D(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13000000}) 18:04:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d00}) 18:04:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000140)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000300)='veno\x00', 0x5) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x8408) 18:04:32 executing program 1: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) ioctl$int_in(r1, 0x5421, &(0x7f0000000040)=0xe5) splice(r1, 0x0, r0, 0x0, 0x100000004, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000480)=""/251, 0xfb}], 0x1, 0x0) 18:04:32 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:32 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300}) 18:04:32 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setrlimit(0x7, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x6, 0x4, 0x8, 0x8, 0x0, 0x0}, 0x2c) 18:04:34 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:34 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:34 executing program 1: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) ioctl$int_in(r1, 0x5421, &(0x7f0000000040)=0xe5) splice(r1, 0x0, r0, 0x0, 0x100000004, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000480)=""/251, 0xfb}], 0x1, 0x0) 18:04:34 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') linkat(r1, &(0x7f0000000000)='./file0/f.le.\x00', r1, &(0x7f0000000180)='.//ile0\x00', 0x0) 18:04:34 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13}) 18:04:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:34 executing program 1: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) close(r0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) creat(0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='veno\x00', 0x5) [ 514.621148] audit: type=1400 audit(1546279474.752:140): avc: denied { associate } for pid=23396 comm="syz-executor3" name="#1" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 18:04:34 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 18:04:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 514.743000] overlayfs: filesystem on './file1' not supported as upperdir [ 514.785054] audit: type=1400 audit(1546279474.912:141): avc: denied { associate } for pid=23396 comm="syz-executor3" name="#3" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 18:04:34 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:37 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:37 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') linkat(r1, &(0x7f0000000000)='./file0/f.le.\x00', r1, &(0x7f0000000180)='.//ile0\x00', 0x0) [ 517.371001] audit: type=1400 audit(1546279477.502:142): avc: denied { associate } for pid=23437 comm="syz-executor3" name="#4" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1 18:04:37 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:37 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:37 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}) 18:04:37 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:37 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') linkat(r1, &(0x7f0000000000)='./file0/f.le.\x00', r1, &(0x7f0000000180)='.//ile0\x00', 0x0) 18:04:37 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:37 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:37 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 18:04:37 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:37 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') linkat(r1, &(0x7f0000000000)='./file0/f.le.\x00', r1, &(0x7f0000000180)='.//ile0\x00', 0x0) 18:04:37 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:38 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:40 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:40 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:40 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1100}) 18:04:40 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:40 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:04:40 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) [ 520.820426] protocol 88fb is buggy, dev hsr_slave_0 [ 520.820473] protocol 88fb is buggy, dev hsr_slave_0 [ 520.825561] protocol 88fb is buggy, dev hsr_slave_1 [ 520.830620] protocol 88fb is buggy, dev hsr_slave_1 [ 520.840787] protocol 88fb is buggy, dev hsr_slave_0 [ 520.845865] protocol 88fb is buggy, dev hsr_slave_1 18:04:41 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:41 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:41 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:41 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000340)={0x78}, 0x78) 18:04:41 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e00000000000000}) 18:04:41 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:44 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1300000000000000}) 18:04:44 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:04:44 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00'}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000340)={0x78}, 0x78) 18:04:44 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:44 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:44 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:44 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:44 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:44 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:44 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e000000}) 18:04:44 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:44 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:44 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:44 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:44 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d00000000000000}) 18:04:47 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:47 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:47 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:47 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 527.097697] overlayfs: failed to resolve './file1': -2 18:04:47 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:47 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:47 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) 18:04:47 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:47 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000340)={0x78}, 0x78) 18:04:47 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:47 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 527.335528] overlayfs: workdir and upperdir must reside under the same mount 18:04:47 executing program 1: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r0, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r1 = dup(0xffffffffffffffff) write$FUSE_ATTR(r1, &(0x7f0000000340)={0x78}, 0x78) 18:04:47 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11000000}) [ 527.598156] overlayfs: workdir and upperdir must reside under the same mount 18:04:50 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:50 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:50 executing program 1: r0 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:50 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:50 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:50 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e00}) 18:04:50 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:50 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:50 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:50 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:50 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000340)={0x78}, 0x78) 18:04:50 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:04:50 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:50 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d}) 18:04:50 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:50 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:04:53 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:53 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:53 executing program 3: mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:53 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:53 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e}) 18:04:53 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:53 executing program 3: mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:53 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:53 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00000000000000}) 18:04:53 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:53 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:54 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x1) write$binfmt_misc(r1, &(0x7f00000004c0)=ANY=[], 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xa, &(0x7f00000000c0)='@wlan1em0\x00', 0x0}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)=r3, 0x4) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:04:56 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:56 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:56 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:56 executing program 3: mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:56 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x40e, &(0x7f00000000c0)) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:04:56 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:56 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:56 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, 0x0, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:04:57 executing program 3: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:57 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:57 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x200000, 0x0) getsockopt$llc_int(r3, 0x10c, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$VHOST_GET_VRING_BASE(r3, 0xc008af12, &(0x7f0000000140)) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0xa49, 0x109000) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:04:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:04:57 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:57 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, 0x0, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:57 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x401) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x81, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)={0x3a444052, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x0, 0x5}) r3 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f00000000c0)=0x81) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[], 0x0) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:04:57 executing program 3: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:59 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:59 executing program 3: mkdir(0x0, 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:04:59 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, 0x0, 0x0) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:04:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) io_setup(0xffff, &(0x7f00000002c0)=0x0) io_cancel(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x8, 0x8d4f, r0, &(0x7f0000000300)="d16f115586b3a5fcfd87f49fdda89dfe71918a6edd4947312f13f3ce0939f484e781da02c68b6fb723f927c3ed3e8b88c9f2e5092db3b194ce624d67d27e2fe1d54269763e4f7bdd8fa9cd3d5545b90529d43634cd27a5e2cd2d05decb4113cea8097f06e068c954ff0b675549a3c6b30dc034bd223ece85163bcdee5774187c99e7d5c556d62452520b8ba8f9c856c18b7000f91be6193ac3b03d4ececb9e3450541b13e2a63208a4", 0xa9, 0x2, 0x0, 0x2}, &(0x7f0000000400)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@mcast2, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@ipv4={[], [], @loopback}}}, &(0x7f0000000280)=0xe8) setfsuid(r4) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) tee(r2, r2, 0x7ff, 0xa) r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x5, 0x70, 0x9, 0x8, 0x401, 0x7ff, 0x0, 0x4, 0x4, 0x8, 0x5, 0x200, 0x1ff, 0x6, 0x1000, 0x6, 0x4, 0x8001, 0x0, 0x2, 0xff, 0x58e86550, 0x4, 0x24a, 0x8, 0x10000, 0x0, 0x10000, 0x3, 0x3, 0x2ca, 0x2, 0x0, 0x3ff, 0x0, 0x200, 0xf000000000000000, 0x46, 0x0, 0x7, 0x4, @perf_config_ext={0x3f, 0x4}, 0x800, 0x1, 0xffff, 0x9, 0x200, 0x0, 0x2}, r2, 0x7, r5, 0x0) 18:04:59 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:04:59 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:00 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:00 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:00 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100), 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:05:00 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:03 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/mls\x00', 0x0, 0x0) bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x4000}, 0xc) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:03 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:05:03 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:03 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:03 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100), 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:05:03 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:05:03 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:03 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:05:03 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0xeab}) r2 = syz_open_pts(r1, 0x0) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$FIBMAP(r0, 0x1, &(0x7f00000000c0)) utime(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x4, 0x54fa}) 18:05:03 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:05:06 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:06 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:06 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00'}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, 0x0, 0x0) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000340)={0x78}, 0x78) 18:05:06 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:06 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xffffffffffffffbd) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) 18:05:06 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00'}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r1 = dup(r0) write$FUSE_ATTR(r1, &(0x7f0000000340)={0x78}, 0x78) 18:05:06 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:06 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x400000, 0x0) ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000100)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:05:06 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:06 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:09 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(0xffffffffffffffff) write$FUSE_ATTR(r2, &(0x7f0000000340)={0x78}, 0x78) 18:05:09 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:09 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x140, 0x0) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f0000000100)) r3 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:05:09 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', 0x0, 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:09 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:09 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:09 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) dup(r0) write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000340)={0x78}, 0x78) 18:05:09 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9000000000000, 0xfffffffffffffffc, 0x0, 0x4, 0x100000000}) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:09 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) [ 549.688546] overlayfs: workdir and upperdir must reside under the same mount 18:05:09 executing program 1: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000100)=0x4, 0x4) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="32cae4783d32"}, 0x14) r2 = dup(r0) write$FUSE_ATTR(r2, 0x0, 0x0) 18:05:09 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(0xffffffffffffffff) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000240)='.//ile0\x00', r0, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2080) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x1, 0x0) syz_open_dev$admmidi(&(0x7f0000000240)='/dev/admmidi#\x00', 0x2, 0x10000) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000280)='/proc/capi/capi20ncci\x00', 0x100, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x288000, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x800, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) getsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000140), &(0x7f0000000180)=0x4) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$ax25_int(r4, 0x101, 0xa, &(0x7f0000000100), 0x4) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:05:10 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 549.893210] overlayfs: workdir and upperdir must reside under the same mount [ 550.031122] cgroup: fork rejected by pids controller in /syz5 18:05:12 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:12 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:12 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(0x0, 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x400000, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x200, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0xffff7ffffffffff8) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(0xffffffffffffffff, 0x0) connect$bt_l2cap(r1, &(0x7f0000000180)={0x1f, 0x9, {0xf6b, 0x8, 0x7, 0x9, 0x7f, 0x8}, 0xfffffffffffffffb, 0x6}, 0xe) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000001c0)=0x17) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRESOCT=0x0, @ANYRES32=0x0], @ANYBLOB="2d9e49f4c3f76ff6f2b452cb28f3cf5a8fda09576e3b742687f2badba6fecfad34bf6f28d4bf489ad8974885f1da2a246fbf8f392df85db7515aca95235a3580883f9b58b6a7b37d0b422f2fcaac0810a0e08f4bac59adc984ed4823cbab475a276fecdf1463dcb3e69620fd3730e2d6068385ae48909784a77c7f769567d6335d45e0eaf410ef7573ceafab0238a3fc94ed9403dd716fd4f36216f86f003bfb82afd113403a6a81ea6fcc4868c1da9241428b0dea5b2a74530364f1ce5c2856db3a8feb107bc1be929c242a48c8e66927242179e6af211c12981c20f914d5b504eb0203d613494d59a8d7b6369235001ab00192938bea8d8493053893ec7798fb59dba1d86ed8b0935fa1d2641e0a09d2045e2c52183b26c677b1a47883306979e5a1e80eee94b031c45b32f6e594817ec10c02ddcd732001499edf97fd09014d4fae0d5dbe0be44af17fdc5e074a7e85c4fd69f375659aa8318955d11f5c16d9e47f22b654dabf1b963f47e7128bbd2689909e687a7e51bc9d02e4eb8eb049f12734e4242a1c9b78184d88a089481c075f39fc2c712317be885f9703d58ab5c042649c5c8ae27b76e4261cb050ca171ad650a3d89e95b03260f4b476c6a4707bfb9990b99ff4b9a02229170ab76f067ae30ea9eb42cf8e36e48b0727fe0ae296f5df7b35eab77b512a119ee13313e9720d0832eb5e427ab0dc112db52eba90d31448a29fadcca6301b67baef9718c1d53e9eb56c0f1eb281dfdc78bf3430117d9b791c8140f7edbbdf42e02637d13c0bd12feeae4648f0b3c8717ccd0b4cee218cdae15f85ab30261b6c38440c57a0acf55e7f60c4b994aa2d0e817fd0b9771dcfb9c060626b584ffafdb249a079ebf0e23bed5e2b7b62b2d671e645b7c0bf7d95b2645eb11456e90422f4be15b22009806162dc81e26ef643ad71e2d50ad15ca2b7efa4e0ef2e5aeeb72a440be62a95508d11f609536668bf08f1c8f8abf28707b66406b4517b47525d2be5589caaf300a9e22050249c352099be7fe1ebcd4b5acd02b9dab8425de5908d3fcafb9fcf2bf8bdeda5beabde6722819e1c2e96994421486c55e02ce97d257aef8fc1fbd25e2232fec9211fa9940c361617edf3fc652aaf312eceb14fa5092441a69d57369e1460cba35c0986d7003cf4fbedd5280ed40501f893a2988b7ea70e020c679e231f6d6c4a1230c32c540025bca453f9879736ee38754cf44b0072a089d98c7b7bfb0bd89b8932cf019e75357a0af2d092cb49dbf2dcac270e0968cbda393e8189988f31d1d1169f87e3baf1c8170070b88dbf20e8662d60761f0b782c548f955a0baa6522c00f14734465d0c96ffda806f00453b6d17c18a51edf84060d194a3649b996a28dd228e4ce0c3dec9cb483a83a48c7fdf22c8457fa74ddf277cabd7d9463c97fbce134c85547cf2135900484d3d26934496ce9e7fae70205138cde319b4093ff3df66cefdbd2f383c242d2ac17ed861d67d70a0e15f100bc0495daac31224c89344c161a4a4a831eae339875e16f08e560e33041bf644372447faab933d6c992df7be7c6be1b38f0424b2be644973d7e7a91983d03460deaf62bd0c4c0a7d09b5727f5987d4ccf88441111e1c4ad06b615c4ff807a9024e39075988ad67418c85bca5b6af714dd02f8310cbf28c64868c4f5ce37ed83d97d105a6ef79fdb32a4715e4e1b6c0dd062ca925e958c2ac48c13a34a02d170e0327b466e8f4ca7c41333672e7d03cff3daef113c3ef55f6cb6ab0e338ac14feeace2df61f48b0f52995a94e474fbda640b4c6582e7c19f4af4150c6f46be5f9b3689f498f64dcc7d5cbb50234eedaf387e4d66ea0917f4dc3ef33da04e102cf68fb9e2dc902bf8d85368c1a40dc8f0aa431aea2668ecfb1dec596045d307ef092efc15561914fd9e9e7ea40479ae1544705cc1a524a8c298c4653d9d19c4883c5799d75861fd5b84317bdfbc476f3215be399c35f406664427d2f53b566320a9d90e1b124ed6bf9adcdf249805827223c77b1bf34099d9807f667eeac9d642270dc524860ce4e56b9b624c8c052626f926725c5be19828b5be1fed5a5af307960231cb30d4ca0634b75da56e94dec44d8d59894fd75b26e00295bdffbeaed5a10a7a76f4f62fbd766c26639cf3abaab61b0c58ff6c6db863e12eb5a08fd90555fc6c2fa90c3262c10b032980b4ab8e280b3332fb89faa1834fd9d4f6412d71b54597979c33c3ad966a101b226e5b4d1993433c8b16d8f2f6cb80ed199f82a5e2210ed768baccb67bd9ce8d289b1bd7103ebf019a2aeb7e31e80b678bfe60b01b57fd3af340643bc2d5bad22d79ebb80cff9a6b836f4f8379ec0886eed2396fef1a531449661753ef7974e81085a0e73f570da691f3bedea4fac010655869c5e4684726d42616626b5ffb4d45a9e40f326a59f00acaa32263e52dfa89904c3310ef5143211b8868c30de51585d7a6c390da1443adf481d1bd4a7b5d26e82403a7dd02f114254b73ee3ccdf128f7d28cd7993b86351dbd78253b61f59b8a768527c6767b509e489f5cd5407dd00c9caa671f8ecbc43536f6efd4ae4e2c52248cc1a451a2c14831beb4b7b60851fa11214ca457d4d592922f63417844a5e4be4afafb73a43116262a8b515f6461157ae7b12f8690be2a5917aa90e63dd3e7fab70d9a3358f7e7f769dbed392fb678ad992f68bde7440a35417ab5135b203da6e247c5e176fbae6828d6e2adad94b7c3e3b309057a7d3662353f48d9babb1775aa163c6c64c0a6f15c7d239ec589136dae354129ec4a7ce9af26d19d99670a312166cb41b15207262853dfc5ea42f8c362f14a8c87382782cd909603216be9f84f9d9ff6269183b41cae9d6e1462a85a48cb23f9f631adfeccf355bab7baff39fa9a9dbec1921a0228148887eefbc2b06fab9a23d25ce8c7fe5d7cc29ad7c41432ad99ebbf9f8f3c6bad4c7a1ce20b17711a1a2da0791c6f12c14a74b5c600d0b32bc61a4cca044f099c8aa51437508e7466065472119ecf8a0cba0600f33b1acfe31e5e2f9df18d1b22adba67f17f7622c240cd2fe1f1887ab8b4c12f70e4ea63dfc6ff5a1a08b7cbab8bd035c97c8bbf758b026c8dd4a15ef357d0c64c165ca604c1e06d3449ecdd0e0ed60255d7ef86e8d53d068fac252245898b2ac4eac48806327c1d2dafb8ab85e1a3cb1253c23e200037c421a18aa0145c65b3bd7b68b27c455fd6ed4f7a7246057e13a60cd037a6ab46881a4f6259166eadd46dcb6e3fb0124acd1c480f6a2cefa200609e0e6b64f38ec88c363c660e4282117f48f6c05ffddd44ede5518b0b439247727e87a50dc2dc98b42061fab529aaa105070ebf4e1d0c41c5c5905e4e8e3b9dac998ca74d674d4f69887d7444fe80419eaed5b63bdd82a411593e2b5f4c38d60d90e582ef72e92365d4e77cf0d0fbe7ba160c37c613e38f7712b03d316fbc132a82063607369bd4ecad381b0d24cf761988c685bbe82f3383b3ff2daf52bc32dcc6fd0ed58a529f988e60966ef54baae94f8efc211c2d35ee871500107eb841a27283f3f1c31ac12762f13260983cc408b8350a030177337389ca6183c209f96a805e1cbc82bfdc0c4f84baba1fc03a2b1cb6e7731310072f0bacdf7cb53337e8da7aa481dafe944a05f8363cca880a0a92c07537a5a5e0d0b25e9045d32cc40a42aae80bec84156c6fb2e2210e64fd316ace254504e86d1c693c0f98243d0c4a6050dae247133defc49184b30945f59ce69327440b29df6a6cb191fdccec7b034e1e81505fafdf8dd9589ba721e7109a21c3921bda3288b3a23f95c96beddef2d1872751f4b35cace6247187a6258313fa3532fd218365d93cb6d4a6b33807c7a8fd2d8c0f5b41d2523d0be8b553af6df696e12c33baef9025a98243295d3d2a5f72503dee4b0f277602ceb4d2ad28268cd562baf01e35c9df2d9cbd31cd06419378aa95056e040714e7bdb853895610c72662dd9deff425f82d93c8912115111aa29fbdb11a9fb3542ef16807dff721ac6380d6fdf72b4403b17d18e0959a5dccd0e0766e6ac7825a5273ecab87ea4073f5262d6ac27165e6e2f9e89f220a0a02a274d18c8c02bd7ec3537e45f8aad8b89f00ec2c153086ff2fbe735609a694aa51f71bd3d3b516a6d2bfd37fdd6cc3fa0f7e7e2ea39dc4df6463de3a69598e22c7d054f873e6a9149df5be730df2e60090d6445d3679223c4473ffc243d11c9fa1839a4a71edee56b1fbd226f4d7b69d5e390a0eb46c9b107e9d58208b60405279865316571fc378a19a533f10175436973864207ec221d7b3343d71e5d7ab2cc3dc9955c50be202fb3bc08da8e78f08193392c539f2b8064297107585651d0dd5fced2f3c8782868e9b89143c0b65a016c3bbeae60827c8543f6f20498269a5a05444f1be1f8e3535121555a59d5392d7d4e2eda2dd504cbcd535f5a4f26a9e8fb1a9ed47cec0e9a19d18a8da4d26c1e91588e193bb0e695d3f09b17ce085525c21dbebc160367e366c88fc601339541f899dc0b3a468753617930044e7ae6de21b6a0243100d77c1867242379ac45c470cd43d658f50e6243519fc80575236db731e589b253eb4c1f87c45b8dfb8b0c6e68ec32adb599fe7aec7bfa1f826d51eaf98baed4146f3ac26bf3f30258103e59560869e0ac2020d6b05401e02e8db5de82d177d2aa946493ada62f5f8d1e15fc0fd1cbb9e4799d6a1eef9956f8f8c35a543ee060c44f6122a4c6325f25cb3ee022fa81ecdad2c09d2c5e652666ad7f154b206fa0e7e299609111c496f0f3e075a45622688febcd2f343e35be631cc3d6dd951f2a9f2380a7529be4bb4b991016c4e98e26dc7ee7d692e3abeeb67c960a6c7a28146103c5ac647e9a99e8de9d3331ed2170663e8fb4e4c1d97bde0093595f8078836febae822c21aea855aa49410862c73a8f7ef70aa26944d429c66d118996140230e1339a27a12a75910f237c79f338922256d72354e85ec4c8a0aa8e2ba627940822b5fbb2da42b65f235539cdd3c57b120ab578a602999be4849d33a8ed46c481e5ff7ccdf1233040378b2a24663919f67eeb949fd1e3412987364f90b6f09aaf4f895a9c7e3d14c0deec540b3f75ba11dc2936a4ad8c36545d639421887c7e1464fc65c12d5fda69d0210557430c91be5315dd47bf7f4f49cd21ba1b00a6e098afaf79381eccaebef4affcf321343aab034cf1aeaae2468c28f8def9b8b2064f35589077e6a45238c7e8d1c91aeaba80e647bc9e6916b13432d3e1724ddf2a53c99fa11a3f1baeb50b7dd18839ae5d983bb901e18670c5523e9553dfdcdfb3492988c885200e17403867c5af92c1d4e8c6c534353f7f22cac6c1412b26194c0a15bdafa31af9825a1aa9345a26e06e1b5b943f3bb728cdad3d450bd9f214c6429e231c9cd98c35d1b8f56a878f364bd2e429411c9606a863adeebd0fbe288cf5428e7368fb5fdecc25f5af2bc354a634adca65d6969dbf7212c9e5efaa139a195c9e853aa7afe44682b6b9ac8b6918ae454bacc9d30d7e682fbea3d6cf25b73622f6c383770f0c6d5fb9318bd6ca8b6a2619be68d175b5a7824ef42bd391f88a0c25e1c7d0fa1801cb091bd97b959cd91fd284fedd0d1b0fb7dd240238bbc2ad2a56e8ce630017b514a88837a4b66f1610e8d3df4ffd8ebb78d24b7697544d7128d31b9dc631cc6e62555a4d6df3ac2221002bbc310ec493d642d43fd7b722d8ae6329a2cfd957f167fa032e5c968f7a89da92618c86c", @ANYRES64=r2, @ANYRESDEC=r0, @ANYRESHEX=r0], 