2420f4174a621d20239f2a61c71ef3dd5c55d2207afceb6c283b578b435c6a8b633114285eab4823b323fd354309cb3b7245a707411960edc4bb935f1ea7987e7409450e23e7ebf2441a2ae3c16be4ca1433eb4b592558858ac03d6394eddd3abdccaad0dfb41d83bd8a4af1355dc21a93c4583c76d0350948", 0xaa}], 0x20022, &(0x7f00000003c0)={[{'&:)@*(\x00'}, {}, {']!@]\xc5)^'}, {'@%'}, {',%\'&\'}('}, {'/$\xa9{-.%#'}], [{@uid_eq={'uid', 0x3d, r2}}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}) [ 1071.330310] print_req_error: I/O error, dev loop5, sector 0 10:19:56 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x3, 0x400100) [ 1071.421302] FAULT_INJECTION: forcing a failure. [ 1071.421302] name failslab, interval 1, probability 0, space 0, times 0 [ 1071.424145] FAULT_INJECTION: forcing a failure. [ 1071.424145] name failslab, interval 1, probability 0, space 0, times 0 [ 1071.443969] CPU: 1 PID: 16196 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1071.451841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1071.461188] Call Trace: [ 1071.463772] dump_stack+0x1b2/0x281 [ 1071.467391] should_fail.cold+0x10a/0x149 [ 1071.471530] should_failslab+0xd6/0x130 [ 1071.475504] kmem_cache_alloc+0x40/0x3c0 [ 1071.479561] __es_insert_extent+0x338/0x1360 [ 1071.484038] ? __es_shrink+0x8c0/0x8c0 [ 1071.487906] ? lock_acquire+0x170/0x3f0 [ 1071.491860] ? ext4_es_insert_extent+0x11f/0x530 [ 1071.496602] ext4_es_insert_extent+0x1b9/0x530 [ 1071.501165] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 1071.506942] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1071.512381] ? ext4_es_find_delayed_extent_range+0x646/0x930 [ 1071.518161] ext4_ext_map_blocks+0x1e2c/0x6b10 [ 1071.522820] ? __lock_acquire+0x5fc/0x3f20 [ 1071.527036] ? __lock_acquire+0x5fc/0x3f20 [ 1071.531343] ? mark_buffer_dirty+0x95/0x480 [ 1071.535642] ? trace_hardirqs_on+0x10/0x10 [ 1071.539856] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1071.545201] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1071.550466] ? trace_hardirqs_on+0x10/0x10 [ 1071.554683] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1071.559511] ? ext4_es_lookup_extent+0x321/0xac0 [ 1071.564247] ? lock_acquire+0x170/0x3f0 [ 1071.568202] ? lock_acquire+0x170/0x3f0 [ 1071.572157] ? ext4_map_blocks+0x29f/0x1730 [ 1071.576463] ext4_map_blocks+0xb19/0x1730 [ 1071.580597] ? ext4_issue_zeroout+0x150/0x150 [ 1071.585072] ? __ext4_new_inode+0x27c/0x4eb0 [ 1071.589465] ext4_getblk+0x98/0x3f0 [ 1071.593074] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1071.597380] ext4_bread+0x6c/0x1a0 [ 1071.600899] ? ext4_getblk+0x3f0/0x3f0 [ 1071.604763] ? dquot_initialize_needed+0x240/0x240 [ 1071.609674] ext4_append+0x143/0x350 [ 1071.613377] ext4_mkdir+0x4c9/0xbd0 [ 1071.616987] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1071.621636] ? security_inode_mkdir+0xca/0x100 [ 1071.626303] vfs_mkdir+0x463/0x6e0 [ 1071.629826] SyS_mkdirat+0x1fd/0x270 [ 1071.633538] ? SyS_mknod+0x30/0x30 [ 1071.637065] ? fput_many+0xe/0x140 [ 1071.640588] ? do_syscall_64+0x4c/0x640 [ 1071.644550] ? SyS_mkdirat+0x270/0x270 [ 1071.648429] do_syscall_64+0x1d5/0x640 [ 1071.652306] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1071.657475] RIP: 0033:0x7f94265b4157 [ 1071.661169] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1071.668856] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1071.676402] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1071.683660] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1071.690916] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1071.698167] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1071.705431] CPU: 0 PID: 16202 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1071.713311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1071.722757] Call Trace: [ 1071.725348] dump_stack+0x1b2/0x281 [ 1071.728978] should_fail.cold+0x10a/0x149 [ 1071.733124] should_failslab+0xd6/0x130 [ 1071.737095] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1071.741763] ? copy_mnt_ns+0xa30/0xa30 [ 1071.745650] copy_mount_options+0x59/0x2f0 [ 1071.749880] ? copy_mnt_ns+0xa30/0xa30 [ 1071.753770] SyS_mount+0x84/0x120 [ 1071.757214] ? copy_mnt_ns+0xa30/0xa30 [ 1071.761101] do_syscall_64+0x1d5/0x640 [ 1071.764988] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:19:57 executing program 1: socket(0x24, 0x0, 0x0) r0 = msgget(0x3, 0x200) msgsnd(r0, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000000)=""/148) (async) r1 = msgget(0x2, 0x100) msgctl$MSG_STAT(r1, 0xb, &(0x7f00000000c0)=""/231) 10:19:57 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x2000000000000000, 0xfd0c, 0x0, 0x0, 0x0) 10:19:57 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x3, 0x400100) 10:19:57 executing program 1: socket(0x22, 0x4, 0x0) [ 1071.770168] RIP: 0033:0x7f2e61d6757a [ 1071.773874] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1071.776727] qnx4: unable to read the superblock [ 1071.781573] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1071.781579] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1071.781584] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1071.781589] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1071.781595] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:57 executing program 1: socket(0x22, 0x4, 0x0) 10:19:57 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 49) 10:19:57 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x3, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:57 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x3, 0x400100) 10:19:57 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 41) 10:19:57 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x2000000000000000, 0xfd0c, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x2000000000000000, 0xfd0c, 0x0, 0x0, 0x0) (async) [ 1071.860005] print_req_error: I/O error, dev loop5, sector 0 10:19:57 executing program 1: socket(0x22, 0x4, 0x0) socket(0x22, 0x4, 0x0) (async) 10:19:57 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) write$cgroup_freezer_state(r0, &(0x7f0000000040)='THAWED\x00', 0x7) 10:19:57 executing program 1: r0 = socket(0x1d, 0x1, 0xfffffffb) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/btrtl', 0x48080, 0xeb) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x109000, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000140)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/cirrus', 0x400000, 0x4b) openat$cgroup_freezer_state(r1, &(0x7f00000000c0), 0x2, 0x0) 10:19:57 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x2000000000000000, 0xfd0c, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x2000000000000000, 0xfd0c, 0x0, 0x0, 0x0) (async) 10:19:57 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x3, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:57 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) write$cgroup_freezer_state(r0, &(0x7f0000000040)='THAWED\x00', 0x7) [ 1071.979581] FAULT_INJECTION: forcing a failure. [ 1071.979581] name failslab, interval 1, probability 0, space 0, times 0 [ 1072.008290] FAULT_INJECTION: forcing a failure. [ 1072.008290] name failslab, interval 1, probability 0, space 0, times 0 [ 1072.019428] CPU: 0 PID: 16241 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1072.027373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1072.036723] Call Trace: [ 1072.039311] dump_stack+0x1b2/0x281 [ 1072.042934] should_fail.cold+0x10a/0x149 [ 1072.047075] should_failslab+0xd6/0x130 [ 1072.051052] kmem_cache_alloc+0x28e/0x3c0 [ 1072.055187] ? ext4_sync_fs+0x7e0/0x7e0 [ 1072.059147] ext4_alloc_inode+0x1a/0x640 [ 1072.063194] ? ext4_sync_fs+0x7e0/0x7e0 [ 1072.067146] alloc_inode+0x5d/0x170 [ 1072.070754] new_inode+0x1d/0xf0 [ 1072.074102] __ext4_new_inode+0x360/0x4eb0 [ 1072.078317] ? kmem_cache_free+0x7c/0x2b0 [ 1072.082448] ? putname+0xcd/0x110 [ 1072.085883] ? SyS_mkdirat+0x95/0x270 [ 1072.089663] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1072.095013] ? ext4_free_inode+0x1460/0x1460 [ 1072.099407] ? lock_downgrade+0x740/0x740 [ 1072.103554] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 1072.108650] ? dquot_initialize_needed+0x240/0x240 [ 1072.113571] ext4_mkdir+0x2e4/0xbd0 [ 1072.117191] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1072.121849] ? security_inode_mkdir+0xca/0x100 [ 1072.126420] vfs_mkdir+0x463/0x6e0 10:19:57 executing program 1: r0 = socket(0x1d, 0x1, 0xfffffffb) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/btrtl', 0x48080, 0xeb) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x109000, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000140)) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/cirrus', 0x400000, 0x4b) openat$cgroup_freezer_state(r1, &(0x7f00000000c0), 0x2, 0x0) [ 1072.129946] SyS_mkdirat+0x1fd/0x270 [ 1072.133650] ? SyS_mknod+0x30/0x30 [ 1072.137187] ? fput_many+0xe/0x140 [ 1072.140722] ? do_syscall_64+0x4c/0x640 [ 1072.144686] ? SyS_mkdirat+0x270/0x270 [ 1072.148558] do_syscall_64+0x1d5/0x640 [ 1072.152437] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1072.157605] RIP: 0033:0x7f94265b4157 [ 1072.161301] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1072.168999] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1072.176254] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1072.183509] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1072.190820] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1072.198082] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1072.205367] CPU: 1 PID: 16256 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1072.213249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1072.222606] Call Trace: [ 1072.225193] dump_stack+0x1b2/0x281 [ 1072.228824] should_fail.cold+0x10a/0x149 [ 1072.232978] should_failslab+0xd6/0x130 [ 1072.236952] __kmalloc_track_caller+0x2bc/0x400 [ 1072.241618] ? kstrdup_const+0x35/0x60 [ 1072.245498] ? lock_downgrade+0x740/0x740 [ 1072.249653] kstrdup+0x36/0x70 [ 1072.252853] kstrdup_const+0x35/0x60 [ 1072.256579] alloc_vfsmnt+0xe0/0x7f0 [ 1072.260296] ? _raw_read_unlock+0x29/0x40 [ 1072.264444] vfs_kern_mount.part.0+0x27/0x470 [ 1072.268937] do_mount+0xe65/0x2a10 [ 1072.272472] ? __do_page_fault+0x159/0xad0 [ 1072.276701] ? retint_kernel+0x2d/0x2d [ 1072.280584] ? copy_mount_string+0x40/0x40 [ 1072.284817] ? memset+0x20/0x40 [ 1072.288099] ? copy_mount_options+0x1fa/0x2f0 [ 1072.292595] ? copy_mnt_ns+0xa30/0xa30 [ 1072.296483] SyS_mount+0xa8/0x120 [ 1072.299933] ? copy_mnt_ns+0xa30/0xa30 [ 1072.303817] do_syscall_64+0x1d5/0x640 [ 1072.307709] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1072.312892] RIP: 0033:0x7f2e61d6757a [ 1072.316602] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1072.324304] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1072.331567] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1072.338833] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1072.346105] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1072.353369] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:57 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 50) 10:19:57 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x3, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x3, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:19:57 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x2028050, 0x0) 10:19:57 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) write$cgroup_freezer_state(r0, &(0x7f0000000040)='THAWED\x00', 0x7) 10:19:57 executing program 1: r0 = socket(0x1d, 0x1, 0xfffffffb) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/btrtl', 0x48080, 0xeb) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x109000, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000140)) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/cirrus', 0x400000, 0x4b) openat$cgroup_freezer_state(r1, &(0x7f00000000c0), 0x2, 0x0) socket(0x1d, 0x1, 0xfffffffb) (async) getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/btrtl', 0x48080, 0xeb) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x109000, 0x0) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(r2, 0x80047c05, &(0x7f0000000140)) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/cirrus', 0x400000, 0x4b) (async) openat$cgroup_freezer_state(r1, &(0x7f00000000c0), 0x2, 0x0) (async) 10:19:57 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 42) 10:19:57 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x2028050, 0x0) 10:19:57 executing program 5: sendmsg$RDMA_NLDEV_CMD_SYS_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x408a0284}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, 0x1406, 0x1, 0x70bd2d, 0xb269, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) clock_gettime(0x5, &(0x7f0000000000)) 10:19:57 executing program 1: socket(0x24, 0x5, 0x0) 10:19:57 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000001480)=ANY=[@ANYBLOB="b8000000baed34c8974cfcf3b7a7efd01f5dfc9f0cf3bf1d4f070bdae84359f66c4628adc0db75b0cde772f79f2bc6b4c25b84b6033bcd39ec5103559e28a7fb4cfd14a13858d29583636706097f97c43f1bc30a936b1b0d01", @ANYRES16=0x0, @ANYBLOB="080025bd7000fbdbdf250600000020000180090006006e6f6e6500000000060001000a00000008000b007369700008000600050000004c00028008000400000400000800040004000000080008000100000014000100ac1e0001000000000000000000000000080008000900000014000100ff010000000000000000000000000001080005000900000028000180060001000a00000008000800000200000c0007002000000043000000060002003c000000"], 0xb8}, 0x1, 0x0, 0x0, 0x4080}, 0x4c000) r0 = mmap$binder(&(0x7f0000ff7000/0x8000)=nil, 0x8000, 0x1, 0x11, 0xffffffffffffffff, 0x2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001440)={0x6c, 0x0, &(0x7f00000003c0)=[@free_buffer={0x40086303, r0}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/236, 0xec, 0x1, 0x3e}, @flat=@handle={0x73682a85, 0x1, 0x2}}, &(0x7f0000000380)={0x0, 0x18, 0x40}}, 0x600}, @acquire_done], 0x1000, 0x0, &(0x7f0000000440)="96cd490e71f30b99a4266d24b73398faf26502e6c5862e52397c20c38b3fa80343d85e878cb9f8b39b71837ffb8412f7c49d4c7ea6f31f36a8c217dd6f48247c01e4d409525be58e5e60abd5e08784680a5758093c9c845bc5a5c11214ed39613f1cebc086f2c9233e5d153838462d80acaea68bdff1889415f845602fdfcb61856ad3dccbb680cc407a8f8795283038c183d7ebecaf74aa1a669c9b100bbe44d3879b338f521c0138d04a6b16e27353624c66d02ede9c681647a4d61d1d14b451d05b53707b137e80844379377b33caa6b5e87cb730fbccae400c92a46de42b70aa794fe738b3459da1b175b772c08b780a58033e51ac235630a4c14760fd08e5454b4a4de44e427a8856f2fe92003e98bf568d4f7557d24e58c1d0c84f03bcfb58a69118a50605cd86260c088460f6c0387f63e80ccd666ce5cfb829e8b3446b36e7b2fe5662b4cd5dad56f7c8bf9ceb264e912bb86210a36f1029c88b63e3e75fd61326de53b652d5b0bfaab9213133316fd77f12bfc3d383e913f28ab0ab4dbbff9ae8f21adf94221ee4af15a02fb9dfd7914f28cd06282a8c7d3096664acc34134b1b2e23074ee87a196ed3960b3d46066353c830326eb4724b5d87b4c88695744db563ec75b1fc24f61598617fd2b0a40c04edb71a78ece4dd2b39da33aa343abaa7c29a9b74ac370881c3f8b1d425e54598c36ba587d261d047d69b4256aba1432a54493bc128d89bed8e802f2308b70d0b478650213c42b039d69c6d396befb90d3b1d90ba39539dc8570e2a3044db0e2943434408c5010fa381d3c62427db396bbc0de63835a4be815c8e999fb3e70db7b2693025dc2e98d9f52c566a3435c085375206361094c75c60865648ea469c9954308c3273983bff52bc640a91b8fc9078c65b355602e497058274499a39a58d0828c3a1abff8e2dd492a2148ee92aed35b62c67d3006c04b4ff71a2253d4fe79f89e8ac0ffb8f07a834d52729068d551ceb6f8f83edab928b0761772d21543e3ef8016df75c53d6e0fae6eaa58d6fc285b9f89408747a055c729cb78220276a1c6cb401104847133f07cb3870587597b4c4a475d13e77b2bb29fd8fbd7bcf22c7bc608265fef6b90142d2007e5b28881ec607d565b5792c6da0422222e8a7e90808ccd1c6cbf80bac837ed5a994c346dd88e1e5b93bb981640d4bd17d2a1a8b18df6416dcf7eb1e7e6574dfeafe35f105f5e3b87bcf2c2bda33c415c0c28535dc09a15ff8e05d175f1d81afef7b5e429f5afe12587fa1c05f497d9d8af4a1095dde3240040f2bcc4b49eeab314c38fcefbcf5204e01f656ec707dc9631f14e34f455a9c77fdc8f86897e7d07938642d3a55dcbd5dcfa54828da67069700869f15e0bef27897df364237551c76c70946591d8c238cdc0b697710b4c6c137dd98908be2222086a4106ca73fd0cacd3b558d23ba9c7c2ab61ba94b45113fd3ac3dc8e73358e81d9bfe6783af92040a30330e3c6e5ca75c138f1a811582a48b60153f383ef4b942e0b307a04b765ddd8f6a83a37c7909ce4dbb035e57a4baef2c86b28210b34689838f1ca763f673c0546ed553a18cee78e4799fad887c97f8097c7856171ffa2b0803c7476d30057acfc1536dc3dab395a9b525894dc68afda4a186e462c31467232294256ea478c4605d16441668e5c290885be5e9a1933e03eb6520e1d24fe6dbeb8242dab2fe23a44b35557b6a313f59297ebee0d11616d2b85ec6874f5698cef8048de4f9bf9391ff65701515f55c2fe5b8b780ef561c55126f1cbe38221b09dffb192442afec24124fbcf2b6238d8a5810dd49640e19b4dadf76d0ca970b325f507e726e18cc28c9283876b74594b02706c9fadcb358496e2c0faa65b8fa33f489006bba0f144de5ce38cc476833483c25a358cd968448abd637a58dc250e28dc3cf96c8fd2f87e14b56f8e2f1be3b3eb81a36207143e21b2a35d6078be531e5bc71ae07d8bf8027427f2b7cd4745776a3096a8f18ad63d8c9203e8aa6aba15638a45ef75b4e44812a67c91cffcee9872fdff6ebce9350783d7a5af25fd1e00feecfc4d39fc83009e049d85da17b11b51f47589b7484598155d7b4744b8e57b847006dcf4c755872135cd9e0cff7592d42812b6fee609cefdd98b1192521297b2fa763b13c8e1845cf653d0c3a1971f55079e28762c4cf7357a9596ab3ec85f3f0f7aec39d7247ef30bc332d993d545b39b8850a6e9f6c3da9e72aef4f24caf25e5be671a4bd9fa28bb9333741c464aa043ec62df2ecacdd71b15bedcd0c44b5e36473229ad2dad5cf91d322b8796c8bd808e0d69ba96d50c87faee0ff8dbca3c268ac3a2ba276f15898917d639f744b67d1f3529238d5c05f8174e4beb5275f17ef80c76da717e67c46994758f467a4b4904818e788d5f6043b1b10a5825e062e92d669ab230125cbdf07496b434a7fbd764c5ccca844a85ff769d288aa7fd9fd8c775e154345acee19b1670af4437c4194c7f8cdf117df567620ee48f219ed53b026a4344ebeb333f40096dbb6a984601848f6f040797e65b0378cf31504f4382b2be1ab071005c9d3148aaa0c1504b1d1c9c4da6f2ba5b6b70b8ac6673558e81eb1459dff9ed2aebefc204c7e0a83aadf4a3c8df9cf0fbf49f156524aa360c32980761916fffc9a64677e7a586