0x1036) ioctl$VIDIOC_G_FBUF(r1, 0x8030560a, &(0x7f0000001340)={0x96, 0x8, &(0x7f0000001240)="249d4e6ceb398ee854f0eb59a20e29bfeac736b75d57cbad1ff40be2a71b6800ccde557414f130f7442e18ac178026093478c8cb80bef2a823819206b0192c9810d8ad5497c510d76fa491a2ae4d18d2b3bc310cefc326320428c02cbcf46e1afb1bcfd4a6e2a4e5475cdce022df57408fdee74048a21b2607a3de23ab3806169d66e68d8458ed9844a50817c28fe554a1a3328ab0e4835b172b87d29c54478d6fa2a27d32689de7b77c3c7db521e140a155d5e4e5deedd4f22df27deeeafa49576fb94a05991429cde6eb4952081f545845e8952cb1d3d32a607a", {0xa7, 0x80000001, 0x47425247, 0x3, 0x8001, 0xffffffffffff0000, 0x4, 0x800}}) ioctl(r0, 0x80000001, &(0x7f00000000c0)="72d068e40f2370ba7a7971a68b048404ad3dc75e35bb") ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:12 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:12 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 552.567342] overlayfs: failed to resolve './file1': -2 18:05:12 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:12 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(0x0, &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000003c0)=0x10000000017) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sys/net/ipv4/vs/sI\xb57\xdfreroute\x00\xf9^c6\xb2\x98\xcd', 0x2, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r3, 0x89e4) connect$bt_l2cap(r3, &(0x7f0000000100)={0x1f, 0x2, {0xcc, 0x1, 0xfffffffffffffffb, 0x1ff, 0xfffffffffffffffd}, 0x2145c63, 0x5}, 0xe) ioctl$DRM_IOCTL_VERSION(r3, 0xc0406400, &(0x7f0000000340)={0xffffffffffff0000, 0x8000, 0x4, 0x58, &(0x7f0000000140)=""/88, 0xe2, &(0x7f00000001c0)=""/226, 0x79, &(0x7f00000002c0)=""/121}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:12 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:12 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:12 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:13 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:05:13 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:13 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:15 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:15 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:15 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(0x0, 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:15 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_UNLOCK(r1, 0xc) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r3 = dup(r2) write$capi20(r3, &(0x7f0000000100)={0x10, 0x20, 0x1, 0x83, 0xa9, 0xfffffffffffffff9}, 0x10) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r4 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) 18:05:15 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:15 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:05:15 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:15 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:15 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 18:05:16 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:05:16 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:16 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:16 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:16 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:16 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:16 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:16 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) 18:05:16 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 556.354994] overlayfs: missing 'lowerdir' 18:05:16 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 18:05:16 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 556.790183] overlayfs: missing 'lowerdir' 18:05:19 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:19 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:19 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) r2 = msgget(0x1, 0x4a0) msgctl$IPC_RMID(r2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:05:19 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:19 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:19 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 18:05:19 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:19 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 559.102850] overlayfs: missing 'lowerdir' 18:05:19 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:19 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0xa3}) 18:05:19 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:19 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 559.276549] overlayfs: unrecognized mount option "lowerdir" or missing value 18:05:22 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:22 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wor']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:22 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000001200)=[{{&(0x7f0000000c00)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000f80)=[{&(0x7f0000000a80)=""/43, 0x2b}, {&(0x7f0000000c80)=""/229, 0xe5}], 0x2}}], 0x1, 0x0, &(0x7f0000001280)) r0 = socket$inet6(0xa, 0x80003, 0x100000000000088) r1 = socket$inet6(0xa, 0x1, 0x888) sendto$inet6(r1, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000340)={0xa, 0x10000000004e23, 0x0, @dev={0xfe, 0x80, [], 0x15}}, 0x1c) recvmmsg(r0, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000200)=""/133, 0x4000000000000}, {&(0x7f0000000380)=""/207}, {&(0x7f00000002c0)=""/28}, {&(0x7f0000000480)=""/156}, {&(0x7f0000000300)=""/6}, {&(0x7f0000000540)=""/69}]}}, {{&(0x7f0000000640)=@rc, 0x1f6, &(0x7f0000000800)=[{&(0x7f00000006c0)=""/230}, {&(0x7f00000007c0)=""/59}]}}, {{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000840)}], 0x0, &(0x7f00000008c0)=""/220}}], 0x28c, 0x40000162, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x10001, 0x100) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000040)) r4 = syz_open_pts(r3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r3, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) [ 562.219199] overlayfs: unrecognized mount option "wor" or missing value 18:05:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:22 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=.']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) recvmmsg(r0, &(0x7f00000048c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4000, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100000000000000}) 18:05:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 562.443405] overlayfs: workdir and upperdir must be separate subtrees 18:05:25 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4001ff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x624540, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x80000001, 0xffffffffffffffff, 0xffffffffffffffff, 0x8, 0x0, 0xffffffff, 0x0, 0x0, 0xffffffffffffffff}) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xe) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:25 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./fi']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:25 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x10000, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='io\x00') ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x88) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000140)=@netrom) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f0000000d40)={{{@in6=@ipv4={[], [], @local}, @in=@broadcast}}, {{@in=@empty}, 0x0, @in=@loopback}}, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 565.321380] overlayfs: failed to resolve './fi': -2 18:05:25 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:25 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000240)={0x1, 0x28, &(0x7f0000000200)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={r1, 0x4, 0x10}, 0xc) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) ioctl$VT_GETMODE(r2, 0x5601, &(0x7f00000001c0)) r3 = syz_open_pts(r2, 0x0) r4 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r5 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0046209, &(0x7f0000c6dfd0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) r6 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x1270c0, 0x0) ioctl$VIDIOC_G_TUNER(r6, 0xc054561d, &(0x7f00000002c0)={0x28, "01b57f7eee116e1454def291b8f73cc42ed2aab72b9032a65d90c3e4ac16580c", 0x3, 0x1018, 0x7ff, 0xf53, 0x15, 0x1, 0x6, 0x5}) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000100)="2ff54081ef5f1d563cb13d8b645162b199664a9d544a426748742bd45827b919e324f68ccbeeefaf7ba7224fdd5c592110f0f1f1513dc0fce91660c38d87d672eec5d40e1ce2259e81542762cd5cd954236507e3ad7363a875f43b89307dd8941efe987d56903050d3c723302b554489f3f3f0dbda6e44e8d8b6226c2a4b702488f19df0c5622ad172e58d14267312db7ede3af6e54ff5aca2bb0bfa93eae8d948f34c7bad010c075c1a0abe7e317a7a20168f78cf20", 0xb6) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000}) io_setup(0x0, &(0x7f0000003640)=0x0) io_cancel(r7, &(0x7f0000003740)={0x0, 0x0, 0x0, 0x6, 0x9, r4, &(0x7f0000003680)="27842f3072f8f00801b851c0cd819419934ee578609c66885c5997bb590ce6ad21b1a98b7db7d4657d5ddb196f69e2ead1e220a066f354d5c36091e651f69d45dcbc4b2a1f5be4683406b1a5b6ecc422bd2ebffd79c7187058dba1df4d2823cfd71710b3ff5cbb3f50a6aa29d1696e1651fde5c182b5f1fee2fd189c87f4103767b0c23b0693e16e5f", 0x89, 0xc935, 0x0, 0x3}, &(0x7f0000003780)) r8 = syz_open_dev$admmidi(&(0x7f0000000340)='/dev/admmidi#\x00', 0xfffffffffffffffd, 0x4000) ioctl$TIOCGSID(r3, 0x5429, &(0x7f00000003c0)=0x0) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) r11 = gettid() ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f00000007c0)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003000)={0x0, 0x0}, &(0x7f0000003040)=0xc) sendmsg$netlink(r8, &(0x7f0000003600)={&(0x7f0000000380)=@proc={0x10, 0x0, 0x25dfdbfd, 0x1}, 0xc, &(0x7f0000003580)=[{&(0x7f00000004c0)={0x2ec, 0x19, 0x100, 0x70bd29, 0x25dfdbff, "", [@nested={0xc, 0x7, [@typed={0x8, 0x91, @u32=0x5ec6}]}, @typed={0x4, 0x5d, @binary}, @typed={0x8, 0x8f, @pid=r9}, @nested={0xfc, 0x27, [@generic="88bf08711ca57db4c041ab03df1acf19e85a69d3e334f8baf13f18da0f1f6d543ef702b611dc1cd5078bc681b6c536f53ed4a60d353d7b970edc351cd1c2934d86deff64b21c83736d26d1ca5cad7056e1957ebc31a74565293326f9315c35e88016f4591e8f07f653ea376ec089d8317ba6a042ff3fec6c26862e1272bb5c9b1acda819f0787f90953ba0fcd5503544202cf11ab7dfd7b97fed16da41e853d175bfa8a3bb3db9c287c5af40bcff9af4ca88b9b3548a77bf613eb96b66fb16502496ee4cac1b7c80e154b8c519152457aebd33465bf1e7d5eb0b9d6cd8c559a0038f5eeed2f1c9e30deaed21c7f2a9ffb27ff0412f2ecd"]}, @nested={0xe8, 0x78, [@generic="4be837f02f8bcf5806ad7a226a9b9a864f579b6203b5ee4dbeeb146203d134b2c630afa5bbfd4775f51addeb86b87123cda154ebf601993b71139e093883b689f3ade564df969fe3dc5ec500c57b61ffc54a1a86a436edd6", @typed={0x8, 0x7d, @fd=r3}, @typed={0xc, 0x53, @u64=0x6}, @typed={0x8, 0x43, @uid=r10}, @generic="12096c48c32236bb256d475a651319f13784fdf7e0dbdf07ccf2412aa24bd156f1445b0e86bf657c8c5407e24961fa654fdbf66ea3e121d441617434a0cbb2420d92264a4c5199cba177cb6ff9e4ee972f0fc8", @typed={0x8, 0x8f, @ipv4=@multicast1}, @typed={0x14, 0x8c, @str='/dev/binder#\x00'}]}, @generic="61d89754e38ac69e524bb903136f9465c8c48e938384c6afe7660a7350bd1a8fff5f008d91848a77ce4358fb99771e2e71ca2cd3a58cfe53ac69430afe16eec9761852d3f5af15eeb5d4d760eda3d35afecb2108dd01cf1e7a4663c5b7c04ad7564ebfceec7ea542fedac85039ccf0e898faecd26d4fee901b890463a6762bd3c850723443e6fca52537005d94208bf57f350e66106982bf4ccd489154c604fb9d34cc5376bb88cb36905c8defc9f4cbbcf5ae70f4b5a43d4605132dc6239e608bcce74b4a63ea157c1250b4fa1490ba7adda00591da355b1008a80254d430"]}, 0x2ec}, {&(0x7f0000000800)={0x12a4, 0x13, 0x100, 0x70bd25, 0x25dfdbfc, "", [@generic="23891fd766e2e4d48b11659413bbc907d32b61510738153d5db489736e796aaab5ed5a7ce0309f4230c9bac3396ad23fe7ae1d34d3ec76714db94ff567723c77", @nested={0x1218, 0x2c, [@typed={0x8, 0x39, @pid=r11}, @generic="d76c34685e6029e9070faad2321ebd6ec5f9c1e95a553bd540a50290b69df8b8044a9ccb2084347f9e36d7874cd89c9008be4e09e457118851901b389999063429feb8b9c5f0041667242c64e7753025c9fb63b02d533c06a352dbc64a640848075c248e192a8c173c0290d1793a2b97b0dbbc59bc6cd2b3198b1425ba7ab89e86f43ae0d44ad590f4c66b409d44bb24de7e8ef888567046c100980b41b3f7b22ebe303c9f8542a88337817270dc82bc90117a7a64327568a33a089db99bf5042b02397b3d4775dbf75f31f6ebe7a3", @typed={0x8, 0x54, @pid=r12}, @typed={0x8, 0x7d, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @generic="fb99a56a70617d7bcddcc3302ea43cab1a36f4989bfac8ece226d8d06d1a1e23ef384d6d24fa4e7adedfb3a484fdfd2a2ebb2629cf767071ac83882c077ae28662c66607201122fe946dff3d25687c263d6c60", @generic="c096c6c02391ae87f21ba8bf087b18bb319dabf87e057d1a2b001654f0e10248f7fc68191d33c607f477f065ff60004ef19da26977d9518c72bada05ad1ebb03a1f13dcc95ddc20efd946348b7c2134be16f44df3c7d525d26fa0ba8c26e236ca030552a80ee884aaf38947be2475df9c6c4c71d8be5b68abc97ce2bb07f08a33e0c177dd1ecff08334bbf1834541cdce2226f42f459d7b167077ea94ea2bb490728f3a3ab2741826c8d429693e7d9f7d59d6315b2cc18cdb09f0fc5a17996d2b285b4e21a20e5b817ab2485e1aa85f677a81c8169099927dd588dc178351c422e22675451005dd3f3659d6b33f59d2a0132e9294cbfe65cab0e4c6b5e2f30b85537247251ea76bd141eb50c43cc675d7d20c0b0c7323b81ba10d91684023c011586d9813824080ed1c9f9cf593b7ece687c30e8b7540a4e53cd13816ebdae093249ae2aba08f489260bc00e2fabd774c891f65434ba0926f672c58812b225c37834ab4b828e5818a78b0354b01f93b286cbbd6c67827f5ac4e9642b2bbe04b7b532967b3716f9dc4536506db2a4b9e97788e1a87197573fa57707e3f6b3e315653992b504f5f2e2f31bfe31d80cd2f7e98c6b9b27e2a9b4f34810ff26a561535b0813ccb8ecd4b6874c9514f0a4b2110ff9fb90d97952dca3ff4e3dbb3ea280e31ad39972450404596b01f177a7b3fa6f2b7614f154d293fb44b961bb0bf2d5ab32102a31b4dc73b0a6a8f2d6ce91ad332213e8a37f8fb2682f55aaa5dfc62f4960479981344d59a4a9492684a9fd8b7cf4668c25bd210639ff851ff829b1ee3f15ffb814bfceedd4b69479888fcfd108c7b6ae68e07171b06378204124cb970b8f5119e5e342fb419e32cd042a6e5760242c2a5000a98418bee0f435b2678aafefe4da9f2d8973d1b44f638b2b0cf654589b0e5488a36c971f3bfe8c6da75adbb455778534a654d408c0bea60afec585aa18ce32565219ddffc3c0a0fc7973283fb7eb8ab02d58ed87c3f247839e281723259eb16f77914d56784593f947f11d2777cc7cd981852762188392d81b84a3535dc8f349f76c0bd8154f9433f0bb2363ce223b33d63e213ddb4d499502c8730f47c2f749828d13bf6c4a6c6ca14333e7052d088838a75d8cb437552bd63ed866e2b0a21b5b2ab1316ac15ba0ec2baee349b78c8291156bd66ab9159653b321283f4b78fa1b79fc2122f2a9b84824092c390799de9d858f6670bceca88249b8cb40184c2064fc0b1ab5b6d0402c83de39a5654e580e7a4e118d392fb480d006dfd79c2eaa7bdd40e536be213a343f3f038355174912c977572e6baa63e170ecd1088a328e5a9dc79991d371cccd77fa30f59b5d8b6ffaa4e05374df33af003ee5ab1e6e090af14252b3eeb04b3a545aae9e5db5ab4cbcc89ec32aea4de2be7affcfe864d31827fd2e460f3775ed80bd360961bde52cea870909ed5c672bda478efff604e4e7c986323d02f2abe85ed086db00afccff0ad9a8d35cee1f7db03d2e78dea75b65dba7acca6f76f8abb958abff55f6a71fb595b323e2680f9a5b5624f83a0b5e168c5a253726c4086bfee531537000546ecc1fa414f8c13a667b471c14dc87299106b4e511159bb3d8ccaaff65c14d997a08a555413960cdcca97844c6ca236f5f4779d3318662e1a2c0e60698eb5bfc985093d45fbe4df10c3d06f6b2eb3688bac22df0776f8f76fbec003debed6d748a9c3cf96795fddf232e9b275a469b061087b884d4892647bd5eef22c04b4cf87cdba692b63f1abd428facf6bdf3e55817e3dc039c4f9791a8be73cf77541d0b28ec2fbeeced19353b722bd6053cb80ffe09e94bcaa9ead6da5419ff7a89a6313dd5514a24848591d30081f5248d70275d4d6051ee675635109ad7b4faf4b729e18c3ebf2f5d47917d4f0cb673f29eed132a8dab03b71659cabdbe2546336ee29d38ca357281bbc7d0de0d2df34aba82e1818b8cef8064627d99634c4a1d65bfd0ee93691d664072f1b0328cb007dca9c42c3a10169dd94cf97a8dc1fb534db485ca1ee38c461cb594c4e8255111e677759471b5c708779516156a3ffe4ccad30e4a289dac641711bfb3b84056380ed17196b7f1b037d62a620268418ca99faa805e9946bd043da618c43ec6beeef6c8d5bdc1dc50d87a4ffd81932f4cd53cf8218f3a0a6e47b3790294907c59a9e377a8f086c1915db9e6ad35a3217162c72709a3ea3dbfa9dd99d61939c51de992b02380270439d5d0c0e52eaf2052d938bce326ec247cd8b439f48a9aa79d5fc7d050debb85ce66d335123a85161831d8cbd89b3497985f1f4134124cbd1c4b1855ac236a0737652ca325a065e92da217ba8cbb295fe9dd9fe112bbc7dc2af279ca9b779a5dd9935eec2b4a5c31e1a6affc5e5adf5df37fad74a7509f85fc07b26441dff05609514f87b47af53c9552665443953985ad8843de115d327e1b86755bdac33039b34818efdd69b31d02a3d289da16ebf82a1104a2d3db462e0bb019fef2f932cacc20e6e067fecad7b21aeb8e186892209b9ec9868c0378461b825df6ba4e7fb279febdae6603d27b6ac71d6d13e4eaed568f3ddd15495cfe680c68d8afc227bfc6e5f19bf8c53cfa1069e10f8cca12dd445393125092246d13383250a0c02a8974136a5cf7685a11fcba6af0bd809ca872e79c0ea83d118b52d040d7d5c2e6fe408335f9954d11c647c27d552bfd6e8f8bbdf700a4a69689769dc97508ed0d17c73f12b07cea6fc2d0e21c5a56da37caba2024db3c3800d0248093c227ec05e21509d978316676e6b96ae94f9d0c1462d7c4181f66c2a7e9874fd548d6cf21280612eac17775a97c9c814646496d2c4da0f4ba0aa010f66325df4c96b515270296045dfd1c609c428259649ec910ddbf11e8d67ba44f231ce8999161238a1e59291334df9bf6437793e5566c41e3ec2c1691107c621e4329b478998e03cad69b252cb9a0df7d8ae9a707b7e9374808e5c3038c095f378cfbe80731b7cc4da663b5bea29094e4c170424f3054e0dbca98d0278d6cf187e4b4badf3112e043422e062cce4a434b5f82ed19f84a7abfffa6a81e1d0c12cf132fb0d972a1d55202a7655c7edc2e54c7e963af5aad9bf41189ef7b78073a17920c2197b26c38126006318e563616c24e1801fc4b6b5d5b839e42344a0d8b7e249231d1c0957308144bc804683dbfcbabd58c9e0a6203ff2e0a05a6f4fd7c3f51d46f154be1bee4ca05e0ffe0e654fc41d709d4dbabf194721a814478054dbce6994934bda57db966e71060708af59a8cb96e4feed5f65c0fcce16cf1453dcd755ffd0941302f711d9f742e81eee6153c45cc870273a5efc301ac29cf8d7b26ab9699c006a9e26a13d405aae4f3082a0e3f15d4964a205e6d42017f442f940c2bddf2a046eba3608d43978dd5f36fc3034e7bd84d45f7cb3198bd430ae393a04ac78f56f2a70ca17fc58b9ab915d14fc9249991e9fe6be83047fbf86ecf6f52c1da219500fa6dc57d859d59d8706f95298ec68c8870edd5bad3eece9cfe74274da1e941d3202e445ac421782edf5b9d456b54af27eb93e197a008bf040de4555522735613124f1117f64a185671e8eb0221b78b6fa2bcf5ae852604db1d1f55cd65579d970298f67788235bbcaa6cc3a29f0333835ab2911c3eac2980d74d9d8313094397c4a4188416dfcc2d68bbe74a12e0434f8a9d5cbfbe932e3821fedc796224191eb789ccf15a050a27ebee18682eeffd5ed0bac02924bcdc2589432b46f7d9a735b9d43eb79655355fe025d784bec2480c88cf8f8ca4d5a70a3711b3ecb8c714675010ce6656c577e3e9601d89f1ce463f29ef148743c918a4184c5e4ab22bca48b54c124be6059e8903b331c2032a52e9e0d6385e4dac2bc6c9f85449e46df89e69b42f04c0ffbc18e04ad3aa3bbbe18c4de02dea03e23e8441af6eccf545c750fc3e9689fdfc869c3261ab3fb8d2cd03af06619b0771c31f91887af824b96af8a8b41dfbdf137d3bf2df6d6ece62a309f45d1b95b9bc6d6948289056d470c3c8f662c6dde54215663fa2f9730fb113a59bc4d3238abcd3caa9a80dbcb9282b250d6f68619fbd74148d1e40b4833700c50f4bfbe6739f7e1075a8d4b1b262ada3db8921a73a852d661a23cfe5b546c77c2c15e40b9902467b9cad9b3781c803783bfaec2e00d35696f14d4ef9b93fc9880c40d4cf128094045e100cb322b2d5f0229303e88cedae0cac425b9d5f86c1146814b9544d654acd1d0fdf0eb4a3713e8c40637cf5da821e368cfca2c4bcba3d9634e5c8c10309a0ab80949a3991ad8898ef5ff3769d9b545690789265862ec5bce56edd85f66a550b842386604ed2c8717483e6396149348f26b109bfb042dae67e6ff0e9adb07cb01a2c0f571036c33739b8e0b632eb4dc5e56dfcaa8497af5cd8fa66e5a546224b95f81be665c525f5acdbc96da21244b295aa2f734598cde1031dee88a4999133e3eba60b20ce025d06c3830ace5b297c394a74b4e5e508556da65f53630504b4b8a6e2eef9dd8c20449afaea6630af3784f8ad17c4178e1697b9aac22e0c7894cdc6b01ed35d8111d9312ed41da780f276793aa32011a5aae2bd28a568123750d889527607bb7be8a7cc50aa83c42af3f5939dd1fdb0fa0d1ccc08519de4ba30e979b46ad9240b4e649a3c8e38e7f301c909866980d1d678ac76a2bd8f41b4a0b4da2abe30cfe311ce3154e3237f6d093c4727b1b338b29eaad2d1936427132ce36f9576b74eab8e16822ff0a6c690c684c468ca399c83a46423bbc3f5b72cfc34b1634171d594edf262f8626c417884f6d4b0edb469742c5647e33b31c2a3cd2d8dcee8dd3d4082fefffd0205e08b71a151b908ae29c360799b7d407738a3510d8f1fe578aedc6b1c4a8ba168ca45a7ad2bb694029f7850f46825b6be30d9584440b2d543e925fd7ef9586836439996d48249e81e996ccd0dc0a4cd532d1d28c7282b9d50c3ed2ecb8af7add2cf2d5a20bd3f993e83e791ccb36553f1fe61d88f2c1565d576ebf4f94bcddba834d5077fe233f33461304b2233adbc223c46040e7c2c383e70f46a7b9503906b9bedf7fc513ab1804438f8cb237eba2df19d7de84bfccb22f1c5f30226c8ab16825e9f2886335231f5e5df73de4433f94771115b1efef977c23473035899595e490dbd75c617e96f37917a5bd0e7eecdc24dfda77d35ffbf7cdbe8af3d8144846552c97f364c7f2bb723bff1efe9aab28290a59eb0a9ca3e7260fc185951af2cc5fd88bf0939a37c270ab566823030e88b15db9fc9121c592794252cbdd6c8c802e36e0373b3f76e11cb291b6d82fd01c8777c817b8d6ab620f6729091ca73297caa56733bdc118358195ad52ade5bb3d783e50102ac3876caa42c2cc69dcb83a136e5d03c44d97d638c83ada40dfbe720c8a3ce2f000650b5730a7d5108ca64a22fbd7d491f4c4ae41ad727a33a6ca2a3ecc6804ec8416dfb2de0c41cce017f58e59211861cf97b1cfee1bf0b776690d0b34719dcf10c763d43497ab06c7c1bed483a1be2887ecb4e3ae1eaa615289a13eac198a08547b9534960abb0b40a6e3bcc8a45cf2ee837721b85bb80d0e56c9791353814ad03cdd6463a4221df90704348156a067ae266c216c520d41c476659c2313a234bab781114fd175ee59d72600f0cb050b7c686cd54eb6d0ff8078a6bd010fbd25c9135af93ca29186f88dd8d3918ce3b833c937a81700d0dd241abcdceb7e5922054bf5fc435a560cc4625f97e3111b8", @generic="ef1b9994517d5bfc5df97a25821287c3a3610b7d060c433f81b69d2518171fa0bd8281ca211f5cf781cbf6e5a9e670103712e5611f510d3ccffd0c83c0e807c5558cfa932a6fbf00e03074bf27ecf1706611f82c8ce61f9a66d8322a4cd0256ea788667d276c8fb961f156b7471ac7eebfb8b676ed3681c4880ae613d251058cf24b15842a6be1fc0bb9b5d5419a50dafc651eac842ce768ca37babc6c67dff9b3b6ba188655d9d7e254a4336800f1a59b361a1db92d7b90741637f8510cbae30a8c70cefe4cb260bf5eb789e54f774362b60328ee547d6c"]}, @typed={0x8, 