554922dc9813c4facba4c9f5b6b2dead8bc0a4b77f9a3c47396883f36f374b0b4c36cbd4560937410a30103fd4a789793fe4cd38c0366df1ea4f82cc9dc1807f14d026fbc164bb553ee1e21d45b983b812a744b5845486e69204dfc1d0ccee1c0172065b348ac8e3f2c5ba1e6922e9c2907f16b7e241c4ccf87288a743d46e02023e2681c8f0b791c0ecc2da35813ab4b7c21a08c224712724246209220bd317a48cd4a9cf43784c6fc2e8de75f67bcc5985425ece7be20495ac73d0ed80805cb243b90c7a065048865dc7e475f1801c55d051fa1153a32e23e029098db81209578da148da0a53aee7c6b5fd8214176f9392a0d9186cba63e9e74fd562b6fc33ff4d9a6b1e33ae88a56a5f3ce1a6a004b554c40f166f4843edd767fcdf5a8814511759055e69810021c7db32f85183fa2131e522eea1e32179b5c343a3e0edc41983c12007ef013bd9055531a97e95cbcd5b2769256e9268b227ff2448cd505c65a335421f4efb6bf329ffbdd1d9a8b85837fcd9fdfea237f97c4ec1f4931a3e790d9e4bd105df10d2f099c6f33f26e3f3712622f8a37226098556675fc4c7a50ff0c69b973aa1c09777d613038a21b37a8dba3b4481738aa92db35d652a3b23c830ea081b89003c9a8523010968287dec8b1b2eedce4aab0777e8de651545c7e07f2cc186e06511139b5227ee0cd9b0de92900b8c2ee64ee21716bf5b3d7ebfa5a51730381c64524a44fab894a4174b7781f05885ceb4aed542aba7d78268005fd271505cbd51f29f595820a935cdeda2e2f27d5f3e537e2b0db79d47b0423c34df2698fbce4ed41d6e54e8a8c89b23c05c1bd891a95ef0f57f4bcd194ef4fb14f037bf7cea595e0d7c2db5d7277adc2d1a5aa4ec5b9624c4872d6ef52cd4f4ef140c52d3253fac7809bc23797e1c5a1336465e824f07c95065cd379873ae4bb42a6ce797b3f8a117eba29c20e37cda4c44a65ae02e2143c56739a6eff1a6332580d8fec61d657650534c1c805eeccb92dee8cc59e05608bf233c66e5777a3aac130ce41fa5500b97da521e6f9fd9fd89fa77eee5f817993585948433b1247e4db33c5f5ef46b5601caf58cb5d709d834f7f3e5bc2a2109fece15d84924f0c98f208e6a5ed6173b0c9d27219967aebdd0a1cc82a3ffeb85e2c852d5d8cb3f257b542bcc77b2ed4b44d10b39b15f1fd5ced5a83ef5a62238cb6d33c79fa50c8a616ab73a1c4031f46b54bc2d63c953ba5fd90f5e1ec52e47356578fd005f3bcbe3761fb90e7d5bc7ecafba15c08926f626c446eb04b656a9623b5d5014573225ede4664e4d938ae0cea5a766a63e3f7ba6db8392462a1caad9070feb59713fe28d8186c5a9eb8a146dc5251b7088aa0e6b225ad6ed68456ef29f2530bfaa8d65d9212ac9d228f138f958fa2fa61c5b7dabc236058791db5980ee41a1e32744d9ee50860f2997b8af010b98a81e55749f0c07fe80d0d28f1483b5286ab6f0fac2092ef01f6ebc66bb9f21df2f407192ed54aa5f7c3899812eb2e57b9c36df2f8f3cfd63436319110f1134f040e2b27c1db80b6fb7fb5df1cf625b905677301ec58ae615e04b69f87c7db615d86bb6e0840c61b34cf8c0ff0747070c83bfdbc9a38cc1395c0b70b7cd908d961232de4ceebed5e37ef761eb76c5a44cf1d602b55bd55d5d32b9439a7417c713f628af8b027209bd07f79c8480500a72c0b59b39446bee8b007caf881a2706ccd702d44d6cfcd826732140005eab9b342a38458d991277853e0c2d14bd78aec29eaecc04a0ac1f8fbd18e9f2519eb68092a344681f9818b9ddc97032e345238a72955001911e94bb762d4adb8e164ab288a9c4989a1fe4f6b49e4648df67dfd1a8c9a3bc9da0f1fb49ffc4b515decb98c496caac4ef0618e7f21989518f90503db3c00dcb979a4ec593b8aa25684b5b924020730b9c0f46abebc66b3f38a67e8562d810853cd7ecbc21a7c73f74a939e6efd6c807fb49adc1213000bfba47e3895fb6e999a554943dd5bf6f69a95f3536edd61f3b832daa26b21d4bd3057c0ddfe50e5e874317d8c52d8db7c55d15b9eb3ab3539ec6d3933d9482990ffe51c37d68a0955892d6b3ca9c5aaf6bd8f9ff3cd364e9030d31c9134e07d07ecfe55a0f4a35f4ba46d595289f452d686f8c60ee6f5e0f1e285026ddd4093cab0f7462d26c0d2c01efb2bab0ff7d62b1bfa450ee3f3d5328f12a56a6551b76f49433b56231153c303cc7acbe42cd3a53b7e8d009153470985cedbbbcd72f0fdbe6ed8fb3ed0f248581136770600fcf226074ab6e70270eabb0a0fb405e0e429a3622d6dd78976964cb1cf753b814b7b37b8a2c29f4728431172bd9e3a8e7128032929b2eed09049e51a041704aba42ebee1200a6f751afdc697b89cb6f67cf617df86343621598fbbb392929dc913a41f8be827553e7fbb636a476dd7ccd157ea1bf723fa6a8bb9465e10762c9a3730d806e1aff7b243bcd24a56c7481a7d78973b15b2269b732d4f06c68b88a6dbf3cd813b5776f768bb10f1ca9c1bcd8ed6ee5e0ccc379670e373ec420a5579d5142acb7a06d2c1fa272bfd862c27af8ff05212b72c11b831323f5749188ba552060ad487659e789eecd57b41a8c80141911dea412bbf6d57f7a5955e88c4a765428c74ef6b9e834901d060cb04308643d0374981bd5c470401f95fc585e150bc623fee14b6179c2210b621b8740381da1ad3179a5b8c42f3b5f4036e078dff438706ceb1ee49b98cef4a46987338ad40bd27c3e50b367041c4677b7411c83198c38add88aa363d520350b02e514ef47d173e77744e54d646c378e23619784430c8927dba561166fafb7de12a22993c9622e5463f779b665bee122b9e34233f01180e8a9e849f989f3b6029a921bd6d540c4b9e6f39b86cdfecec9e8e1d64e739e4b839fcc0676cc06d50ad101b527f1ac4f937034080ec178344872a2fe1d2a64d8fe2168462505862154bf88df908ad4f0460857c08fdc4334a3eddcb9d2ae7d899e3e92811a05f4a7cb8032bc958622649c292063c714357fd0c1bdb0c16b15fda8c5875a1217983249eca2ad798c005b57b4447c76b5f25dd30ed9ca0e"}) [ 1072.475224] FAULT_INJECTION: forcing a failure. [ 1072.475224] name failslab, interval 1, probability 0, space 0, times 0 [ 1072.497998] FAULT_INJECTION: forcing a failure. [ 1072.497998] name failslab, interval 1, probability 0, space 0, times 0 [ 1072.520067] CPU: 1 PID: 16296 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1072.527971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1072.537322] Call Trace: [ 1072.539910] dump_stack+0x1b2/0x281 [ 1072.543538] should_fail.cold+0x10a/0x149 [ 1072.547686] should_failslab+0xd6/0x130 [ 1072.551660] kmem_cache_alloc+0x28e/0x3c0 [ 1072.555808] ext4_mb_new_blocks+0x514/0x3db0 [ 1072.560218] ? ext4_find_extent+0x6f7/0xbc0 [ 1072.564531] ? ext4_ext_search_right+0x2bc/0xaa0 [ 1072.569282] ? ext4_inode_to_goal_block+0x29a/0x3b0 [ 1072.574295] ext4_ext_map_blocks+0x2845/0x6b10 [ 1072.578877] ? __lock_acquire+0x5fc/0x3f20 [ 1072.583106] ? mark_buffer_dirty+0x95/0x480 [ 1072.587415] ? trace_hardirqs_on+0x10/0x10 [ 1072.591636] ? __ext4_handle_dirty_metadata+0x120/0x480 [ 1072.596994] ? ext4_find_delalloc_cluster+0x180/0x180 [ 1072.602269] ? trace_hardirqs_on+0x10/0x10 [ 1072.606501] ? ext4_mark_iloc_dirty+0x1822/0x26a0 [ 1072.611336] ? ext4_es_lookup_extent+0x321/0xac0 [ 1072.616087] ? lock_acquire+0x170/0x3f0 [ 1072.620061] ext4_map_blocks+0x675/0x1730 [ 1072.624208] ? ext4_issue_zeroout+0x150/0x150 [ 1072.628691] ? __ext4_new_inode+0x27c/0x4eb0 [ 1072.633106] ext4_getblk+0x98/0x3f0 [ 1072.636723] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1072.641040] ext4_bread+0x6c/0x1a0 [ 1072.644573] ? ext4_getblk+0x3f0/0x3f0 [ 1072.648462] ? dquot_initialize_needed+0x240/0x240 [ 1072.653384] ext4_append+0x143/0x350 [ 1072.657084] ext4_mkdir+0x4c9/0xbd0 [ 1072.660696] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1072.665348] ? security_inode_mkdir+0xca/0x100 [ 1072.669911] vfs_mkdir+0x463/0x6e0 [ 1072.673440] SyS_mkdirat+0x1fd/0x270 [ 1072.677139] ? SyS_mknod+0x30/0x30 [ 1072.680660] ? fput_many+0xe/0x140 [ 1072.684182] ? do_syscall_64+0x4c/0x640 [ 1072.688135] ? SyS_mkdirat+0x270/0x270 [ 1072.692002] do_syscall_64+0x1d5/0x640 [ 1072.695878] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1072.701049] RIP: 0033:0x7f94265b4157 [ 1072.704741] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1072.712429] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 10:19:58 executing program 1: socket(0x24, 0x5, 0x0) 10:19:58 executing program 5: sendmsg$RDMA_NLDEV_CMD_SYS_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x408a0284}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, 0x1406, 0x1, 0x70bd2d, 0xb269, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) (async) clock_gettime(0x5, &(0x7f0000000000)) [ 1072.719681] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1072.727017] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1072.734268] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1072.741518] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1072.748789] CPU: 0 PID: 16305 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1072.756673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1072.766019] Call Trace: [ 1072.768605] dump_stack+0x1b2/0x281 [ 1072.772232] should_fail.cold+0x10a/0x149 [ 1072.776730] should_failslab+0xd6/0x130 [ 1072.780705] __kmalloc_track_caller+0x2bc/0x400 [ 1072.785370] ? kstrdup_const+0x35/0x60 [ 1072.789516] ? lock_downgrade+0x740/0x740 [ 1072.793662] kstrdup+0x36/0x70 [ 1072.796847] kstrdup_const+0x35/0x60 [ 1072.800557] alloc_vfsmnt+0xe0/0x7f0 [ 1072.804266] ? _raw_read_unlock+0x29/0x40 [ 1072.808411] vfs_kern_mount.part.0+0x27/0x470 [ 1072.812914] do_mount+0xe65/0x2a10 [ 1072.816458] ? __do_page_fault+0x159/0xad0 [ 1072.820689] ? retint_kernel+0x2d/0x2d [ 1072.824569] ? copy_mount_string+0x40/0x40 [ 1072.828805] ? memset+0x20/0x40 [ 1072.832080] ? copy_mount_options+0x1fa/0x2f0 [ 1072.836580] ? copy_mnt_ns+0xa30/0xa30 [ 1072.840472] SyS_mount+0xa8/0x120 [ 1072.843925] ? copy_mnt_ns+0xa30/0xa30 [ 1072.847811] do_syscall_64+0x1d5/0x640 [ 1072.851700] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1072.856879] RIP: 0033:0x7f2e61d6757a [ 1072.860587] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1072.868287] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1072.875552] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1072.882811] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1072.890074] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1072.897339] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:58 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 51) 10:19:58 executing program 1: socket(0x24, 0x5, 0x0) 10:19:58 executing program 5: sendmsg$RDMA_NLDEV_CMD_SYS_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x408a0284}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, 0x1406, 0x1, 0x70bd2d, 0xb269, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10000000}, 0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x10, 0x0) (async) clock_gettime(0x5, &(0x7f0000000000)) 10:19:58 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000001480)=ANY=[@ANYBLOB="b8000000baed34c8974cfcf3b7a7efd01f5dfc9f0cf3bf1d4f070bdae84359f66c4628adc0db75b0cde772f79f2bc6b4c25b84b6033bcd39ec5103559e28a7fb4cfd14a13858d29583636706097f97c43f1bc30a936b1b0d01", @ANYRES16=0x0, @ANYBLOB="080025bd7000fbdbdf250600000020000180090006006e6f6e6500000000060001000a00000008000b007369700008000600050000004c00028008000400000400000800040004000000080008000100000014000100ac1e0001000000000000000000000000080008000900000014000100ff010000000000000000000000000001080005000900000028000180060001000a00000008000800000200000c0007002000000043000000060002003c000000"], 0xb8}, 0x1, 0x0, 0x0, 0x4080}, 0x4c000) (async) r0 = mmap$binder(&(0x7f0000ff7000/0x8000)=nil, 0x8000, 0x1, 0x11, 0xffffffffffffffff, 0x2) (async) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001440)={0x6c, 0x0, &(0x7f00000003c0)=[@free_buffer={0x40086303, r0}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/236, 0xec, 0x1, 0x3e}, @flat=@handle={0x73682a85, 0x1, 0x2}}, &(0x7f0000000380)={0x0, 0x18, 0x40}}, 0x600}, @acquire_done], 0x1000, 0x0, &(0x7f0000000440)="96cd490e71f30b99a4266d24b73398faf26502e6c5862e52397c20c38b3fa80343d85e878cb9f8b39b71837ffb8412f7c49d4c7ea6f31f36a8c217dd6f48247c01e4d409525be58e5e60abd5e08784680a5758093c9c845bc5a5c11214ed39613f1cebc086f2c9233e5d153838462d80acaea68bdff1889415f845602fdfcb61856ad3dccbb680cc407a8f8795283038c183d7ebecaf74aa1a669c9b100bbe44d3879b338f521c0138d04a6b16e27353624c66d02ede9c681647a4d61d1d14b451d05b53707b137e80844379377b33caa6b5e87cb730fbccae400c92a46de42b70aa794fe738b3459da1b175b772c08b780a58033e51ac235630a4c14760fd08e5454b4a4de44e427a8856f2fe92003e98bf568d4f7557d24e58c1d0c84f03bcfb58a69118a50605cd86260c088460f6c0387f63e80ccd666ce5cfb829e8b3446b36e7b2fe5662b4cd5dad56f7c8bf9ceb264e912bb86210a36f1029c88b63e3e75fd61326de53b652d5b0bfaab9213133316fd77f12bfc3d383e913f28ab0ab4dbbff9ae8f21adf94221ee4af15a02fb9dfd7914f28cd06282a8c7d3096664acc34134b1b2e23074ee87a196ed3960b3d46066353c830326eb4724b5d87b4c88695744db563ec75b1fc24f61598617fd2b0a40c04edb71a78ece4dd2b39da33aa343abaa7c29a9b74ac370881c3f8b1d425e54598c36ba587d261d047d69b4256aba1432a54493bc128d89bed8e802f2308b70d0b478650213c42b039d69c6d396befb90d3b1d90ba39539dc8570e2a3044db0e2943434408c5010fa381d3c62427db396bbc0de63835a4be815c8e999fb3e70db7b2693025dc2e98d9f52c566a3435c085375206361094c75c60865648ea469c9954308c3273983bff52bc640a91b8fc9078c65b355602e497058274499a39a58d0828c3a1abff8e2dd492a2148ee92aed35b62c67d3006c04b4ff71a2253d4fe79f89e8ac0ffb8f07a834d52729068d551ceb6f8f83edab928b0761772d21543e3ef8016df75c53d6e0fae6eaa58d6fc285b9f89408747a055c729cb78220276a1c6cb401104847133f07cb3870587597b4c4a475d13e77b2bb29fd8fbd7bcf22c7bc608265fef6b90142d2007e5b28881ec607d565b5792c6da0422222e8a7e90808ccd1c6cbf80bac837ed5a994c346dd88e1e5b93bb981640d4bd17d2a1a8b18df6416dcf7eb1e7e6574dfeafe35f105f5e3b87bcf2c2bda33c415c0c28535dc09a15ff8e05d175f1d81afef7b5e429f5afe12587fa1c05f497d9d8af4a1095dde3240040f2bcc4b49eeab314c38fcefbcf5204e01f656ec707dc9631f14e34f455a9c77fdc8f86897e7d07938642d3a55dcbd5dcfa54828da67069700869f15e0bef27897df364237551c76c70946591d8c238cdc0b697710b4c6c137dd98908be2222086a4106ca73fd0cacd3b558d23ba9c7c2ab61ba94b45113fd3ac3dc8e73358e81d9bfe6783af92040a30330e3c6e5ca75c138f1a811582a48b60153f383ef4b942e0b307a04b765ddd8f6a83a37c7909ce4dbb035e57a4baef2c86b28210b34689838f1ca763f673c0546ed553a18cee78e4799fad887c97f8097c7856171ffa2b0803c7476d30057acfc1536dc3dab395a9b525894dc68afda4a186e462c31467232294256ea478c4605d16441668e5c290885be5e9a1933e03eb6520e1d24fe6dbeb8242dab2fe23a44b35557b6a313f59297ebee0d11616d2b85ec6874f5698cef8048de4f9bf9391ff65701515f55c2fe5b8b780ef561c55126f1cbe38221b09dffb192442afec24124fbcf2b6238d8a5810dd49640e19b4dadf76d0ca970b325f507e726e18cc28c9283876b74594b02706c9fadcb358496e2c0faa65b8fa33f489006bba0f144de5ce38cc476833483c25a358cd968448abd637a58dc250e28dc3cf96c8fd2f87e14b56f8e2f1be3b3eb81a36207143e21b2a35d6078be531e5bc71ae07d8bf8027427f2b7cd4745776a3096a8f18ad63d8c9203e8aa6aba15638a45ef75b4e44812a67c91cffcee9872fdff6ebce9350783d7a5af25fd1e00feecfc4d39fc83009e049d85da17b11b51f47589b7484598155d7b4744b8e57b847006dcf4c755872135cd9e0cff7592d42812b6fee609cefdd98b1192521297b2fa763b13c8e1845cf653d0c3a1971f55079e28762c4cf7357a9596ab3ec85f3f0f7aec39d7247ef30bc332d993d545b39b8850a6e9f6c3da9e72aef4f24caf25e5be671a4bd9fa28bb9333741c464aa043ec62df2ecacdd71b15bedcd0c44b5e36473229ad2dad5cf91d322b8796c8bd808e0d69ba96d50c87faee0ff8dbca3c268ac3a2ba276f15898917d639f744b67d1f3529238d5c05f8174e4beb5275f17ef80c76da717e67c46994758f467a4b4904818e788d5f6043b1b10a5825e062e92d669ab230125cbdf07496b434a7fbd764c5ccca844a85ff769d288aa7fd9fd8c775e154345acee19b1670af4437c4194c7f8cdf117df567620ee48f219ed53b026a4344ebeb333f40096dbb6a984601848f6f040797e65b0378cf31504f4382b2be1ab071005c9d3148aaa0c1504b1d1c9c4da6f2ba5b6b70b8ac6673558e81eb1459dff9ed2aebefc204c7e0a83aadf4a3c8df9cf0fbf49f156524aa360c32980761916fffc9a64677e7a586554922dc9813c4facba4c9f5b6b2dead8bc0a4b77f9a3c47396883f36f374b0b4c36cbd4560937410a30103fd4a789793fe4cd38c0366df1ea4f82cc9dc1807f14d026fbc164bb553ee1e21d45b983b812a744b5845486e69204dfc1d0ccee1c0172065b348ac8e3f2c5ba1e6922e9c2907f16b7e241c4ccf87288a743d46e02023e2681c8f0b791c0ecc2da35813ab4b7c21a08c224712724246209220bd317a48cd4a9cf43784c6fc2e8de75f67bcc5985425ece7be20495ac73d0ed80805cb243b90c7a065048865dc7e475f1801c55d051fa1153a32e23e029098db81209578da148da0a53aee7c6b5fd8214176f9392a0d9186cba63e9e74fd562b6fc33ff4d9a6b1e33ae88a56a5f3ce1a6a004b554c40f166f4843edd767fcdf5a8814511759055e69810021c7db32f85183fa2131e522eea1e32179b5c343a3e0edc41983c12007ef013bd9055531a97e95cbcd5b2769256e9268b227ff2448cd505c65a335421f4efb6bf329ffbdd1d9a8b85837fcd9fdfea237f97c4ec1f4931a3e790d9e4bd105df10d2f099c6f33f26e3f3712622f8a37226098556675fc4c7a50ff0c69b973aa1c09777d613038a21b37a8dba3b4481738aa92db35d652a3b23c830ea081b89003c9a8523010968287dec8b1b2eedce4aab0777e8de651545c7e07f2cc186e06511139b5227ee0cd9b0de92900b8c2ee64ee21716bf5b3d7ebfa5a51730381c64524a44fab894a4174b7781f05885ceb4aed542aba7d78268005fd271505cbd51f29f595820a935cdeda2e2f27d5f3e537e2b0db79d47b0423c34df2698fbce4ed41d6e54e8a8c89b23c05c1bd891a95ef0f57f4bcd194ef4fb14f037bf7cea595e0d7c2db5d7277adc2d1a5aa4ec5b9624c4872d6ef52cd4f4ef140c52d3253fac7809bc23797e1c5a1336465e824f07c95065cd379873ae4bb42a6ce797b3f8a117eba29c20e37cda4c44a65ae02e2143c56739a6eff1a6332580d8fec61d657650534c1c805eeccb92dee8cc59e05608bf233c66e5777a3aac130ce41fa5500b97da521e6f9fd9fd89fa77eee5f817993585948433b1247e4db33c5f5ef46b5601caf58cb5d709d834f7f3e5bc2a2109fece15d84924f0c98f208e6a5ed6173b0c9d27219967aebdd0a1cc82a3ffeb85e2c852d5d8cb3f257b542bcc77b2ed4b44d10b39b15f1fd5ced5a83ef5a62238cb6d33c79fa50c8a616ab73a1c4031f46b54bc2d63c953ba5fd90f5e1ec52e47356578fd005f3bcbe3761fb90e7d5bc7ecafba15c08926f626c446eb04b656a9623b5d5014573225ede4664e4d938ae0cea5a766a63e3f7ba6db8392462a1caad9070feb59713fe28d8186c5a9eb8a146dc5251b7088aa0e6b225ad6ed68456ef29f2530bfaa8d65d9212ac9d228f138f958fa2fa61c5b7dabc236058791db5980ee41a1e32744d9ee50860f2997b8af010b98a81e55749f0c07fe80d0d28f1483b5286ab6f0fac2092ef01f6ebc66bb9f21df2f407192ed54aa5f7c3899812eb2e57b9c36df2f8f3cfd63436319110f1134f040e2b27c1db80b6fb7fb5df1cf625b905677301ec58ae615e04b69f87c7db615d86bb6e0840c61b34cf8c0ff0747070c83bfdbc9a38cc1395c0b70b7cd908d961232de4ceebed5e37ef761eb76c5a44cf1d602b55bd55d5d32b9439a7417c713f628af8b027209bd07f79c8480500a72c0b59b39446bee8b007caf881a2706ccd702d44d6cfcd826732140005eab9b342a38458d991277853e0c2d14bd78aec29eaecc04a0ac1f8fbd18e9f2519eb68092a344681f9818b9ddc97032e345238a72955001911e94bb762d4adb8e164ab288a9c4989a1fe4f6b49e4648df67dfd1a8c9a3bc9da0f1fb49ffc4b515decb98c496caac4ef0618e7f21989518f90503db3c00dcb979a4ec593b8aa25684b5b924020730b9c0f46abebc66b3f38a67e8562d810853cd7ecbc21a7c73f74a939e6efd6c807fb49adc1213000bfba47e3895fb6e999a554943dd5bf6f69a95f3536edd61f3b832daa26b21d4bd3057c0ddfe50e5e874317d8c52d8db7c55d15b9eb3ab3539ec6d3933d9482990ffe51c37d68a0955892d6b3ca9c5aaf6bd8f9ff3cd364e9030d31c9134e07d07ecfe55a0f4a35f4ba46d595289f452d686f8c60ee6f5e0f1e285026ddd4093cab0f7462d26c0d2c01efb2bab0ff7d62b1bfa450ee3f3d5328f12a56a6551b76f49433b56231153c303cc7acbe42cd3a53b7e8d009153470985cedbbbcd72f0fdbe6ed8fb3ed0f248581136770600fcf226074ab6e70270eabb0a0fb405e0e429a3622d6dd78976964cb1cf753b814b7b37b8a2c29f4728431172bd9e3a8e7128032929b2eed09049e51a041704aba42ebee1200a6f751afdc697b89cb6f67cf617df86343621598fbbb392929dc913a41f8be827553e7fbb636a476dd7ccd157ea1bf723fa6a8bb9465e10762c9a3730d806e1aff7b243bcd24a56c7481a7d78973b15b2269b732d4f06c68b88a6dbf3cd813b5776f768bb10f1ca9c1bcd8ed6ee5e0ccc379670e373ec420a5579d5142acb7a06d2c1fa272bfd862c27af8ff05212b72c11b831323f5749188ba552060ad487659e789eecd57b41a8c80141911dea412bbf6d57f7a5955e88c4a765428c74ef6b9e834901d060cb04308643d0374981bd5c470401f95fc585e150bc623fee14b6179c2210b621b8740381da1ad3179a5b8c42f3b5f4036e078dff438706ceb1ee49b98cef4a46987338ad40bd27c3e50b367041c4677b7411c83198c38add88aa363d520350b02e514ef47d173e77744e54d646c378e23619784430c8927dba561166fafb7de12a22993c9622e5463f779b665bee122b9e34233f01180e8a9e849f989f3b6029a921bd6d540c4b9e6f39b86cdfecec9e8e1d64e739e4b839fcc0676cc06d50ad101b527f1ac4f937034080ec178344872a2fe1d2a64d8fe2168462505862154bf88df908ad4f0460857c08fdc4334a3eddcb9d2ae7d899e3e92811a05f4a7cb8032bc958622649c292063c714357fd0c1bdb0c16b15fda8c5875a1217983249eca2ad798c005b57b4447c76b5f25dd30ed9ca0e"}) 10:19:58 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x2028050, 0x0) 10:19:58 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 43) 10:19:58 executing program 1: socket(0x24, 0x1, 0x4) 10:19:58 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000001480)=ANY=[@ANYBLOB="b8000000baed34c8974cfcf3b7a7efd01f5dfc9f0cf3bf1d4f070bdae84359f66c4628adc0db75b0cde772f79f2bc6b4c25b84b6033bcd39ec5103559e28a7fb4cfd14a13858d29583636706097f97c43f1bc30a936b1b0d01", @ANYRES16=0x0, @ANYBLOB="080025bd7000fbdbdf250600000020000180090006006e6f6e6500000000060001000a00000008000b007369700008000600050000004c00028008000400000400000800040004000000080008000100000014000100ac1e0001000000000000000000000000080008000900000014000100ff010000000000000000000000000001080005000900000028000180060001000a00000008000800000200000c0007002000000043000000060002003c000000"], 0xb8}, 0x1, 0x0, 0x0, 0x4080}, 0x4c000) r0 = mmap$binder(&(0x7f0000ff7000/0x8000)=nil, 0x8000, 0x1, 0x11, 0xffffffffffffffff, 0x2) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001440)={0x6c, 0x0, &(0x7f00000003c0)=[@free_buffer={0x40086303, r0}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000000c0)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/236, 0xec, 0x1, 0x3e}, @flat=@handle={0x73682a85, 0x1, 0x2}}, &(0x7f0000000380)={0x0, 0x18, 0x40}}, 0x600}, @acquire_done], 0x1000, 0x0, &(0x7f0000000440)="96cd490e71f30b99a4266d24b73398faf26502e6c5862e52397c20c38b3fa80343d85e878cb9f8b39b71837ffb8412f7c49d4c7ea6f31f36a8c217dd6f48247c01e4d409525be58e5e60abd5e08784680a5758093c9c845bc5a5c11214ed39613f1cebc086f2c9233e5d153838462d80acaea68bdff1889415f845602fdfcb61856ad3dccbb680cc407a8f8795283038c183d7ebecaf74aa1a669c9b100bbe44d3879b338f521c0138d04a6b16e27353624c66d02ede9c681647a4d61d1d14b451d05b53707b137e80844379377b33caa6b5e87cb730fbccae400c92a46de42b70aa794fe738b3459da1b175b772c08b780a58033e51ac235630a4c14760fd08e5454b4a4de44e427a8856f2fe92003e98bf568d4f7557d24e58c1d0c84f03bcfb58a69118a50605cd86260c088460f6c0387f63e80ccd666ce5cfb829e8b3446b36e7b2fe5662b4cd5dad56f7c8bf9ceb264e912bb86210a36f1029c88b63e3e75fd61326de53b652d5b0bfaab9213133316fd77f12bfc3d383e913f28ab0ab4dbbff9ae8f21adf94221ee4af15a02fb9dfd7914f28cd06282a8c7d3096664acc34134b1b2e23074ee87a196ed3960b3d46066353c830326eb4724b5d87b4c88695744db563ec75b1fc24f61598617fd2b0a40c04edb71a78ece4dd2b39da33aa343abaa7c29a9b74ac370881c3f8b1d425e54598c36ba587d261d047d69b4256aba1432a54493bc128d89bed8e802f2308b70d0b478650213c42b039d69c6d396befb90d3b1d90ba39539dc8570e2a3044db0e2943434408c5010fa381d3c62427db396bbc0de63835a4be815c8e999fb3e70db7b2693025dc2e98d9f52c566a3435c085375206361094c75c60865648ea469c9954308c3273983bff52bc640a91b8fc9078c65b355602e497058274499a39a58d0828c3a1abff8e2dd492a2148ee92aed35b62c67d3006c04b4ff71a2253d4fe79f89e8ac0ffb8f07a834d52729068d551ceb6f8f83edab928b0761772d21543e3ef8016df75c53d6e0fae6eaa58d6fc285b9f89408747a055c729cb78220276a1c6cb401104847133f07cb3870587597b4c4a475d13e77b2bb29fd8fbd7bcf22c7bc608265fef6b90142d2007e5b28881ec607d565b5792c6da0422222e8a7e90808ccd1c6cbf80bac837ed5a994c346dd88e1e5b93bb981640d4bd17d2a1a8b18df6416dcf7eb1e7e6574dfeafe35f105f5e3b87bcf2c2bda33c415c0c28535dc09a15ff8e05d175f1d81afef7b5e429f5afe12587fa1c05f497d9d8af4a1095dde3240040f2bcc4b49eeab314c38fcefbcf5204e01f656ec707dc9631f14e34f455a9c77fdc8f86897e7d07938642d3a55dcbd5dcfa54828da67069700869f15e0bef27897df364237551c76c70946591d8c238cdc0b697710b4c6c137dd98908be2222086a4106ca73fd0cacd3b558d23ba9c7c2ab61ba94b45113fd3ac3dc8e73358e81d9bfe6783af92040a30330e3c6e5ca75c138f1a811582a48b60153f383ef4b942e0b307a04b765ddd8f6a83a37c7909ce4dbb035e57a4baef2c86b28210b34689838f1ca763f673c0546ed553a18cee78e4799fad887c97f8097c7856171ffa2b0803c7476d30057acfc1536dc3dab395a9b525894dc68afda4a186e462c31467232294256ea478c4605d16441668e5c290885be5e9a1933e03eb6520e1d24fe6dbeb8242dab2fe23a44b35557b6a313f59297ebee0d11616d2b85ec6874f5698cef8048de4f9bf9391ff65701515f55c2fe5b8b780ef561c55126f1cbe38221b09dffb192442afec24124fbcf2b6238d8a5810dd49640e19b4dadf76d0ca970b325f507e726e18cc28c9283876b74594b02706c9fadcb358496e2c0faa65b8fa33f489006bba0f144de5ce38cc476833483c25a358cd968448abd637a58dc250e28dc3cf96c8fd2f87e14b56f8e2f1be3b3eb81a36207143e21b2a35d6078be531e5bc71ae07d8bf8027427f2b7cd4745776a3096a8f18ad63d8c9203e8aa6aba15638a45ef75b4e44812a67c91cffcee9872fdff6ebce9350783d7a5af25fd1e00feecfc4d39fc83009e049d85da17b11b51f47589b7484598155d7b4744b8e57b847006dcf4c755872135cd9e0cff7592d42812b6fee609cefdd98b1192521297b2fa763b13c8e1845cf653d0c3a1971f55079e28762c4cf7357a9596ab3ec85f3f0f7aec39d7247ef30bc332d993d545b39b8850a6e9f6c3da9e72aef4f24caf25e5be671a4bd9fa28bb9333741c464aa043ec62df2ecacdd71b15bedcd0c44b5e36473229ad2dad5cf91d322b8796c8bd808e0d69ba96d50c87faee0ff8dbca3c268ac3a2ba276f15898917d639f744b67d1f3529238d5c05f8174e4beb5275f17ef80c76da717e67c46994758f467a4b4904818e788d5f6043b1b10a5825e062e92d669ab230125cbdf07496b434a7fbd764c5ccca844a85ff769d288aa7fd9fd8c775e154345acee19b1670af4437c4194c7f8cdf117df567620ee48f219ed53b026a4344ebeb333f40096dbb6a984601848f6f040797e65b0378cf31504f4382b2be1ab071005c9d3148aaa0c1504b1d1c9c4da6f2ba5b6b70b8ac6673558e81eb1459dff9ed2aebefc204c7e0a83aadf4a3c8df9cf0fbf49f156524aa360c32980761916fffc9a64677e7a586554922dc9813c4facba4c9f5b6b2dead8bc0a4b77f9a3c47396883f36f374b0b4c36cbd4560937410a30103fd4a789793fe4cd38c0366df1ea4f82cc9dc1807f14d026fbc164bb553ee1e21d45b983b812a744b5845486e69204dfc1d0ccee1c0172065b348ac8e3f2c5ba1e6922e9c2907f16b7e241c4ccf87288a743d46e02023e2681c8f0b791c0ecc2da35813ab4b7c21a08c224712724246209220bd317a48cd4a9cf43784c6fc2e8de75f67bcc5985425ece7be20495ac73d0ed80805cb243b90c7a065048865dc7e475f1801c55d051fa1153a32e23e029098db81209578da148da0a53aee7c6b5fd8214176f9392a0d9186cba63e9e74fd562b6fc33ff4d9a6b1e33ae88a56a5f3ce1a6a004b554c40f166f4843edd767fcdf5a8814511759055e69810021c7db32f85183fa2131e522eea1e32179b5c343a3e0edc41983c12007ef013bd9055531a97e95cbcd5b2769256e9268b227ff2448cd505c65a335421f4efb6bf329ffbdd1d9a8b85837fcd9fdfea237f97c4ec1f4931a3e790d9e4bd105df10d2f099c6f33f26e3f3712622f8a37226098556675fc4c7a50ff0c69b973aa1c09777d613038a21b37a8dba3b4481738aa92db35d652a3b23c830ea081b89003c9a8523010968287dec8b1b2eedce4aab0777e8de651545c7e07f2cc186e06511139b5227ee0cd9b0de92900b8c2ee64ee21716bf5b3d7ebfa5a51730381c64524a44fab894a4174b7781f05885ceb4aed542aba7d78268005fd271505cbd51f29f595820a935cdeda2e2f27d5f3e537e2b0db79d47b0423c34df2698fbce4ed41d6e54e8a8c89b23c05c1bd891a95ef0f57f4bcd194ef4fb14f037bf7cea595e0d7c2db5d7277adc2d1a5aa4ec5b9624c4872d6ef52cd4f4ef140c52d3253fac7809bc23797e1c5a1336465e824f07c95065cd379873ae4bb42a6ce797b3f8a117eba29c20e37cda4c44a65ae02e2143c56739a6eff1a6332580d8fec61d657650534c1c805eeccb92dee8cc59e05608bf233c66e5777a3aac130ce41fa5500b97da521e6f9fd9fd89fa77eee5f817993585948433b1247e4db33c5f5ef46b5601caf58cb5d709d834f7f3e5bc2a2109fece15d84924f0c98f208e6a5ed6173b0c9d27219967aebdd0a1cc82a3ffeb85e2c852d5d8cb3f257b542bcc77b2ed4b44d10b39b15f1fd5ced5a83ef5a62238cb6d33c79fa50c8a616ab73a1c4031f46b54bc2d63c953ba5fd90f5e1ec52e47356578fd005f3bcbe3761fb90e7d5bc7ecafba15c08926f626c446eb04b656a9623b5d5014573225ede4664e4d938ae0cea5a766a63e3f7ba6db8392462a1caad9070feb59713fe28d8186c5a9eb8a146dc5251b7088aa0e6b225ad6ed68456ef29f2530bfaa8d65d9212ac9d228f138f958fa2fa61c5b7dabc236058791db5980ee41a1e32744d9ee50860f2997b8af010b98a81e55749f0c07fe80d0d28f1483b5286ab6f0fac2092ef01f6ebc66bb9f21df2f407192ed54aa5f7c3899812eb2e57b9c36df2f8f3cfd63436319110f1134f040e2b27c1db80b6fb7fb5df1cf625b905677301ec58ae615e04b69f87c7db615d86bb6e0840c61b34cf8c0ff0747070c83bfdbc9a38cc1395c0b70b7cd908d961232de4ceebed5e37ef761eb76c5a44cf1d602b55bd55d5d32b9439a7417c713f628af8b027209bd07f79c8480500a72c0b59b39446bee8b007caf881a2706ccd702d44d6cfcd826732140005eab9b342a38458d991277853e0c2d14bd78aec29eaecc04a0ac1f8fbd18e9f2519eb68092a344681f9818b9ddc97032e345238a72955001911e94bb762d4adb8e164ab288a9c4989a1fe4f6b49e4648df67dfd1a8c9a3bc9da0f1fb49ffc4b515decb98c496caac4ef0618e7f21989518f90503db3c00dcb979a4ec593b8aa25684b5b924020730b9c0f46abebc66b3f38a67e8562d810853cd7ecbc21a7c73f74a939e6efd6c807fb49adc1213000bfba47e3895fb6e999a554943dd5bf6f69a95f3536edd61f3b832daa26b21d4bd3057c0ddfe50e5e874317d8c52d8db7c55d15b9eb3ab3539ec6d3933d9482990ffe51c37d68a0955892d6b3ca9c5aaf6bd8f9ff3cd364e9030d31c9134e07d07ecfe55a0f4a35f4ba46d595289f452d686f8c60ee6f5e0f1e285026ddd4093cab0f7462d26c0d2c01efb2bab0ff7d62b1bfa450ee3f3d5328f12a56a6551b76f49433b56231153c303cc7acbe42cd3a53b7e8d009153470985cedbbbcd72f0fdbe6ed8fb3ed0f248581136770600fcf226074ab6e70270eabb0a0fb405e0e429a3622d6dd78976964cb1cf753b814b7b37b8a2c29f4728431172bd9e3a8e7128032929b2eed09049e51a041704aba42ebee1200a6f751afdc697b89cb6f67cf617df86343621598fbbb392929dc913a41f8be827553e7fbb636a476dd7ccd157ea1bf723fa6a8bb9465e10762c9a3730d806e1aff7b243bcd24a56c7481a7d78973b15b2269b732d4f06c68b88a6dbf3cd813b5776f768bb10f1ca9c1bcd8ed6ee5e0ccc379670e373ec420a5579d5142acb7a06d2c1fa272bfd862c27af8ff05212b72c11b831323f5749188ba552060ad487659e789eecd57b41a8c80141911dea412bbf6d57f7a5955e88c4a765428c74ef6b9e834901d060cb04308643d0374981bd5c470401f95fc585e150bc623fee14b6179c2210b621b8740381da1ad3179a5b8c42f3b5f4036e078dff438706ceb1ee49b98cef4a46987338ad40bd27c3e50b367041c4677b7411c83198c38add88aa363d520350b02e514ef47d173e77744e54d646c378e23619784430c8927dba561166fafb7de12a22993c9622e5463f779b665bee122b9e34233f01180e8a9e849f989f3b6029a921bd6d540c4b9e6f39b86cdfecec9e8e1d64e739e4b839fcc0676cc06d50ad101b527f1ac4f937034080ec178344872a2fe1d2a64d8fe2168462505862154bf88df908ad4f0460857c08fdc4334a3eddcb9d2ae7d899e3e92811a05f4a7cb8032bc958622649c292063c714357fd0c1bdb0c16b15fda8c5875a1217983249eca2ad798c005b57b4447c76b5f25dd30ed9ca0e"}) 10:19:58 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:58 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000280), &(0x7f00000002c0)='./file0/../file0\x00', 0x8000000000000000, 0x7, &(0x7f00000007c0)=[{&(0x7f0000000300)="6bce900011899857edc0260aaec004240aec8a024360522db4e3cbb51460386cd8512768f42de0e0a6018a593ea9b77d987f4ae02226e8eb3ebc762cd1d994bfe9473b32416cb13ba1f232b139af23745794f4160e89c21746ca9a7df697fec380a9c5d5aa63be102c52aaf611990dade9a577a237ba07ed5839019aafcf7f9f6855", 0x82, 0x8}, {&(0x7f00000003c0)="901baa5b3010dabaaa09235ae15f6c55f3fff344ee119f35e49d70edbd27479bc773a2a81fe5f3431c73614969d5aca0be880f644538cd4fa3804e5aac6c263c08b29db10550ca0aa143e6caf9b28667f13cb9cd0e1c17081613d4ac298cda751eccab4341a8c9c8b343d8af38ee5f2b0ad1990c4a53dbbe257b25a46a2b49a6aa3e32b5440293463ead3062d16b60cafdd0f6e6a35bf735f6b63142f54c7ee00e7e0c4c2568829beb3d17d2113ca6729bd85cbf6b971517491c8dae8dfe8cc1ba2c57d6eff878df7d9559d69722799c96086ee29c9cafb1c93e42c97e71901229d23fd023bdd800913ceaa60490b2ab74d550e86ee9", 0xf6, 0x100}, {&(0x7f00000004c0)="5e2fc05484dbebb037fbf785bde33259d5b79fd900cd4ba8c42e37493c79392af93f492dc940c7752988eba6c4adfe4f2d1ea7a5ad754f0602d816e70881e1e6d025409aee833edf1a2926102efb92352b5962df86c0f4513b2b223ec0a31693e48ed310b996d382374b4e4a45c6cd10832efd1519cf1433ded70aa3c70def5651d0cea1a660ecc06a2e8e445c36f645b7171e2f1ee077c9be", 0x99, 0x401}, {&(0x7f0000000580)="e3a2ba427c2f5ec2e5094f17d78894abe7c0476c48d39939477617da16e8fd36613563d45b12c9c05e04f8a492c6491a89947a6e7264466f7da7e26fee103ac3a0b62fe6c1a69c3ccb81a31bac2573dddee79f088f962927f9301887e436b435ce13fa9feb828c1420484dc1947455d55b922e199ad4f7732e38f26f1fd34c0769d8882341a33cb94545d2ff9180f593bc40c4c704481fef5d950983bd2ba2d814b83fbb2238ab7a7b4ea2106e3920d1bff06a6d22a735bed1", 0xb9, 0xf5}, {&(0x7f0000000640)="0f969aaffc444e7c20200f6b86e38117ffcb350967d5bc3b086d0d69d7f6d0a635fec258505238540c9db99014dae033e7df2d3b64eb7ce8f0c85c334e6ab5cf356eaa816a024fe867e586f85ab572b1b1d65a844671979132dbf24ca661572a02f0361186dc12f7ae053942f2cfcf6d7fb6af193745e6036f23ee3871874c3ed97c01b9a2f4a0e0784dd0b80d0aba865a8addf69d526d0d77ef9a8c33f2ea2b0c078a2a81673ecc41552e57d28d928d7f91b402cca8a1cfd54c4e552f81", 0xbe, 0x20}, {&(0x7f0000000dc0)="05cf15e9bc6954764b7424d3f36d7afb0ec3438fa4a9c8d28d6382a004da5bd9049a9a3568a07729fc2628c8ec78d1a253f7d7a9cc68e12544cb561e5aa22c448f7f298dbe416420048b5a3f5fdd338e8af65a4a08aad0114b57c7405f91527b80e906bd3a877f9c7e1c8405c530663a41d5ee838ab55575cfb726bf48648bfbabe483fd888cb0493b9029bfe5ac8c410f8b7d796a872dc62c47845992d094bbdd57ffec767aa47770f9172314e89180d9049e5c8b12c17176ce6c771a47c68943396669a6508fb76b1e5045c022c062d3e008b64972f1ad74c9d6b93bb9825bbd254e772e381ab2329755db2464c8dd56a6573d2c8d33c3f561daa37ec32bad997468139870b816a79ff48bd8e9d034ae75be25237f0a0ba63135cb6f2f39fc9e2a7069038288af7295f319ca2cd38cf28c7fd0ea9e6e8a239b12ab55009919f0158b4bffa1c373535e662b15cdd16536ff9ffcd9c6aa3ca828cdfe7b182278608a87da409c6710d6135c0f5f4eeee88503a6325f139b37db393ebdb140abb5dc514328a45b7445df3cdacdf4063627f2dfcc0cc2cf906f58d22bd9bc2afb0961309ae8ff4e0945c5f77d8ec0678cd0c34a6569c36c4b4aac6fbb6f746720e58d76be2e7065f2f55856fca7db05c4af7a0b9699b710055fecd9c9d1b0c371a9c9b9670110fee5a25e4b235bffad50148d99179b1e908f45b522cd66620076bf8c5be09a30fb5da143ab11f3dbc3a92e1cbd62a1841fbdf7ef24a1ad2ecd89b0adfc4577332e399065300f2c69c19c47738ec4fc9df56cb3bb7a201e9a326b9fce47bad6a37830fc09b5501477fea169ef3c64e07a80cef5f57aefdf7da399d7344be95b662e3df5b1cdfbc06bf614313ca4192c84086ff47459b461e9bb27f2821f390fd2d63c975e04022a3582e2ffacb4fb10908581b910365b3470204ac5a61b6c8b4d27ef95fbb3118ab6efb986ffbb7ba393d05f559d8c38dd1f13e20cb9ca08a0f04309ca663074819fdaa162bb7bfa48e4c5dac2ac7e15450c66016f93fd091e25685941f01699af7e3d0481344632d2883ec411eae3a5b62b94682e6c8d858e16c208003ecc46e24ff38150c42bb86bacf26cd370af222b3ba14dec68822608f114d628163f6962d0ef2f5d91b6b28ee924dbae593cea4be5ec1d596cc206f335b7a89e4a115544826310c1462684e763d73b255de459ced8a2ab3add574ffc5133977595e906c8c94dd8474cf3710cdb7039e327e6996befa4f3b35bac0e1cae0cb7e18a67727f8dbd471a7f01f024ad41615f3370af572bcf9bd21437fffab254f8d51776617101428581c546184651f86498bec8b28da2d9681a108796bb3ffbe03568f99b982b0efb681060fc67b38b7be403a5ed25c14a907eb3ffa39ea4590bbafe874c094c428df44f600acceeb6d8b2131bef55da794666b1cf2f322092838a096871651db8652c79d1f749fa610cb46ffa3bba496fd90ec7835a28d19fe7c52a6d56fd310051c7f8fe1bde18f674c301e0111a254198f916f9b7c38dcec739fa7d97e9f83600abf3845d2484c4fc5dc11877b845f9239c1d26c0b5e2c1787ed06fd8349282d1c7f83ff8d41b0e2b86993797349552fe8544926aa43a15019e133712022d8ceb674120a9ab121abf735baa850cb1f95c156139d8939cdd3d6b1483852755cc388b0f79187a7b804aee4f0756df149a19bacdaea27e748eee1565b9891e84b70aa5be29b31bc3aff0558e1d5a855353017e884a6fcf3df023d9e806d023a7a3493c32af0f342425121bf05abbbc2a9708340fbceb58f4dd4cd36625a5a64593ff46212d73c30380e720164145907800c51ff68172e78c042b73e5e37bda95ebd2958ac1cb3eeeab6193443fb26364336fe4c5021d4147723764d99b908f5829c3cc4049cb400152e0b11c9f33c37e61646d39781273e78cc43b2908fac6acc64ae7c8d5916ca74f95e92df39b13d6e06e394a1f48e9e8f23642c503996723c5b0903bf72153c916c45adafd83f8ee4ae658294813de62bab90a84b1ee0870c1baa23be6203c6ad7039a4f6d525dca010715e25e7569ae12f5e0d755cf1f2cece266ad3ebb7defae7116fcfe2579c2776a6651cc4661277a907abc019ce7429b6d8080786e1d109f4f564a985dfbf343765e7432a9c1891dfa299252cbbdfeb018cd7a28023d5058750a9c18b3487fadad10cdb8e8b3bee3b64f19b2da709e7469d57ff3e8267307e82f18d3083d25256985942d606f98f966601a9049fea5f127bf45cfcf0bf81f244b7fc9f16a099e8f759c707cecd285dce9198d04517be38ddd3f30c10dd5f441343664c2433685d5116a22fe620c8e15bf5683f0cd1427a8673765fe61e05cb63822d61ebfa9bbbfc789f3baaf22904fbed872e77c2eeff5d9dd876d98a35f177b22fc693302935ed8c9fb9b03fde355d40a27a2e5df9bc9ff55da339178da988f176f8a65722b7226f918e3f693f04c854e0f015205aedeab86fb77587ce7eeec24420d4de19fb1ceb9580c0afb4d0a64dacfbfb3c72cce85d78cad2541d40b4a30e931df57186be57c1ca677cb3f6edbc4253637ff8a526c3a80d3ac62ae38456d74372dc3a0f2f11fefc2261696e1d135e9f7b0e16f629b35a3628495aa1557bad64d7495ae26377b3127c3e844f28a71256f36fe09e4b1a20f337f6cb9a5f22b5f1e7d524002845eb1174e1101672717b13f582f081a5fd23661ec0e6d2259ff08e75400840c6d6955a745d317c08fd4b26676e86d8800105433bc0102416b5d0c3565dd935c2f51effa5424689b40831cc315fa4c7b26ad5a68425392cc82c7a53b79c54ed5131f9ec41b84af1c5e92b1d7ae2b23bbad1d1a6bac0c574b2782d107ef9ceb0707f39adada1236f1729e124a7d0f9b42edb4da9477e1ffe859d22d2d89b5ce41b1e44df65b3737b4e3a000085ecc3a7f1923379a96263d556ad9e99ff9ae69f1a43980e2fb26f328f546095b7ac93120736a8d0dd2c566ed2b6993e4ebf457ced6cedf65eca18fd4a7a985934b25ae7ca05f7e6e771b5e4f8ea3246eeee3ac19b26a8bc3f2632209bfa505cfbdf1bb16827747d78a56fa3180fb20ef657e988eaf8d32a6f9e675ce3dea48078c462843523c38609f64f8634059c51d6f1478e225708d400541ddec5bf9625eb1496b719b5f13fdcf48669cd1a44660f99bcf5de649acbd74d069512206b8724fa16db60d791dffa4783ae83e35b070806aeaea45a0d8c98e3d5b1524996a4d36de92c5e48e61337e3a2ab1136e07464c116d730be84fde925b36d3f28175130c257ece978c17de6e35d0c6cb522a667b8a3e617831072d2d8672c2a379da3ca4a78d15789fb0d95fe215df4d3754573d197affdacb77