0x38, @str='}\x00'}, @generic="d7c97705c2aff4779aca5fbdfe07a8568ec11f359d7cca152ab8d591b4d23bd41dfa23d4f0d66c1548566b19455edfccfdeed9"]}, 0x12a4}, {&(0x7f0000001ac0)={0x44, 0x12, 0x20, 0x70bd25, 0x25dfdbff, "", [@generic="c1ba69c92a91e8103f7a05e4c0b5ff0e2ff85fd26a81b9c130f6f36136c601b103006a55fdeabe9c3988ce40630aa6622b"]}, 0x44}, {&(0x7f0000001b40)={0x1488, 0x39, 0x30d, 0x70bd2a, 0x25dfdbfb, "", [@nested={0x2c, 0x16, [@generic="2924ebbdb71b125197ad78de1c3cfc316a850370c71f1d6f86bce6cb40e07c20c132e2c88f"]}, @generic="d77d99c60e2c6a37218209bbee2d49a387b7ce87e95fe87284f9d4c015fe136e64f54c1f5e8e93b0a699a2346653839dde435a6b85c6b9976fe7a62457c9d991b10ccbaeae91c72c889d730315e147846eb1ea5bbe2a5882584f72a4b12ef0c8cf4b6aaf2f2c5af595e888e19b45cfcd739cf01548c1073d20e4d63f17a759bed0511679c98d603748dc86a0fe63f1c6b7a5ddd04eed03160a3e8cf2515ab1ec84c48ac40db70867c5a97cc850f601", @typed={0x8, 0x1d, @u32=0x9}, @nested={0xc8, 0x17, [@typed={0x8, 0x51, @fd=r6}, @generic="653aa1122ccb6b555ef129e3ab7c7ed00ab2104486238f4e3d9e67d3e785a5a37a58d715bdd1b876d4b7a183d58af896f20df7b3a6519a614981298225b85a41ef618c6405c7a7e21fe52108a8834f7d94f7b1e03c8b4db9cfdacbd445d21549ac37fc727a16baf7b706de35ff07bbe0d6519c6237986e00d1e3bec7aeb83a01962ad550d4c27399d06abd292dbd742e8071acccdf81e77d371020d2b3089eb11408580a924fce1c9844785f9f09bf5cd19ddee3", @typed={0x8, 0x6a, @str='\x00'}]}, @nested={0x4, 0x17}, @typed={0x8, 0x32, @u32=0x3}, @nested={0x98, 0x24, [@typed={0x8, 0x48, @ipv4=@multicast2}, @generic="0e717510bc20ba8b2b3b10c5d2f011cf2ea6fe377ab1a3555d21cb02447cb5449547759630947362916c0661f29339a8663d6d433bde84ea2d36b069f188afc937ab5b004aa847a6f02716ab4b062edd20d8f1a367d0d857a025962596e883df8a6a73418d779ee665721f11203775816174a7b8e26e98589e9e507d53aaf082cf46b3323a6c3999342a7d"]}, @generic="75df83dba1093365f2b2ce1dd84f7c84d5db2372231834903e010c1720873945128ca5e7b379456ce2dd9455e12d5c3f31429c4f58adab8d70e5d36bfbdc9fe4e465c357cbb844023ba7c1fee627a9b59d240b0b40b580dca53a2258ef9ed5e754de95e68ea9f4c73519c2e527ea30ae754faed0c969efaa52cd4d1ba1b7d456914c924c925ae7fc3761e4e90c62db4bba9e2f65eedbbd1aaf064724d870e015cba347ac51b32222e6", @nested={0x1178, 0x87, [@generic="0316c0032e7aeb5ef42ab3e5660d2db3d232e233fb4485f3409cf3f0a2edcc18d89d62fd79f9137271b30870fc1193f0a51453ba42093cc36348f5ccb4f4526c26b7fc689228a6db3cb7503a309525499f8a47f73ef21008e21ef7c2346e7675e999bddab68c13179f02d2a23d301d12d4b07d3957e5e42bfc4290e1c9620a3ade645a81f82f96632fad01a112478b4886542025a42bdd8a71d9119feba0469aa8671b7b9baaa793e2a5ee586ed826a1361505559f19d4f3c2adc702a4c90c16573a76d3491d96faf548bde3b713", @typed={0x8, 0x54, @fd=r5}, @generic="a864e9703ec4e4a597ffc713516e8f99564772c86b15f68288330f640794532fd9a12e75370df40326b343f0100f0b7b253335cccd49817da8064235733e70747fa3c48f539dbe278096b9128d04c0d193", @generic="4e0553d71bde74b630beb492590886d5a9c61dd476432556db2f751a32bfaf62958052c05e56442e40ff0467418149e9338e9d2f1a26b42e25269f54476719516a953156b2aa3d36ea5681c89a905462271b20bd57033d1d7906632bd6b1f2c0d3f2d996cee7e18257f224e18e3e7ac0c15abfd8565afe5e83877e6e7ce8a4dbcd0d2e69c880e35e2ac434914b49ba6aa64356ab31f47bfbf2da8f4ab0bf909da758b1dd7278275287ef255362597183afe567cd8be5c100fffcda23a9731c2e73796ca6a47e2771c8ef939ba496fdf3a5115019da77d1e44b5b72e916674a223c6d27b6e84d9e739e855fba4bee9c24771f16cf994abe168b058b03c011feab8b8bfea3108df9945e47a3ef3681a50d6dfd0c9afbf34f55ccfb61fb3eaabca9f88f943152680e110e7c2026e935d57065c4fb3e1e5381f814a60d321b14b42b1d2ed323235ac3a81fc7136b6d1f047b4ee38f45c9235e46a6e76714b83fa5a81c69255d81bb4b32e92dfab597fd69ef29661a80720b9e31bd8787492a2dc9c2b7004dcfe13979f521b7f6f5e4658161b6839942816782b50067f451a41ffa37a4fd293ad72d370bddbb3c9a848e24ea1e9f884841a12628f49936b09be8ae91a953114558fdbfd39fea9c21bd51db38a90e23143a862315c936c8b93cdbab0248442a240d9d2499e7f0247fff6ea2c0f5868abeb0de955b565598607d241111a6713f01b5fa64d68bec573367aa823c706f3196a3d8a04b03ede0f936a94a1123648094ce0b5856e91f2a3a9c6c1ff4b7ed93bae495581e211af745591e02a3b9e742a3456088f437841b8dd5dfa307c8db5554b9dc6d50addf99a636bc725381a1baaa243eda8e045a79c01c3e154e6e393e9ca0a61226615e482d75465fff6f7b2678d6b739df31c2efc8ca7417fc51552f67f595679e1cc00c3d5cfdb6ebf7e8da4cecbf9e6d0b812f8fe2f9822153c5bb803d144bb11141e6134c774ff7ddf836562f22247d1a187bc4ef16a870ec682b68a0565c425b1e591909622da845d878eb941de54ddafdc81303f74651469ff05b1988991773773ad43f900b4918a663fd36d8311d4a7ca8fbb9eea7c0f70e3fcbe777fa63d2650f00a783d8f6b5dc15d614ca49693a9689858f339def22737d5b0ca0f0a3b25c0940a2e68f5c61dea47b088209f7a380d44334f64379c2cfb6dbee047714fac287dc9ed38b2e93c77f66e2b370cb9850cecf28dccae0508e3cb69e7493a6896656b86bd8e70ede036a9004afb820a3818532634bb7c5c36aba44cc58b04d853ff40adc7e9f342a257853c2b93e87662f2c795d617905cf872da36f4a0544547396e7cf87a19e8b78223c3b894734df0cf67d10b566785ef778a861ce54e205a262a5f1b8d8607039370ca1194c7df951143e7e8ac3e32cdf1afa5316d2e6b4ce4f6d33fd2eea4f6fd9c889509476d2b011bf63637b29e9a0eea59e5c0025b7802c44e368805114085397c9a64b9a4e6f86cd5183bb8204d9f04f5c37df139f0250c5613b36e6344d978bf83039d793d6db08af44a784e2ec9c545a9dde604c3ce052674508eaea02d16cd553da020151f6ef86210ffb9dc55e223e82fe74b9794a057972eded44d1220bc1f6cb7cc6b4a0f2258acd9ffb71be4f255ccdd93a9bc7de5165ee70ac050e00a5554de7d2a1cccaea808668108079322f2f09eb66ffd66336cfb4faa7893251e24ad90a9fcd34b326e4d610d8c915c2e34dafa89328396bc470b4d5f484704f609bad86a4f46b2c1909b429b6a0a12da209b8683e058e713b3576bbcb062b06b9f183dd68e45d3266b51e81b00af017dcd402a5b8b9c35d36b25b58221ff71dc8c3da1b3d32441c5a8cd86db94071f4ed26e8a6b8a888902f7e2c015a7dc5856c4285b911681653bda78d7d8525a9b1139147ad4eceab1a99ba8ebf2b46e9d32d8bbb28dcf5379a410f06fff929ceb8e3d0b7ac6811529e725f17c5d8b39b72ec88ec390b42ffd93916621060c22c2eabb29a7dd8cff543d9b4e72e7d9fedc6d12e53715a0fdefbd495deb14062e1fc041c6947aa5a7d6b9d75ae1a308fe75ce6a0faa23c35cffe3f00b00588e340d0c675f06270f5869f8c0ef2b514425919719b6e522a185a9cb77b357740aec93da710e933c599ff48abb93ddf4e2ff363e6e1901f976b7eecd2b53b4542f8aa9b51bf36d850fecb2cba0853aafad2472ba02309e1b2ae37d3129c2bb9509bc859ec1ca5dfbe9fd736d432ed48a7f04d120d3aa3e2f7cde6061bf36258e17477199b3f283a8860d54950eb92dded5fed3202a7081a5d608d0f7d14e4776019eb88302db072a909391b02c2601b084dc0985e2e6a051beedea4212ee11c9fc803f8aacc9b8b3c5b08601570fc975df84e255fe5892d54b4d8a4888038c91b1af44764af8fa0ae3b614640dd7fc8b411cfb650de1e6b99a049048dad714ce08eb126dfe414b41b863a48712dedf5d7abee02c791f2b61711e8ab2a59aded26d2917f763f75a8eef1f7ab02a5ece17d4eaf6f92f4f8bcd49264e9c832224e5fc8612293efcdf61f6dceb5bc87afe2cf744a8ce52acad5a585b1f21190182b740f952a7950cc9d09ec1afc44c6721f3ec1ea28f499a34ad32accf13f885ba4e9481df01cc6a2e2e7863e223c91af2d5f0c7b310a1f1c911ee6933cfe6f6d42e8dd76ca07044dc0d420bec3c1d96d06975837b34c0a49eea4ee2594a8da2f1a5b7941aebe47d423aea37f0e234e2f3c9a644d703a2f85adf452aec507a2ed82bc06a961b7a793d8fcffce715e1640631004ed21d31fd86b96e6d6a25647dc79f282c9b287078b877ceb3fbc64a4734a007b019daecb1d1ff61a60745fd33e4db804da9ab4610ecb860c54c15f11882b8d149963aecab1d0b7cceccc40e0562c445f4bb38bfc3ca21652fe015f774d52dd462448c28d92092cef6c0eb56c8d38c60f451001d68d3acb2c243e0003462c6ece2906c6e7a3f7b56389d178793eb2ce07fe9139decc69e4d37278ab7d67aad3ddac03d1ace63a4e667210d777d7f12609a8ccf141f86d8fea124d44521968142f0917ee11e5ff6f0cf4d15fec92bda15fb123d0f2ea088e7c24f9c79623d60aa88c4fe86229ccf094aa9a0285a610b1127de9af636a0e0ec99bfeb19a7fdbe1a939ac09c0c2f039890e4c86438da07dfb8d1e4f84928174d002d965b762e4c6b31a28e0f10da7765b8f60ea46c112130374ab694a57597bfe7b75e45c6b9c46062939803d8f627f5eb0dd4198dba345815cfe133d6b5f0b19132da9c0a80b3e13159c92aa67d54360568bafd1c42de18f6d032cd741ad906638dd3ca26164e3b5110ca2f48da44bb3d74f97adf16dff004da0463b9091e8ac0f8b77645bbc017d769086319aa0fb48bc3baacdcbc77235ff3ff39ea305a81d1b2e98875aa76671958ef7bb179ef241dc24dd5d7e8e78a9598367baaeefeb8a083897d20cd07f8c88a6bd733dbe325a6e6482233a0d1f2899a8158b4411532eb7e72bb1b2051d2c448809ccf488f4a1069a6e1fdc67b8587341b056819611f74dd026f34925f8b5afd9299873376f9a64aab494d1bd5d0761d96fb515bb4bf56ab2ae1a825b776173afdbeff74bac29c48218d2de27a3ef68e0e113168b624ecf0ff382fceca833a22f1eeba90145e2bc697485399a8d08c69da31e31e3c1821cbb30221bc4a9e22d1bce4af738c8f1db97b17bf01a68bd4fc56db0bf13b1a07437611fd87e819964fc6af70b475ed5784f6bce91a01b4d31028dc2d4b1f2f94a1cb3f720a80e967dc2cd86a8d0f5152cd19b26bf20b7ac82966485f6e2ca177fdd28248aed5ca2b01f6a0bb16352745c81b2d684dad87d1ec18489dc2191a4d219e1e9cd0deacc2c6a55fcc69278c63f8e5f03a3d90ec6f935c9013a847307ee4aed8888f197c27061529655f0a305c8adbdb8b0eb84aad87fcb13a001b394942b41d76bdb66ea574a3b9982054ff58f6c38552b346ef44b221245fe05154828751d98adc0d1dc9c71a0a3044f15719b565281227ae73551f1b4b06d1ed247bb2120d769ff4da830a78eb0c5a73e50e30701f1352ec81d8e976625a472374367c0f41c17362092f7cf03fd133f71627db6d03cc21e00dd977739d65617617103221013d9d0b331e9c3acf49817124985faed772401387b99aa990f3339362df26873fd8aa2d5c9b8248bf1294295a266168a199189edaa42f65bfb9c9a1061ffd3e60d9285574f0ea4f21f2ad86a4ee07de7acb03f43ea0b2009f9026eb094f5d815b9aa0a4aa454f1f1e0a02cc54f2bcba76b16009bf145d81c0085417bac3e607fc98930770c5096f308d1d25c22f8164e7be58b0400926cd680abd63406ddba1eeb5b4860b27d54ef07cef2a61be39695faff6618441d4cc7223a15476242c1499ca61b2f970f7a8a27e7dcb836f26fb6f295c707af81a05da36b109ca8039221844dac903bcc69865e71509bfbc67f92d344ba268873d8e31a88768d41717138cc296a51a30db563e3d89cf91ddb78a749ae67d87ace8ce1ded7599a2f04b51d093ccde4659768f49147fb2a12c5a4e46317f360248f26d54a05dbe30ad9c7366398122351a6adee6743fb6f89b16ba177adaed388519b67c7d11dd2b56a93740755bed6c0acd9a6b2c9f783dc6590fed5d962b6cd3bb876e7c36a44452c53f0315873a24b11afe3ce64d7b6d72df03703a362ad96ced51fd02a63772e3cd9ff1c89cf57306ae8699c13239d73953cbec2c46a0f5ae74756298b41f99566d01e1deb972888a670e21d12dd1b0f0fff7afa882bc60817db8e2b289b714c62334722cefcb15efabd3adfa9bb062b153ce84db8bba1db5edfaf84648699c471e31840931597c2fa147ce7699de72997c4f25b4710a0a394c166d001aae3b43efc4f1149fc0f09215c3da78616aa7e3606a6523804eb72fcfd8d98037e3f92d2b9c1fb99388657f49224e88a763d60c0a904f88299f0bbc9e083457ea46c73abc17f7a4861dfbc4cfe90ffdfe36757af570b99098d396f6a46e9daeb00247645d88e8977ae2b6ff1c6aaa029580caa5cb76d81bb461de5426cab80687539b6aa14fdc989fbb1bc3ac1f549a995b158ac2386b05ccdb9635174e26b0bc3b8924cabf569cd0f0e634cd928f756519125610d3b351e87886d61c370675e8e8a59708ec8032a0037179e0be460fe85bd6962b1af2cadd2fc44cbd03de5b6ddc2e3e634274396196e1e304de67e770ba17c5a06de18a7ac5ab50ec136b6fcb0ff2aeae061997776a8b01e1fe94dadb9e0d624f4eee4d951ac91a97e00a9b822bfae10588af4fec83fb7dc835bfee99f7a0512648c05b6bfc1f92fd7adac5f18b8afd2f9762d63d33cfe712cc35be178c148eb530b2ee120dbad492edd685879126c0ccc614767eef2d1d75fd731d51612ea1b293ca67dd7d3ba96c611af7b0c63e672921b0693df97c39231d3ee7bd8ffeb214c8bab785c830358a188c7677b4a1bec202bdc6e328d663df726ab628f9f1d234a80cfcb83dc491cc2c0eb619a96be78513f94a8c1d3991d4491d53f1565b749a7926c66d89606ecbddb0ec376b4f94362cd39fb0503662d346d500853515820a5f7ebaea5735665877671c070a0084c7923c9afcf350026f1df499417c00f2964dbe9c43d7fbf8bad4a12e81f0643096b16bde08bb0a74ee35ea964be4ed4eaf8a542b0a0a39e968c07c0848264ebe92aa5201a4e82bb0eacbf164a47414f73c555bd3e0477d0c0d7fdc405c52d00453a65542af1", @typed={0x8, 0x5e, @fd=r0}, @typed={0x14, 0x73, @ipv6=@initdev={0xfe, 0x88, [], 0x1, 0x0}}, @generic="c84dbaaf9b26b96d238f778b9d9f849a61a416765292e84baaaca0c7d40c5719d002e8a167aaced2f973f7ba356aa8"]}, @typed={0x8, 0x39, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}, 0x1488}, {&(0x7f0000003080)={0x4e4, 0x2c, 0x704, 0x70bd2b, 0x25dfdbfe, "", [@nested={0x4, 0x1b}, @nested={0x278, 0x66, [@generic="160ec4", @typed={0x8, 0x87, @uid=r13}, @generic="fc541dca6f0d4897a68869f5b997c48fdcd07b778bc9158727a23509113c3b5b1ebed3eb7c0a7fcb26febef1c7424ccc7404907d4462bbc749712b30d45ecc34e7b496f0a925ab7ee69b51f5341f3ea6d782d37b0b308d853db108a1fca81d618b093d722a64e17b2a1aba4a31e2db95a0fd5fa0fa670fb3df68401d06a4ee71db820b8e677258cb543036feb8cea8f4e80562fedf50f9e1bd3adfc5d53f21235d7a7a578457a728bf71210d325850cf52b18a952176def7a753b88592eb66da72893947d9b73fd14964ed5d57f2e978eb1ced724fa96e00ee91ba8048a6815c941ba54c01bb0307b3", @generic="84e5da48d8072482ef79df6759110e52551c560224d05bda556b98533dd6bad8305fcede7f0241dba67ed1be4b9fcccbc2f293c99343fdb0e5dcd268d87fc2da00fdebe0cf74245a62eecbf06b2e4b381591f11c01752a825c8df7d388599b8f0bbe230ab3a640433abc0dca852aa5bd0cf100ca567ed1b7dab4944cd4129b01463e58bd0529a0c97aeae964df1503e4ef51fd2a185b0b0b5f11b156f42edc0572c4e3f3e8ac42e28b2c771ef8547670630df99a1ee510e9d442cefcd806ac93e46e8a73834c48df4f6007bcd0a415fd32083654fe1aff4544bc9d9864cbe32f102f8aea74d42d", @typed={0x98, 0x15, @binary="bc1ed513b7543dd3e704b23b7d112afe8cc8cc1e13688a0d97d4bbbb7c63d13ca617ebe5dabe4dad4c88f42451f71ba939d6249f4eb6121e4ea2014a4bc7e67250ca24e32b21468dabbc97deecf84932e81f0c515def934e7582d8e8c5f8a8e98ea3b2d82fb11d866c44d3e657e229599839c1db9a651544b9f68df711a7205fd071af508353b453ee1f5e54d080dc9ad2f6"}]}, @nested={0x248, 0x57, [@generic="9a777cd8151dd4f9b50f639e07ca273c1e712ea8d8506d1bd9fbc71f5fb1643ff9caa87e9cec0837aa5eba4a49aa90a2b3d01df1611b1961c80caee1a8a93b02d0167dc1be734331db31d78bee46e00e9ed7515dbbfaac546f7c00a4e8ead4ffa0666d806294c115f89e5853f2c95ccd20e846f4bafd260d981177b2addaf15ca06e", @generic="4d23c53b27fc2ea507140b4cb583c63b3862c4d165a165d11ae08a2b6aa4e280b0dbdf20ff760babf9f433c4b30360c319cd522b0fd7482c043d5f488c64d83420c85465a271585c07bec20dd1af0e11932cb8970a2f94bf9af03d5906fab5728e2c74eda2ebfe9226edc6ef2722a1ac182d22429e531fbae251e89a14209783db385258143ab0e31caa296269eca033780b9fe9213eaed61c5b19581fe7592b35de64ee625462af6b6f8749ac71e8c1d7a815012f885f07559b906c094feea83cd0aead9c1f49e2efe894bfd5401e8a385e2c96ba47da70de98dd39b6325d691a0c5daa", @generic="aa5bafb7f38912af62edc03933f0f2cec456d656673ece56de8e40f40a7018244692487cd024baed5834ad2a820ccc122cd70f4a604bd0820b80f5005c36308494e2496b75a03ed2313edd25073df38799cf25f375566f2135d7d0228ffef7dcfa67824e8a46192ca4523430de723a4614178321944a77c6f9f66eea054457b788e3ebe7580340d1d912dde3860cf08d00dc72b4ad6278ecc58f434f68d04a10b698ce4931ccfc3fa4d43928e5a789bd89cce2a3d14cf890530ba8bcbd6f8e8382bd733e43b2b7211a06cf437a321c4af0a77d17a7a87de398125bfbca"]}, @typed={0x10, 0x62, @str='+vboxnet0\x00'}]}, 0x4e4}], 0x5, 0x0, 0x0, 0x4}, 0x20000011) [ 565.644687] overlayfs: failed to resolve './file': -2 18:05:25 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(0x0, 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:26 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:26 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:26 executing program 2: futex(&(0x7f0000000140)=0x2, 0x0, 0x2, &(0x7f0000000180)={0x0, 0x1c9c380}, &(0x7f00000001c0)=0x2, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000280)='/dev/cec#\x00', 0x0, 0x2) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000002c0)={[{0x3, 0x4, 0x5, 0xc0b3, 0xaa, 0x5ffc, 0x7, 0xbfdf, 0x9, 0x2, 0x3, 0x7, 0x1}, {0x1, 0xef8a, 0x100000000, 0x800, 0x1, 0xad, 0x9, 0x9, 0x20, 0x1, 0x1, 0xa333, 0xb0f}, {0x9, 0x9f1c, 0x8, 0x80000001, 0x4, 0x8000, 0x5, 0x0, 0x4, 0xffffffff, 0x25f9, 0x8, 0x2}]}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f0000000200)={{0xaf, @multicast1, 0x4e21, 0x3, 'lc\x00', 0x23, 0x100, 0x4d}, {@multicast1, 0x4e21, 0x3, 0x3, 0xb05c, 0x7}}, 0x44) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x4040, 0x4) r4 = syz_open_pts(r2, 0x0) write$9p(r3, &(0x7f0000000100)="ae71dd6d6c3fca4929fbc6349d9a1d74d88a1044c0308e9e5f20837b8420a44c8958a049d4ebf8dce1ce47ff1a357ba82f", 0x31) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000380)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0x0) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) [ 566.044711] IPVS: set_ctl: invalid protocol: 175 224.0.0.1:20001 [ 566.062968] audit: type=1800 audit(1546279526.192:143): pid=24323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor2" name="file0" dev="sda1" ino=16544 res=0 18:05:28 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:28 executing program 1: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r0, 0x301}, 0x14}}, 0x0) 18:05:28 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:28 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, 0x0, r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:28 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x105004, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:28 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@multicast2, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@multicast1}}, &(0x7f00000001c0)=0xe8) setfsuid(r2) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/enforce\x00', 0x400002, 0x0) r3 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) sched_yield() 18:05:28 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:29 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:29 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', 0xffffffffffffffff, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:29 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:29 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:29 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:29 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0', [{0x20, '^+wlan1&'}], 0xa, "5d2eaf5cf877b82b8f271de52ab89b7aedadb0b1b6ccaa8e111d9de6ad84318db807230dcdb51c881269a349615508d6fcd1"}, 0x46) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:31 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:31 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:31 executing program 3: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, 0x0) 18:05:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r2, 0x29, 0x45, &(0x7f00000000c0)={'icmp6\x00'}, &(0x7f0000000100)=0x1e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r1, 0x0) lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='security.capability\x00', &(0x7f00000001c0)=@v2={0x2000000, [{0x4, 0x1}, {0x5, 0x7}]}, 0x14, 0x3) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ppp\x00', 0x200000, 0x0) setsockopt$bt_hci_HCI_TIME_STAMP(r4, 0x0, 0x3, &(0x7f0000000240)=0x7, 0x4) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) ioctl$TIOCSTI(r1, 0x5412, 0xffffffffffffff81) 18:05:32 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:32 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r0, 0x301}, 0x14}}, 0x0) 18:05:32 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:32 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) fstatfs(r1, &(0x7f00000000c0)=""/185) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x10000, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f00000001c0)={0x0, 0x77, "cd341f640338811ad17f9c48b1a533e9d467d43c0dd3473c9b6e5390c983d73c20ce46f0d027c8e38593df280e23a9d19d8a0795580d19ccfb993bdb63eacd20cf7be2c34d64097e56418d6f860864a5e3ceed3f1b7b3beb4e1a4227f7397e0940cff5954e0f968c10ba9e4d3564300dc0e5b510f7afed"}, &(0x7f0000000240)=0x7f) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000280)=@sack_info={r4, 0x2, 0x100000000}, &(0x7f00000002c0)=0xc) listxattr(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)=""/4096, 0x1000) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:32 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, 0x0, 0x0) 18:05:32 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:35 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:35 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 18:05:35 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f00000000c0)={0x0, 0x8000000400000000, 0x0, 0xfffffffffffffffe, 0x0, 0x40000, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x4, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffc}) 18:05:35 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:35 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 18:05:35 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:35 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x400, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0x8040ae69, &(0x7f00000001c0)={0x8, 0x8, 0x7, 0x5, 0x7}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpuacct.usage_all\x00', 0x0, 0x0) ioctl(r2, 0x401, &(0x7f00000000c0)="58797137786a1f806b33f71c874871f1") ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f0000000300)={0x100000000, 0x1, 0x3, 0x2}, 0x8) r4 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) getsockopt$inet_tcp_buf(r3, 0x6, 0x0, &(0x7f0000000200)=""/149, &(0x7f00000002c0)=0x95) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) 18:05:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 18:05:35 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 18:05:38 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_dev$usb(&(0x7f0000000240)='/dev/bus/usb/00#/00#\x00', 0x8, 0x882) symlinkat(&(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000280)='./file0\x00') r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x200000, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000180)={0x0, 0x4, 0x5, 0x25, 0x1}, 0x14) r4 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) socketpair(0x10, 0x806, 0x5b8, &(0x7f00000000c0)={0xffffffffffffffff}) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f0000000100)=[@timestamp, @timestamp, @window={0x3, 0x1, 0x1000}, @mss, @mss={0x2, 0x1f}, @mss={0x2, 0x8}], 0x6) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) ioctl$SIOCGETLINKNAME(r1, 0x89e0, &(0x7f00000002c0)={0x3, 0x3}) 18:05:38 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000240)=[{&(0x7f0000000300)="600084e002020000900cda40ff12d5c98f13", 0x12, 0x400}], 0x0, 0x0) 18:05:38 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 18:05:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) getsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 18:05:38 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 3: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000140)={0xa, 0x1, "b905"}, 0x0) 18:05:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1}, 0x14}}, 0x0) 18:05:38 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:38 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1}, 0x14}}, 0x0) 18:05:38 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 3: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x31) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @empty, @loopback, 0x3, 0x0, 0x0, 0x800000000113}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x21, r0, 0x0, 0x0) 18:05:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1}, 0x14}}, 0x0) 18:05:38 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x8c02, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000200)='fou\x00') sendmsg$FOU_CMD_DEL(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r3, 0x300, 0x70bd26, 0x25dfdbff, {}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x29}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x480c0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) ioctl$VIDIOC_S_MODULATOR(r4, 0x40445637, &(0x7f0000000100)={0x22, "b74a5c183c00893054bab017171a678d7d591387d88654da661fdfab0395c196", 0x10, 0x3ff, 0x5, 0x4, 0x4}) 18:05:38 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:38 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(0xffffffffffffffff, 0x80dc5521, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0xc0185500, 0x0) 18:05:38 executing program 3: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000003c0)) 18:05:38 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:38 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x181400, 0x40) bind$llc(r1, &(0x7f0000000180)={0x1a, 0x10e, 0xfc, 0x5, 0x4, 0xfffffffffffffffc, @broadcast}, 0x10) syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) r2 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x7fffffff) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x3, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000}) r4 = syz_open_pts(r3, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r3, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) 18:05:39 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x0, 0x0) dup2(r0, r1) 18:05:39 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:39 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x100000001) ioctl$sock_SIOCETHTOOL(r0, 0x89e1, &(0x7f0000000040)={'batadv0\x00', 0x0}) 18:05:39 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:39 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000140)={'filter\x00'}, &(0x7f00000001c0)=0x44) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x400000, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000100)={0x4}, 0x4) 18:05:39 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @remote}, 0xc) 18:05:41 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:41 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:41 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:41 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:41 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:41 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x800, 0x0) write$FUSE_INTERRUPT(r0, &(0x7f0000000200)={0x10, 0x0, 0x5}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) bind$unix(r0, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r2, 0x80dc5521, &(0x7f00000000c0)=""/227) r3 = syz_open_pts(r2, 0x100) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TIOCNOTTY(r2, 0x5422) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:05:41 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:41 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:41 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:42 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:42 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) msgget(0x2, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:05:42 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:42 executing program 5: mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:42 executing program 3 (fault-call:2 fault-nth:0): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:44 executing program 0: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:44 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xe, 0x4924, 0x1, 0x0, 0x8, 0xffffffffffffff9c}, 0x2c) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000480)='/dev/sequencer2\x00', 0x40, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r3, 0xc0205649, &(0x7f0000000500)={0x52cf71bbe5f4383e, 0x40, 0x101, [], &(0x7f00000004c0)={0xb909ff, 0x7, [], @value64=0x1}}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x10000, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x6000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd2, 0x0, 0x75bb, 0x0, 0x0, 0x0, 0x7}) ioctl$KVM_RUN(r8, 0xae80, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(r4, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000002c0)={0x128, r5, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x9c, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffe00}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5a36}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x82}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8001}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000800) r10 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x101900, 0x0) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r10, 0x84, 0x8, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f00000000c0)=0x5) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f0000000540)={0x38c, 0x5, 0x2, 0x0, 0x2, [{0x101, 0x100000001, 0x0, 0x0, 0x0, 0x110a}, {0x40, 0x8, 0x80}]}) 18:05:44 executing program 5: mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:44 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xfffffffffffff000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:45 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:45 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:45 executing program 5: mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x1000000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x60000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:45 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:47 executing program 0: mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:47 executing program 5: mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:47 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x0, 0x801) ioctl$TCGETS(r1, 0x5401, &(0x7f0000000100)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r1, &(0x7f0000000140)="ad27cd90e5f8b8ec7b3f059accf58752bfe0560ae8feee3ea5cd4fe706096cf1f1f9e3dae10e419983c4bbaa902882bc6d2af07b03bcdf10214cd3ac02fbc03b344d924cba64d28e1a2fc77d1d25f9ee695b79e265071dda960c6abf4427120e6a4f199871ae241f5fc871c00cf833c4ffc2db9edc5a7464dae1d9453be5753a0718c5cf776247593a0590dc82da93e85eff86e5adf42d67604aa2a632fe26ec4e85af32a1e54b0c7298a84d63ec320d0ee71cdc2b1b159c1c3770426218c6dc21250ad77cb33187b9230b0711f27e42", &(0x7f0000000240)=""/15}, 0x18) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:05:47 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xa00, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:48 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:48 executing program 1 (fault-call:9 fault-nth:0): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:48 executing program 5: mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:48 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x100, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f00000001c0)={0xa30000, 0x1, 0xffff, [], &(0x7f0000000180)={0x9b0bf7, 0x0, [], @p_u16=&(0x7f0000000140)=0xcef}}) ioctl$TIOCLINUX7(r2, 0x541c, &(0x7f00000000c0)={0x7, 0x40}) 18:05:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x3f00, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:48 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:48 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 588.304681] FAULT_INJECTION: forcing a failure. [ 588.304681] name failslab, interval 1, probability 0, space 0, times 0 [ 588.349490] CPU: 0 PID: 24745 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 588.356352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 588.365724] Call Trace: [ 588.368362] dump_stack+0x1db/0x2d0 [ 588.372009] ? dump_stack_print_info.cold+0x20/0x20 [ 588.377021] ? debug_smp_processor_id+0x1c/0x20 [ 588.381687] should_fail.cold+0xa/0x15 [ 588.385591] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 588.390733] ? ___might_sleep+0x1e7/0x310 [ 588.394912] ? arch_local_save_flags+0x50/0x50 [ 588.399510] __should_failslab+0x121/0x190 [ 588.403731] should_failslab+0x9/0x14 [ 588.407514] kmem_cache_alloc+0x2be/0x710 [ 588.411692] getname_flags+0xd6/0x5b0 [ 588.415558] do_renameat2+0x2af/0x1120 [ 588.419457] ? user_path_create+0x50/0x50 [ 588.423594] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 588.429114] ? fput+0x128/0x1a0 [ 588.432436] ? do_syscall_64+0x8c/0x800 [ 588.436423] ? do_syscall_64+0x8c/0x800 [ 588.440421] ? lockdep_hardirqs_on+0x415/0x5d0 [ 588.444997] ? trace_hardirqs_on+0xbd/0x310 [ 588.449300] ? __ia32_sys_read+0xb0/0xb0 [ 588.453355] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 588.458702] ? trace_hardirqs_off_caller+0x300/0x300 [ 588.463795] __x64_sys_renameat+0x9a/0x100 [ 588.468016] do_syscall_64+0x1a3/0x800 [ 588.471904] ? syscall_return_slowpath+0x5f0/0x5f0 [ 588.476828] ? prepare_exit_to_usermode+0x232/0x3b0 [ 588.481835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 588.486666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 588.491848] RIP: 0033:0x457ec9 [ 588.495035] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 588.513925] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 588.521640] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 588.528909] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 588.536162] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 588.543413] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 588.550671] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:05:51 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x100000, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x60, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:51 executing program 5: mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:51 executing program 2: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio\x00', 0x40, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000100)={'mangle\x00'}, &(0x7f0000000180)=0x54) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) ioctl$KDSETMODE(r2, 0x4b3a, 0xbf3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:05:51 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:05:51 executing program 1 (fault-call:9 fault-nth:1): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 590.977061] FAULT_INJECTION: forcing a failure. [ 590.977061] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 590.989281] CPU: 1 PID: 24764 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 590.996123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.005484] Call Trace: [ 591.008089] dump_stack+0x1db/0x2d0 [ 591.011749] ? dump_stack_print_info.cold+0x20/0x20 [ 591.016831] should_fail.cold+0xa/0x15 [ 591.020730] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 591.025844] ? debug_smp_processor_id+0x1c/0x20 [ 591.030524] ? perf_trace_lock+0x12f/0x750 [ 591.034795] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 591.040337] ? check_preemption_disabled+0x48/0x290 [ 591.045377] ? debug_smp_processor_id+0x1c/0x20 [ 591.050051] ? perf_trace_lock+0x12f/0x750 [ 591.054292] ? add_lock_to_list.isra.0+0x450/0x450 [ 591.059249] ? __check_object_size+0xa3/0x77a [ 591.063756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 591.069312] should_fail_alloc_page+0x50/0x60 [ 591.073835] __alloc_pages_nodemask+0x323/0xdc0 [ 591.078522] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 591.083562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 591.089127] ? ___might_sleep+0x1e7/0x310 [ 591.093302] ? trace_hardirqs_off+0xb8/0x310 [ 591.097745] cache_grow_begin+0x9c/0x8c0 [ 591.101816] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 591.107387] ? check_preemption_disabled+0x48/0x290 [ 591.112434] kmem_cache_alloc+0x645/0x710 [ 591.116606] getname_flags+0xd6/0x5b0 [ 591.120419] do_renameat2+0x2af/0x1120 [ 591.124332] ? user_path_create+0x50/0x50 [ 591.128488] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 591.134031] ? fput+0x128/0x1a0 [ 591.137312] ? do_syscall_64+0x8c/0x800 [ 591.141287] ? do_syscall_64+0x8c/0x800 [ 591.145264] ? lockdep_hardirqs_on+0x415/0x5d0 [ 591.149848] ? trace_hardirqs_on+0xbd/0x310 [ 591.154167] ? __ia32_sys_read+0xb0/0xb0 [ 591.158267] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 591.163632] ? trace_hardirqs_off_caller+0x300/0x300 [ 591.168750] __x64_sys_renameat+0x9a/0x100 [ 591.173007] do_syscall_64+0x1a3/0x800 [ 591.176930] ? syscall_return_slowpath+0x5f0/0x5f0 [ 591.181863] ? prepare_exit_to_usermode+0x232/0x3b0 [ 591.186888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 591.191789] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 591.196995] RIP: 0033:0x457ec9 [ 591.200189] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 591.219103] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 18:05:51 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x100000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 591.226816] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 591.234136] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 591.241426] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 591.248697] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 591.255975] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:05:51 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) 18:05:51 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xa00000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:51 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:54 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:54 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000140)={0xdeaa, 0x7f, 0x3, 0x80000001, 0x2, 0x1}) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$KDGETLED(r1, 0x4b31, &(0x7f00000000c0)) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000100)) 18:05:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x300000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:05:54 executing program 1 (fault-call:9 fault-nth:2): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:54 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 594.000883] audit: type=1400 audit(1546279554.132:144): avc: denied { map } for pid=24801 comm="syz-executor5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=15330 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 594.014586] FAULT_INJECTION: forcing a failure. [ 594.014586] name failslab, interval 1, probability 0, space 0, times 0 [ 594.080644] CPU: 0 PID: 24808 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 594.087500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.096853] Call Trace: [ 594.099455] dump_stack+0x1db/0x2d0 [ 594.103095] ? dump_stack_print_info.cold+0x20/0x20 [ 594.108128] should_fail.cold+0xa/0x15 [ 594.112053] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 594.117165] ? ___might_sleep+0x1e7/0x310 [ 594.121339] ? arch_local_save_flags+0x50/0x50 [ 594.125948] __should_failslab+0x121/0x190 [ 594.130219] should_failslab+0x9/0x14 [ 594.134041] kmem_cache_alloc+0x2be/0x710 [ 594.138222] getname_flags+0xd6/0x5b0 [ 594.142083] do_renameat2+0x31a/0x1120 [ 594.145996] ? user_path_create+0x50/0x50 [ 594.150164] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 594.155701] ? fput+0x128/0x1a0 [ 594.159032] ? do_syscall_64+0x8c/0x800 [ 594.163008] ? lockdep_hardirqs_on+0x415/0x5d0 [ 594.167587] ? trace_hardirqs_on+0xbd/0x310 [ 594.171904] ? __ia32_sys_read+0xb0/0xb0 [ 594.175970] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.181337] ? trace_hardirqs_off_caller+0x300/0x300 [ 594.186618] __x64_sys_renameat+0x9a/0x100 [ 594.190860] do_syscall_64+0x1a3/0x800 [ 594.194757] ? syscall_return_slowpath+0x5f0/0x5f0 [ 594.199700] ? prepare_exit_to_usermode+0x232/0x3b0 [ 594.204723] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 594.209588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.214790] RIP: 0033:0x457ec9 18:05:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 594.217982] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 594.236879] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 594.244583] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 594.251854] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 594.259122] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 594.266393] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 594.273674] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:05:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:54 executing program 1 (fault-call:9 fault-nth:3): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 594.497788] FAULT_INJECTION: forcing a failure. [ 594.497788] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 594.509613] CPU: 1 PID: 24835 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 594.509622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.509628] Call Trace: [ 594.509650] dump_stack+0x1db/0x2d0 [ 594.509687] ? dump_stack_print_info.cold+0x20/0x20 [ 594.509708] ? add_lock_to_list.isra.0+0x450/0x450 [ 594.509795] ? lockref_get_not_dead+0x70/0x90 18:05:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) [ 594.526101] should_fail.cold+0xa/0x15 [ 594.526121] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 594.526135] ? find_held_lock+0x35/0x120 [ 594.526159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 594.526178] ? lock_downgrade+0x910/0x910 [ 594.532376] ? kasan_check_read+0x11/0x20 [ 594.532401] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 594.532425] should_fail_alloc_page+0x50/0x60 [ 594.532439] __alloc_pages_nodemask+0x323/0xdc0 [ 594.532460] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 594.532494] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 594.532536] ? ___might_sleep+0x1e7/0x310 [ 594.532566] ? trace_hardirqs_off+0xb8/0x310 [ 594.542527] cache_grow_begin+0x9c/0x8c0 [ 594.542545] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 594.542560] ? check_preemption_disabled+0x48/0x290 [ 594.542580] kmem_cache_alloc+0x645/0x710 [ 594.542605] getname_flags+0xd6/0x5b0 [ 594.542625] do_renameat2+0x31a/0x1120 [ 594.542654] ? user_path_create+0x50/0x50 [ 594.551029] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 594.551044] ? fput+0x128/0x1a0 [ 594.551062] ? do_syscall_64+0x8c/0x800 [ 594.551076] ? lockdep_hardirqs_on+0x415/0x5d0 [ 594.551090] ? trace_hardirqs_on+0xbd/0x310 [ 594.551103] ? __ia32_sys_read+0xb0/0xb0 [ 594.551117] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.551132] ? trace_hardirqs_off_caller+0x300/0x300 [ 594.551153] __x64_sys_renameat+0x9a/0x100 [ 594.551170] do_syscall_64+0x1a3/0x800 [ 594.560307] ? syscall_return_slowpath+0x5f0/0x5f0 [ 594.560324] ? prepare_exit_to_usermode+0x232/0x3b0 [ 594.560344] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 594.560365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 594.560376] RIP: 0033:0x457ec9 [ 594.560389] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 594.560397] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 594.570069] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 594.570077] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 594.570086] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 594.570095] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 594.570104] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 [ 594.787633] IPVS: ftp: loaded support on port[0] = 21 [ 595.180193] chnl_net:caif_netlink_parms(): no params data found [ 595.345780] bridge0: port 1(bridge_slave_0) entered blocking state [ 595.352435] bridge0: port 1(bridge_slave_0) entered disabled state [ 595.359662] device bridge_slave_0 entered promiscuous mode [ 595.504236] bridge0: port 2(bridge_slave_1) entered blocking state [ 595.511295] bridge0: port 2(bridge_slave_1) entered disabled state [ 595.518349] device bridge_slave_1 entered promiscuous mode [ 595.537409] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 595.684603] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 595.704872] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 595.712757] team0: Port device team_slave_0 added [ 595.718444] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 595.725817] team0: Port device team_slave_1 added [ 595.731016] IPVS: stopping master sync thread 18418 ... [ 595.731242] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 595.738753] IPVS: stopping backup sync thread 8303 ... [ 595.744019] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 595.813447] device hsr_slave_0 entered promiscuous mode [ 595.860699] device hsr_slave_1 entered promiscuous mode [ 595.930939] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 595.994294] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 596.011542] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.017886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 596.024573] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.030937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 596.095759] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 596.101932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 596.109927] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 596.119043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 596.138088] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.145354] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.154171] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 596.216848] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 596.223002] 8021q: adding VLAN 0 to HW filter on device team0 [ 596.231644] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 596.238927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 596.247165] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 596.255189] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.261606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 596.313935] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 596.322756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 596.330890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 596.338421] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.344827] bridge0: port 2(bridge_slave_1) entered forwarding state [ 596.377285] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 596.385588] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 596.397006] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 596.404041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 596.414975] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 596.422753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 596.430864] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 596.438734] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 596.494467] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 596.502480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 596.511575] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 18:05:57 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:05:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:05:57 executing program 1 (fault-call:9 fault-nth:4): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:05:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x8000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:05:57 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f}) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x400002, 0x0) write$9p(r3, &(0x7f0000000100)="9731c159ebfce75433", 0x9) [ 597.076941] FAULT_INJECTION: forcing a failure. [ 597.076941] name failslab, interval 1, probability 