980820cfcac8fb2947ac17c3dda6637b04a7c0acda0590db65eb649093f8bd06f53ab6893914b4d95c6e79361853323d3725a19c687633dc33935de4ac3572396ded2137cb6669f3d1d0d4e034c452efb73ba4fbcc891337bd9d3b6c5fbe8363fc49e45683d566c8fb1b78f9298534a30cadbfe7d018ba18dfb0f14befd04c77620ed1b08eb483e49e8f02b62e301caa98cce2f3c2502bed0d73d3aedb20622062d3bc38cabcf19b2659eef3eafb99d394ca907fc77330cfcf2ac93ac217d489b558e7d66a3430321d41988c9421665192322428b99a98bcefd85bfa92ed355033631e522e597d29d9919e45eb7f929db33a85d29a457481cad990af9509127a8bec95d3877d6081d266d85b67b4b560ef790708299df628b3fd7a5974c1f359d73cdf74907a06993a3126e3a9b730579c1b780cf313fe53d20bd86ada51d415385d18c991ae808f57fcc47d5717c37f0b33530f6334fa4edec528a2b702a3b8dc59cb79a3760fa783e24bb70dbf3cf2db17a734e526f9d4b7dfc792ab9410f7956fd0c8a7751d8ad5d16c07ce66172401b808023089d572491d289165bb63c2a47e41b130ac99327a539b16001759c2bfc6cb207923820e0b3bd1d0185b88dad9d6a87ddac1d58f8018953bd6212ad159febe84a70f7a912bb910f672ddcd24c6639b764bbf520a0c904611070b0a34f5ab9d0690630aedaa437c898b8c575c2bf1959af634afc1b7a86c5593246a45f8c61646e7f685a7cee3d44c67500393f24ab0dbfbaa120935d87b49f000d9d2c80d0ca540e2a46c15c470875bdbbe5e85238e3aaf6dee3af87a98ede27a02ae741a73f817c902d8cc7077c457238e5b882b021ed75e5e42faf58805491a7ea75f9c05a57f34527492e772deb0cac5322d91a1e1489a0056433016e0e5ded1471d360b383fda52511e33b6183d409f851223f0d4699a7ca6431dfe5c55b8ab1afe487a0e3a44e456d0b5bffbd4847a550ca41d4ff5dfeb7d2a8435fb554dfe948898be799595d9b43f7164850b23988de02aaf4c382bf319202e703e268f8766f0a8565ec676ad607ee03f21316a2b6c08b1e468c382ff3046983667842460ec27bb705d0d26037fec81e32e6d67ad209ee09c817a1828a3e86770686ecda196c616726975936601e290d30d3626510c35e65f3bffbd0c7efeb40a5b06ee7872980af5298024eeb81489292df7f5f58d9b0aeefa76774ad53fa5ccde780d847dd590342bbcce86113f754ffcc73c7355e33e10961f85ce8ca6b8cb1c96e022624da59d94f447eed2611b9bf132baf40aa535009de7bf6aa94ee3b10e3000c0abb86632530964e85b6b6bc0b55ff8718773c9c21e8549eb67391b6dcdba1177566cb3d80376eeb4a35df216e08f66449404586165efb320af86ab7933eb23479a46e92cdfd60d9d3c3649c0d5fa8a522be5325a860b60a927b31af63f398b2deb33d4d15d8b45910a6c18694ec20cff3ac2d0384a1ee3b5839882bcba4f9738071e5c644490f5a9545cf85de3463cf167f9628dbe29c89e739229a2db19415b46b7d2edef9e09abb7c17b3d95e85d4aa3632ea5eb5d2fe5a56180dfbd51623bee54b250d6f1fc1e19b813f1332e7ca176c8856b2fd6ced7bbeabbbe3ffda00e3c62f0e45178c4f2e450164026f7543fa785dce04d02e282e74dfa097d6c34686925182e1866e998361ac5a70931be5b48d7bb840ab167a6e250f37109cfdda0d024796e4152d7be7e4facfa1e977f43a4e70d95219e7645f7d374d3fbbf61ad62cb1090a13f41043ee23dc4b6738ba85abd36bd967a53b4e15a34a6158ea6a45074604094caefb779dd7315cbc4b4e0398f5123c73d77c3bc8ea113bf9bc1a187d28049cee0f898f5f5fd07c7dde8251931cda99d6f840eca83cc378472cda2e2104fc05334d6291c53d14bd44544ae63f89b3ab0729d3af250f8e2c2b94849715fd38bb31260aed22745ae4c24ff82d9cef033cbee1a9f0780297c6001d012678d3befe1c23dd0ba4cbec9f5664ead4423c12be40e8542f1985a72461470c7d7b17a066071f19a96707627017361c203731313a490b1bfd7dce6a32016b53c31d80be640d83878e6579ff039464332840f340f8dc7216464361ac890ffb9e1914a85a289688c48a6136e6505b5b36b5298ccad7760a9eb5221934bf4b6343660c0f08ac6fa62ae1f4d1bea050eff2e1819367ec6deb657f0944b40d0dc3b0a4ded685599b6f11a20aea582a225e056a5e034e5388100a71ea16e30f3ea25826b025ead80ab0dc1451343a2320ec5f988146bd6ccb4defedc364a11845f732fe237caf9c6f504a8a70ab947a5ceb9820c41981eaa96c8e44655e3fffee45d06a1363234c4c1976ffcffde0cc29cf3", 0x1000}, {&(0x7f0000000700)="60b063e3ee99e237c194641710b1caeeba3c046cd6ef5aa45f142a06576663905797fc164f337963ae4f16b5c4e904a1afca77eace1ad29db72c04b7443bbd0fb0f362a216dfedda55809474f4858851ba05b47a7641c0e43e61676d2ad3a56beb7495a01cecd1391e1d906bc6e51461f9e00518c99c7db3127c0d1b44fb3c2da045ff13bf25bae2aed052928878d09e9c34a69c8e69d8501fdff25b8289f30ffbe9ee9482a14203d342", 0xaa, 0x5}], 0x400, &(0x7f0000000880)=ANY=[@ANYBLOB='/dev/ubi_\x00\x00\x00\x00\x00\x00\x00\x00r=00000000000000000014,\x00']) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/nbd5', 0x80, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xb8, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x84, 0x3, "af35707b9171d68652ea2b1b319893a2e2156e4b53e9c00fbe55711b97ea738c3f191f57cb8de9562dd6fcd9638a52070853c04027e682df320acc2f200f94fa74a737771024848212df1ff8a64dd9838fe0a1e6c8041d592de80eef01702080fbdad81ce15d26e1d400c9c5661f4238367119a483a9b8de486d8cd38b140e57"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x400c000}, 0xc0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x0, r1}) [ 1073.024314] FAULT_INJECTION: forcing a failure. [ 1073.024314] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.050589] FAULT_INJECTION: forcing a failure. [ 1073.050589] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.083613] CPU: 1 PID: 16356 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1073.091514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.100865] Call Trace: [ 1073.103455] dump_stack+0x1b2/0x281 [ 1073.106461] qnx4: no qnx4 filesystem (no root dir). [ 1073.107081] should_fail.cold+0x10a/0x149 [ 1073.107095] should_failslab+0xd6/0x130 [ 1073.107108] kmem_cache_alloc+0x28e/0x3c0 [ 1073.124430] alloc_vfsmnt+0x23/0x7f0 [ 1073.128143] ? _raw_read_unlock+0x29/0x40 [ 1073.132292] vfs_kern_mount.part.0+0x27/0x470 [ 1073.136794] do_mount+0xe65/0x2a10 [ 1073.140339] ? __do_page_fault+0x159/0xad0 [ 1073.144569] ? retint_kernel+0x2d/0x2d [ 1073.148454] ? copy_mount_string+0x40/0x40 [ 1073.152700] ? memset+0x20/0x40 [ 1073.155976] ? copy_mount_options+0x1fa/0x2f0 [ 1073.160469] ? copy_mnt_ns+0xa30/0xa30 [ 1073.164355] SyS_mount+0xa8/0x120 [ 1073.167810] ? copy_mnt_ns+0xa30/0xa30 [ 1073.171694] do_syscall_64+0x1d5/0x640 [ 1073.175579] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:19:58 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:58 executing program 1: socket(0x24, 0x1, 0x4) [ 1073.180764] RIP: 0033:0x7f2e61d6757a [ 1073.184466] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1073.192167] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1073.199426] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1073.206690] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1073.213956] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1073.221219] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1073.245844] CPU: 0 PID: 16359 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1073.253753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.263107] Call Trace: [ 1073.265687] dump_stack+0x1b2/0x281 [ 1073.269314] should_fail.cold+0x10a/0x149 [ 1073.273467] should_failslab+0xd6/0x130 [ 1073.277443] __kmalloc_track_caller+0x2bc/0x400 [ 1073.282110] ? strndup_user+0x5b/0xf0 [ 1073.285910] memdup_user+0x22/0xa0 [ 1073.289452] strndup_user+0x5b/0xf0 [ 1073.293072] ? copy_mnt_ns+0xa30/0xa30 [ 1073.296961] SyS_mount+0x39/0x120 [ 1073.300408] ? copy_mnt_ns+0xa30/0xa30 [ 1073.304283] do_syscall_64+0x1d5/0x640 [ 1073.308157] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1073.313332] RIP: 0033:0x7f94265b657a [ 1073.317023] RSP: 002b:00007f9424f29f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1073.324720] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b657a [ 1073.331967] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f9424f29fe0 [ 1073.339218] RBP: 00007f9424f2a020 R08: 00007f9424f2a020 R09: 0000000020000480 [ 1073.346471] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1073.353715] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 10:19:58 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 52) 10:19:58 executing program 1: socket(0x24, 0x1, 0x4) 10:19:58 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:58 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0xd029) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x1}, @free_buffer={0x40086303, r0}, @acquire={0x40046305, 0x1}], 0x12, 0x0, &(0x7f0000000080)="d0be99a720b72f9c35c558f5b9a7c8f1e586"}) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x9, 0x100) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) 10:19:58 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) syz_mount_image$qnx4(&(0x7f0000000280), &(0x7f00000002c0)='./file0/../file0\x00', 0x8000000000000000, 0x7, &(0x7f00000007c0)=[{&(0x7f0000000300)="6bce900011899857edc0260aaec004240aec8a024360522db4e3cbb51460386cd8512768f42de0e0a6018a593ea9b77d987f4ae02226e8eb3ebc762cd1d994bfe9473b32416cb13ba1f232b139af23745794f4160e89c21746ca9a7df697fec380a9c5d5aa63be102c52aaf611990dade9a577a237ba07ed5839019aafcf7f9f6855", 0x82, 0x8}, {&(0x7f00000003c0)="901baa5b3010dabaaa09235ae15f6c55f3fff344ee119f35e49d70edbd27479bc773a2a81fe5f3431c73614969d5aca0be880f644538cd4fa3804e5aac6c263c08b29db10550ca0aa143e6caf9b28667f13cb9cd0e1c17081613d4ac298cda751eccab4341a8c9c8b343d8af38ee5f2b0ad1990c4a53dbbe257b25a46a2b49a6aa3e32b5440293463ead3062d16b60cafdd0f6e6a35bf735f6b63142f54c7ee00e7e0c4c2568829beb3d17d2113ca6729bd85cbf6b971517491c8dae8dfe8cc1ba2c57d6eff878df7d9559d69722799c96086ee29c9cafb1c93e42c97e71901229d23fd023bdd800913ceaa60490b2ab74d550e86ee9", 0xf6, 0x100}, {&(0x7f00000004c0)="5e2fc05484dbebb037fbf785bde33259d5b79fd900cd4ba8c42e37493c79392af93f492dc940c7752988eba6c4adfe4f2d1ea7a5ad754f0602d816e70881e1e6d025409aee833edf1a2926102efb92352b5962df86c0f4513b2b223ec0a31693e48ed310b996d382374b4e4a45c6cd10832efd1519cf1433ded70aa3c70def5651d0cea1a660ecc06a2e8e445c36f645b7171e2f1ee077c9be", 0x99, 0x401}, {&(0x7f0000000580)="e3a2ba427c2f5ec2e5094f17d78894abe7c0476c48d39939477617da16e8fd36613563d45b12c9c05e04f8a492c6491a89947a6e7264466f7da7e26fee103ac3a0b62fe6c1a69c3ccb81a31bac2573dddee79f088f962927f9301887e436b435ce13fa9feb828c1420484dc1947455d55b922e199ad4f7732e38f26f1fd34c0769d8882341a33cb94545d2ff9180f593bc40c4c704481fef5d950983bd2ba2d814b83fbb2238ab7a7b4ea2106e3920d1bff06a6d22a735bed1", 0xb9, 0xf5}, {&(0x7f0000000640)="0f969aaffc444e7c20200f6b86e38117ffcb350967d5bc3b086d0d69d7f6d0a635fec258505238540c9db99014dae033e7df2d3b64eb7ce8f0c85c334e6ab5cf356eaa816a024fe867e586f85ab572b1b1d65a844671979132dbf24ca661572a02f0361186dc12f7ae053942f2cfcf6d7fb6af193745e6036f23ee3871874c3ed97c01b9a2f4a0e0784dd0b80d0aba865a8addf69d526d0d77ef9a8c33f2ea2b0c078a2a81673ecc41552e57d28d928d7f91b402cca8a1cfd54c4e552f81", 0xbe, 0x20}, {&(0x7f0000000dc0)="05cf15e9bc6954764b7424d3f36d7afb0ec3438fa4a9c8d28d6382a004da5bd9049a9a3568a07729fc2628c8ec78d1a253f7d7a9cc68e12544cb561e5aa22c448f7f298dbe416420048b5a3f5fdd338e8af65a4a08aad0114b57c7405f91527b80e906bd3a877f9c7e1c8405c530663a41d5ee838ab55575cfb726bf48648bfbabe483fd888cb0493b9029bfe5ac8c410f8b7d796a872dc62c47845992d094bbdd57ffec767aa47770f9172314e89180d9049e5c8b12c17176ce6c771a47c68943396669a6508fb76b1e5045c022c062d3e008b64972f1ad74c9d6b93bb9825bbd254e772e381ab2329755db2464c8dd56a6573d2c8d33c3f561daa37ec32bad997468139870b816a79ff48bd8e9d034ae75be25237f0a0ba63135cb6f2f39fc9e2a7069038288af7295f319ca2cd38cf28c7fd0ea9e6e8a239b12ab55009919f0158b4bffa1c373535e662b15cdd16536ff9ffcd9c6aa3ca828cdfe7b182278608a87da409c6710d6135c0f5f4eeee88503a6325f139b37db393ebdb140abb5dc514328a45b7445df3cdacdf4063627f2dfcc0cc2cf906f58d22bd9bc2afb0961309ae8ff4e0945c5f77d8ec0678cd0c34a6569c36c4b4aac6fbb6f746720e58d76be2e7065f2f55856fca7db05c4af7a0b9699b710055fecd9c9d1b0c371a9c9b9670110fee5a25e4b235bffad50148d99179b1e908f45b522cd66620076bf8c5be09a30fb5da143ab11f3dbc3a92e1cbd62a1841fbdf7ef24a1ad2ecd89b0adfc4577332e399065300f2c69c19c47738ec4fc9df56cb3bb7a201e9a326b9fce47bad6a37830fc09b5501477fea169ef3c64e07a80cef5f57aefdf7da399d7344be95b662e3df5b1cdfbc06bf614313ca4192c84086ff47459b461e9bb27f2821f390fd2d63c975e04022a3582e2ffacb4fb10908581b910365b3470204ac5a61b6c8b4d27ef95fbb3118ab6efb986ffbb7ba393d05f559d8c38dd1f13e20cb9ca08a0f04309ca663074819fdaa162bb7bfa48e4c5dac2ac7e15450c66016f93fd091e25685941f01699af7e3d0481344632d2883ec411eae3a5b62b94682e6c8d858e16c208003ecc46e24ff38150c42bb86bacf26cd370af222b3ba14dec68822608f114d628163f6962d0ef2f5d91b6b28ee924dbae593cea4be5ec1d596cc206f335b7a89e4a115544826310c1462684e763d73b255de459ced8a2ab3add574ffc5133977595e906c8c94dd8474cf3710cdb7039e327e6996befa4f3b35bac0e1cae0cb7e18a67727f8dbd471a7f01f024ad41615f3370af572bcf9bd21437fffab254f8d51776617101428581c546184651f86498bec8b28da2d9681a108796bb3ffbe03568f99b982b0efb681060fc67b38b7be403a5ed25c14a907eb3ffa39ea4590bbafe874c094c428df44f600acceeb6d8b2131bef55da794666b1cf2f322092838a096871651db8652c79d1f749fa610cb46ffa3bba496fd90ec7835a28d19fe7c52a6d56fd310051c7f8fe1bde18f674c301e0111a254198f916f9b7c38dcec739fa7d97e9f83600abf3845d2484c4fc5dc11877b845f9239c1d26c0b5e2c1787ed06fd8349282d1c7f83ff8d41b0e2b86993797349552fe8544926aa43a15019e133712022d8ceb674120a9ab121abf735baa850cb1f95c156139d8939cdd3d6b1483852755cc388b0f79187a7b804aee4f0756df149a19bacdaea27e748eee1565b9891e84b70aa5be29b31bc3aff0558e1d5a855353017e884a6fcf3df023d9e806d023a7a3493c32af0f342425121bf05abbbc2a9708340fbceb58f4dd4cd36625a5a64593ff46212d73c30380e720164145907800c51ff68172e78c042b73e5e37bda95ebd2958ac1cb3eeeab6193443fb26364336fe4c5021d4147723764d99b908f5829c3cc4049cb400152e0b11c9f33c37e61646d39781273e78cc43b2908fac6acc64ae7c8d5916ca74f95e92df39b13d6e06e394a1f48e9e8f23642c503996723c5b0903bf72153c916c45adafd83f8ee4ae658294813de62bab90a84b1ee0870c1baa23be6203c6ad7039a4f6d525dca010715e25e7569ae12f5e0d755cf1f2cece266ad3ebb7defae7116fcfe2579c2776a6651cc4661277a907abc019ce7429b6d8080786e1d109f4f564a985dfbf343765e7432a9c1891dfa299252cbbdfeb018cd7a28023d5058750a9c18b3487fadad10cdb8e8b3bee3b64f19b2da709e7469d57ff3e8267307e82f18d3083d25256985942d606f98f966601a9049fea5f127bf45cfcf0bf81f244b7fc9f16a099e8f759c707cecd285dce9198d04517be38ddd3f30c10dd5f441343664c2433685d5116a22fe620c8e15bf5683f0cd1427a8673765fe61e05cb63822d61ebfa9bbbfc789f3baaf22904fbed872e77c2eeff5d9dd876d98a35f177b22fc693302935ed8c9fb9b03fde355d40a27a2e5df9bc9ff55da339178da988f176f8a65722b7226f918e3f693f04c854e0f015205aedeab86fb77587ce7eeec24420d4de19fb1ceb9580c0afb4d0a64dacfbfb3c72cce85d78cad2541d40b4a30e931df57186be57c1ca677cb3f6edbc4253637ff8a526c3a80d3ac62ae38456d74372dc3a0f2f11fefc2261696e1d135e9f7b0e16f629b35a3628495aa1557bad64d7495ae26377b3127c3e844f28a71256f36fe09e4b1a20f337f6cb9a5f22b5f1e7d524002845eb1174e1101672717b13f582f081a5fd23661ec0e6d2259ff08e75400840c6d6955a745d317c08fd4b26676e86d8800105433bc0102416b5d0c3565dd935c2f51effa5424689b40831cc315fa4c7b26ad5a68425392cc82c7a53b79c54ed5131f9ec41b84af1c5e92b1d7ae2b23bbad1d1a6bac0c574b2782d107ef9ceb0707f39adada1236f1729e124a7d0f9b42edb4da9477e1ffe859d22d2d89b5ce41b1e44df65b3737b4e3a000085ecc3a7f1923379a96263d556ad9e99ff9ae69f1a43980e2fb26f328f546095b7ac93120736a8d0dd2c566ed2b6993e4ebf457ced6cedf65eca18fd4a7a985934b25ae7ca05f7e6e771b5e4f8ea3246eeee3ac19b26a8bc3f2632209bfa505cfbdf1bb16827747d78a56fa3180fb20ef657e988eaf8d32a6f9e675ce3dea48078c462843523c38609f64f8634059c51d6f1478e225708d400541ddec5bf9625eb1496b719b5f13fdcf48669cd1a44660f99bcf5de649acbd74d069512206b8724fa16db60d791dffa4783ae83e35b070806aeaea45a0d8c98e3d5b1524996a4d36de92c5e48e61337e3a2ab1136e07464c116d730be84fde925b36d3f28175130c257ece978c17de6e35d0c6cb522a667b8a3e617831072d2d8672c2a379da3ca4a78d15789fb0d95fe215df4d3754573d197affdacb77980820cfcac8fb2947ac17c3dda6637b04a7c0acda0590db65eb649093f8bd06f53ab6893914b4d95c6e79361853323d3725a19c687633dc33935de4ac3572396ded2137cb6669f3d1d0d4e034c452efb73ba4fbcc891337bd9d3b6c5fbe8363fc49e45683d566c8fb1b78f9298534a30cadbfe7d018ba18dfb0f14befd04c77620ed1b08eb483e49e8f02b62e301caa98cce2f3c2502bed0d73d3aedb20622062d3bc38cabcf19b2659eef3eafb99d394ca907fc77330cfcf2ac93ac217d489b558e7d66a3430321d41988c9421665192322428b99a98bcefd85bfa92ed355033631e522e597d29d9919e45eb7f929db33a85d29a457481cad990af9509127a8bec95d3877d6081d266d85b67b4b560ef790708299df628b3fd7a5974c1f359d73cdf74907a06993a3126e3a9b730579c1b780cf313fe53d20bd86ada51d415385d18c991ae808f57fcc47d5717c37f0b33530f6334fa4edec528a2b702a3b8dc59cb79a3760fa783e24bb70dbf3cf2db17a734e526f9d4b7dfc792ab9410f7956fd0c8a7751d8ad5d16c07ce66172401b808023089d572491d289165bb63c2a47e41b130ac99327a539b16001759c2bfc6cb207923820e0b3bd1d0185b88dad9d6a87ddac1d58f8018953bd6212ad159febe84a70f7a912bb910f672ddcd24c6639b764bbf520a0c904611070b0a34f5ab9d0690630aedaa437c898b8c575c2bf1959af634afc1b7a86c5593246a45f8c61646e7f685a7cee3d44c67500393f24ab0dbfbaa120935d87b49f000d9d2c80d0ca540e2a46c15c470875bdbbe5e85238e3aaf6dee3af87a98ede27a02ae741a73f817c902d8cc7077c457238e5b882b021ed75e5e42faf58805491a7ea75f9c05a57f34527492e772deb0cac5322d91a1e1489a0056433016e0e5ded1471d360b383fda52511e33b6183d409f851223f0d4699a7ca6431dfe5c55b8ab1afe487a0e3a44e456d0b5bffbd4847a550ca41d4ff5dfeb7d2a8435fb554dfe948898be799595d9b43f7164850b23988de02aaf4c382bf319202e703e268f8766f0a8565ec676ad607ee03f21316a2b6c08b1e468c382ff3046983667842460ec27bb705d0d26037fec81e32e6d67ad209ee09c817a1828a3e86770686ecda196c616726975936601e290d30d3626510c35e65f3bffbd0c7efeb40a5b06ee7872980af5298024eeb81489292df7f5f58d9b0aeefa76774ad53fa5ccde780d847dd590342bbcce86113f754ffcc73c7355e33e10961f85ce8ca6b8cb1c96e022624da59d94f447eed2611b9bf132baf40aa535009de7bf6aa94ee3b10e3000c0abb86632530964e85b6b6bc0b55ff8718773c9c21e8549eb67391b6dcdba1177566cb3d80376eeb4a35df216e08f66449404586165efb320af86ab7933eb23479a46e92cdfd60d9d3c3649c0d5fa8a522be5325a860b60a927b31af63f398b2deb33d4d15d8b45910a6c18694ec20cff3ac2d0384a1ee3b5839882bcba4f9738071e5c644490f5a9545cf85de3463cf167f9628dbe29c89e739229a2db19415b46b7d2edef9e09abb7c17b3d95e85d4aa3632ea5eb5d2fe5a56180dfbd51623bee54b250d6f1fc1e19b813f1332e7ca176c8856b2fd6ced7bbeabbbe3ffda00e3c62f0e45178c4f2e450164026f7543fa785dce04d02e282e74dfa097d6c34686925182e1866e998361ac5a70931be5b48d7bb840ab167a6e250f37109cfdda0d024796e4152d7be7e4facfa1e977f43a4e70d95219e7645f7d374d3fbbf61ad62cb1090a13f41043ee23dc4b6738ba85abd36bd967a53b4e15a34a6158ea6a45074604094caefb779dd7315cbc4b4e0398f5123c73d77c3bc8ea113bf9bc1a187d28049cee0f898f5f5fd07c7dde8251931cda99d6f840eca83cc378472cda2e2104fc05334d6291c53d14bd44544ae63f89b3ab0729d3af250f8e2c2b94849715fd38bb31260aed22745ae4c24ff82d9cef033cbee1a9f0780297c6001d012678d3befe1c23dd0ba4cbec9f5664ead4423c12be40e8542f1985a72461470c7d7b17a066071f19a96707627017361c203731313a490b1bfd7dce6a32016b53c31d80be640d83878e6579ff039464332840f340f8dc7216464361ac890ffb9e1914a85a289688c48a6136e6505b5b36b5298ccad7760a9eb5221934bf4b6343660c0f08ac6fa62ae1f4d1bea050eff2e1819367ec6deb657f0944b40d0dc3b0a4ded685599b6f11a20aea582a225e056a5e034e5388100a71ea16e30f3ea25826b025ead80ab0dc1451343a2320ec5f988146bd6ccb4defedc364a11845f732fe237caf9c6f504a8a70ab947a5ceb9820c41981eaa96c8e44655e3fffee45d06a1363234c4c1976ffcffde0cc29cf3", 