0, space 0, times 0 [ 597.118457] CPU: 1 PID: 24853 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 597.125312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.135112] Call Trace: [ 597.137734] dump_stack+0x1db/0x2d0 [ 597.141375] ? dump_stack_print_info.cold+0x20/0x20 [ 597.146417] ? print_usage_bug+0xd0/0xd0 [ 597.150491] should_fail.cold+0xa/0x15 [ 597.154387] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 597.159515] ? ___might_sleep+0x1e7/0x310 [ 597.163668] ? arch_local_save_flags+0x50/0x50 [ 597.168300] __should_failslab+0x121/0x190 [ 597.172555] should_failslab+0x9/0x14 [ 597.176380] kmem_cache_alloc+0x2be/0x710 [ 597.180533] ? __lock_acquire+0x572/0x4a30 [ 597.184800] __d_alloc+0xae/0xbe0 [ 597.188275] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 597.193311] ? mark_held_locks+0x100/0x100 [ 597.197569] ? __lock_acquire+0x572/0x4a30 [ 597.201812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.207361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.212903] ? print_usage_bug+0xd0/0xd0 [ 597.216979] d_alloc+0x99/0x420 [ 597.220267] ? __d_alloc+0xbe0/0xbe0 [ 597.223976] ? __lock_acquire+0x572/0x4a30 [ 597.228227] d_alloc_parallel+0x11b/0x1f10 [ 597.232482] ? mark_held_locks+0x100/0x100 [ 597.236730] ? add_lock_to_list.isra.0+0x450/0x450 [ 597.241691] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.247239] ? check_preemption_disabled+0x48/0x290 [ 597.252266] ? __d_lookup_rcu+0x990/0x990 [ 597.256415] ? add_lock_to_list.isra.0+0x450/0x450 [ 597.261351] ? lockref_get_not_dead+0x70/0x90 [ 597.265853] ? find_held_lock+0x35/0x120 [ 597.269917] ? lockref_get_not_dead+0x70/0x90 [ 597.274418] ? lockdep_init_map+0x10c/0x5b0 [ 597.278763] ? lockdep_init_map+0x10c/0x5b0 [ 597.283094] ? __init_waitqueue_head+0x92/0x150 [ 597.287766] ? init_wait_entry+0x1c0/0x1c0 [ 597.292021] __lookup_slow+0x1fa/0x560 [ 597.295913] ? vfs_unlink+0x500/0x500 [ 597.299734] ? lock_release+0xc40/0xc40 [ 597.303732] ? __down_interruptible+0x740/0x740 [ 597.308426] ? trailing_symlink+0x970/0x970 [ 597.312765] lookup_slow+0x58/0x80 [ 597.316325] walk_component+0x8e5/0x26a0 [ 597.320393] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.325933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.331477] ? selinux_inode_permission+0xdc/0x790 [ 597.336416] ? selinux_capable+0x40/0x40 [ 597.340495] ? path_init+0x1ef0/0x1ef0 [ 597.344405] ? security_inode_permission+0xd5/0x110 [ 597.349426] ? inode_permission+0xb4/0x570 [ 597.353667] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.359220] ? security_inode_permission+0xd5/0x110 [ 597.364245] ? inode_permission+0xb4/0x570 [ 597.368492] link_path_walk.part.0+0xa57/0x1550 [ 597.373164] ? fput+0x128/0x1a0 [ 597.376470] ? walk_component+0x26a0/0x26a0 [ 597.380796] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 597.385659] ? cache_grow_end+0xa4/0x190 [ 597.389729] ? find_held_lock+0x35/0x120 [ 597.393794] ? check_stack_object+0x114/0x160 [ 597.398311] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 597.403855] path_parentat.isra.0+0x51/0x160 [ 597.408270] filename_parentat.isra.0+0x268/0x580 [ 597.413120] ? getname+0x20/0x20 [ 597.416504] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 597.422045] ? strncpy_from_user+0x317/0x440 [ 597.426464] ? digsig_verify.cold+0x32/0x32 [ 597.430842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 597.436398] ? getname_flags+0x277/0x5b0 [ 597.440477] do_renameat2+0x346/0x1120 [ 597.444387] ? user_path_create+0x50/0x50 [ 597.448566] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 597.454106] ? fput+0x128/0x1a0 [ 597.457416] ? do_syscall_64+0x8c/0x800 [ 597.461394] ? lockdep_hardirqs_on+0x415/0x5d0 [ 597.465980] ? trace_hardirqs_on+0xbd/0x310 [ 597.470305] ? __ia32_sys_read+0xb0/0xb0 [ 597.474403] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 597.479767] ? trace_hardirqs_off_caller+0x300/0x300 [ 597.484880] __x64_sys_renameat+0x9a/0x100 [ 597.489122] do_syscall_64+0x1a3/0x800 [ 597.493017] ? syscall_return_slowpath+0x5f0/0x5f0 [ 597.497954] ? prepare_exit_to_usermode+0x232/0x3b0 [ 597.502982] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 597.507849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 597.513040] RIP: 0033:0x457ec9 [ 597.516255] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 597.535160] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 597.542884] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 597.550152] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 597.557420] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 597.564686] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 597.571958] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 [ 601.113534] device hsr_slave_1 left promiscuous mode [ 601.166028] device hsr_slave_0 left promiscuous mode [ 601.234942] team0 (unregistering): Port device team_slave_1 removed [ 601.246362] team0 (unregistering): Port device team_slave_0 removed [ 601.258923] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 601.298042] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 601.389184] bond0 (unregistering): Released all slaves [ 601.416579] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 601.429757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 601.437460] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 601.472596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 601.480524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 601.488159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 601.512016] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 601.518040] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 601.535567] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 601.556571] 8021q: adding VLAN 0 to HW filter on device batadv0 18:06:04 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:04 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:04 executing program 1 (fault-call:9 fault-nth:5): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x6000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:04 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x101000, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 604.686493] FAULT_INJECTION: forcing a failure. [ 604.686493] name failslab, interval 1, probability 0, space 0, times 0 [ 604.715838] CPU: 1 PID: 24888 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 604.722687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.732043] Call Trace: [ 604.734654] dump_stack+0x1db/0x2d0 [ 604.738332] ? dump_stack_print_info.cold+0x20/0x20 [ 604.743357] ? mark_held_locks+0x100/0x100 [ 604.747609] should_fail.cold+0xa/0x15 [ 604.751508] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 604.756656] ? ___might_sleep+0x1e7/0x310 [ 604.760816] ? arch_local_save_flags+0x50/0x50 [ 604.765406] ? mark_held_locks+0x100/0x100 [ 604.769659] __should_failslab+0x121/0x190 [ 604.773904] should_failslab+0x9/0x14 [ 604.777733] kmem_cache_alloc+0x2be/0x710 [ 604.781898] __d_alloc+0xae/0xbe0 [ 604.785358] ? __lock_acquire+0x572/0x4a30 [ 604.789598] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 604.794619] ? avc_has_perm_noaudit+0x418/0x630 [ 604.799309] ? find_held_lock+0x35/0x120 [ 604.803394] ? print_usage_bug+0xd0/0xd0 [ 604.807465] ? add_lock_to_list.isra.0+0x450/0x450 [ 604.812404] d_alloc+0x99/0x420 [ 604.815727] ? __d_alloc+0xbe0/0xbe0 [ 604.819463] ? __lock_acquire+0x572/0x4a30 [ 604.823703] ? find_held_lock+0x35/0x120 [ 604.827789] d_alloc_parallel+0x11b/0x1f10 [ 604.832047] ? mark_held_locks+0x100/0x100 [ 604.836310] ? __d_lookup+0x560/0x960 [ 604.840120] ? find_held_lock+0x35/0x120 [ 604.844188] ? __d_lookup_rcu+0x990/0x990 [ 604.848365] ? lock_downgrade+0x910/0x910 [ 604.852517] ? add_lock_to_list.isra.0+0x450/0x450 [ 604.857532] ? lockdep_init_map+0x10c/0x5b0 [ 604.861900] ? lockdep_init_map+0x10c/0x5b0 [ 604.866238] ? __init_waitqueue_head+0x92/0x150 [ 604.870912] ? init_wait_entry+0x1c0/0x1c0 [ 604.875146] ? __d_lookup+0x587/0x960 [ 604.878984] __lookup_slow+0x1fa/0x560 [ 604.882914] ? vfs_unlink+0x500/0x500 18:06:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xffffff7f00000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:04 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:05 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 604.886723] ? lock_release+0xc40/0xc40 [ 604.890733] ? __down_interruptible+0x740/0x740 [ 604.895440] ? inode_permission+0xb4/0x570 [ 604.899690] lookup_slow+0x58/0x80 [ 604.903246] lookup_one_len_unlocked+0xf6/0x100 [ 604.907923] ? lookup_slow+0x80/0x80 [ 604.911657] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 604.917869] ovl_lookup_single+0x63/0x880 [ 604.922040] ovl_lookup_layer+0x40d/0x4c0 [ 604.926213] ? override_creds+0x190/0x1f0 [ 604.930372] ? ovl_dentry_upper+0x65/0x120 [ 604.934633] ? ovl_lookup_single+0x880/0x880 [ 604.934663] ? ovl_path_real+0x410/0x410 [ 604.934681] ? rcu_read_unlock_special+0x380/0x380 [ 604.943154] ovl_lookup+0x606/0x29b0 [ 604.943173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.943190] ? d_alloc_parallel+0xb68/0x1f10 [ 604.961804] ? ovl_path_next+0x2e0/0x2e0 [ 604.965865] ? __d_lookup_rcu+0x990/0x990 [ 604.970014] ? add_lock_to_list.isra.0+0x450/0x450 [ 604.974955] ? lockref_get_not_dead+0x70/0x90 [ 604.979467] ? __init_waitqueue_head+0x92/0x150 18:06:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x80000007, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 604.984158] ? init_wait_entry+0x1c0/0x1c0 [ 604.988449] __lookup_slow+0x2cd/0x560 [ 604.992343] ? vfs_unlink+0x500/0x500 [ 604.996142] ? lock_release+0xc40/0xc40 [ 605.000137] ? __down_interruptible+0x740/0x740 [ 605.004814] ? trailing_symlink+0x970/0x970 [ 605.009151] lookup_slow+0x58/0x80 [ 605.012694] walk_component+0x8e5/0x26a0 [ 605.012720] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.012737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.012753] ? selinux_inode_permission+0xdc/0x790 [ 605.012772] ? selinux_capable+0x40/0x40 [ 605.012787] ? path_init+0x1ef0/0x1ef0 [ 605.012805] ? security_inode_permission+0xd5/0x110 [ 605.045748] ? inode_permission+0xb4/0x570 [ 605.049989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.055563] ? security_inode_permission+0xd5/0x110 [ 605.060635] ? inode_permission+0xb4/0x570 [ 605.064882] link_path_walk.part.0+0xa57/0x1550 [ 605.069553] ? fput+0x128/0x1a0 [ 605.072883] ? walk_component+0x26a0/0x26a0 [ 605.077227] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 605.082078] ? cache_grow_end+0xa4/0x190 18:06:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) r3 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r3, 0x4008af23, &(0x7f0000000100)={0x2, 0x1}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 605.086141] ? find_held_lock+0x35/0x120 [ 605.090227] ? check_stack_object+0x114/0x160 [ 605.094745] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.100298] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.105852] path_parentat.isra.0+0x51/0x160 [ 605.110269] filename_parentat.isra.0+0x268/0x580 [ 605.115126] ? getname+0x20/0x20 [ 605.118527] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.124083] ? strncpy_from_user+0x317/0x440 [ 605.128504] ? digsig_verify.cold+0x32/0x32 [ 605.132837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 18:06:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xfffff000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 605.138376] ? getname_flags+0x277/0x5b0 [ 605.142452] do_renameat2+0x346/0x1120 [ 605.146364] ? user_path_create+0x50/0x50 [ 605.150537] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 605.156123] ? fput+0x128/0x1a0 [ 605.159414] ? do_syscall_64+0x8c/0x800 [ 605.163394] ? lockdep_hardirqs_on+0x415/0x5d0 [ 605.168015] ? trace_hardirqs_on+0xbd/0x310 [ 605.172359] ? __ia32_sys_read+0xb0/0xb0 [ 605.176427] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.181792] ? trace_hardirqs_off_caller+0x300/0x300 [ 605.186897] __x64_sys_renameat+0x9a/0x100 [ 605.191155] do_syscall_64+0x1a3/0x800 [ 605.195067] ? syscall_return_slowpath+0x5f0/0x5f0 [ 605.199992] ? prepare_exit_to_usermode+0x232/0x3b0 [ 605.204990] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 605.209843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.215015] RIP: 0033:0x457ec9 [ 605.218186] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:06:05 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 605.237114] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 605.244817] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 605.252071] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 605.259343] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 605.266614] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 605.273943] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:05 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:05 executing program 1 (fault-call:9 fault-nth:6): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xa000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 605.471736] FAULT_INJECTION: forcing a failure. [ 605.471736] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 605.483573] CPU: 1 PID: 24933 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 605.490410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.499764] Call Trace: [ 605.502378] dump_stack+0x1db/0x2d0 [ 605.506021] ? dump_stack_print_info.cold+0x20/0x20 [ 605.511052] ? lock_downgrade+0x910/0x910 [ 605.515237] ? kasan_check_read+0x11/0x20 [ 605.519422] should_fail.cold+0xa/0x15 [ 605.523352] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 605.528463] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.534014] ? rcu_read_unlock+0x16/0x60 [ 605.538080] ? find_held_lock+0x35/0x120 [ 605.542145] ? rcu_read_unlock+0x16/0x60 [ 605.546228] should_fail_alloc_page+0x50/0x60 [ 605.550742] __alloc_pages_nodemask+0x323/0xdc0 [ 605.555417] ? lock_downgrade+0x910/0x910 [ 605.559572] ? kasan_check_read+0x11/0x20 [ 605.563727] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 18:06:05 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/status\x00', 0x0, 0x0) sendmsg$key(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0xb, 0xfffffffffffffffb, 0x0, 0x24, 0x0, 0x70bd2a, 0x25dfdbfb, [@sadb_address={0x3, 0x5, 0x0, 0x20, 0x0, @in={0x2, 0x4e23, @loopback}}, @sadb_address={0x3, 0x5, 0x33, 0x80, 0x0, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, @sadb_spirange={0x2, 0x10, 0x4d2, 0x4d2}, @sadb_x_filter={0x5, 0x1a, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in6=@local, 0x1d, 0x0, 0x14}, @sadb_x_nat_t_type={0x1, 0x14, 0xfc6}, @sadb_x_sa2={0x2, 0x13, 0xffff, 0x0, 0x0, 0x70bd28, 0x34ff}, @sadb_ident={0x2, 0x0, 0xfffffffffffffffa, 0x0, 0x5}, @sadb_x_policy={0x8, 0x12, 0x4, 0x0, 0x0, 0x6e6bbd, 0x3, {0x6, 0x6f, 0xd12a, 0x3ff, 0x0, 0x4e53, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@dev={0xfe, 0x80, [], 0x26}}}, @sadb_x_nat_t_port={0x1, 0xee6c84b6adbf86f2, 0x4e22}, @sadb_x_kmaddress={0x7, 0x19, 0x0, @in6={0xa, 0x4e20, 0x40000, @mcast1}, @in={0x2, 0x4e23, @multicast1}}]}, 0x120}}, 0x4000000) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) write$FUSE_STATFS(r2, &(0x7f00000000c0)={0x60, 0xfffffffffffffffe, 0x5, {{0x8, 0x8, 0x3, 0xffffffffffffffff, 0x9, 0xdb9, 0x1, 0x7}}}, 0x60) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:06:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf0ffffffffffff, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 605.569025] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 605.574067] ? ___might_sleep+0x1e7/0x310 [ 605.578248] ? trace_hardirqs_off+0xb8/0x310 [ 605.582694] cache_grow_begin+0x9c/0x8c0 [ 605.586765] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.592305] ? check_preemption_disabled+0x48/0x290 [ 605.597392] kmem_cache_alloc+0x645/0x710 [ 605.601586] __d_alloc+0xae/0xbe0 [ 605.605035] ? __lock_acquire+0x572/0x4a30 [ 605.609276] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 605.614331] ? avc_has_perm_noaudit+0x418/0x630 [ 605.619054] ? find_held_lock+0x35/0x120 [ 605.623140] ? print_usage_bug+0xd0/0xd0 [ 605.627217] ? add_lock_to_list.isra.0+0x450/0x450 [ 605.632155] d_alloc+0x99/0x420 [ 605.635441] ? __d_alloc+0xbe0/0xbe0 [ 605.639163] ? __lock_acquire+0x572/0x4a30 [ 605.643419] ? find_held_lock+0x35/0x120 [ 605.647491] d_alloc_parallel+0x11b/0x1f10 [ 605.651738] ? mark_held_locks+0x100/0x100 [ 605.655977] ? __d_lookup+0x560/0x960 [ 605.659796] ? find_held_lock+0x35/0x120 [ 605.663870] ? __d_lookup_rcu+0x990/0x990 [ 605.668034] ? lock_downgrade+0x910/0x910 18:06:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x4000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 605.672179] ? add_lock_to_list.isra.0+0x450/0x450 [ 605.677120] ? lockdep_init_map+0x10c/0x5b0 [ 605.681441] ? lockdep_init_map+0x10c/0x5b0 [ 605.685782] ? __init_waitqueue_head+0x92/0x150 [ 605.690499] ? init_wait_entry+0x1c0/0x1c0 [ 605.694772] ? __d_lookup+0x587/0x960 [ 605.698592] __lookup_slow+0x1fa/0x560 [ 605.702482] ? vfs_unlink+0x500/0x500 [ 605.706280] ? lock_release+0xc40/0xc40 [ 605.710289] ? __down_interruptible+0x740/0x740 [ 605.714963] ? inode_permission+0xb4/0x570 [ 605.719216] lookup_slow+0x58/0x80 18:06:05 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400202) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x81) write$P9_RSETATTR(r2, &(0x7f0000000100)={0x7, 0x1b, 0x2}, 0x7) r3 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) [ 605.722784] lookup_one_len_unlocked+0xf6/0x100 [ 605.727457] ? lookup_slow+0x80/0x80 [ 605.731186] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.736742] ovl_lookup_single+0x63/0x880 [ 605.740895] ovl_lookup_layer+0x40d/0x4c0 [ 605.740913] ? override_creds+0x190/0x1f0 [ 605.740928] ? ovl_dentry_upper+0x65/0x120 [ 605.740941] ? ovl_lookup_single+0x880/0x880 [ 605.740954] ? ovl_path_real+0x410/0x410 [ 605.740970] ? rcu_read_unlock_special+0x380/0x380 [ 605.740994] ovl_lookup+0x606/0x29b0 [ 605.770581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.776125] ? d_alloc_parallel+0xb68/0x1f10 [ 605.780551] ? ovl_path_next+0x2e0/0x2e0 [ 605.784633] ? __d_lookup_rcu+0x990/0x990 [ 605.784646] ? add_lock_to_list.isra.0+0x450/0x450 [ 605.784669] ? lockref_get_not_dead+0x70/0x90 [ 605.784693] ? __init_waitqueue_head+0x92/0x150 [ 605.798251] ? init_wait_entry+0x1c0/0x1c0 [ 605.798277] __lookup_slow+0x2cd/0x560 [ 605.798295] ? vfs_unlink+0x500/0x500 [ 605.814891] ? lock_release+0xc40/0xc40 [ 605.818886] ? __down_interruptible+0x740/0x740 [ 605.823566] ? trailing_symlink+0x970/0x970 [ 605.827898] lookup_slow+0x58/0x80 [ 605.831448] walk_component+0x8e5/0x26a0 [ 605.835527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.841085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.846640] ? selinux_inode_permission+0xdc/0x790 [ 605.851582] ? selinux_capable+0x40/0x40 [ 605.855649] ? path_init+0x1ef0/0x1ef0 [ 605.859543] ? security_inode_permission+0xd5/0x110 [ 605.864571] ? inode_permission+0xb4/0x570 [ 605.868820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.874365] ? security_inode_permission+0xd5/0x110 [ 605.879394] ? inode_permission+0xb4/0x570 [ 605.883671] link_path_walk.part.0+0xa57/0x1550 [ 605.888341] ? fput+0x128/0x1a0 [ 605.891642] ? walk_component+0x26a0/0x26a0 [ 605.895973] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 605.900825] ? cache_grow_end+0xa4/0x190 [ 605.904892] ? find_held_lock+0x35/0x120 [ 605.909006] ? check_stack_object+0x114/0x160 [ 605.913521] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.919073] path_parentat.isra.0+0x51/0x160 18:06:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x200000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 605.923504] filename_parentat.isra.0+0x268/0x580 [ 605.928361] ? getname+0x20/0x20 [ 605.931764] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 605.937333] ? strncpy_from_user+0x317/0x440 [ 605.941755] ? digsig_verify.cold+0x32/0x32 [ 605.946096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.951646] ? getname_flags+0x277/0x5b0 [ 605.955735] do_renameat2+0x346/0x1120 [ 605.959663] ? user_path_create+0x50/0x50 [ 605.963822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 605.969378] ? fput+0x128/0x1a0 18:06:06 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8041, 0x100) ioctl$SNDRV_TIMER_IOCTL_TREAD(r0, 0x40045402, &(0x7f0000000180)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0x0, 0x400, 0x9, 0x5, 0x0, 0x0, 0x3, 0x2, 0x0, 0x3, 0x6}) [ 605.972697] ? do_syscall_64+0x8c/0x800 [ 605.976719] ? lockdep_hardirqs_on+0x415/0x5d0 [ 605.981315] ? trace_hardirqs_on+0xbd/0x310 [ 605.985648] ? __ia32_sys_read+0xb0/0xb0 [ 605.989754] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.995133] ? trace_hardirqs_off_caller+0x300/0x300 [ 606.000261] __x64_sys_renameat+0x9a/0x100 [ 606.004512] do_syscall_64+0x1a3/0x800 [ 606.008478] ? syscall_return_slowpath+0x5f0/0x5f0 [ 606.013445] ? prepare_exit_to_usermode+0x232/0x3b0 [ 606.018487] ? trace_hardirqs_off_thunk+0x1a/0x1c 18:06:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x3f00000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 606.023360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 606.028552] RIP: 0033:0x457ec9 [ 606.031750] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 606.050649] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 606.058497] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 606.065768] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 606.073056] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 606.080331] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 606.087606] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:08 executing program 1 (fault-call:9 fault-nth:7): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:08 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:06:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xc00e000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000140)={0xa10000, 0xffffffff, 0x8, [], &(0x7f00000000c0)={0x990a97, 0x2, [], @p_u32=&(0x7f0000000080)=0x1}}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x2) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:08 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:08 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 608.382666] FAULT_INJECTION: forcing a failure. [ 608.382666] name failslab, interval 1, probability 0, space 0, times 0 [ 608.428263] CPU: 0 PID: 24983 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 608.435111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.444502] Call Trace: [ 608.447131] dump_stack+0x1db/0x2d0 [ 608.450772] ? dump_stack_print_info.cold+0x20/0x20 [ 608.455789] ? __lock_acquire+0x572/0x4a30 [ 608.460080] should_fail.cold+0xa/0x15 [ 608.463978] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 608.469101] ? ___might_sleep+0x1e7/0x310 [ 608.473270] ? arch_local_save_flags+0x50/0x50 [ 608.477858] ? mark_held_locks+0x100/0x100 [ 608.482108] __should_failslab+0x121/0x190 [ 608.486354] should_failslab+0x9/0x14 [ 608.490173] kmem_cache_alloc+0x2be/0x710 [ 608.494360] __d_alloc+0xae/0xbe0 [ 608.497821] ? __lock_acquire+0x572/0x4a30 [ 608.497840] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 608.497853] ? __lock_acquire+0x572/0x4a30 [ 608.497871] ? avc_has_perm_noaudit+0x418/0x630 [ 608.497886] ? find_held_lock+0x35/0x120 [ 608.497908] ? print_usage_bug+0xd0/0xd0 18:06:08 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:08 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 608.497923] ? add_lock_to_list.isra.0+0x450/0x450 [ 608.507166] d_alloc+0x99/0x420 [ 608.507185] ? __d_alloc+0xbe0/0xbe0 [ 608.507212] ? __lock_acquire+0x572/0x4a30 [ 608.507226] ? find_held_lock+0x35/0x120 [ 608.507248] d_alloc_parallel+0x11b/0x1f10 [ 608.529178] ? mark_held_locks+0x100/0x100 [ 608.529210] ? __d_lookup+0x560/0x960 [ 608.529225] ? find_held_lock+0x35/0x120 [ 608.529260] ? __d_lookup_rcu+0x990/0x990 [ 608.529278] ? lock_downgrade+0x910/0x910 [ 608.548739] ? add_lock_to_list.isra.0+0x450/0x450 [ 608.548755] ? lockdep_init_map+0x10c/0x5b0 18:06:08 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 608.548771] ? lockdep_init_map+0x10c/0x5b0 [ 608.548791] ? __init_waitqueue_head+0x92/0x150 [ 608.548804] ? init_wait_entry+0x1c0/0x1c0 [ 608.548821] ? __d_lookup+0x587/0x960 [ 608.595428] __lookup_slow+0x1fa/0x560 [ 608.599355] ? vfs_unlink+0x500/0x500 [ 608.603164] ? lock_release+0xc40/0xc40 [ 608.607172] ? __down_interruptible+0x740/0x740 [ 608.611872] ? inode_permission+0xb4/0x570 [ 608.616121] lookup_slow+0x58/0x80 [ 608.619672] lookup_one_len_unlocked+0xf6/0x100 [ 608.624347] ? lookup_slow+0x80/0x80 [ 608.628088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.633653] ? ovl_get_redirect_xattr+0xb9/0x256 [ 608.638417] ovl_lookup_single+0x63/0x880 [ 608.642575] ovl_lookup_layer+0x40d/0x4c0 [ 608.646777] ? rcu_read_lock_sched_held+0x110/0x130 [ 608.651814] ? ovl_lookup_single+0x880/0x880 [ 608.656244] ? ovl_path_real+0x410/0x410 [ 608.660330] ? rcu_read_unlock_special+0x380/0x380 [ 608.665281] ? ovl_lookup+0x12da/0x29b0 [ 608.669276] ovl_lookup+0x140b/0x29b0 [ 608.673151] ? ovl_path_next+0x2e0/0x2e0 [ 608.677233] ? __d_lookup_rcu+0x990/0x990 [ 608.681388] ? add_lock_to_list.isra.0+0x450/0x450 [ 608.686338] ? __init_waitqueue_head+0x92/0x150 [ 608.691062] ? init_wait_entry+0x1c0/0x1c0 [ 608.695315] __lookup_slow+0x2cd/0x560 [ 608.699228] ? vfs_unlink+0x500/0x500 [ 608.703033] ? lock_release+0xc40/0xc40 [ 608.707034] ? __down_interruptible+0x740/0x740 [ 608.711712] ? trailing_symlink+0x970/0x970 [ 608.716044] lookup_slow+0x58/0x80 [ 608.719620] walk_component+0x8e5/0x26a0 [ 608.723697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 18:06:08 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) [ 608.729254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.734819] ? selinux_inode_permission+0xdc/0x790 [ 608.739758] ? selinux_capable+0x40/0x40 [ 608.743834] ? path_init+0x1ef0/0x1ef0 [ 608.747742] ? security_inode_permission+0xd5/0x110 [ 608.752777] ? inode_permission+0xb4/0x570 [ 608.757038] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.762580] ? security_inode_permission+0xd5/0x110 [ 608.767601] ? inode_permission+0xb4/0x570 [ 608.771874] link_path_walk.part.0+0xa57/0x1550 [ 608.776545] ? fput+0x128/0x1a0 [ 608.779879] ? walk_component+0x26a0/0x26a0 [ 608.784243] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 608.789091] ? cache_grow_end+0xa4/0x190 [ 608.793166] ? find_held_lock+0x35/0x120 [ 608.797269] ? check_stack_object+0x114/0x160 [ 608.801771] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 608.807362] path_parentat.isra.0+0x51/0x160 [ 608.811879] filename_parentat.isra.0+0x268/0x580 [ 608.816726] ? getname+0x20/0x20 [ 608.820106] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 608.825649] ? strncpy_from_user+0x317/0x440 18:06:08 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 608.830078] ? digsig_verify.cold+0x32/0x32 [ 608.834417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.839960] ? getname_flags+0x277/0x5b0 [ 608.844040] do_renameat2+0x346/0x1120 [ 608.848015] ? user_path_create+0x50/0x50 [ 608.852171] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 608.857847] ? fput+0x128/0x1a0 [ 608.861131] ? do_syscall_64+0x8c/0x800 [ 608.865105] ? lockdep_hardirqs_on+0x415/0x5d0 [ 608.869720] ? trace_hardirqs_on+0xbd/0x310 [ 608.874042] ? __ia32_sys_read+0xb0/0xb0 [ 608.878103] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.883465] ? trace_hardirqs_off_caller+0x300/0x300 [ 608.888576] __x64_sys_renameat+0x9a/0x100 [ 608.892817] do_syscall_64+0x1a3/0x800 [ 608.896715] ? syscall_return_slowpath+0x5f0/0x5f0 [ 608.901673] ? prepare_exit_to_usermode+0x232/0x3b0 [ 608.906700] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 608.911552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.916742] RIP: 0033:0x457ec9 18:06:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 608.919934] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 608.938833] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 608.946543] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 608.946553] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 608.946576] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 608.946586] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 18:06:09 executing program 1 (fault-call:9 fault-nth:8): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:09 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xc00e0000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 608.946595] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 [ 609.115860] FAULT_INJECTION: forcing a failure. [ 609.115860] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 609.127664] CPU: 0 PID: 25024 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 609.134485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.143818] Call Trace: [ 609.146389] dump_stack+0x1db/0x2d0 [ 609.150019] ? dump_stack_print_info.cold+0x20/0x20 [ 609.155042] ? lock_downgrade+0x910/0x910 [ 609.159253] ? kasan_check_read+0x11/0x20 [ 609.163411] should_fail.cold+0xa/0x15 [ 609.167327] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 609.172458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.177992] ? rcu_read_unlock+0x16/0x60 [ 609.182047] ? find_held_lock+0x35/0x120 [ 609.186102] ? rcu_read_unlock+0x16/0x60 [ 609.190147] should_fail_alloc_page+0x50/0x60 [ 609.194622] __alloc_pages_nodemask+0x323/0xdc0 [ 609.199276] ? lock_downgrade+0x910/0x910 [ 609.203405] ? kasan_check_read+0x11/0x20 [ 609.207532] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 609.212802] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 609.217814] ? ___might_sleep+0x1e7/0x310 [ 609.221968] ? trace_hardirqs_off+0xb8/0x310 [ 609.226369] cache_grow_begin+0x9c/0x8c0 [ 609.230423] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 609.235953] ? check_preemption_disabled+0x48/0x290 [ 609.240966] kmem_cache_alloc+0x645/0x710 [ 609.245117] __d_alloc+0xae/0xbe0 [ 609.248585] ? __lock_acquire+0x572/0x4a30 [ 609.252821] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 609.257827] ? __lock_acquire+0x572/0x4a30 [ 609.262065] ? avc_has_perm_noaudit+0x418/0x630 [ 609.266724] ? find_held_lock+0x35/0x120 [ 609.270781] ? print_usage_bug+0xd0/0xd0 [ 609.274844] ? add_lock_to_list.isra.0+0x450/0x450 [ 609.279752] d_alloc+0x99/0x420 [ 609.283026] ? __d_alloc+0xbe0/0xbe0 [ 609.286728] ? __lock_acquire+0x572/0x4a30 [ 609.290956] ? find_held_lock+0x35/0x120 [ 609.295010] d_alloc_parallel+0x11b/0x1f10 [ 609.299228] ? mark_held_locks+0x100/0x100 [ 609.303445] ? __d_lookup+0x560/0x960 [ 609.307226] ? find_held_lock+0x35/0x120 [ 609.311293] ? __d_lookup_rcu+0x990/0x990 [ 609.315447] ? lock_downgrade+0x910/0x910 [ 609.319576] ? add_lock_to_list.isra.0+0x450/0x450 [ 609.324486] ? lockdep_init_map+0x10c/0x5b0 [ 609.328786] ? lockdep_init_map+0x10c/0x5b0 [ 609.333102] ? __init_waitqueue_head+0x92/0x150 [ 609.337761] ? init_wait_entry+0x1c0/0x1c0 [ 609.341999] ? __d_lookup+0x587/0x960 [ 609.345794] __lookup_slow+0x1fa/0x560 [ 609.349676] ? vfs_unlink+0x500/0x500 [ 609.353457] ? lock_release+0xc40/0xc40 [ 609.357422] ? __down_interruptible+0x740/0x740 [ 609.362084] ? inode_permission+0xb4/0x570 [ 609.366311] lookup_slow+0x58/0x80 [ 609.369834] lookup_one_len_unlocked+0xf6/0x100 [ 609.374485] ? lookup_slow+0x80/0x80 [ 609.378184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.383731] ? ovl_get_redirect_xattr+0xb9/0x256 [ 609.388470] ovl_lookup_single+0x63/0x880 [ 609.392619] ovl_lookup_layer+0x40d/0x4c0 [ 609.396763] ? rcu_read_lock_sched_held+0x110/0x130 [ 609.401788] ? ovl_lookup_single+0x880/0x880 [ 609.406187] ? ovl_path_real+0x410/0x410 [ 609.410246] ? rcu_read_unlock_special+0x380/0x380 [ 609.415157] ? ovl_lookup+0x12da/0x29b0 [ 609.419143] ovl_lookup+0x140b/0x29b0 [ 609.422958] ? ovl_path_next+0x2e0/0x2e0 [ 609.427008] ? __d_lookup_rcu+0x990/0x990 [ 609.431189] ? add_lock_to_list.isra.0+0x450/0x450 [ 609.436166] ? __init_waitqueue_head+0x92/0x150 [ 609.440838] ? init_wait_entry+0x1c0/0x1c0 [ 609.445068] __lookup_slow+0x2cd/0x560 [ 609.448939] ? vfs_unlink+0x500/0x500 [ 609.452730] ? lock_release+0xc40/0xc40 [ 609.456707] ? __down_interruptible+0x740/0x740 [ 609.461420] ? trailing_symlink+0x970/0x970 [ 609.465742] lookup_slow+0x58/0x80 [ 609.469266] walk_component+0x8e5/0x26a0 [ 609.473316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.478835] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.484356] ? selinux_inode_permission+0xdc/0x790 [ 609.489268] ? selinux_capable+0x40/0x40 [ 609.493319] ? path_init+0x1ef0/0x1ef0 [ 609.497235] ? security_inode_permission+0xd5/0x110 [ 609.502251] ? inode_permission+0xb4/0x570 [ 609.506483] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.512026] ? security_inode_permission+0xd5/0x110 [ 609.517066] ? inode_permission+0xb4/0x570 [ 609.521312] link_path_walk.part.0+0xa57/0x1550 [ 609.525974] ? fput+0x128/0x1a0 [ 609.529263] ? walk_component+0x26a0/0x26a0 [ 609.533583] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 609.538407] ? cache_grow_end+0xa4/0x190 [ 609.542462] ? find_held_lock+0x35/0x120 [ 609.546546] ? check_stack_object+0x114/0x160 [ 609.551041] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 609.556572] path_parentat.isra.0+0x51/0x160 [ 609.560975] filename_parentat.isra.0+0x268/0x580 [ 609.565812] ? getname+0x20/0x20 [ 609.569182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 609.574712] ? strncpy_from_user+0x317/0x440 [ 609.579120] ? digsig_verify.cold+0x32/0x32 [ 609.583429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.588946] ? getname_flags+0x277/0x5b0 [ 609.593020] do_renameat2+0x346/0x1120 [ 609.596904] ? user_path_create+0x50/0x50 [ 609.601047] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 609.606584] ? fput+0x128/0x1a0 [ 609.609867] ? do_syscall_64+0x8c/0x800 [ 609.613890] ? lockdep_hardirqs_on+0x415/0x5d0 [ 609.618469] ? trace_hardirqs_on+0xbd/0x310 [ 609.622781] ? __ia32_sys_read+0xb0/0xb0 [ 609.626836] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.632188] ? trace_hardirqs_off_caller+0x300/0x300 [ 609.637329] __x64_sys_renameat+0x9a/0x100 [ 609.641661] do_syscall_64+0x1a3/0x800 [ 609.645555] ? syscall_return_slowpath+0x5f0/0x5f0 [ 609.650489] ? prepare_exit_to_usermode+0x232/0x3b0 [ 609.655513] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 609.660369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.665549] RIP: 0033:0x457ec9 [ 609.668722] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 609.687603] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 609.695291] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 609.702546] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 609.709834] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 18:06:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[@ANYRES64=r2, @ANYRES64=r0, @ANYRES16=r0, @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYRES16=r0, @ANYRESDEC=0x0, @ANYRES16=r1, @ANYRESOCT=r0, @ANYBLOB="a2b862ffc6942e074f1949eb3e7b40", @ANYRESOCT=r1, @ANYRES32=r2, @ANYRESOCT, @ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRES64, @ANYPTR, @ANYRESHEX, @ANYPTR], @ANYRES16=r0], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYRES32=r2], @ANYRES64=r2], 0x2a) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x19) [ 609.717097] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 609.724345] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:11 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:11 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xab070000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:11 executing program 1 (fault-call:9 fault-nth:9): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:11 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) syz_open_pts(r1, 0x8101000) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x100, 0x0) ioctl$EVIOCGVERSION(r3, 0x80044501, &(0x7f0000000140)=""/116) ioctl$TCSETAW(r2, 0x5407, &(0x7f00000000c0)={0x6, 0x9, 0xfffffffffffffff7, 0x603, 0x13, 0x200, 0x10000, 0x8001000000000, 0xfffffffffffffff9, 0x101}) ioctl$GIO_FONT(r2, 0x4b60, &(0x7f00000001c0)=""/109) ioctl$KVM_REINJECT_CONTROL(r3, 0xae71, &(0x7f0000000240)={0x60c}) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 611.485960] FAULT_INJECTION: forcing a failure. [ 611.485960] name failslab, interval 1, probability 0, space 0, times 0 [ 611.513976] CPU: 1 PID: 25039 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 611.520829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.530218] Call Trace: [ 611.532841] dump_stack+0x1db/0x2d0 [ 611.532954] ? dump_stack_print_info.cold+0x20/0x20 [ 611.532972] ? add_lock_to_list.isra.0+0x450/0x450 [ 611.532998] should_fail.cold+0xa/0x15 [ 611.533018] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 611.555612] ? ___might_sleep+0x1e7/0x310 [ 611.559777] ? arch_local_save_flags+0x50/0x50 [ 611.564371] ? do_raw_spin_unlock+0xa0/0x330 [ 611.568795] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 611.573914] __should_failslab+0x121/0x190 [ 611.578167] should_failslab+0x9/0x14 [ 611.578182] kmem_cache_alloc+0x2be/0x710 [ 611.578222] ? _raw_spin_unlock+0x2d/0x50 [ 611.578241] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 611.578273] ? ilookup5_nowait+0xaa/0xc0 [ 611.578289] ? ovl_i_callback+0x30/0x30 [ 611.603911] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 611.609052] ovl_alloc_inode+0x1c/0x190 [ 611.613052] alloc_inode+0x66/0x190 [ 611.616683] iget5_locked+0x63/0xe0 [ 611.616698] ? ovl_inode_test+0x50/0x50 [ 611.616727] ovl_get_inode+0x97c/0xd6d [ 611.616741] ? ovl_alloc_entry+0x25/0x70 [ 611.616760] ovl_lookup+0xda2/0x29b0 [ 611.624362] ? ovl_path_next+0x2e0/0x2e0 [ 611.624377] ? __d_lookup_rcu+0x990/0x990 [ 611.624390] ? add_lock_to_list.isra.0+0x450/0x450 [ 611.624425] ? init_wait_entry+0x1c0/0x1c0 [ 611.653375] __lookup_slow+0x2cd/0x560 [ 611.657275] ? vfs_unlink+0x500/0x500 [ 611.661074] ? lock_release+0xc40/0xc40 [ 611.661110] ? __down_interruptible+0x740/0x740 [ 611.661128] ? trailing_symlink+0x970/0x970 [ 611.661147] lookup_slow+0x58/0x80 [ 611.661166] walk_component+0x8e5/0x26a0 [ 611.661184] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 611.687233] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 611.687251] ? selinux_inode_permission+0xdc/0x790 [ 611.687268] ? selinux_capable+0x40/0x40 [ 611.701756] ? path_init+0x1ef0/0x1ef0 [ 611.705645] ? security_inode_permission+0xd5/0x110 [ 611.710665] ? inode_permission+0xb4/0x570 [ 611.714911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 611.720478] ? security_inode_permission+0xd5/0x110 [ 611.725524] ? inode_permission+0xb4/0x570 [ 611.729774] link_path_walk.part.0+0xa57/0x1550 [ 611.734453] ? fput+0x128/0x1a0 [ 611.737805] ? walk_component+0x26a0/0x26a0 [ 611.742132] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 611.746980] ? cache_grow_end+0xa4/0x190 [ 611.751049] ? find_held_lock+0x35/0x120 [ 611.755120] ? check_stack_object+0x114/0x160 [ 611.759623] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 611.765169] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 611.770736] path_parentat.isra.0+0x51/0x160 [ 611.775157] filename_parentat.isra.0+0x268/0x580 [ 611.780018] ? getname+0x20/0x20 [ 611.783396] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 611.788939] ? strncpy_from_user+0x317/0x440 [ 611.793359] ? digsig_verify.cold+0x32/0x32 [ 611.797725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 611.803271] ? getname_flags+0x277/0x5b0 [ 611.807365] do_renameat2+0x346/0x1120 [ 611.811275] ? user_path_create+0x50/0x50 [ 611.815436] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 611.821044] ? fput+0x128/0x1a0 [ 611.824337] ? do_syscall_64+0x8c/0x800 [ 611.828318] ? lockdep_hardirqs_on+0x415/0x5d0 [ 611.832916] ? trace_hardirqs_on+0xbd/0x310 [ 611.837243] ? __ia32_sys_read+0xb0/0xb0 [ 611.841341] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 611.846716] ? trace_hardirqs_off_caller+0x300/0x300 [ 611.851828] __x64_sys_renameat+0x9a/0x100 [ 611.856071] do_syscall_64+0x1a3/0x800 [ 611.859967] ? syscall_return_slowpath+0x5f0/0x5f0 [ 611.864921] ? prepare_exit_to_usermode+0x232/0x3b0 [ 611.870037] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 611.874896] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 611.880089] RIP: 0033:0x457ec9 [ 611.883286] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 611.902208] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 611.909933] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 611.917218] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 611.924487] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 18:06:11 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:11 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:11 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:11 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[@ANYRES64=r1], 0x8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x1000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:11 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x9effffff, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:11 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:12 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x101000, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000140)={0x7ff, 0x9, 0x4, 0x0, {r2, r3/1000+10000}, {0x3, 0x1, 0x7f, 0x1, 0x2, 0x9, "864b21b8"}, 0x9, 0x0, @offset=0x7fff, 0x4}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000040)) r5 = syz_open_pts(r4, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r4, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r5, 0x5412, &(0x7f0000000000)) [ 611.931756] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 611.939031] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:12 executing program 1 (fault-call:9 fault-nth:10): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 612.110091] FAULT_INJECTION: forcing a failure. [ 612.110091] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 612.121917] CPU: 0 PID: 25090 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 612.128756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.138097] Call Trace: [ 612.140670] dump_stack+0x1db/0x2d0 [ 612.144286] ? dump_stack_print_info.cold+0x20/0x20 [ 612.149291] ? lock_downgrade+0x910/0x910 [ 612.153433] ? kasan_check_read+0x11/0x20 [ 612.157589] should_fail.cold+0xa/0x15 [ 612.161465] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 612.166567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.172092] ? rcu_read_unlock+0x16/0x60 [ 612.176152] ? find_held_lock+0x35/0x120 [ 612.180208] ? rcu_read_unlock+0x16/0x60 [ 612.184429] should_fail_alloc_page+0x50/0x60 [ 612.188908] __alloc_pages_nodemask+0x323/0xdc0 [ 612.193576] ? lock_downgrade+0x910/0x910 [ 612.197708] ? kasan_check_read+0x11/0x20 [ 612.201840] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 612.207104] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 612.212155] ? ___might_sleep+0x1e7/0x310 [ 612.216305] ? trace_hardirqs_off+0xb8/0x310 [ 612.220725] cache_grow_begin+0x9c/0x8c0 [ 612.224786] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.230354] ? check_preemption_disabled+0x48/0x290 [ 612.235408] kmem_cache_alloc+0x645/0x710 [ 612.239547] ? _raw_spin_unlock+0x2d/0x50 [ 612.243695] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.249231] ? ilookup5_nowait+0xaa/0xc0 [ 612.253279] ? ovl_i_callback+0x30/0x30 [ 612.257239] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 612.262342] ovl_alloc_inode+0x1c/0x190 [ 612.266329] alloc_inode+0x66/0x190 [ 612.269957] iget5_locked+0x63/0xe0 [ 612.273579] ? ovl_inode_test+0x50/0x50 [ 612.277539] ovl_get_inode+0x97c/0xd6d [ 612.281410] ? ovl_alloc_entry+0x25/0x70 [ 612.285459] ovl_lookup+0xda2/0x29b0 [ 612.289182] ? ovl_path_next+0x2e0/0x2e0 [ 612.293261] ? __d_lookup_rcu+0x990/0x990 [ 612.297399] ? add_lock_to_list.isra.0+0x450/0x450 [ 612.302324] ? init_wait_entry+0x1c0/0x1c0 [ 612.306594] __lookup_slow+0x2cd/0x560 [ 612.310502] ? vfs_unlink+0x500/0x500 [ 612.314286] ? lock_release+0xc40/0xc40 [ 612.318257] ? __down_interruptible+0x740/0x740 [ 612.322922] ? trailing_symlink+0x970/0x970 [ 612.327265] lookup_slow+0x58/0x80 [ 612.330803] walk_component+0x8e5/0x26a0 [ 612.334849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.340370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.345907] ? selinux_inode_permission+0xdc/0x790 [ 612.350831] ? selinux_capable+0x40/0x40 [ 612.354886] ? path_init+0x1ef0/0x1ef0 [ 612.358771] ? security_inode_permission+0xd5/0x110 [ 612.363792] ? inode_permission+0xb4/0x570 [ 612.368014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.373533] ? security_inode_permission+0xd5/0x110 [ 612.378562] ? inode_permission+0xb4/0x570 [ 612.382800] link_path_walk.part.0+0xa57/0x1550 [ 612.387454] ? fput+0x128/0x1a0 [ 612.390727] ? walk_component+0x26a0/0x26a0 [ 612.395032] ? __alloc_pages_nodemask+0xaca/0xdc0 [ 612.399856] ? cache_grow_end+0xa4/0x190 [ 612.403905] ? find_held_lock+0x35/0x120 [ 612.407950] ? check_stack_object+0x114/0x160 [ 612.412443] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.417965] path_parentat.isra.0+0x51/0x160 [ 612.422361] filename_parentat.isra.0+0x268/0x580 [ 612.427199] ? getname+0x20/0x20 [ 612.430577] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.436097] ? strncpy_from_user+0x317/0x440 [ 612.440532] ? digsig_verify.cold+0x32/0x32 [ 612.444851] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.450373] ? getname_flags+0x277/0x5b0 [ 612.454423] do_renameat2+0x346/0x1120 [ 612.458319] ? user_path_create+0x50/0x50 [ 612.462484] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 612.468001] ? fput+0x128/0x1a0 [ 612.471266] ? do_syscall_64+0x8c/0x800 [ 612.475267] ? lockdep_hardirqs_on+0x415/0x5d0 [ 612.479849] ? trace_hardirqs_on+0xbd/0x310 [ 612.484158] ? __ia32_sys_read+0xb0/0xb0 [ 612.488235] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.493579] ? trace_hardirqs_off_caller+0x300/0x300 [ 612.498672] __x64_sys_renameat+0x9a/0x100 [ 612.502894] do_syscall_64+0x1a3/0x800 [ 612.506781] ? syscall_return_slowpath+0x5f0/0x5f0 [ 612.511709] ? prepare_exit_to_usermode+0x232/0x3b0 [ 612.516728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 612.521568] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.526741] RIP: 0033:0x457ec9 [ 612.529914] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 