0x1000}, {&(0x7f0000000700)="60b063e3ee99e237c194641710b1caeeba3c046cd6ef5aa45f142a06576663905797fc164f337963ae4f16b5c4e904a1afca77eace1ad29db72c04b7443bbd0fb0f362a216dfedda55809474f4858851ba05b47a7641c0e43e61676d2ad3a56beb7495a01cecd1391e1d906bc6e51461f9e00518c99c7db3127c0d1b44fb3c2da045ff13bf25bae2aed052928878d09e9c34a69c8e69d8501fdff25b8289f30ffbe9ee9482a14203d342", 0xaa, 0x5}], 0x400, &(0x7f0000000880)=ANY=[@ANYBLOB='/dev/ubi_\x00\x00\x00\x00\x00\x00\x00\x00r=00000000000000000014,\x00']) (rerun: 64) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/nbd5', 0x80, 0x0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xb8, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x84, 0x3, "af35707b9171d68652ea2b1b319893a2e2156e4b53e9c00fbe55711b97ea738c3f191f57cb8de9562dd6fcd9638a52070853c04027e682df320acc2f200f94fa74a737771024848212df1ff8a64dd9838fe0a1e6c8041d592de80eef01702080fbdad81ce15d26e1d400c9c5661f4238367119a483a9b8de486d8cd38b140e57"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x400c000}, 0xc0) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x0, r1}) 10:19:58 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 44) 10:19:58 executing program 1: socket(0x24, 0x0, 0x0) r0 = socket(0x5, 0x6, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000100)) r1 = socket(0x1e, 0x80810, 0x7fffffff) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/binder_alloc', 0x800, 0x18) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000004c0), 0xffffffffffffffff) syz_genetlink_get_family_id$smc(&(0x7f0000000480), r1) accept$phonet_pipe(r3, &(0x7f0000000180), &(0x7f00000001c0)=0x10) setsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000040)=0x1, 0x4) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000006c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000680)={&(0x7f0000000740)=ANY=[@ANYBLOB="a8020000", @ANYRES16=0x0, @ANYBLOB="000325bd7000fcccdf25050000008402038043000400914602c8f1be4ff9b032c8e6d0547392eacbb07da9689b5d36fa2818d9b984fe4b0304439779f7596dee751a782a4baeaab2eacec980b6710007000400f8431d00b00004001cc03857a10462dac5070000000000007f1d5f7034403764fe04213d5aae7f40682a08a98231ff24a476a3e79ba8ff45b9a843a32dd5ce96e6823636afa778982a299f8f07ecd0b56cb183c8cf7f4895f7a7a86a42c60a9afd105959dbfce49db0f5acc6ae30f788cfe59a71ab54d8eb43b853effa31bf78e9c28d5997f932cb73691ce170e696a0718e5ca0ed6fbb280785ace34771d7ed943a82c39135c8825bebaea580ccae4e5bbce5c804000100800103803000018006000200870000000a000200776c616e31000000070002005b2400000500020000000000080001000300000020000180040003003800008653d74c4686080002002f2423000f000200534d435f504e4554494400001000018004000300080001008000000038000180120002002f6465762f7562695f6374726c000000080001000180000004000300120002002f6465762f7562695f6374726c00000044000180120002002f6465762f7562695f6374726c000000070002002a7b00000800010006000000080001005c0300000f000200534d435f504e455449440000040003003c00018004000300040003000a000200776c616e310000000f000200534d435f504e4554494400000800010000000000080001000100008004000300d41bbb800255690758deff392ebb6400018008000100020000000400eeff0a00020021252640262800000400030004000300120002002f6465762f7562695f6374726c00000008000100020000000f000200534d435f504e455449440000080002003a245b7b00000000080001000104000005000700030000000500070000000000000038195b3ad0afadd13ee0dc3807a0d588b03e3cb441df22ffb71f3b01971a3e3744c4de6b44671d8c1bd76c8e9966dfe9bf651369e277f8009d19c15b4e0f72e0fb9ee6b82b11fb550adace2a5d55bf359ad35510817baef3093af08b04fc77c06aa5ebbe702c303b298b10b9e747fe3ecdbdb9c80124344361731ecd0cea560bbfce585e2c114666072f106d0400efb261364cbe994a3ce5ae72a160685495c86a61fae4"], 0x2a8}, 0x1, 0x0, 0x0, 0x48080}, 0x20000004) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000440)) syz_genetlink_get_family_id$smc(&(0x7f0000000200), r1) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="24020027", @ANYRES16=r2, @ANYBLOB="0001250004000000000000", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2a4801}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020025bd7000fbdbdf257400000008000300", @ANYRES32=r5, @ANYBLOB="0c00990008000000490000008f02f2bcc4a6887b01ff4eb9d590b865dc37fbf2d4e8dd61283113ae4910fc67bf84f2df1244a091c7566f513c5b69d92e5dee"], 0x28}}, 0xc0d5) [ 1073.482095] qnx4: no qnx4 filesystem (no root dir). [ 1073.488221] FAULT_INJECTION: forcing a failure. [ 1073.488221] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.498475] FAULT_INJECTION: forcing a failure. [ 1073.498475] name failslab, interval 1, probability 0, space 0, times 0 [ 1073.510816] CPU: 1 PID: 16416 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1073.518690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.528037] Call Trace: [ 1073.530623] dump_stack+0x1b2/0x281 [ 1073.534266] should_fail.cold+0x10a/0x149 [ 1073.538415] should_failslab+0xd6/0x130 [ 1073.542391] kmem_cache_alloc+0x40/0x3c0 [ 1073.546464] __es_insert_extent+0x338/0x1360 [ 1073.550883] ext4_es_insert_extent+0x1b9/0x530 [ 1073.555468] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 1073.561277] ext4_map_blocks+0x887/0x1730 [ 1073.565425] ? ext4_issue_zeroout+0x150/0x150 [ 1073.569912] ? __ext4_new_inode+0x27c/0x4eb0 [ 1073.574325] ext4_getblk+0x98/0x3f0 [ 1073.577948] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1073.582265] ext4_bread+0x6c/0x1a0 [ 1073.585799] ? ext4_getblk+0x3f0/0x3f0 [ 1073.589684] ? dquot_initialize_needed+0x240/0x240 [ 1073.594606] ext4_append+0x143/0x350 [ 1073.598314] ext4_mkdir+0x4c9/0xbd0 [ 1073.601956] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1073.606622] ? security_inode_mkdir+0xca/0x100 [ 1073.611208] vfs_mkdir+0x463/0x6e0 [ 1073.614756] SyS_mkdirat+0x1fd/0x270 [ 1073.618559] ? SyS_mknod+0x30/0x30 [ 1073.622098] ? fput_many+0xe/0x140 [ 1073.625631] ? do_syscall_64+0x4c/0x640 [ 1073.629598] ? SyS_mkdirat+0x270/0x270 [ 1073.633476] do_syscall_64+0x1d5/0x640 [ 1073.637370] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1073.642555] RIP: 0033:0x7f94265b4157 [ 1073.646259] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1073.654058] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1073.661325] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1073.668590] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 10:19:58 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0xd029) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x1}, @free_buffer={0x40086303, r0}, @acquire={0x40046305, 0x1}], 0x12, 0x0, &(0x7f0000000080)="d0be99a720b72f9c35c558f5b9a7c8f1e586"}) (async) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x9, 0x100) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) 10:19:59 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0xd029) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x1c, 0x0, &(0x7f0000000040)=[@acquire={0x40046305, 0x1}, @free_buffer={0x40086303, r0}, @acquire={0x40046305, 0x1}], 0x12, 0x0, &(0x7f0000000080)="d0be99a720b72f9c35c558f5b9a7c8f1e586"}) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x9, 0x100) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) 10:19:59 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) 10:19:59 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) ioctl$NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) 10:19:59 executing program 5: sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xb}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x17}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x5}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe6}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x24000841}, 0x20000090) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1073.678197] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1073.685541] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1073.725948] CPU: 0 PID: 16404 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1073.733846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1073.743201] Call Trace: [ 1073.745802] dump_stack+0x1b2/0x281 [ 1073.749440] should_fail.cold+0x10a/0x149 [ 1073.753590] should_failslab+0xd6/0x130 [ 1073.757563] kmem_cache_alloc+0x28e/0x3c0 [ 1073.761710] getname_kernel+0x4e/0x340 [ 1073.763666] qnx4: unable to read the superblock [ 1073.765594] kern_path+0x1b/0x40 [ 1073.774033] lookup_bdev+0xc6/0x1c0 [ 1073.777659] ? bd_acquire+0x440/0x440 [ 1073.781459] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1073.787035] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1073.792053] blkdev_get_by_path+0x1b/0xa0 [ 1073.796202] mount_bdev+0x4c/0x360 [ 1073.799741] ? qnx4_iget+0xa20/0xa20 [ 1073.803454] mount_fs+0x92/0x2a0 [ 1073.806824] vfs_kern_mount.part.0+0x5b/0x470 [ 1073.811319] do_mount+0xe65/0x2a10 [ 1073.814849] ? __do_page_fault+0x159/0xad0 [ 1073.819062] ? retint_kernel+0x2d/0x2d [ 1073.822929] ? copy_mount_string+0x40/0x40 [ 1073.827143] ? memset+0x20/0x40 [ 1073.830409] ? copy_mount_options+0x1fa/0x2f0 [ 1073.834887] ? copy_mnt_ns+0xa30/0xa30 [ 1073.838753] SyS_mount+0xa8/0x120 [ 1073.842186] ? copy_mnt_ns+0xa30/0xa30 [ 1073.846051] do_syscall_64+0x1d5/0x640 [ 1073.849928] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1073.855107] RIP: 0033:0x7f2e61d6757a [ 1073.858795] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1073.866487] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1073.873740] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1073.881009] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1073.888275] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1073.895523] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:59 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 53) 10:19:59 executing program 5: sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xb}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x17}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x5}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe6}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x24000841}, 0x20000090) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:59 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) ioctl$NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) 10:19:59 executing program 1: socket(0x24, 0x0, 0x0) (async) r0 = socket(0x5, 0x6, 0x0) (async) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000100)) (async, rerun: 64) r1 = socket(0x1e, 0x80810, 0x7fffffff) (async, rerun: 64) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/binder_alloc', 0x800, 0x18) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000004c0), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$smc(&(0x7f0000000480), r1) (async) accept$phonet_pipe(r3, &(0x7f0000000180), &(0x7f00000001c0)=0x10) (async) setsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000040)=0x1, 0x4) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000006c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000680)={&(0x7f0000000740)=ANY=[@ANYBLOB="a8020000", @ANYRES16=0x0, @ANYBLOB="000325bd7000fcccdf25050000008402038043000400914602c8f1be4ff9b032c8e6d0547392eacbb07da9689b5d36fa2818d9b984fe4b0304439779f7596dee751a782a4baeaab2eacec980b6710007000400f8431d00b00004001cc03857a10462dac5070000000000007f1d5f7034403764fe04213d5aae7f40682a08a98231ff24a476a3e79ba8ff45b9a843a32dd5ce96e6823636afa778982a299f8f07ecd0b56cb183c8cf7f4895f7a7a86a42c60a9afd105959dbfce49db0f5acc6ae30f788cfe59a71ab54d8eb43b853effa31bf78e9c28d5997f932cb73691ce170e696a0718e5ca0ed6fbb280785ace34771d7ed943a82c39135c8825bebaea580ccae4e5bbce5c804000100800103803000018006000200870000000a000200776c616e31000000070002005b2400000500020000000000080001000300000020000180040003003800008653d74c4686080002002f2423000f000200534d435f504e4554494400001000018004000300080001008000000038000180120002002f6465762f7562695f6374726c000000080001000180000004000300120002002f6465762f7562695f6374726c00000044000180120002002f6465762f7562695f6374726c000000070002002a7b00000800010006000000080001005c0300000f000200534d435f504e455449440000040003003c00018004000300040003000a000200776c616e310000000f000200534d435f504e4554494400000800010000000000080001000100008004000300d41bbb800255690758deff392ebb6400018008000100020000000400eeff0a00020021252640262800000400030004000300120002002f6465762f7562695f6374726c00000008000100020000000f000200534d435f504e455449440000080002003a245b7b00000000080001000104000005000700030000000500070000000000000038195b3ad0afadd13ee0dc3807a0d588b03e3cb441df22ffb71f3b01971a3e3744c4de6b44671d8c1bd76c8e9966dfe9bf651369e277f8009d19c15b4e0f72e0fb9ee6b82b11fb550adace2a5d55bf359ad35510817baef3093af08b04fc77c06aa5ebbe702c303b298b10b9e747fe3ecdbdb9c80124344361731ecd0cea560bbfce585e2c114666072f106d0400efb261364cbe994a3ce5ae72a160685495c86a61fae4"], 0x2a8}, 0x1, 0x0, 0x0, 0x48080}, 0x20000004) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) (async, rerun: 64) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000440)) syz_genetlink_get_family_id$smc(&(0x7f0000000200), r1) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="24020027", @ANYRES16=r2, @ANYBLOB="0001250004000000000000", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) (async) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2a4801}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020025bd7000fbdbdf257400000008000300", @ANYRES32=r5, @ANYBLOB="0c00990008000000490000008f02f2bcc4a6887b01ff4eb9d590b865dc37fbf2d4e8dd61283113ae4910fc67bf84f2df1244a091c7566f513c5b69d92e5dee"], 0x28}}, 0xc0d5) [ 1073.925815] qnx4: no qnx4 filesystem (no root dir). [ 1074.009938] qnx4: no qnx4 filesystem (no root dir). [ 1074.045950] FAULT_INJECTION: forcing a failure. [ 1074.045950] name failslab, interval 1, probability 0, space 0, times 0 [ 1074.064070] qnx4: no qnx4 filesystem (no root dir). [ 1074.066726] CPU: 0 PID: 16476 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1074.076979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1074.086332] Call Trace: [ 1074.088923] dump_stack+0x1b2/0x281 [ 1074.092552] should_fail.cold+0x10a/0x149 [ 1074.096695] should_failslab+0xd6/0x130 [ 1074.100651] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1074.105297] ? set_bdev_super+0x110/0x110 [ 1074.109422] sget_userns+0x102/0xc10 [ 1074.113112] ? set_bdev_super+0x110/0x110 [ 1074.117237] ? ns_test_super+0x50/0x50 [ 1074.121105] ? set_bdev_super+0x110/0x110 [ 1074.125240] ? ns_test_super+0x50/0x50 [ 1074.129113] sget+0xd1/0x110 [ 1074.132127] mount_bdev+0xcd/0x360 [ 1074.135651] ? qnx4_iget+0xa20/0xa20 [ 1074.139345] mount_fs+0x92/0x2a0 [ 1074.142694] vfs_kern_mount.part.0+0x5b/0x470 [ 1074.147185] do_mount+0xe65/0x2a10 [ 1074.150716] ? __do_page_fault+0x159/0xad0 [ 1074.154929] ? retint_kernel+0x2d/0x2d [ 1074.158796] ? copy_mount_string+0x40/0x40 [ 1074.163012] ? memset+0x20/0x40 [ 1074.166270] ? copy_mount_options+0x1fa/0x2f0 [ 1074.170755] ? copy_mnt_ns+0xa30/0xa30 [ 1074.174627] SyS_mount+0xa8/0x120 [ 1074.178054] ? copy_mnt_ns+0xa30/0xa30 [ 1074.181919] do_syscall_64+0x1d5/0x640 [ 1074.185786] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1074.190957] RIP: 0033:0x7f2e61d6757a [ 1074.194645] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1074.202336] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1074.209583] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1074.216832] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1074.224087] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1074.231335] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:19:59 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(&(0x7f0000000280), &(0x7f00000002c0)='./file0/../file0\x00', 0x8000000000000000, 0x7, &(0x7f00000007c0)=[{&(0x7f0000000300)="6bce900011899857edc0260aaec004240aec8a024360522db4e3cbb51460386cd8512768f42de0e0a6018a593ea9b77d987f4ae02226e8eb3ebc762cd1d994bfe9473b32416cb13ba1f232b139af23745794f4160e89c21746ca9a7df697fec380a9c5d5aa63be102c52aaf611990dade9a577a237ba07ed5839019aafcf7f9f6855", 0x82, 0x8}, {&(0x7f00000003c0)="901baa5b3010dabaaa09235ae15f6c55f3fff344ee119f35e49d70edbd27479bc773a2a81fe5f3431c73614969d5aca0be880f644538cd4fa3804e5aac6c263c08b29db10550ca0aa143e6caf9b28667f13cb9cd0e1c17081613d4ac298cda751eccab4341a8c9c8b343d8af38ee5f2b0ad1990c4a53dbbe257b25a46a2b49a6aa3e32b5440293463ead3062d16b60cafdd0f6e6a35bf735f6b63142f54c7ee00e7e0c4c2568829beb3d17d2113ca6729bd85cbf6b971517491c8dae8dfe8cc1ba2c57d6eff878df7d9559d69722799c96086ee29c9cafb1c93e42c97e71901229d23fd023bdd800913ceaa60490b2ab74d550e86ee9", 0xf6, 0x100}, {&(0x7f00000004c0)="5e2fc05484dbebb037fbf785bde33259d5b79fd900cd4ba8c42e37493c79392af93f492dc940c7752988eba6c4adfe4f2d1ea7a5ad754f0602d816e70881e1e6d025409aee833edf1a2926102efb92352b5962df86c0f4513b2b223ec0a31693e48ed310b996d382374b4e4a45c6cd10832efd1519cf1433ded70aa3c70def5651d0cea1a660ecc06a2e8e445c36f645b7171e2f1ee077c9be", 0x99, 0x401}, {&(0x7f0000000580)="e3a2ba427c2f5ec2e5094f17d78894abe7c0476c48d39939477617da16e8fd36613563d45b12c9c05e04f8a492c6491a89947a6e7264466f7da7e26fee103ac3a0b62fe6c1a69c3ccb81a31bac2573dddee79f088f962927f9301887e436b435ce13fa9feb828c1420484dc1947455d55b922e199ad4f7732e38f26f1fd34c0769d8882341a33cb94545d2ff9180f593bc40c4c704481fef5d950983bd2ba2d814b83fbb2238ab7a7b4ea2106e3920d1bff06a6d22a735bed1", 0xb9, 0xf5}, {&(0x7f0000000640)="0f969aaffc444e7c20200f6b86e38117ffcb350967d5bc3b086d0d69d7f6d0a635fec258505238540c9db99014dae033e7df2d3b64eb7ce8f0c85c334e6ab5cf356eaa816a024fe867e586f85ab572b1b1d65a844671979132dbf24ca661572a02f0361186dc12f7ae053942f2cfcf6d7fb6af193745e6036f23ee3871874c3ed97c01b9a2f4a0e0784dd0b80d0aba865a8addf69d526d0d77ef9a8c33f2ea2b0c078a2a81673ecc41552e57d28d928d7f91b402cca8a1cfd54c4e552f81", 0xbe, 0x20}, {&(0x7f0000000dc0)="05cf15e9bc6954764b7424d3f36d7afb0ec3438fa4a9c8d28d6382a004da5bd9049a9a3568a07729fc2628c8ec78d1a253f7d7a9cc68e12544cb561e5aa22c448f7f298dbe416420048b5a3f5fdd338e8af65a4a08aad0114b57c7405f91527b80e906bd3a877f9c7e1c8405c530663a41d5ee838ab55575cfb726bf48648bfbabe483fd888cb0493b9029bfe5ac8c410f8b7d796a872dc62c47845992d094bbdd57ffec767aa47770f9172314e89180d9049e5c8b12c17176ce6c771a47c68943396669a6508fb76b1e5045c022c062d3e008b64972f1ad74c9d6b93bb9825bbd254e772e381ab2329755db2464c8dd56a6573d2c8d33c3f561daa37ec32bad997468139870b816a79ff48bd8e9d034ae75be25237f0a0ba63135cb6f2f39fc9e2a7069038288af7295f319ca2cd38cf28c7fd0ea9e6e8a239b12ab55009919f0158b4bffa1c373535e662b15cdd16536ff9ffcd9c6aa3ca828cdfe7b182278608a87da409c6710d6135c0f5f4eeee88503a6325f139b37db393ebdb140abb5dc514328a45b7445df3cdacdf4063627f2dfcc0cc2cf906f58d22bd9bc2afb0961309ae8ff4e0945c5f77d8ec0678cd0c34a6569c36c4b4aac6fbb6f746720e58d76be2e7065f2f55856fca7db05c4af7a0b9699b710055fecd9c9d1b0c371a9c9b9670110fee5a25e4b235bffad50148d99179b1e908f45b522cd66620076bf8c5be09a30fb5da143ab11f3dbc3a92e1cbd62a1841fbdf7ef24a1ad2ecd89b0adfc4577332e399065300f2c69c19c47738ec4fc9df56cb3bb7a201e9a326b9fce47bad6a37830fc09b5501477fea169ef3c64e07a80cef5f57aefdf7da399d7344be95b662e3df5b1cdfbc06bf614313ca4192c84086ff47459b461e9bb27f2821f390fd2d63c975e04022a3582e2ffacb4fb10908581b910365b3470204ac5a61b6c8b4d27ef95fbb3118ab6efb986ffbb7ba393d05f559d8c38dd1f13e20cb9ca08a0f04309ca663074819fdaa162bb7bfa48e4c5dac2ac7e15450c66016f93fd091e25685941f01699af7e3d0481344632d2883ec411eae3a5b62b94682e6c8d858e16c208003ecc46e24ff38150c42bb86bacf26cd370af222b3ba14dec68822608f114d628163f6962d0ef2f5d91b6b28ee924dbae593cea4be5ec1d596cc206f335b7a89e4a115544826310c1462684e763d73b255de459ced8a2ab3add574ffc5133977595e906c8c94dd8474cf3710cdb7039e327e6996befa4f3b35bac0e1cae0cb7e18a67727f8dbd471a7f01f024ad41615f3370af572bcf9bd21437fffab254f8d51776617101428581c546184651f86498bec8b28da2d9681a108796bb3ffbe03568f99b982b0efb681060fc67b38b7be403a5ed25c14a907eb3ffa39ea4590bbafe874c094c428df44f600acceeb6d8b2131bef55da794666b1cf2f322092838a096871651db8652c79d1f749fa610cb46ffa3bba496fd90ec7835a28d19fe7c52a6d56fd310051c7f8fe1bde18f674c301e0111a254198f916f9b7c38dcec739fa7d97e9f83600abf3845d2484c4fc5dc11877b845f9239c1d26c0b5e2c1787ed06fd8349282d1c7f83ff8d41b0e2b86993797349552fe8544926aa43a15019e133712022d8ceb674120a9ab121abf735baa850cb1f95c156139d8939cdd3d6b1483852755cc388b0f79187a7b804aee4f0756df149a19bacdaea27e748eee1565b9891e84b70aa5be29b31bc3aff0558e1d5a855353017e884a6fcf3df023d9e806d023a7a3493c32af0f342425121bf05abbbc2a9708340fbceb58f4dd4cd36625a5a64593ff46212d73c30380e720164145907800c51ff68172e78c042b73e5e37bda95ebd2958ac1cb3eeeab6193443fb26364336fe4c5021d4147723764d99b908f5829c3cc4049cb400152e0b11c9f33c37e61646d39781273e78cc43b2908fac6acc64ae7c8d5916ca74f95e92df39b13d6e06e394a1f48e9e8f23642c503996723c5b0903bf72153c916c45adafd83f8ee4ae658294813de62bab90a84b1ee0870c1baa23be6203c6ad7039a4f6d525dca010715e25e7569ae12f5e0d755cf1f2cece266ad3ebb7defae7116fcfe2579c2776a6651cc4661277a907abc019ce7429b6d8080786e1d109f4f564a985dfbf343765e7432a9c1891dfa299252cbbdfeb018cd7a28023d5058750a9c18b3487fadad10cdb8e8b3bee3b64f19b2da709e7469d57ff3e8267307e82f18d3083d25256985942d606f98f966601a9049fea5f127bf45cfcf0bf81f244b7fc9f16a099e8f759c707cecd285dce9198d04517be38ddd3f30c10dd5f441343664c2433685d5116a22fe620c8e15bf5683f0cd1427a8673765fe61e05cb63822d61ebfa9bbbfc789f3baaf22904fbed872e77c2eeff5d9dd876d98a35f177b22fc693302935ed8c9fb9b03fde355d40a27a2e5df9bc9ff55da339178da988f176f8a65722b7226f918e3f693f04c854e0f015205aedeab86fb77587ce7eeec24420d4de19fb1ceb9580c0afb4d0a64dacfbfb3c72cce85d78cad2541d40b4a30e931df57186be57c1ca677cb3f6edbc4253637ff8a526c3a80d3ac62ae38456d74372dc3a0f2f11fefc2261696e1d135e9f7b0e16f629b35a3628495aa1557bad64d7495ae26377b3127c3e844f28a71256f36fe09e4b1a20f337f6cb9a5f22b5f1e7d524002845eb1174e1101672717b13f582f081a5fd23661ec0e6d2259ff08e75400840c6d6955a745d317c08fd4b26676e86d8800105433bc0102416b5d0c3565dd935c2f51effa5424689b40831cc315fa4c7b26ad5a68425392cc82c7a53b79c54ed5131f9ec41b84af1c5e92b1d7ae2b23bbad1d1a6bac0c574b2782d107ef9ceb0707f39adada1236f1729e124a7d0f9b42edb4da9477e1ffe859d22d2d89b5ce41b1e44df65b3737b4e3a000085ecc3a7f1923379a96263d556ad9e99ff9ae69f1a43980e2fb26f328f546095b7ac93120736a8d0dd2c566ed2b6993e4ebf457ced6cedf65eca18fd4a7a985934b25ae7ca05f7e6e771b5e4f8ea3246eeee3ac19b26a8bc3f2632209bfa505cfbdf1bb16827747d78a56fa3180fb20ef657e988eaf8d32a6f9e675ce3dea48078c462843523c38609f64f8634059c51d6f1478e225708d400541ddec5bf9625eb1496b719b5f13fdcf48669cd1a44660f99bcf5de649acbd74d069512206b8724fa16db60d791dffa4783ae83e35b070806aeaea45a0d8c98e3d5b1524996a4d36de92c5e48e61337e3a2ab1136e07464c116d730be84fde925b36d3f28175130c257ece978c17de6e35d0c6cb522a667b8a3e617831072d2d8672c2a379da3ca4a78d15789fb0d95fe215df4d3754573d197affdacb77980820cfcac8fb2947ac17c3dda6637b04a7c0acda0590db65eb649093f8bd06f53ab6893914b4d95c6e79361853323d3725a19c687633dc33935de4ac3572396ded2137cb6669f3d1d0d4e034c452efb73ba4fbcc891337bd9d3b6c5fbe8363fc49e45683d566c8fb1b78f9298534a30cadbfe7d018ba18dfb0f14befd04c77620ed1b08eb483e49e8f02b62e301caa98cce2f3c2502bed0d73d3aedb20622062d3bc38cabcf19b2659eef3eafb99d394ca907fc77330cfcf2ac93ac217d489b558e7d66a3430321d41988c9421665192322428b99a98bcefd85bfa92ed355033631e522e597d29d9919e45eb7f929db33a85d29a457481cad990af9509127a8bec95d3877d6081d266d85b67b4b560ef790708299df628b3fd7a5974c1f359d73cdf74907a06993a3126e3a9b730579c1b780cf313fe53d20bd86ada51d415385d18c991ae808f57fcc47d5717c37f0b33530f6334fa4edec528a2b702a3b8dc59cb79a3760fa783e24bb70dbf3cf2db17a734e526f9d4b7dfc792ab9410f7956fd0c8a7751d8ad5d16c07ce66172401b808023089d572491d289165bb63c2a47e41b130ac99327a539b16001759c2bfc6cb207923820e0b3bd1d0185b88dad9d6a87ddac1d58f8018953bd6212ad159febe84a70f7a912bb910f672ddcd24c6639b764bbf520a0c904611070b0a34f5ab9d0690630aedaa437c898b8c575c2bf1959af634afc1b7a86c5593246a45f8c61646e7f685a7cee3d44c67500393f24ab0dbfbaa120935d87b49f000d9d2c80d0ca540e2a46c15c470875bdbbe5e85238e3aaf6dee3af87a98ede27a02ae741a73f817c902d8cc7077c457238e5b882b021ed75e5e42faf58805491a7ea75f9c05a57f34527492e772deb0cac5322d91a1e1489a0056433016e0e5ded1471d360b383fda52511e33b6183d409f851223f0d4699a7ca6431dfe5c55b8ab1afe487a0e3a44e456d0b5bffbd4847a550ca41d4ff5dfeb7d2a8435fb554dfe948898be799595d9b43f7164850b23988de02aaf4c382bf319202e703e268f8766f0a8565ec676ad607ee03f21316a2b6c08b1e468c382ff3046983667842460ec27bb705d0d26037fec81e32e6d67ad209ee09c817a1828a3e86770686ecda196c616726975936601e290d30d3626510c35e65f3bffbd0c7efeb40a5b06ee7872980af5298024eeb81489292df7f5f58d9b0aeefa76774ad53fa5ccde780d847dd590342bbcce86113f754ffcc73c7355e33e10961f85ce8ca6b8cb1c96e022624da59d94f447eed2611b9bf132baf40aa535009de7bf6aa94ee3b10e3000c0abb86632530964e85b6b6bc0b55ff8718773c9c21e8549eb67391b6dcdba1177566cb3d80376eeb4a35df216e08f66449404586165efb320af86ab7933eb23479a46e92cdfd60d9d3c3649c0d5fa8a522be5325a860b60a927b31af63f398b2deb33d4d15d8b45910a6c18694ec20cff3ac2d0384a1ee3b5839882bcba4f9738071e5c644490f5a9545cf85de3463cf167f9628dbe29c89e739229a2db19415b46b7d2edef9e09abb7c17b3d95e85d4aa3632ea5eb5d2fe5a56180dfbd51623bee54b250d6f1fc1e19b813f1332e7ca176c8856b2fd6ced7bbeabbbe3ffda00e3c62f0e45178c4f2e450164026f7543fa785dce04d02e282e74dfa097d6c34686925182e1866e998361ac5a70931be5b48d7bb840ab167a6e250f37109cfdda0d024796e4152d7be7e4facfa1e977f43a4e70d95219e7645f7d374d3fbbf61ad62cb1090a13f41043ee23dc4b6738ba85abd36bd967a53b4e15a34a6158ea6a45074604094caefb779dd7315cbc4b4e0398f5123c73d77c3bc8ea113bf9bc1a187d28049cee0f898f5f5fd07c7dde8251931cda99d6f840eca83cc378472cda2e2104fc05334d6291c53d14bd44544ae63f89b3ab0729d3af250f8e2c2b94849715fd38bb31260aed22745ae4c24ff82d9cef033cbee1a9f0780297c6001d012678d3befe1c23dd0ba4cbec9f5664ead4423c12be40e8542f1985a72461470c7d7b17a066071f19a96707627017361c203731313a490b1bfd7dce6a32016b53c31d80be640d83878e6579ff039464332840f340f8dc7216464361ac890ffb9e1914a85a289688c48a6136e6505b5b36b5298ccad7760a9eb5221934bf4b6343660c0f08ac6fa62ae1f4d1bea050eff2e1819367ec6deb657f0944b40d0dc3b0a4ded685599b6f11a20aea582a225e056a5e034e5388100a71ea16e30f3ea25826b025ead80ab0dc1451343a2320ec5f988146bd6ccb4defedc364a11845f732fe237caf9c6f504a8a70ab947a5ceb9820c41981eaa96c8e44655e3fffee45d06a1363234c4c1976ffcffde0cc29cf3", 0x1000}, {&(0x7f0000000700)="60b063e3ee99e237c194641710b1caeeba3c046cd6ef5aa45f142a06576663905797fc164f337963ae4f16b5c4e904a1afca77eace1ad29db72c04b7443bbd0fb0f362a216dfedda55809474f4858851ba05b47a7641c0e43e61676d2ad3a56beb7495a01cecd1391e1d906bc6e51461f9e00518c99c7db3127c0d1b44fb3c2da045ff13bf25bae2aed052928878d09e9c34a69c8e69d8501fdff25b8289f30ffbe9ee9482a14203d342", 0xaa, 0x5}], 0x400, &(0x7f0000000880)=ANY=[@ANYBLOB='/dev/ubi_\x00\x00\x00\x00\x00\x00\x00\x00r=00000000000000000014,\x00']) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/nbd5', 0x80, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xb8, 0x0, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x84, 0x3, "af35707b9171d68652ea2b1b319893a2e2156e4b53e9c00fbe55711b97ea738c3f191f57cb8de9562dd6fcd9638a52070853c04027e682df320acc2f200f94fa74a737771024848212df1ff8a64dd9838fe0a1e6c8041d592de80eef01702080fbdad81ce15d26e1d400c9c5661f4238367119a483a9b8de486d8cd38b140e57"}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x400c000}, 0xc0) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x0, r1}) 10:19:59 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 45) 10:19:59 executing program 5: sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, 0x0, 0x10, 0x70bd2b, 0x25dfdbfe, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x7}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xb}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, '\x00', 0x17}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x5}, @SEG6_ATTR_DSTLEN={0x8}, @SEG6_ATTR_ALGID={0x5, 0x6, 0xe6}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x2}]}, 0x64}, 0x1, 0x0, 0x0, 0x24000841}, 0x20000090) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:59 executing program 1: socket(0x24, 0x0, 0x0) r0 = socket(0x5, 0x6, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000100)) (async) r1 = socket(0x1e, 0x80810, 0x7fffffff) (async) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/binder_alloc', 0x800, 0x18) (async) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x0) (async) syz_genetlink_get_family_id$mptcp(&(0x7f00000004c0), 0xffffffffffffffff) syz_genetlink_get_family_id$smc(&(0x7f0000000480), r1) (async) accept$phonet_pipe(r3, &(0x7f0000000180), &(0x7f00000001c0)=0x10) setsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000040)=0x1, 0x4) (async) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000006c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000680)={&(0x7f0000000740)=ANY=[@ANYBLOB="a8020000", @ANYRES16=0x0, @ANYBLOB="000325bd7000fcccdf25050000008402038043000400914602c8f1be4ff9b032c8e6d0547392eacbb07da9689b5d36fa2818d9b984fe4b0304439779f7596dee751a782a4baeaab2eacec980b6710007000400f8431d00b00004001cc03857a10462dac5070000000000007f1d5f7034403764fe04213d5aae7f40682a08a98231ff24a476a3e79ba8ff45b9a843a32dd5ce96e6823636afa778982a299f8f07ecd0b56cb183c8cf7f4895f7a7a86a42c60a9afd105959dbfce49db0f5acc6ae30f788cfe59a71ab54d8eb43b853effa31bf78e9c28d5997f932cb73691ce170e696a0718e5ca0ed6fbb280785ace34771d7ed943a82c39135c8825bebaea580ccae4e5bbce5c804000100800103803000018006000200870000000a000200776c616e31000000070002005b2400000500020000000000080001000300000020000180040003003800008653d74c4686080002002f2423000f000200534d435f504e4554494400001000018004000300080001008000000038000180120002002f6465762f7562695f6374726c000000080001000180000004000300120002002f6465762f7562695f6374726c00000044000180120002002f6465762f7562695f6374726c000000070002002a7b00000800010006000000080001005c0300000f000200534d435f504e455449440000040003003c00018004000300040003000a000200776c616e310000000f000200534d435f504e4554494400000800010000000000080001000100008004000300d41bbb800255690758deff392ebb6400018008000100020000000400eeff0a00020021252640262800000400030004000300120002002f6465762f7562695f6374726c00000008000100020000000f000200534d435f504e455449440000080002003a245b7b00000000080001000104000005000700030000000500070000000000000038195b3ad0afadd13ee0dc3807a0d588b03e3cb441df22ffb71f3b01971a3e3744c4de6b44671d8c1bd76c8e9966dfe9bf651369e277f8009d19c15b4e0f72e0fb9ee6b82b11fb550adace2a5d55bf359ad35510817baef3093af08b04fc77c06aa5ebbe702c303b298b10b9e747fe3ecdbdb9c80124344361731ecd0cea560bbfce585e2c114666072f106d0400efb261364cbe994a3ce5ae72a160685495c86a61fae4"], 0x2a8}, 0x1, 0x0, 0x0, 0x48080}, 0x20000004) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000440)) (async) syz_genetlink_get_family_id$smc(&(0x7f0000000200), r1) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r4, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[@ANYBLOB="24020027", @ANYRES16=r2, @ANYBLOB="0001250004000000000000", @ANYRES32=r5, @ANYBLOB="0c009900070000005b0000000a00060008021100000100000a000600ffffffffffff0000"], 0x40}, 0x1, 0x0, 0x0, 0x24000004}, 0x4004) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) (async) sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2a4801}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020025bd7000fbdbdf257400000008000300", @ANYRES32=r5, @ANYBLOB="0c00990008000000490000008f02f2bcc4a6887b01ff4eb9d590b865dc37fbf2d4e8dd61283113ae4910fc67bf84f2df1244a091c7566f513c5b69d92e5dee"], 0x28}}, 0xc0d5) 10:19:59 executing program 3: ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000040)={0x7}) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1074.273714] qnx4: no qnx4 filesystem (no root dir). 10:19:59 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 54) 10:19:59 executing program 3: ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000040)={0x7}) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) [ 1074.363086] FAULT_INJECTION: forcing a failure. [ 1074.363086] name failslab, interval 1, probability 0, space 0, times 0 [ 1074.374557] CPU: 0 PID: 16496 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1074.382436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1074.391782] Call Trace: [ 1074.394372] dump_stack+0x1b2/0x281 [ 1074.398001] should_fail.cold+0x10a/0x149 [ 1074.402155] should_failslab+0xd6/0x130 [ 1074.406127] kmem_cache_alloc+0x40/0x3c0 [ 1074.410194] __es_insert_extent+0x338/0x1360 [ 1074.414608] ext4_es_insert_extent+0x1b9/0x530 [ 1074.419189] ? ext4_es_find_delayed_extent_range+0x930/0x930 [ 1074.424997] ext4_map_blocks+0x887/0x1730 [ 1074.429152] ? ext4_issue_zeroout+0x150/0x150 [ 1074.433646] ? __ext4_new_inode+0x27c/0x4eb0 [ 1074.438057] ext4_getblk+0x98/0x3f0 [ 1074.441683] ? ext4_iomap_begin+0x7f0/0x7f0 [ 1074.446005] ext4_bread+0x6c/0x1a0 [ 1074.449544] ? ext4_getblk+0x3f0/0x3f0 [ 1074.453512] ? dquot_initialize_needed+0x240/0x240 [ 1074.458433] ext4_append+0x143/0x350 10:19:59 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x20000006, 0x5, 0x0, 0x1040040, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:19:59 executing program 3: ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000040)={0x7}) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(0xffffffffffffffff, 0xc018620c, &(0x7f0000000040)={0x7}) (async) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) 10:19:59 executing program 1: r0 = socket(0x24, 0x800, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x1410, 0x10, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x2}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x100) [ 1074.462149] ext4_mkdir+0x4c9/0xbd0 [ 1074.465781] ? ext4_init_dot_dotdot+0x5a0/0x5a0 [ 1074.470449] ? security_inode_mkdir+0xca/0x100 [ 1074.475030] vfs_mkdir+0x463/0x6e0 [ 1074.478568] SyS_mkdirat+0x1fd/0x270 [ 1074.482280] ? SyS_mknod+0x30/0x30 [ 1074.485815] ? fput_many+0xe/0x140 [ 1074.489348] ? do_syscall_64+0x4c/0x640 [ 1074.493319] ? SyS_mkdirat+0x270/0x270 [ 1074.497204] do_syscall_64+0x1d5/0x640 [ 1074.501091] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1074.506272] RIP: 0033:0x7f94265b4157 [ 1074.509972] RSP: 002b:00007f9424f29f88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 1074.517683] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b4157 [ 1074.524951] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000640 [ 1074.532218] RBP: 00007f9424f2a020 R08: 0000000000000000 R09: 00007f9424f2a1d0 [ 1074.539490] R10: 0000000000000000 R11: 0000000000000213 R12: 0000000020000480 [ 1074.546754] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1074.552030] qnx4: no qnx4 filesystem (no root dir). 