612.548796] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 612.556486] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 612.563745] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 612.570993] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 612.578254] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 612.585503] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:14 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:14 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:14 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:14 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x7) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x6, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, &(0x7f0000000000)={0xff, 0x1ff}) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x200) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0x5, 0x0, 0x4, 0x8000, 0x0, 0x7fffffff, 0x10001, 0x0, 0x5, 0x0, 0x0, 0x800}) 18:06:14 executing program 1 (fault-call:9 fault-nth:11): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:14 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xffffff9e, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:14 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 614.567231] FAULT_INJECTION: forcing a failure. [ 614.567231] name failslab, interval 1, probability 0, space 0, times 0 18:06:14 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 614.644113] CPU: 1 PID: 25107 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 614.651014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 614.660389] Call Trace: [ 614.662992] dump_stack+0x1db/0x2d0 [ 614.666643] ? dump_stack_print_info.cold+0x20/0x20 [ 614.671698] should_fail.cold+0xa/0x15 [ 614.675610] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 614.680737] ? ___might_sleep+0x1e7/0x310 [ 614.684911] ? arch_local_save_flags+0x50/0x50 [ 614.689527] __should_failslab+0x121/0x190 [ 614.693770] should_failslab+0x9/0x14 [ 614.697578] kmem_cache_alloc+0x2be/0x710 [ 614.701752] __d_alloc+0xae/0xbe0 [ 614.705229] ? d_lookup+0x163/0x360 [ 614.708880] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 614.713911] ? d_alloc_parallel+0x1f10/0x1f10 [ 614.718411] ? trace_hardirqs_on+0xbd/0x310 [ 614.722764] ? lookup_dcache+0x23/0x140 [ 614.726747] ? trace_hardirqs_off_caller+0x300/0x300 [ 614.731861] ? ___might_sleep+0x1e7/0x310 [ 614.736051] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 614.741098] d_alloc+0x99/0x420 [ 614.744388] ? __d_lookup+0x960/0x960 [ 614.748211] ? __d_alloc+0xbe0/0xbe0 [ 614.751944] ? lock_rename+0xdb/0x290 [ 614.755762] __lookup_hash+0xcd/0x190 [ 614.759594] do_renameat2+0x6b2/0x1120 [ 614.763551] ? user_path_create+0x50/0x50 [ 614.767731] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 614.773291] ? fput+0x128/0x1a0 [ 614.776580] ? do_syscall_64+0x8c/0x800 [ 614.780577] ? lockdep_hardirqs_on+0x415/0x5d0 [ 614.785168] ? trace_hardirqs_on+0xbd/0x310 [ 614.789520] ? __ia32_sys_read+0xb0/0xb0 18:06:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf0ffff, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:14 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 614.793606] ? trace_hardirqs_off_caller+0x300/0x300 [ 614.798728] __x64_sys_renameat+0x9a/0x100 [ 614.802974] do_syscall_64+0x1a3/0x800 [ 614.806871] ? syscall_return_slowpath+0x5f0/0x5f0 [ 614.811817] ? prepare_exit_to_usermode+0x232/0x3b0 [ 614.811870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 614.811892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 614.821728] RIP: 0033:0x457ec9 [ 614.821745] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 614.821753] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 614.821768] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 614.821778] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 614.821787] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 614.821796] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 614.821804] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:17 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xe00, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:17 executing program 1 (fault-call:9 fault-nth:12): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:17 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:06:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xe, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 617.584159] FAULT_INJECTION: forcing a failure. [ 617.584159] name failslab, interval 1, probability 0, space 0, times 0 [ 617.604963] CPU: 0 PID: 25144 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 617.611856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 617.621220] Call Trace: [ 617.623825] dump_stack+0x1db/0x2d0 [ 617.627489] ? dump_stack_print_info.cold+0x20/0x20 [ 617.632527] should_fail.cold+0xa/0x15 [ 617.636425] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 617.641585] ? ___might_sleep+0x1e7/0x310 [ 617.645774] ? arch_local_save_flags+0x50/0x50 [ 617.650402] __should_failslab+0x121/0x190 [ 617.654646] should_failslab+0x9/0x14 [ 617.658451] kmem_cache_alloc+0x2be/0x710 [ 617.662610] __d_alloc+0xae/0xbe0 [ 617.666102] ? d_lookup+0x163/0x360 [ 617.669736] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 617.674771] ? d_alloc_parallel+0x1f10/0x1f10 [ 617.679271] ? trace_hardirqs_on+0xbd/0x310 18:06:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x80080, 0x0) ioctl$LOOP_SET_FD(r3, 0x4c00, r1) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 617.683599] ? lookup_dcache+0x23/0x140 [ 617.687584] ? trace_hardirqs_off_caller+0x300/0x300 [ 617.692694] ? ___might_sleep+0x1e7/0x310 [ 617.696866] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 617.701913] d_alloc+0x99/0x420 [ 617.705210] ? __d_lookup+0x960/0x960 [ 617.709019] ? __d_alloc+0xbe0/0xbe0 [ 617.712734] ? lock_rename+0xdb/0x290 [ 617.716550] __lookup_hash+0xcd/0x190 [ 617.720371] do_renameat2+0x6b2/0x1120 [ 617.724299] ? user_path_create+0x50/0x50 [ 617.728472] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 18:06:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x400300, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 617.734018] ? fput+0x128/0x1a0 [ 617.737309] ? do_syscall_64+0x8c/0x800 [ 617.741291] ? lockdep_hardirqs_on+0x415/0x5d0 [ 617.745890] ? trace_hardirqs_on+0xbd/0x310 [ 617.750265] ? __ia32_sys_read+0xb0/0xb0 [ 617.754332] ? trace_hardirqs_off_caller+0x300/0x300 [ 617.754356] __x64_sys_renameat+0x9a/0x100 [ 617.754374] do_syscall_64+0x1a3/0x800 [ 617.763711] ? syscall_return_slowpath+0x5f0/0x5f0 [ 617.763729] ? prepare_exit_to_usermode+0x232/0x3b0 [ 617.763750] ? trace_hardirqs_off_thunk+0x1a/0x1c 18:06:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 617.763773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 617.763785] RIP: 0033:0x457ec9 [ 617.763800] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 617.763808] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 617.763822] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 617.763833] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 617.831953] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 617.839238] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 617.846535] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:18 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:18 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:18 executing program 1 (fault-call:9 fault-nth:13): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 618.089680] FAULT_INJECTION: forcing a failure. [ 618.089680] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 618.101766] CPU: 1 PID: 25179 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 618.108599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 618.117933] Call Trace: [ 618.120517] dump_stack+0x1db/0x2d0 [ 618.124169] ? dump_stack_print_info.cold+0x20/0x20 [ 618.129181] ? lock_downgrade+0x910/0x910 [ 618.133363] ? kasan_check_read+0x11/0x20 [ 618.137539] should_fail.cold+0xa/0x15 [ 618.141441] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 618.146541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 618.152084] ? rcu_read_unlock+0x16/0x60 [ 618.156140] ? find_held_lock+0x35/0x120 [ 618.160198] ? rcu_read_unlock+0x16/0x60 [ 618.164271] should_fail_alloc_page+0x50/0x60 [ 618.168752] __alloc_pages_nodemask+0x323/0xdc0 [ 618.173411] ? lock_downgrade+0x910/0x910 [ 618.177565] ? kasan_check_read+0x11/0x20 [ 618.181708] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 618.187152] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 618.192174] ? ___might_sleep+0x1e7/0x310 [ 618.196342] ? trace_hardirqs_off+0xb8/0x310 [ 618.200779] cache_grow_begin+0x9c/0x8c0 [ 618.204882] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 618.210443] ? check_preemption_disabled+0x48/0x290 [ 618.215480] kmem_cache_alloc+0x645/0x710 [ 618.219616] __d_alloc+0xae/0xbe0 [ 618.223060] ? __lock_acquire+0x572/0x4a30 [ 618.227320] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 618.232349] ? avc_has_perm_noaudit+0x418/0x630 [ 618.237012] ? find_held_lock+0x35/0x120 [ 618.241072] ? print_usage_bug+0xd0/0xd0 [ 618.245122] ? add_lock_to_list.isra.0+0x450/0x450 [ 618.250041] d_alloc+0x99/0x420 [ 618.253318] ? __d_alloc+0xbe0/0xbe0 [ 618.257038] ? __lock_acquire+0x572/0x4a30 [ 618.261274] ? find_held_lock+0x35/0x120 [ 618.265377] d_alloc_parallel+0x11b/0x1f10 [ 618.269639] ? mark_held_locks+0x100/0x100 [ 618.273900] ? __d_lookup+0x560/0x960 [ 618.277711] ? find_held_lock+0x35/0x120 [ 618.281775] ? __d_lookup_rcu+0x990/0x990 [ 618.285920] ? lock_downgrade+0x910/0x910 [ 618.290059] ? add_lock_to_list.isra.0+0x450/0x450 [ 618.294983] ? lockdep_init_map+0x10c/0x5b0 [ 618.299327] ? lockdep_init_map+0x10c/0x5b0 [ 618.303655] ? __init_waitqueue_head+0x92/0x150 [ 618.308345] ? init_wait_entry+0x1c0/0x1c0 [ 618.312587] ? __d_lookup+0x587/0x960 [ 618.316440] __lookup_slow+0x1fa/0x560 [ 618.320357] ? vfs_unlink+0x500/0x500 [ 618.324155] ? lock_release+0xc40/0xc40 [ 618.328160] ? __down_interruptible+0x740/0x740 [ 618.332845] ? inode_permission+0xb4/0x570 [ 618.337080] lookup_slow+0x58/0x80 [ 618.340622] lookup_one_len_unlocked+0xf6/0x100 [ 618.345315] ? lookup_slow+0x80/0x80 [ 618.349039] ovl_lookup_single+0x63/0x880 [ 618.353219] ovl_lookup_layer+0x40d/0x4c0 [ 618.357369] ? override_creds+0x190/0x1f0 [ 618.361516] ? ovl_dentry_upper+0x65/0x120 [ 618.365747] ? ovl_lookup_single+0x880/0x880 [ 618.370153] ? ovl_path_real+0x410/0x410 [ 618.374214] ovl_lookup+0x606/0x29b0 [ 618.377948] ? ovl_path_next+0x2e0/0x2e0 [ 618.382040] ? kasan_check_read+0x11/0x20 [ 618.386225] ? _raw_spin_unlock+0x2d/0x50 [ 618.390377] ? d_alloc+0x2a3/0x420 [ 618.394012] ? __d_alloc+0xbe0/0xbe0 [ 618.397751] ? lock_rename+0xdb/0x290 [ 618.401558] __lookup_hash+0x122/0x190 [ 618.405451] do_renameat2+0x6b2/0x1120 [ 618.409353] ? user_path_create+0x50/0x50 [ 618.413505] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 618.419038] ? fput+0x128/0x1a0 [ 618.422317] ? do_syscall_64+0x8c/0x800 [ 618.426296] ? lockdep_hardirqs_on+0x415/0x5d0 [ 618.430889] ? trace_hardirqs_on+0xbd/0x310 [ 618.435225] ? __ia32_sys_read+0xb0/0xb0 [ 618.439285] ? trace_hardirqs_off_caller+0x300/0x300 [ 618.444383] __x64_sys_renameat+0x9a/0x100 [ 618.448606] do_syscall_64+0x1a3/0x800 [ 618.452495] ? syscall_return_slowpath+0x5f0/0x5f0 [ 618.457429] ? prepare_exit_to_usermode+0x232/0x3b0 [ 618.462474] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 618.467316] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 618.472500] RIP: 0033:0x457ec9 [ 618.475687] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 618.494587] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 618.502297] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 618.509562] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 618.516813] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 618.524104] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 618.531372] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:20 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:20 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xec0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:20 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000100)={0xd29, 0x8, 0x4, {0x7, @raw_data="06dcfac7ccebaafdbe64a1ed3c69f358b13a9608efd289ed7ee97059ec6efabf478b14e422cd75323d012ed39412c620aaacc0e17cccf9140a780ae7d6e1cefcf0574a9c283125cf96496c3864972c15965311de0056b37982c774f2d68e54004ceb9305ac89a260dbcee1552ba4726c055a1cc48bc601dbc2a9a165603431f3037e10bd26d091055be82bacd4cb9046c253b56ccee9810dcfad7e70ec70cd2fb4c536fe74503657b0b58c44dd74decd322af547bf7292346bda411976493fff02aca9230b52c53e"}}) write$apparmor_current(r3, &(0x7f0000000200)=@hat={'permhat ', 0x2, 0x5e, ['--.securitywlan1em1self{\x00', '/dev/ptmx\x00']}, 0x3e) 18:06:20 executing program 1 (fault-call:9 fault-nth:14): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:20 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x40030000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 620.684868] FAULT_INJECTION: forcing a failure. [ 620.684868] name failslab, interval 1, probability 0, space 0, times 0 [ 620.717088] CPU: 0 PID: 25190 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 620.723987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 18:06:20 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) r3 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x200, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={&(0x7f0000000100)=@isdn={0x22, 0x40, 0xb1, 0xffffffff, 0x400}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000180)="57bc586d15c84582b9176f31e9266991c32ca06ed67d735b6e9de5910d5d7b4df3bcc3f496b6e54620281560bd678722f8b3f98127f04b1ea72c9e2a9f6d3c9ad1734659e9c556126deaf03b248c570732ea9c0811236075a5a176c71d2213ff46c2cf49cab2d15271a2e8b33a7b6cd7751dff2a454bfb33f731ec423966f29c7c9e90e603473e79903b9339b0c92f72440502a32d6e4b5d8d82a38e0fa29b32e1e6aeb2e9357f84e61858", 0xab}, {&(0x7f0000000240)="66b10ec8221ebde97a1d1d639a9a433f41dda59c185cba03254654004efeefb2e605808fa59fb4d73d9688a242adb1a80f9093a433eb382887fba9bc862d42f61f1904", 0x43}, {&(0x7f00000002c0)="389db8383e27e4cb4a700035745029a0e674b898f8d47231463ed43ff78b2c6b56bb84ce598d032bec556b08034cc899e8dc5a6d233b888f8fcbc21c3b3025b64d47f17b4e10fb9e4d3b51f77ce522f3406e7c6003c9fa145cdd6f6a6e65850c79937117f4eab7e9502e0562ee09cc6b05027baa11ced39c97b46c8037ab5afb5f6006e33171f99c2cbd43e1ca4cab532b92368f38a3bb8ea21534d3f2a842025209a25a3d1b0194157272d1d8a53a349731ed5b1bb35234", 0xb8}], 0x3, &(0x7f00000003c0)=[{0xc8, 0x1, 0x1, "01d98c93f0e422fb38ef4d72aeb11b92b4d1f2f4f4ce228210f629ec2e1b8e1372e1325b8d281ff6d8e59eb784e6ba93f507eb98174d8f4694fdb5dbe6b9b8183b7d25780a633567e8b25eaa0d1811ed7230393662300fce98c82f51f4a575df40c5df2a77ce127d849a1c15ffd47727e6e6b2053aa417c295c164959fd365ee358122d05d97433d2b256fac4de62f1ebad4a8ee49610b8135ff054092ee273fc3e2f3bc88c727c6d29bd5bf152b2f631ba010b9"}, {0x70, 0x110, 0x8, "e948f75fe0fa12015f3dfa9ff0b244a6260b46d2b603b3df3b95c4cdd24476b0debbd7ce5afcdeaf064739012cc7a91b10452d5726216c79a4bb75ad4b57f7a692fd917b7057a76ad189aeff7bf2cbfef9d7d9683c54f86a650121257d3b"}, {0xd0, 0x19f, 0x1, "56214d22aa62ced12e219a0654ea1412695e2205aa86cbf8333ef97d323460cdd11097ffc08b29192c5785a69bd9c72b7cac87b6707a1407cc272b52cc559848a5c4dd3077c62ff85eb81c38725aab8877b9d4988fc295cd484aaecee9ec90488feb1b787742e96275e4f564c228e58b0d14e90544a924beb134211c73bed88bc299710921c7fb805253312856598d6fb8328f08f57cc1c31556295f7f43e58125d087eeacbc2f3d8f63b1ed38a3c0f53606e520f254ab5c21b7b70e41c0"}], 0x208}, 0x4000) r4 = getegid() setfsgid(r4) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 620.733349] Call Trace: [ 620.735953] dump_stack+0x1db/0x2d0 [ 620.739598] ? dump_stack_print_info.cold+0x20/0x20 [ 620.744642] should_fail.cold+0xa/0x15 [ 620.748561] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 620.753686] ? ___might_sleep+0x1e7/0x310 [ 620.757845] ? arch_local_save_flags+0x50/0x50 [ 620.762452] __should_failslab+0x121/0x190 [ 620.766716] should_failslab+0x9/0x14 [ 620.770534] kmem_cache_alloc_trace+0x2d1/0x760 [ 620.775230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.780776] ? lookup_dcache+0x6d/0x140 [ 620.784828] ovl_encode_real_fh+0xc6/0x520 [ 620.789081] ? ovl_set_attr+0x530/0x530 [ 620.793065] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 620.798623] ? ovl_check_metacopy_xattr+0x7a/0x140 [ 620.803563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.809108] ? ovl_lookup_single+0xed/0x880 [ 620.813475] ovl_get_index_name+0x1d/0x80 [ 620.817659] ovl_lookup_index+0xdc/0x710 [ 620.821736] ? ovl_get_index_fh+0x2d0/0x2d0 [ 620.826072] ? ovl_path_real+0x410/0x410 [ 620.830173] ? ovl_lookup+0x12da/0x29b0 [ 620.834179] ovl_lookup+0xa26/0x29b0 [ 620.837956] ? ovl_path_next+0x2e0/0x2e0 [ 620.842022] ? kasan_check_read+0x11/0x20 [ 620.846209] ? _raw_spin_unlock+0x2d/0x50 [ 620.850374] ? d_alloc+0x2a3/0x420 [ 620.853940] ? __d_alloc+0xbe0/0xbe0 [ 620.857670] ? lock_rename+0xdb/0x290 [ 620.861498] __lookup_hash+0x122/0x190 [ 620.865395] do_renameat2+0x6b2/0x1120 [ 620.869309] ? user_path_create+0x50/0x50 [ 620.873483] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 620.879018] ? fput+0x128/0x1a0 18:06:21 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x4) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 620.882344] ? do_syscall_64+0x8c/0x800 [ 620.886337] ? lockdep_hardirqs_on+0x415/0x5d0 [ 620.890922] ? trace_hardirqs_on+0xbd/0x310 [ 620.895255] ? __ia32_sys_read+0xb0/0xb0 [ 620.899334] ? trace_hardirqs_off_caller+0x300/0x300 [ 620.904452] __x64_sys_renameat+0x9a/0x100 [ 620.908700] do_syscall_64+0x1a3/0x800 [ 620.912594] ? syscall_return_slowpath+0x5f0/0x5f0 [ 620.917545] ? prepare_exit_to_usermode+0x232/0x3b0 [ 620.922593] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 620.927468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 620.932667] RIP: 0033:0x457ec9 [ 620.935871] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 620.954776] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 620.954792] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 620.954816] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 620.954824] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 18:06:21 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:21 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 620.954833] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 620.954842] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:23 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:23 executing program 1 (fault-call:9 fault-nth:15): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:23 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:06:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x3000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:23 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x8001}) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r3 = perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x800, 0x40000000, 0x100000000, 0x4, 0x0, 0x9f, 0x88200, 0x2, 0xfffffffffffffffb, 0x8, 0xfffffffffffffe7a, 0x1, 0xf0, 0x5, 0xb6a0, 0x20, 0x6, 0x100000000, 0x6, 0x5, 0x4, 0x8, 0x6, 0xfff, 0x1, 0x8, 0x7, 0xffffffff, 0xffffffffffffffff, 0xfff, 0xcc31, 0x6, 0x6, 0x2, 0x4, 0x0, 0x0, 0x36, 0x4, @perf_config_ext={0x8000, 0x2}, 0x14800, 0xa6, 0xffffffffffff7fff, 0x8, 0xffff000000000000, 0x1}, 0xffffffffffffff9c, 0xe, 0xffffffffffffff9c, 0x0) ioctl$PERF_EVENT_IOC_ID(r3, 0x80082407, &(0x7f0000000140)) 18:06:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xffffff7f, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:23 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 623.704308] FAULT_INJECTION: forcing a failure. [ 623.704308] name failslab, interval 1, probability 0, space 0, times 0 [ 623.763802] CPU: 0 PID: 25233 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 623.770664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.780024] Call Trace: [ 623.782640] dump_stack+0x1db/0x2d0 [ 623.786298] ? dump_stack_print_info.cold+0x20/0x20 [ 623.791341] should_fail.cold+0xa/0x15 [ 623.795253] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 623.800367] ? ___might_sleep+0x1e7/0x310 [ 623.804524] ? arch_local_save_flags+0x50/0x50 [ 623.809148] __should_failslab+0x121/0x190 18:06:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x2, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:24 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 623.813401] should_failslab+0x9/0x14 [ 623.817214] __kmalloc+0x2dc/0x740 [ 623.820762] ? ovl_encode_real_fh+0x1a7/0x520 [ 623.825276] ovl_encode_real_fh+0x1a7/0x520 [ 623.829600] ? ovl_set_attr+0x530/0x530 [ 623.833598] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 623.839174] ? ovl_check_metacopy_xattr+0x7a/0x140 [ 623.844144] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 623.849681] ? ovl_lookup_single+0xed/0x880 [ 623.854014] ovl_get_index_name+0x1d/0x80 [ 623.858170] ovl_lookup_index+0xdc/0x710 [ 623.862298] ? ovl_get_index_fh+0x2d0/0x2d0 [ 623.866654] ? ovl_path_real+0x410/0x410 [ 623.870724] ? ovl_lookup+0x12da/0x29b0 [ 623.874711] ovl_lookup+0xa26/0x29b0 [ 623.878462] ? ovl_path_next+0x2e0/0x2e0 [ 623.882529] ? kasan_check_read+0x11/0x20 [ 623.886705] ? _raw_spin_unlock+0x2d/0x50 [ 623.890861] ? d_alloc+0x2a3/0x420 [ 623.890881] ? __d_alloc+0xbe0/0xbe0 [ 623.890896] ? lock_rename+0xdb/0x290 [ 623.890922] __lookup_hash+0x122/0x190 [ 623.890945] do_renameat2+0x6b2/0x1120 [ 623.905869] ? user_path_create+0x50/0x50 [ 623.905889] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 623.905904] ? fput+0x128/0x1a0 [ 623.922726] ? do_syscall_64+0x8c/0x800 [ 623.926711] ? lockdep_hardirqs_on+0x415/0x5d0 [ 623.931303] ? trace_hardirqs_on+0xbd/0x310 [ 623.935766] ? __ia32_sys_read+0xb0/0xb0 [ 623.939839] ? trace_hardirqs_off_caller+0x300/0x300 [ 623.944965] __x64_sys_renameat+0x9a/0x100 [ 623.949231] do_syscall_64+0x1a3/0x800 [ 623.953135] ? syscall_return_slowpath+0x5f0/0x5f0 [ 623.958087] ? prepare_exit_to_usermode+0x232/0x3b0 [ 623.963136] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 623.967991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 623.973200] RIP: 0033:0x457ec9 [ 623.976417] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 623.995321] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 624.003033] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 18:06:24 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:24 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x1c4, 0x10000) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000240)={0xa20000, 0x80, 0x0, [], &(0x7f0000000200)={0xa00001, 0x4, [], @p_u8=&(0x7f00000001c0)=0x800}}) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000000180)) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x100, 0x0) ioctl$EVIOCSABS2F(r4, 0x401845ef, &(0x7f0000000100)={0x1, 0x24b33ce, 0x559, 0x7, 0x7, 0xe8b144f}) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xab07000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 624.010305] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 624.017593] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 