10:20:00 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x20000006, 0x5, 0x0, 0x1040040, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x20000006, 0x5, 0x0, 0x1040040, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:20:00 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) syz_open_dev$media(&(0x7f0000000080), 0x9e, 0x8000) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) setsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000100), 0x4) [ 1074.571911] FAULT_INJECTION: forcing a failure. [ 1074.571911] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1074.582930] qnx4: unable to read the superblock [ 1074.633215] CPU: 1 PID: 16513 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1074.641115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1074.650564] Call Trace: [ 1074.653159] dump_stack+0x1b2/0x281 [ 1074.656791] should_fail.cold+0x10a/0x149 [ 1074.660943] __alloc_pages_nodemask+0x22c/0x2720 [ 1074.665705] ? trace_hardirqs_on+0x10/0x10 [ 1074.669942] ? _find_next_bit+0xdb/0x100 [ 1074.674007] ? pcpu_alloc+0xbe0/0xf50 [ 1074.677820] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1074.682673] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1074.688126] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1074.693146] alloc_pages_current+0x155/0x260 [ 1074.697561] ? __lockdep_init_map+0x100/0x560 [ 1074.702059] get_zeroed_page+0x19/0x50 [ 1074.705948] mount_fs+0x1c7/0x2a0 [ 1074.709407] vfs_kern_mount.part.0+0x5b/0x470 [ 1074.713905] do_mount+0xe65/0x2a10 [ 1074.717451] ? __do_page_fault+0x159/0xad0 [ 1074.721685] ? retint_kernel+0x2d/0x2d [ 1074.725569] ? copy_mount_string+0x40/0x40 [ 1074.729802] ? memset+0x20/0x40 [ 1074.733075] ? copy_mount_options+0x1fa/0x2f0 [ 1074.737587] ? copy_mnt_ns+0xa30/0xa30 [ 1074.741474] SyS_mount+0xa8/0x120 [ 1074.744922] ? copy_mnt_ns+0xa30/0xa30 [ 1074.748812] do_syscall_64+0x1d5/0x640 [ 1074.752694] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1074.757862] RIP: 0033:0x7f2e61d6757a [ 1074.761554] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1074.769242] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1074.776522] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 10:20:00 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x140d, 0x8, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x80000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x850}, 0x24048801) 10:20:00 executing program 1: r0 = socket(0x24, 0x800, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x1410, 0x10, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x2}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x100) socket(0x24, 0x800, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x1410, 0x10, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x2}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x100) (async) 10:20:00 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 46) 10:20:00 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r0) (async) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) syz_open_dev$media(&(0x7f0000000080), 0x9e, 0x8000) (async) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) setsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000100), 0x4) 10:20:00 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000000)='./file0\x00', 0x20000006, 0x5, 0x0, 0x1040040, 0x0) (async, rerun: 32) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (rerun: 32) [ 1074.783783] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1074.791033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1074.798292] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:20:00 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 55) 10:20:00 executing program 1: r0 = socket(0x24, 0x800, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x1410, 0x10, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x2}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x100) socket(0x24, 0x800, 0x0) (async) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, 0x1410, 0x10, 0x70bd28, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x2}, @RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8, 0x4c, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x2}]}, 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x100) (async) 10:20:00 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x140d, 0x8, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x80000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x850}, 0x24048801) 10:20:00 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) syz_open_dev$media(&(0x7f0000000080), 0x9e, 0x8000) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) setsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000100), 0x4) syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r0) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r1, 0x0, 0x0) (async) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) (async) syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) (async) syz_open_dev$media(&(0x7f0000000080), 0x9e, 0x8000) (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r2, 0x0, 0x0) (async) setsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000100), 0x4) (async) 10:20:00 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x1, 0x222) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:20:00 executing program 1: socket(0x24, 0x0, 0x0) getgid() r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = socket(0x1e, 0x1, 0x8) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000004c0)={0x1, 'syz1\x00'}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000040)={0x3fc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc, 0x26}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0xb}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x31}, @NL80211_ATTR_IE={0x10c, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1, 0x1}}, @cf={0x4, 0x6, {0xff, 0xfb, 0x8, 0x2}}, @random_vendor={0xdd, 0xeb, "beb941fc38caec2907ada78e9b1a9a4d35186f543424ae1b7154b4474dfc5a0986971073f85bb6c5fc5846bb4503e8f1795f239d38c89ab148e67314f5e961097a947ba33aea697f8087be362a77300b12853ba855fdc9aedba6257c22b7b189b12cd37527d21e98b907144b4df79a0164839511ada6dde8395823db590052d8ce959fa8ae0fbe5fad8e199349702c9aa8f38737ea9ea99bb5a9c4a8f2850cafe4871c860e046edeb2c0063a88218d653a8ed661cfd42f0ea0ad90508f5b0558b3e037677078b47b513c23fec9eecf0c37994f860d423c88919a8196170e5b52e1af080e811dc3b4a5e8b3"}, @mesh_chsw={0x76, 0x6, {0x1, 0xe7, 0x5, 0x745e}}, @cf={0x4, 0x6, {0x1, 0x4, 0x5, 0x101}}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_IE={0x190, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xb1, 0x6}}, @random_vendor={0xdd, 0x6c, "a34e55a0bd4e41fff5c81c3e4edb7f6655545d78f3981c03760ecece60e66710bdd396befb623b7af8f1143803afd1699c9c05101b1d2227877551250ffa70445f57a61b4b269d5ec48be733ec7116e4ce2a99c8c6134bf6f1b4db89a2ccd15b712efad97dd5862d9f5e6e76"}, @mic={0x8c, 0x10, {0x885, "cb99b795dd70", @short="f16af6428c6a8dc9"}}, @link_id={0x65, 0x12, {@from_mac, @broadcast}}, @fast_bss_trans={0x37, 0xa5, {0x1, 0x5, "ce6c2debf1eccaba1a761c0071256b7b", "061aa3b9dda6c7209af64b29600d970a8838d2a5288765aed2b10e6da5dc1209", "df9c0e5e09e5079f5d0ef4df86d201b35a3943cf3b42b2921dd56fefc0f9a7f7", [{0x4, 0x6, "5960f18e28eb"}, {0x1, 0x8, "cc47eba81694977b"}, {0x1, 0xc, "37adda193b41faf8d50e8df5"}, {0x1, 0x22, "1ca02fa9586318b798f60f96b22d9520e32b172167402b8a62409795aa493a978d26"}, {0x3, 0xd, "8eef30dc1d5a09298a0886e95f"}]}}, @mic={0x8c, 0x10, {0xb4a, "df559bd26848", @short="9db84f4fe484f697"}}, @measure_req={0x26, 0x38, {0x1, 0x8, 0x5, "4eafbeb62438e703946959e5b6efc03f99c894e57402a5b91fb7b51bea146e2734c3eaa2bf3febaa36ff4cb65263e92f246fc3c6a8"}}]}, @NL80211_ATTR_IE={0xe1, 0x2a, [@fast_bss_trans={0x37, 0xcc, {0x2, 0x4, "3cfd7e460c8712843744c25bd7e3af93", "e146850cc4d44c14b3ec7e4b12db5600d0e8d67dc3b8dce1e7a3330563edd303", "af51ad57c53a6ea644f639f88bf097cdde6288dd23ecef499642a3f49e273a01", [{0x2, 0x13, "03bf90dada85d021c12cb006fa6aaa0444e6e2"}, {0x3, 0x14, "df02fde6d6aa3f03b4cb7573fb393a7f3730803b"}, {0x1, 0x24, "3948db1ca85b68277d092197d42bcc23fdc47c5babee866be2beebccc3c74abf29e34e3d"}, {0x2, 0x27, "3b367446fd14c209ac16ecc28d36352b40281eba19169d1a121361142f0cba184ece364dbec226"}]}}]}, @NL80211_ATTR_IE={0x3e, 0x2a, [@peer_mgmt={0x75, 0x14, {0x1, 0x2, @void, @void, @val="cb37721d1633692293bb91c805cea17f"}}, @gcr_ga={0xbd, 0x6, @device_b}, @ht={0x2d, 0x1a, {0x2000, 0x1, 0x4, 0x0, {0x40, 0x7, 0x0, 0x198, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x40, 0x7f}}]}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x34}]}, 0x3fc}, 0x1, 0x0, 0x0, 0x8044}, 0x4006004) 10:20:00 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x140d, 0x8, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x80000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x850}, 0x24048801) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x140d, 0x8, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x80000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x850}, 0x24048801) (async) [ 1074.935433] FAULT_INJECTION: forcing a failure. [ 1074.935433] name failslab, interval 1, probability 0, space 0, times 0 [ 1074.957032] FAULT_INJECTION: forcing a failure. [ 1074.957032] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.013689] CPU: 0 PID: 16563 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1075.021594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.030949] Call Trace: [ 1075.033543] dump_stack+0x1b2/0x281 [ 1075.037175] should_fail.cold+0x10a/0x149 [ 1075.041324] should_failslab+0xd6/0x130 [ 1075.045302] __kmalloc_track_caller+0x2bc/0x400 [ 1075.049968] ? strndup_user+0x5b/0xf0 [ 1075.053770] memdup_user+0x22/0xa0 [ 1075.057311] strndup_user+0x5b/0xf0 [ 1075.060933] ? copy_mnt_ns+0xa30/0xa30 [ 1075.064814] SyS_mount+0x39/0x120 [ 1075.068263] ? copy_mnt_ns+0xa30/0xa30 [ 1075.072151] do_syscall_64+0x1d5/0x640 [ 1075.076031] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1075.081294] RIP: 0033:0x7f94265b657a [ 1075.084995] RSP: 002b:00007f9424f29f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1075.092711] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b657a [ 1075.099964] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f9424f29fe0 10:20:00 executing program 1: socket(0x24, 0x0, 0x0) getgid() r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = socket(0x1e, 0x1, 0x8) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000004c0)={0x1, 'syz1\x00'}) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000040)={0x3fc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc, 0x26}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0xb}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x31}, @NL80211_ATTR_IE={0x10c, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1, 0x1}}, @cf={0x4, 0x6, {0xff, 0xfb, 0x8, 0x2}}, @random_vendor={0xdd, 0xeb, "beb941fc38caec2907ada78e9b1a9a4d35186f543424ae1b7154b4474dfc5a0986971073f85bb6c5fc5846bb4503e8f1795f239d38c89ab148e67314f5e961097a947ba33aea697f8087be362a77300b12853ba855fdc9aedba6257c22b7b189b12cd37527d21e98b907144b4df79a0164839511ada6dde8395823db590052d8ce959fa8ae0fbe5fad8e199349702c9aa8f38737ea9ea99bb5a9c4a8f2850cafe4871c860e046edeb2c0063a88218d653a8ed661cfd42f0ea0ad90508f5b0558b3e037677078b47b513c23fec9eecf0c37994f860d423c88919a8196170e5b52e1af080e811dc3b4a5e8b3"}, @mesh_chsw={0x76, 0x6, {0x1, 0xe7, 0x5, 0x745e}}, @cf={0x4, 0x6, {0x1, 0x4, 0x5, 0x101}}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_IE={0x190, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xb1, 0x6}}, @random_vendor={0xdd, 0x6c, "a34e55a0bd4e41fff5c81c3e4edb7f6655545d78f3981c03760ecece60e66710bdd396befb623b7af8f1143803afd1699c9c05101b1d2227877551250ffa70445f57a61b4b269d5ec48be733ec7116e4ce2a99c8c6134bf6f1b4db89a2ccd15b712efad97dd5862d9f5e6e76"}, @mic={0x8c, 0x10, {0x885, "cb99b795dd70", @short="f16af6428c6a8dc9"}}, @link_id={0x65, 0x12, {@from_mac, @broadcast}}, @fast_bss_trans={0x37, 0xa5, {0x1, 0x5, "ce6c2debf1eccaba1a761c0071256b7b", "061aa3b9dda6c7209af64b29600d970a8838d2a5288765aed2b10e6da5dc1209", "df9c0e5e09e5079f5d0ef4df86d201b35a3943cf3b42b2921dd56fefc0f9a7f7", [{0x4, 0x6, "5960f18e28eb"}, {0x1, 0x8, "cc47eba81694977b"}, {0x1, 0xc, "37adda193b41faf8d50e8df5"}, {0x1, 0x22, "1ca02fa9586318b798f60f96b22d9520e32b172167402b8a62409795aa493a978d26"}, {0x3, 0xd, "8eef30dc1d5a09298a0886e95f"}]}}, @mic={0x8c, 0x10, {0xb4a, "df559bd26848", @short="9db84f4fe484f697"}}, @measure_req={0x26, 0x38, {0x1, 0x8, 0x5, "4eafbeb62438e703946959e5b6efc03f99c894e57402a5b91fb7b51bea146e2734c3eaa2bf3febaa36ff4cb65263e92f246fc3c6a8"}}]}, @NL80211_ATTR_IE={0xe1, 0x2a, [@fast_bss_trans={0x37, 0xcc, {0x2, 0x4, "3cfd7e460c8712843744c25bd7e3af93", "e146850cc4d44c14b3ec7e4b12db5600d0e8d67dc3b8dce1e7a3330563edd303", "af51ad57c53a6ea644f639f88bf097cdde6288dd23ecef499642a3f49e273a01", [{0x2, 0x13, "03bf90dada85d021c12cb006fa6aaa0444e6e2"}, {0x3, 0x14, "df02fde6d6aa3f03b4cb7573fb393a7f3730803b"}, {0x1, 0x24, "3948db1ca85b68277d092197d42bcc23fdc47c5babee866be2beebccc3c74abf29e34e3d"}, {0x2, 0x27, "3b367446fd14c209ac16ecc28d36352b40281eba19169d1a121361142f0cba184ece364dbec226"}]}}]}, @NL80211_ATTR_IE={0x3e, 0x2a, [@peer_mgmt={0x75, 0x14, {0x1, 0x2, @void, @void, @val="cb37721d1633692293bb91c805cea17f"}}, @gcr_ga={0xbd, 0x6, @device_b}, @ht={0x2d, 0x1a, {0x2000, 0x1, 0x4, 0x0, {0x40, 0x7, 0x0, 0x198, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x40, 0x7f}}]}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x34}]}, 0x3fc}, 0x1, 0x0, 0x0, 0x8044}, 0x4006004) socket(0x24, 0x0, 0x0) (async) getgid() (async) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) (async) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) socket(0x1e, 0x1, 0x8) (async) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000004c0)={0x1, 'syz1\x00'}) (async) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000040)={0x3fc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc, 0x26}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0xb}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x31}, @NL80211_ATTR_IE={0x10c, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1, 0x1}}, @cf={0x4, 0x6, {0xff, 0xfb, 0x8, 0x2}}, @random_vendor={0xdd, 0xeb, "beb941fc38caec2907ada78e9b1a9a4d35186f543424ae1b7154b4474dfc5a0986971073f85bb6c5fc5846bb4503e8f1795f239d38c89ab148e67314f5e961097a947ba33aea697f8087be362a77300b12853ba855fdc9aedba6257c22b7b189b12cd37527d21e98b907144b4df79a0164839511ada6dde8395823db590052d8ce959fa8ae0fbe5fad8e199349702c9aa8f38737ea9ea99bb5a9c4a8f2850cafe4871c860e046edeb2c0063a88218d653a8ed661cfd42f0ea0ad90508f5b0558b3e037677078b47b513c23fec9eecf0c37994f860d423c88919a8196170e5b52e1af080e811dc3b4a5e8b3"}, @mesh_chsw={0x76, 0x6, {0x1, 0xe7, 0x5, 0x745e}}, @cf={0x4, 0x6, {0x1, 0x4, 0x5, 0x101}}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_IE={0x190, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xb1, 0x6}}, @random_vendor={0xdd, 0x6c, "a34e55a0bd4e41fff5c81c3e4edb7f6655545d78f3981c03760ecece60e66710bdd396befb623b7af8f1143803afd1699c9c05101b1d2227877551250ffa70445f57a61b4b269d5ec48be733ec7116e4ce2a99c8c6134bf6f1b4db89a2ccd15b712efad97dd5862d9f5e6e76"}, @mic={0x8c, 0x10, {0x885, "cb99b795dd70", @short="f16af6428c6a8dc9"}}, @link_id={0x65, 0x12, {@from_mac, @broadcast}}, @fast_bss_trans={0x37, 0xa5, {0x1, 0x5, "ce6c2debf1eccaba1a761c0071256b7b", "061aa3b9dda6c7209af64b29600d970a8838d2a5288765aed2b10e6da5dc1209", "df9c0e5e09e5079f5d0ef4df86d201b35a3943cf3b42b2921dd56fefc0f9a7f7", [{0x4, 0x6, "5960f18e28eb"}, {0x1, 0x8, "cc47eba81694977b"}, {0x1, 0xc, "37adda193b41faf8d50e8df5"}, {0x1, 0x22, "1ca02fa9586318b798f60f96b22d9520e32b172167402b8a62409795aa493a978d26"}, {0x3, 0xd, "8eef30dc1d5a09298a0886e95f"}]}}, @mic={0x8c, 0x10, {0xb4a, "df559bd26848", @short="9db84f4fe484f697"}}, @measure_req={0x26, 0x38, {0x1, 0x8, 0x5, "4eafbeb62438e703946959e5b6efc03f99c894e57402a5b91fb7b51bea146e2734c3eaa2bf3febaa36ff4cb65263e92f246fc3c6a8"}}]}, @NL80211_ATTR_IE={0xe1, 0x2a, [@fast_bss_trans={0x37, 0xcc, {0x2, 0x4, "3cfd7e460c8712843744c25bd7e3af93", "e146850cc4d44c14b3ec7e4b12db5600d0e8d67dc3b8dce1e7a3330563edd303", "af51ad57c53a6ea644f639f88bf097cdde6288dd23ecef499642a3f49e273a01", [{0x2, 0x13, "03bf90dada85d021c12cb006fa6aaa0444e6e2"}, {0x3, 0x14, "df02fde6d6aa3f03b4cb7573fb393a7f3730803b"}, {0x1, 0x24, "3948db1ca85b68277d092197d42bcc23fdc47c5babee866be2beebccc3c74abf29e34e3d"}, {0x2, 0x27, "3b367446fd14c209ac16ecc28d36352b40281eba19169d1a121361142f0cba184ece364dbec226"}]}}]}, @NL80211_ATTR_IE={0x3e, 0x2a, [@peer_mgmt={0x75, 0x14, {0x1, 0x2, @void, @void, @val="cb37721d1633692293bb91c805cea17f"}}, @gcr_ga={0xbd, 0x6, @device_b}, @ht={0x2d, 0x1a, {0x2000, 0x1, 0x4, 0x0, {0x40, 0x7, 0x0, 0x198, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x40, 0x7f}}]}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x34}]}, 0x3fc}, 0x1, 0x0, 0x0, 0x8044}, 0x4006004) (async) [ 1075.107232] RBP: 00007f9424f2a020 R08: 00007f9424f2a020 R09: 0000000020000480 [ 1075.114499] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1075.121769] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1075.138108] CPU: 1 PID: 16564 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1075.146015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.155363] Call Trace: [ 1075.157951] dump_stack+0x1b2/0x281 10:20:00 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x1, 0x222) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1075.161580] should_fail.cold+0x10a/0x149 [ 1075.165728] should_failslab+0xd6/0x130 [ 1075.169700] __kmalloc+0x2c1/0x400 [ 1075.173242] ? __list_lru_init+0x67/0x710 [ 1075.177391] __list_lru_init+0x67/0x710 [ 1075.181371] sget_userns+0x504/0xc10 [ 1075.185084] ? set_bdev_super+0x110/0x110 [ 1075.189231] ? ns_test_super+0x50/0x50 [ 1075.193120] ? set_bdev_super+0x110/0x110 [ 1075.197271] ? ns_test_super+0x50/0x50 [ 1075.201159] sget+0xd1/0x110 [ 1075.204176] mount_bdev+0xcd/0x360 [ 1075.207720] ? qnx4_iget+0xa20/0xa20 [ 1075.211430] mount_fs+0x92/0x2a0 [ 1075.214795] vfs_kern_mount.part.0+0x5b/0x470 [ 1075.219286] do_mount+0xe65/0x2a10 [ 1075.222825] ? __do_page_fault+0x159/0xad0 [ 1075.227055] ? retint_kernel+0x2d/0x2d [ 1075.230939] ? copy_mount_string+0x40/0x40 [ 1075.235174] ? memset+0x20/0x40 [ 1075.238447] ? copy_mount_options+0x1fa/0x2f0 [ 1075.242938] ? copy_mnt_ns+0xa30/0xa30 [ 1075.246817] SyS_mount+0xa8/0x120 [ 1075.250250] ? copy_mnt_ns+0xa30/0xa30 [ 1075.254115] do_syscall_64+0x1d5/0x640 [ 1075.257986] entry_SYSCALL_64_after_hwframe+0x46/0xbb 10:20:00 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 47) 10:20:00 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000000c0)={0xfffffffffffffffe, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x408, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x400}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4004000) 10:20:00 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x204001a, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1075.263161] RIP: 0033:0x7f2e61d6757a [ 1075.266855] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1075.274545] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1075.281831] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1075.289123] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1075.296373] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1075.303624] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:20:00 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 56) 10:20:00 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) msgget(0x1, 0x222) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) msgget(0x1, 0x222) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:20:00 executing program 1: socket(0x24, 0x0, 0x0) (async) getgid() (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) r1 = socket(0x1e, 0x1, 0x8) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f00000004c0)={0x1, 'syz1\x00'}) (async) sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r0, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000040)={0x3fc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0xfffffffc, 0x26}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0xb}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x31}, @NL80211_ATTR_IE={0x10c, 0x2a, [@erp={0x2a, 0x1, {0x0, 0x1, 0x1}}, @cf={0x4, 0x6, {0xff, 0xfb, 0x8, 0x2}}, @random_vendor={0xdd, 0xeb, "beb941fc38caec2907ada78e9b1a9a4d35186f543424ae1b7154b4474dfc5a0986971073f85bb6c5fc5846bb4503e8f1795f239d38c89ab148e67314f5e961097a947ba33aea697f8087be362a77300b12853ba855fdc9aedba6257c22b7b189b12cd37527d21e98b907144b4df79a0164839511ada6dde8395823db590052d8ce959fa8ae0fbe5fad8e199349702c9aa8f38737ea9ea99bb5a9c4a8f2850cafe4871c860e046edeb2c0063a88218d653a8ed661cfd42f0ea0ad90508f5b0558b3e037677078b47b513c23fec9eecf0c37994f860d423c88919a8196170e5b52e1af080e811dc3b4a5e8b3"}, @mesh_chsw={0x76, 0x6, {0x1, 0xe7, 0x5, 0x745e}}, @cf={0x4, 0x6, {0x1, 0x4, 0x5, 0x101}}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_IE={0x190, 0x2a, [@channel_switch={0x25, 0x3, {0x0, 0xb1, 0x6}}, @random_vendor={0xdd, 0x6c, "a34e55a0bd4e41fff5c81c3e4edb7f6655545d78f3981c03760ecece60e66710bdd396befb623b7af8f1143803afd1699c9c05101b1d2227877551250ffa70445f57a61b4b269d5ec48be733ec7116e4ce2a99c8c6134bf6f1b4db89a2ccd15b712efad97dd5862d9f5e6e76"}, @mic={0x8c, 0x10, {0x885, "cb99b795dd70", @short="f16af6428c6a8dc9"}}, @link_id={0x65, 0x12, {@from_mac, @broadcast}}, @fast_bss_trans={0x37, 0xa5, {0x1, 0x5, "ce6c2debf1eccaba1a761c0071256b7b", "061aa3b9dda6c7209af64b29600d970a8838d2a5288765aed2b10e6da5dc1209", "df9c0e5e09e5079f5d0ef4df86d201b35a3943cf3b42b2921dd56fefc0f9a7f7", [{0x4, 0x6, "5960f18e28eb"}, {0x1, 0x8, "cc47eba81694977b"}, {0x1, 0xc, "37adda193b41faf8d50e8df5"}, {0x1, 0x22, "1ca02fa9586318b798f60f96b22d9520e32b172167402b8a62409795aa493a978d26"}, {0x3, 0xd, "8eef30dc1d5a09298a0886e95f"}]}}, @mic={0x8c, 0x10, {0xb4a, "df559bd26848", @short="9db84f4fe484f697"}}, @measure_req={0x26, 0x38, {0x1, 0x8, 0x5, "4eafbeb62438e703946959e5b6efc03f99c894e57402a5b91fb7b51bea146e2734c3eaa2bf3febaa36ff4cb65263e92f246fc3c6a8"}}]}, @NL80211_ATTR_IE={0xe1, 0x2a, [@fast_bss_trans={0x37, 0xcc, {0x2, 0x4, "3cfd7e460c8712843744c25bd7e3af93", "e146850cc4d44c14b3ec7e4b12db5600d0e8d67dc3b8dce1e7a3330563edd303", "af51ad57c53a6ea644f639f88bf097cdde6288dd23ecef499642a3f49e273a01", [{0x2, 0x13, "03bf90dada85d021c12cb006fa6aaa0444e6e2"}, {0x3, 0x14, "df02fde6d6aa3f03b4cb7573fb393a7f3730803b"}, {0x1, 0x24, "3948db1ca85b68277d092197d42bcc23fdc47c5babee866be2beebccc3c74abf29e34e3d"}, {0x2, 0x27, "3b367446fd14c209ac16ecc28d36352b40281eba19169d1a121361142f0cba184ece364dbec226"}]}}]}, @NL80211_ATTR_IE={0x3e, 0x2a, [@peer_mgmt={0x75, 0x14, {0x1, 0x2, @void, @void, @val="cb37721d1633692293bb91c805cea17f"}}, @gcr_ga={0xbd, 0x6, @device_b}, @ht={0x2d, 0x1a, {0x2000, 0x1, 0x4, 0x0, {0x40, 0x7, 0x0, 0x198, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x8, 0x40, 0x7f}}]}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x34}]}, 0x3fc}, 0x1, 0x0, 0x0, 0x8044}, 0x4006004) 10:20:00 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) (async) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000000c0)={0xfffffffffffffffe, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x408, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x400}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4004000) 10:20:00 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x204001a, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:20:00 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 10:20:00 executing program 1: r0 = socket(0x24, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000227bd7000fedbdf25040000000800340007000000050233000000000005002d0000000000050035000e000000050035004001000000080039000700"/70], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x81) [ 1075.443045] FAULT_INJECTION: forcing a failure. [ 1075.443045] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.443592] FAULT_INJECTION: forcing a failure. [ 1075.443592] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.477032] CPU: 0 PID: 16644 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1075.484929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.494277] Call Trace: [ 1075.496872] dump_stack+0x1b2/0x281 [ 1075.500500] should_fail.cold+0x10a/0x149 [ 1075.504648] should_failslab+0xd6/0x130 [ 1075.508620] __kmalloc_track_caller+0x2bc/0x400 [ 1075.513283] ? strndup_user+0x5b/0xf0 [ 1075.517081] memdup_user+0x22/0xa0 [ 1075.520627] strndup_user+0x5b/0xf0 [ 1075.524253] ? copy_mnt_ns+0xa30/0xa30 [ 1075.528132] SyS_mount+0x68/0x120 [ 1075.531580] ? copy_mnt_ns+0xa30/0xa30 [ 1075.535452] do_syscall_64+0x1d5/0x640 [ 1075.539343] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1075.544518] RIP: 0033:0x7f94265b657a [ 1075.548215] RSP: 002b:00007f9424f29f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1075.555912] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b657a [ 1075.563175] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f9424f29fe0 [ 1075.570435] RBP: 00007f9424f2a020 R08: 00007f9424f2a020 R09: 0000000020000480 [ 1075.577690] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1075.584948] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 10:20:01 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) (async) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000d80), 0x0, 0x0) sendmsg$NL80211_CMD_GET_STATION(r0, 0x0, 0x0) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f00000000c0)={0xfffffffffffffffe, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, 0x0, 0x408, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x400}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4004000) 10:20:01 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) [ 1075.596380] CPU: 1 PID: 16646 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1075.604273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.613622] Call Trace: [ 1075.616295] dump_stack+0x1b2/0x281 [ 1075.619927] should_fail.cold+0x10a/0x149 [ 1075.624079] should_failslab+0xd6/0x130 [ 1075.628067] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1075.632750] ? set_bdev_super+0x110/0x110 [ 1075.636904] sget_userns+0x102/0xc10 [ 1075.640611] ? set_bdev_super+0x110/0x110 [ 1075.644758] ? ns_test_super+0x50/0x50 [ 1075.648645] ? set_bdev_super+0x110/0x110 [ 1075.652791] ? ns_test_super+0x50/0x50 [ 1075.656674] sget+0xd1/0x110 [ 1075.659696] mount_bdev+0xcd/0x360 [ 1075.663229] ? qnx4_iget+0xa20/0xa20 [ 1075.666939] mount_fs+0x92/0x2a0 [ 1075.670303] vfs_kern_mount.part.0+0x5b/0x470 [ 1075.674798] do_mount+0xe65/0x2a10 [ 1075.678338] ? __do_page_fault+0x159/0xad0 [ 1075.682570] ? retint_kernel+0x2d/0x2d [ 1075.686466] ? copy_mount_string+0x40/0x40 [ 1075.690696] ? memset+0x20/0x40 [ 1075.693970] ? copy_mount_options+0x1fa/0x2f0 [ 1075.698460] ? copy_mnt_ns+0xa30/0xa30 [ 1075.702346] SyS_mount+0xa8/0x120 [ 1075.705792] ? copy_mnt_ns+0xa30/0xa30 [ 1075.709679] do_syscall_64+0x1d5/0x640 [ 1075.713565] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1075.718746] RIP: 0033:0x7f2e61d6757a [ 1075.722445] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1075.730145] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1075.737394] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 10:20:01 executing program 2: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 48) 10:20:01 executing program 1: r0 = socket(0x24, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000227bd7000fedbdf25040000000800340007000000050233000000000005002d0000000000050035000e000000050035004001000000080039000700"/70], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x81) 10:20:01 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) 10:20:01 executing program 4: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(&(0x7f0000000480), &(0x7f0000000640)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000e80)=[{0x0, 0x0, 0x1ff}], 0x0, &(0x7f0000000f80)) (fail_nth: 57) 10:20:01 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x8, 0x20000) 10:20:01 executing program 0: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x204001a, 0x0) (async) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1075.744642] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1075.751892] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1075.759242] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 10:20:01 executing program 3: syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x8, 0x20000) 10:20:01 executing program 1: r0 = socket(0x24, 0x0, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000227bd7000fedbdf25040000000800340007000000050233000000000005002d0000000000050035000e000000050035004001000000080039000700"/70], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x81) socket(0x24, 0x0, 0x0) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000227bd7000fedbdf25040000000800340007000000050233000000000005002d0000000000050035000e000000050035004001000000080039000700"/70], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x81) (async) 10:20:01 executing program 5: syz_mount_image$qnx4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$qnx4(0x0, &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0xffffffdf, 0x0, 0x0, 0x0) [ 1075.842555] FAULT_INJECTION: forcing a failure. [ 1075.842555] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.875920] FAULT_INJECTION: forcing a failure. [ 1075.875920] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1075.878963] CPU: 0 PID: 16699 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1075.895600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.904936] Call Trace: [ 1075.907513] dump_stack+0x1b2/0x281 [ 1075.911126] should_fail.cold+0x10a/0x149 [ 1075.915256] should_failslab+0xd6/0x130 [ 1075.919220] __kmalloc+0x2c1/0x400 [ 1075.922742] ? register_shrinker+0x1ab/0x220 [ 1075.927135] register_shrinker+0x1ab/0x220 [ 1075.931353] sget_userns+0x9aa/0xc10 [ 1075.935050] ? set_bdev_super+0x110/0x110 [ 1075.939180] ? ns_test_super+0x50/0x50 [ 1075.943048] ? set_bdev_super+0x110/0x110 [ 1075.947179] ? ns_test_super+0x50/0x50 [ 1075.951047] sget+0xd1/0x110 [ 1075.954049] mount_bdev+0xcd/0x360 [ 1075.957576] ? qnx4_iget+0xa20/0xa20 [ 1075.961274] mount_fs+0x92/0x2a0 [ 1075.964625] vfs_kern_mount.part.0+0x5b/0x470 [ 1075.969103] do_mount+0xe65/0x2a10 [ 1075.972630] ? __do_page_fault+0x159/0xad0 [ 1075.976848] ? retint_kernel+0x2d/0x2d [ 1075.980717] ? copy_mount_string+0x40/0x40 [ 1075.984934] ? memset+0x20/0x40 [ 1075.988201] ? copy_mount_options+0x1fa/0x2f0 [ 1075.992680] ? copy_mnt_ns+0xa30/0xa30 [ 1075.996565] SyS_mount+0xa8/0x120 [ 1076.000017] ? copy_mnt_ns+0xa30/0xa30 [ 1076.003887] do_syscall_64+0x1d5/0x640 [ 1076.007760] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1076.012930] RIP: 0033:0x7f2e61d6757a [ 1076.016619] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1076.024306] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1076.031558] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1076.038806] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1076.046056] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1076.053314] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1076.060582] CPU: 1 PID: 16705 Comm: syz-executor.2 Not tainted 4.14.275-syzkaller #0 [ 1076.068456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1076.078322] Call Trace: [ 1076.080908] dump_stack+0x1b2/0x281 [ 1076.081842] ------------[ cut here ]------------ [ 1076.084528] should_fail.cold+0x10a/0x149 [ 1076.089270] WARNING: CPU: 0 PID: 16699 at fs/super.c:1163 kill_block_super+0xbe/0xe0 [ 1076.093391] __alloc_pages_nodemask+0x22c/0x2720 [ 1076.101237] Kernel panic - not syncing: panic_on_warn set ... [ 1076.101237] [ 1076.105978] ? __lock_acquire+0x5fc/0x3f20 [ 1076.117513] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1076.122334] ? trace_hardirqs_on+0x10/0x10 [ 1076.126553] ? trace_hardirqs_on+0x10/0x10 [ 1076.130772] ? reacquire_held_locks+0xb5/0x3f0 [ 1076.135334] ? dput.part.0+0x3b4/0x710 [ 1076.139202] ? list_lru_add+0x22a/0x490 [ 1076.143160] cache_grow_begin+0x91/0x700 [ 1076.147200] ? fs_reclaim_release+0xd0/0x110 [ 1076.151591] ? check_preemption_disabled+0x35/0x240 [ 1076.156588] cache_alloc_refill+0x273/0x350 [ 1076.160916] kmem_cache_alloc_trace+0x340/0x3d0 [ 1076.165563] ? copy_mnt_ns+0xa30/0xa30 [ 1076.169431] copy_mount_options+0x59/0x2f0 [ 1076.173648] ? copy_mnt_ns+0xa30/0xa30 [ 1076.177516] SyS_mount+0x84/0x120 [ 1076.180950] ? copy_mnt_ns+0xa30/0xa30 [ 1076.184818] do_syscall_64+0x1d5/0x640 [ 1076.188692] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1076.193863] RIP: 0033:0x7f94265b657a [ 1076.197553] RSP: 002b:00007f9424f29f88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1076.205239] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f94265b657a [ 1076.212487] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f9424f29fe0 [ 1076.219735] RBP: 00007f9424f2a020 R08: 00007f9424f2a020 R09: 0000000020000480 [ 1076.227012] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1076.234437] R13: 0000000020000640 R14: 00007f9424f29fe0 R15: 0000000020000f80 [ 1076.241700] CPU: 0 PID: 16699 Comm: syz-executor.4 Not tainted 4.14.275-syzkaller #0 [ 1076.249574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1076.259006] Call Trace: [ 1076.261604] dump_stack+0x1b2/0x281 [ 1076.265321] panic+0x1f9/0x42d [ 1076.268508] ? add_taint.cold+0x16/0x16 [ 1076.272486] ? kill_block_super+0xbe/0xe0 [ 1076.276629] ? __warn.cold+0x5/0x44 [ 1076.280261] ? kill_block_super+0xbe/0xe0 [ 1076.284406] __warn.cold+0x20/0x44 [ 1076.287945] ? ist_end_non_atomic+0x10/0x10 [ 1076.292264] ? kill_block_super+0xbe/0xe0 [ 1076.296408] report_bug+0x208/0x250 [ 1076.300036] do_error_trap+0x195/0x2d0 [ 1076.303921] ? math_error+0x2d0/0x2d0 [ 1076.307719] ? retint_kernel+0x2d/0x2d [ 1076.311611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 1076.316455] invalid_op+0x1b/0x40 [ 1076.319923] RIP: 0010:kill_block_super+0xbe/0xe0 [ 1076.324666] RSP: 0018:ffff8880b317fbb0 EFLAGS: 00010246 [ 1076.330028] RAX: 0000000000040000 RBX: 0000000000000000 RCX: ffffc900091fb000 [ 1076.333719] qnx4: unable to read the superblock [ 1076.337287] RDX: 0000000000040000 RSI: ffffffff81874dee RDI: ffff8880902cad30 [ 1076.337295] RBP: ffff8880a2426280 R08: ffffffff8b9baa30 R09: 0000000000000001 [ 1076.337301] R10: 0000000000000000 R11: ffff888099d58500 R12: ffff8880902ca880 [ 1076.337307] R13: ffffffff891e2cf0 R14: ffffffff88f454c0 R15: dffffc0000000000 [ 1076.337328] ? kill_block_super+0xbe/0xe0 [ 1076.337342] qnx4_kill_sb+0x38/0x90 [ 1076.378766] deactivate_locked_super+0x6c/0xd0 [ 1076.383351] sget_userns+0x9c4/0xc10 [ 1076.387077] ? set_bdev_super+0x110/0x110 [ 1076.391226] ? ns_test_super+0x50/0x50 [ 1076.395112] ? set_bdev_super+0x110/0x110 [ 1076.399254] ? ns_test_super+0x50/0x50 [ 1076.403134] sget+0xd1/0x110 [ 1076.406155] mount_bdev+0xcd/0x360 [ 1076.409690] ? qnx4_iget+0xa20/0xa20 [ 1076.413399] mount_fs+0x92/0x2a0 [ 1076.416767] vfs_kern_mount.part.0+0x5b/0x470 [ 1076.421263] do_mount+0xe65/0x2a10 [ 1076.424792] ? __do_page_fault+0x159/0xad0 [ 1076.429006] ? retint_kernel+0x2d/0x2d [ 1076.432937] ? copy_mount_string+0x40/0x40 [ 1076.437179] ? memset+0x20/0x40 [ 1076.440452] ? copy_mount_options+0x1fa/0x2f0 [ 1076.444937] ? copy_mnt_ns+0xa30/0xa30 [ 1076.448801] SyS_mount+0xa8/0x120 [ 1076.452232] ? copy_mnt_ns+0xa30/0xa30 [ 1076.456101] do_syscall_64+0x1d5/0x640 [ 1076.459992] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1076.465167] RIP: 0033:0x7f2e61d6757a [ 1076.468856] RSP: 002b:00007f2e606daf88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1076.476540] RAX: ffffffffffffffda RBX: 0000000020000e80 RCX: 00007f2e61d6757a [ 1076.483791] RDX: 0000000020000480 RSI: 0000000020000640 RDI: 00007f2e606dafe0 [ 1076.491052] RBP: 00007f2e606db020 R08: 00007f2e606db020 R09: 0000000020000480 [ 1076.498308] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000480 [ 1076.505563] R13: 0000000020000640 R14: 00007f2e606dafe0 R15: 0000000020000f80 [ 1076.513272] Kernel Offset: disabled [ 1076.516961] Rebooting in 86400 seconds..