624.024894] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 624.032175] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:26 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:26 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:26 executing program 1 (fault-call:9 fault-nth:16): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:26 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)={r0}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000100)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000140)=0x14) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r4, 0x8000, 0xfffffffffffffff8, 0x7, 0x6, 0x2}, 0x14) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xffffffff00000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 626.740822] FAULT_INJECTION: forcing a failure. [ 626.740822] name failslab, interval 1, probability 0, space 0, times 0 [ 626.762363] CPU: 1 PID: 25270 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 626.769222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.778590] Call Trace: [ 626.781200] dump_stack+0x1db/0x2d0 [ 626.784861] ? dump_stack_print_info.cold+0x20/0x20 [ 626.789895] should_fail.cold+0xa/0x15 [ 626.793799] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 626.798924] ? ___might_sleep+0x1e7/0x310 [ 626.803084] ? arch_local_save_flags+0x50/0x50 [ 626.807690] __should_failslab+0x121/0x190 [ 626.811940] should_failslab+0x9/0x14 [ 626.815757] __kmalloc+0x2dc/0x740 [ 626.819338] ? ovl_encode_real_fh+0x1a7/0x520 [ 626.823849] ovl_encode_real_fh+0x1a7/0x520 [ 626.828180] ? ovl_set_attr+0x530/0x530 [ 626.832166] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 626.837705] ? ovl_check_metacopy_xattr+0x7a/0x140 [ 626.842636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 626.848202] ? ovl_lookup_single+0xed/0x880 [ 626.852525] ovl_get_index_name+0x1d/0x80 [ 626.856667] ovl_lookup_index+0xdc/0x710 [ 626.860758] ? ovl_get_index_fh+0x2d0/0x2d0 [ 626.865073] ? ovl_path_real+0x410/0x410 [ 626.869146] ? ovl_lookup+0x12da/0x29b0 [ 626.873156] ovl_lookup+0xa26/0x29b0 [ 626.876895] ? ovl_path_next+0x2e0/0x2e0 [ 626.880944] ? kasan_check_read+0x11/0x20 [ 626.885087] ? _raw_spin_unlock+0x2d/0x50 [ 626.889240] ? d_alloc+0x2a3/0x420 [ 626.892771] ? __d_alloc+0xbe0/0xbe0 [ 626.896471] ? lock_rename+0xdb/0x290 [ 626.900278] __lookup_hash+0x122/0x190 [ 626.904156] do_renameat2+0x6b2/0x1120 [ 626.908076] ? user_path_create+0x50/0x50 [ 626.912220] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 626.917743] ? fput+0x128/0x1a0 [ 626.921010] ? do_syscall_64+0x8c/0x800 [ 626.924982] ? lockdep_hardirqs_on+0x415/0x5d0 [ 626.929570] ? trace_hardirqs_on+0xbd/0x310 [ 626.933901] ? __ia32_sys_read+0xb0/0xb0 [ 626.937947] ? trace_hardirqs_off_caller+0x300/0x300 [ 626.943041] __x64_sys_renameat+0x9a/0x100 [ 626.947275] do_syscall_64+0x1a3/0x800 [ 626.951167] ? syscall_return_slowpath+0x5f0/0x5f0 [ 626.956106] ? prepare_exit_to_usermode+0x232/0x3b0 [ 626.961115] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 626.965948] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 626.971128] RIP: 0033:0x457ec9 18:06:27 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:27 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x8000000000000}) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x4000, 0x0) r4 = fcntl$dupfd(r2, 0x0, r1) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r0, r4}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r5 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x401, 0x0) write$smack_current(r5, &(0x7f0000000100)='/dev/ptmx\x00', 0xa) [ 626.974333] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 626.993236] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 627.000929] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 627.008199] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 627.015468] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 627.022731] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 627.029990] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x3f000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:27 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:27 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:27 executing program 1 (fault-call:9 fault-nth:17): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 627.300774] FAULT_INJECTION: forcing a failure. [ 627.300774] name failslab, interval 1, probability 0, space 0, times 0 [ 627.318729] CPU: 0 PID: 25305 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 627.325578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.334927] Call Trace: [ 627.334953] dump_stack+0x1db/0x2d0 [ 627.334979] ? dump_stack_print_info.cold+0x20/0x20 [ 627.334997] ? print_usage_bug+0xd0/0xd0 [ 627.335012] ? do_raw_spin_unlock+0xa0/0x330 [ 627.335035] should_fail.cold+0xa/0x15 [ 627.350357] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 627.350396] ? ___might_sleep+0x1e7/0x310 [ 627.350428] ? arch_local_save_flags+0x50/0x50 [ 627.350443] ? ovl_encode_real_fh+0x3b5/0x520 [ 627.350471] __should_failslab+0x121/0x190 [ 627.350489] should_failslab+0x9/0x14 [ 627.350519] __kmalloc+0x2dc/0x740 [ 627.388601] ? ovl_encode_real_fh+0x3ba/0x520 [ 627.393098] ? ovl_set_attr+0x530/0x530 [ 627.397072] ? ovl_get_index_name_fh+0x59/0x190 [ 627.401752] ovl_get_index_name_fh+0x59/0x190 [ 627.406255] ovl_get_index_name+0x48/0x80 [ 627.410414] ovl_lookup_index+0xdc/0x710 [ 627.414489] ? ovl_get_index_fh+0x2d0/0x2d0 [ 627.418811] ? ovl_path_real+0x410/0x410 [ 627.422859] ? ovl_lookup+0x12da/0x29b0 [ 627.426855] ovl_lookup+0xa26/0x29b0 [ 627.430584] ? ovl_path_next+0x2e0/0x2e0 [ 627.434645] ? kasan_check_read+0x11/0x20 [ 627.438795] ? _raw_spin_unlock+0x2d/0x50 [ 627.442929] ? d_alloc+0x2a3/0x420 [ 627.446458] ? __d_alloc+0xbe0/0xbe0 [ 627.450157] ? lock_rename+0xdb/0x290 [ 627.453958] __lookup_hash+0x122/0x190 [ 627.457840] do_renameat2+0x6b2/0x1120 [ 627.461745] ? user_path_create+0x50/0x50 [ 627.465917] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 627.471447] ? fput+0x128/0x1a0 [ 627.474724] ? do_syscall_64+0x8c/0x800 [ 627.478681] ? lockdep_hardirqs_on+0x415/0x5d0 [ 627.483250] ? trace_hardirqs_on+0xbd/0x310 [ 627.487559] ? __ia32_sys_read+0xb0/0xb0 [ 627.491619] ? trace_hardirqs_off_caller+0x300/0x300 [ 627.496722] __x64_sys_renameat+0x9a/0x100 [ 627.500951] do_syscall_64+0x1a3/0x800 [ 627.504866] ? syscall_return_slowpath+0x5f0/0x5f0 [ 627.509818] ? prepare_exit_to_usermode+0x232/0x3b0 [ 627.514835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 627.519664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 627.524846] RIP: 0033:0x457ec9 [ 627.528020] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 627.546914] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 627.554613] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 627.561922] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 627.569192] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 627.576495] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 627.583778] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:29 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x2001001, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xe000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:29 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:06:29 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) r6 = gettid() write$cgroup_pid(r4, &(0x7f00000001c0)=r6, 0x12) 18:06:29 executing program 1 (fault-call:9 fault-nth:18): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 629.804396] FAULT_INJECTION: forcing a failure. [ 629.804396] name failslab, interval 1, probability 0, space 0, times 0 [ 629.835126] CPU: 1 PID: 25316 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 629.842008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.851363] Call Trace: 18:06:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf00, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 629.853970] dump_stack+0x1db/0x2d0 [ 629.857625] ? dump_stack_print_info.cold+0x20/0x20 [ 629.862665] ? print_usage_bug+0xd0/0xd0 [ 629.866745] should_fail.cold+0xa/0x15 [ 629.870644] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 629.875746] ? ___might_sleep+0x1e7/0x310 [ 629.879879] ? arch_local_save_flags+0x50/0x50 [ 629.884464] ? mark_held_locks+0x100/0x100 [ 629.888712] __should_failslab+0x121/0x190 [ 629.892946] should_failslab+0x9/0x14 [ 629.896740] kmem_cache_alloc+0x2be/0x710 [ 629.900892] __d_alloc+0xae/0xbe0 [ 629.904349] ? __lock_acquire+0x572/0x4a30 [ 629.908583] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 629.913588] ? avc_has_perm_noaudit+0x418/0x630 [ 629.918270] ? find_held_lock+0x35/0x120 [ 629.922363] ? print_usage_bug+0xd0/0xd0 [ 629.926438] ? add_lock_to_list.isra.0+0x450/0x450 [ 629.931369] d_alloc+0x99/0x420 [ 629.934649] ? __d_alloc+0xbe0/0xbe0 [ 629.938359] ? __lock_acquire+0x572/0x4a30 [ 629.942596] ? find_held_lock+0x35/0x120 [ 629.946670] d_alloc_parallel+0x11b/0x1f10 [ 629.950914] ? mark_held_locks+0x100/0x100 [ 629.955224] ? __d_lookup+0x560/0x960 [ 629.959025] ? find_held_lock+0x35/0x120 [ 629.963088] ? __d_lookup_rcu+0x990/0x990 [ 629.967261] ? lock_downgrade+0x910/0x910 [ 629.971408] ? add_lock_to_list.isra.0+0x450/0x450 [ 629.976358] ? lockdep_init_map+0x10c/0x5b0 [ 629.980667] ? lockdep_init_map+0x10c/0x5b0 [ 629.984981] ? __init_waitqueue_head+0x92/0x150 [ 629.989644] ? init_wait_entry+0x1c0/0x1c0 [ 629.993865] ? __d_lookup+0x587/0x960 [ 629.997656] __lookup_slow+0x1fa/0x560 [ 630.001552] ? vfs_unlink+0x500/0x500 [ 630.005345] ? lock_release+0xc40/0xc40 [ 630.009348] ? __down_interruptible+0x740/0x740 [ 630.014014] ? inode_permission+0xb4/0x570 [ 630.018237] lookup_slow+0x58/0x80 [ 630.021790] lookup_one_len_unlocked+0xf6/0x100 [ 630.026482] ? lookup_slow+0x80/0x80 [ 630.030224] ovl_lookup_index+0x1c6/0x710 [ 630.034362] ? ovl_get_index_fh+0x2d0/0x2d0 [ 630.038667] ? ovl_path_real+0x410/0x410 [ 630.042754] ? ovl_lookup+0x12da/0x29b0 [ 630.046728] ovl_lookup+0xa26/0x29b0 [ 630.050456] ? ovl_path_next+0x2e0/0x2e0 [ 630.054711] ? kasan_check_read+0x11/0x20 [ 630.058850] ? _raw_spin_unlock+0x2d/0x50 [ 630.062986] ? d_alloc+0x2a3/0x420 [ 630.066529] ? __d_alloc+0xbe0/0xbe0 [ 630.070227] ? lock_rename+0xdb/0x290 [ 630.074025] __lookup_hash+0x122/0x190 [ 630.077900] do_renameat2+0x6b2/0x1120 [ 630.081831] ? user_path_create+0x50/0x50 [ 630.085975] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 630.091498] ? fput+0x128/0x1a0 [ 630.094779] ? do_syscall_64+0x8c/0x800 [ 630.098749] ? lockdep_hardirqs_on+0x415/0x5d0 [ 630.103325] ? trace_hardirqs_on+0xbd/0x310 [ 630.107637] ? __ia32_sys_read+0xb0/0xb0 [ 630.111686] ? trace_hardirqs_off_caller+0x300/0x300 [ 630.116783] __x64_sys_renameat+0x9a/0x100 [ 630.121014] do_syscall_64+0x1a3/0x800 [ 630.124912] ? syscall_return_slowpath+0x5f0/0x5f0 [ 630.129830] ? prepare_exit_to_usermode+0x232/0x3b0 [ 630.134845] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 630.139696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.144880] RIP: 0033:0x457ec9 [ 630.148109] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 630.167009] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 630.174703] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 630.181953] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 630.189322] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 630.196582] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 18:06:30 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:30 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 630.203850] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 [ 630.225363] overlayfs: failed inode index lookup (ino=82048, key=00fb210001d5cbdb408bbf4c4ebca724ba8ed65e32e893ca7b8040010000000000, err=-12); [ 630.225363] overlayfs: mount with '-o index=off' to disable inodes index. 18:06:30 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x2000) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xfffffff0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:30 executing program 1 (fault-call:9 fault-nth:19): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:30 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 630.510974] FAULT_INJECTION: forcing a failure. [ 630.510974] name failslab, interval 1, probability 0, space 0, times 0 [ 630.523605] CPU: 1 PID: 25348 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 630.530458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.539841] Call Trace: [ 630.542450] dump_stack+0x1db/0x2d0 [ 630.546101] ? dump_stack_print_info.cold+0x20/0x20 [ 630.551120] ? do_renameat2+0x6b2/0x1120 [ 630.555166] ? __x64_sys_renameat+0x9a/0x100 [ 630.559570] ? do_syscall_64+0x1a3/0x800 [ 630.563616] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.568982] should_fail.cold+0xa/0x15 [ 630.572855] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 630.577949] ? ___might_sleep+0x1e7/0x310 [ 630.582084] ? arch_local_save_flags+0x50/0x50 [ 630.586649] ? __lock_is_held+0xb6/0x140 [ 630.590722] __should_failslab+0x121/0x190 [ 630.594956] should_failslab+0x9/0x14 [ 630.598748] __kmalloc+0x2dc/0x740 [ 630.602284] ? kmem_cache_alloc+0x341/0x710 [ 630.606609] ? __d_alloc+0x767/0xbe0 [ 630.610372] __d_alloc+0x767/0xbe0 [ 630.613904] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 630.618907] ? avc_has_perm_noaudit+0x418/0x630 [ 630.623594] ? find_held_lock+0x35/0x120 [ 630.627667] ? print_usage_bug+0xd0/0xd0 [ 630.631713] ? add_lock_to_list.isra.0+0x450/0x450 [ 630.636626] d_alloc+0x99/0x420 [ 630.639889] ? __d_alloc+0xbe0/0xbe0 [ 630.643585] ? __lock_acquire+0x572/0x4a30 [ 630.647811] ? find_held_lock+0x35/0x120 [ 630.651885] d_alloc_parallel+0x11b/0x1f10 [ 630.656116] ? mark_held_locks+0x100/0x100 [ 630.660362] ? __d_lookup+0x560/0x960 [ 630.664145] ? find_held_lock+0x35/0x120 [ 630.668196] ? __d_lookup_rcu+0x990/0x990 [ 630.672353] ? lock_downgrade+0x910/0x910 [ 630.676490] ? add_lock_to_list.isra.0+0x450/0x450 [ 630.681433] ? lockdep_init_map+0x10c/0x5b0 [ 630.685740] ? lockdep_init_map+0x10c/0x5b0 [ 630.690051] ? __init_waitqueue_head+0x92/0x150 [ 630.694708] ? init_wait_entry+0x1c0/0x1c0 [ 630.698950] ? __d_lookup+0x587/0x960 [ 630.702778] __lookup_slow+0x1fa/0x560 [ 630.706666] ? vfs_unlink+0x500/0x500 [ 630.710469] ? lock_release+0xc40/0xc40 [ 630.714452] ? __down_interruptible+0x740/0x740 [ 630.719107] ? inode_permission+0xb4/0x570 [ 630.723346] lookup_slow+0x58/0x80 [ 630.726873] lookup_one_len_unlocked+0xf6/0x100 [ 630.731531] ? lookup_slow+0x80/0x80 [ 630.735255] ovl_lookup_index+0x1c6/0x710 [ 630.739407] ? ovl_get_index_fh+0x2d0/0x2d0 [ 630.743714] ? ovl_path_real+0x410/0x410 [ 630.747762] ? ovl_lookup+0x12da/0x29b0 [ 630.751734] ovl_lookup+0xa26/0x29b0 [ 630.755477] ? ovl_path_next+0x2e0/0x2e0 [ 630.759551] ? kasan_check_read+0x11/0x20 [ 630.763744] ? _raw_spin_unlock+0x2d/0x50 [ 630.767891] ? d_alloc+0x2a3/0x420 [ 630.771421] ? __d_alloc+0xbe0/0xbe0 [ 630.775130] ? lock_rename+0xdb/0x290 [ 630.778933] __lookup_hash+0x122/0x190 [ 630.782807] do_renameat2+0x6b2/0x1120 [ 630.786715] ? user_path_create+0x50/0x50 [ 630.790855] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 630.796392] ? fput+0x128/0x1a0 [ 630.799659] ? do_syscall_64+0x8c/0x800 [ 630.803615] ? lockdep_hardirqs_on+0x415/0x5d0 [ 630.808191] ? trace_hardirqs_on+0xbd/0x310 [ 630.812534] ? __ia32_sys_read+0xb0/0xb0 [ 630.816586] ? trace_hardirqs_off_caller+0x300/0x300 [ 630.821700] __x64_sys_renameat+0x9a/0x100 [ 630.825922] do_syscall_64+0x1a3/0x800 [ 630.829795] ? syscall_return_slowpath+0x5f0/0x5f0 [ 630.834711] ? prepare_exit_to_usermode+0x232/0x3b0 [ 630.839729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 630.844583] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.849773] RIP: 0033:0x457ec9 [ 630.852963] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 630.871850] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 630.879538] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 630.886788] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 630.894056] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 630.901310] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 630.908571] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 [ 630.917151] overlayfs: failed inode index lookup (ino=82104, key=00fb21000115fb6cbd3be0441583b72d4beed42dd5e92cdf50b840010000000000, err=-12); [ 630.917151] overlayfs: mount with '-o index=off' to disable inodes index. 18:06:32 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x7ab, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:32 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000040)) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x900, 0x0) r2 = syz_open_pts(r1, 0x0) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x400300, 0x0) getpeername$llc(r1, &(0x7f0000000400)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000440)=0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x0, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f00000003c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000140), r4}}, 0x18) write$binfmt_misc(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:32 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:32 executing program 1 (fault-call:9 fault-nth:20): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:33 executing program 2: r0 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x7, 0x670042) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000140)) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hwrng\x00', 0xa9106b0089da64e8, 0x0) ioctl$UI_SET_PROPBIT(r4, 0x4004556e, 0x13) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) [ 632.898397] FAULT_INJECTION: forcing a failure. [ 632.898397] name failslab, interval 1, probability 0, space 0, times 0 [ 632.940022] CPU: 0 PID: 25357 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 632.946885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 632.956243] Call Trace: [ 632.958869] dump_stack+0x1db/0x2d0 [ 632.962512] ? dump_stack_print_info.cold+0x20/0x20 [ 632.967539] ? add_lock_to_list.isra.0+0x450/0x450 [ 632.972499] should_fail.cold+0xa/0x15 [ 632.976402] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 632.981527] ? ___might_sleep+0x1e7/0x310 [ 632.985690] ? arch_local_save_flags+0x50/0x50 [ 632.990298] ? do_raw_spin_unlock+0xa0/0x330 [ 632.994723] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 632.999869] __should_failslab+0x121/0x190 [ 633.004117] should_failslab+0x9/0x14 [ 633.007922] kmem_cache_alloc+0x2be/0x710 [ 633.012105] ? _raw_spin_unlock+0x2d/0x50 [ 633.016288] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 633.021833] ? ilookup5_nowait+0xaa/0xc0 [ 633.025902] ? ovl_i_callback+0x30/0x30 [ 633.029882] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 633.034982] ovl_alloc_inode+0x1c/0x190 [ 633.034998] alloc_inode+0x66/0x190 [ 633.035015] iget5_locked+0x63/0xe0 [ 633.035028] ? ovl_inode_test+0x50/0x50 [ 633.035045] ovl_get_inode+0x97c/0xd6d [ 633.035058] ? ovl_alloc_entry+0x25/0x70 [ 633.035080] ovl_lookup+0xda2/0x29b0 [ 633.035116] ? ovl_path_next+0x2e0/0x2e0 [ 633.066405] ? kasan_check_read+0x11/0x20 [ 633.070582] ? _raw_spin_unlock+0x2d/0x50 [ 633.074760] ? __d_alloc+0xbe0/0xbe0 [ 633.078480] ? lock_rename+0xdb/0x290 [ 633.082303] __lookup_hash+0x122/0x190 [ 633.086216] do_renameat2+0x6b2/0x1120 [ 633.090127] ? user_path_create+0x50/0x50 [ 633.094266] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 633.099785] ? fput+0x128/0x1a0 [ 633.103064] ? do_syscall_64+0x8c/0x800 [ 633.107021] ? lockdep_hardirqs_on+0x415/0x5d0 [ 633.111586] ? trace_hardirqs_on+0xbd/0x310 [ 633.115886] ? __ia32_sys_read+0xb0/0xb0 [ 633.119940] ? trace_hardirqs_off_caller+0x300/0x300 [ 633.125030] __x64_sys_renameat+0x9a/0x100 [ 633.129270] do_syscall_64+0x1a3/0x800 [ 633.133144] ? syscall_return_slowpath+0x5f0/0x5f0 [ 633.138069] ? prepare_exit_to_usermode+0x232/0x3b0 [ 633.143074] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 633.147900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 633.153068] RIP: 0033:0x457ec9 [ 633.156243] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 633.175123] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 633.182825] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 633.190074] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 633.197325] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 633.204577] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 633.211826] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:33 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x34000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:33 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:33 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYPTR, @ANYRESHEX, @ANYRESOCT, @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYPTR=&(0x7f0000000200)=ANY=[@ANYRES64=r2, @ANYRES16=r2, @ANYRES64=0x0, @ANYPTR, @ANYRESDEC=r0, @ANYRES64=0x0, @ANYRESDEC=r2]]], 0x4b) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r3 = msgget(0x2, 0x0) msgctl$IPC_INFO(r3, 0x3, &(0x7f00000000c0)=""/221) 18:06:33 executing program 1 (fault-call:9 fault-nth:21): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 633.363969] FAULT_INJECTION: forcing a failure. [ 633.363969] name failslab, interval 1, probability 0, space 0, times 0 [ 633.380510] CPU: 0 PID: 25378 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 633.387396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 633.396765] Call Trace: [ 633.399381] dump_stack+0x1db/0x2d0 [ 633.403022] ? dump_stack_print_info.cold+0x20/0x20 [ 633.408046] ? add_lock_to_list.isra.0+0x450/0x450 [ 633.412986] should_fail.cold+0xa/0x15 [ 633.416881] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 633.422046] ? ___might_sleep+0x1e7/0x310 [ 633.426211] ? arch_local_save_flags+0x50/0x50 [ 633.430810] ? do_raw_spin_unlock+0xa0/0x330 [ 633.435233] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 633.440342] __should_failslab+0x121/0x190 [ 633.444595] should_failslab+0x9/0x14 [ 633.448432] kmem_cache_alloc+0x2be/0x710 [ 633.452603] ? _raw_spin_unlock+0x2d/0x50 [ 633.456760] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 633.462307] ? ilookup5_nowait+0xaa/0xc0 [ 633.466379] ? ovl_i_callback+0x30/0x30 [ 633.470359] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 633.475469] ovl_alloc_inode+0x1c/0x190 [ 633.479471] alloc_inode+0x66/0x190 [ 633.483122] iget5_locked+0x63/0xe0 [ 633.486773] ? ovl_inode_test+0x50/0x50 [ 633.490770] ovl_get_inode+0x97c/0xd6d [ 633.494664] ? ovl_alloc_entry+0x25/0x70 [ 633.498743] ovl_lookup+0xda2/0x29b0 [ 633.502498] ? ovl_path_next+0x2e0/0x2e0 [ 633.506562] ? kasan_check_read+0x11/0x20 [ 633.510731] ? _raw_spin_unlock+0x2d/0x50 18:06:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf00000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 633.514896] ? __d_alloc+0xbe0/0xbe0 [ 633.518604] ? lock_rename+0xdb/0x290 [ 633.522412] __lookup_hash+0x122/0x190 [ 633.526310] do_renameat2+0x6b2/0x1120 [ 633.530270] ? user_path_create+0x50/0x50 [ 633.534438] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 633.539986] ? fput+0x128/0x1a0 [ 633.543277] ? do_syscall_64+0x8c/0x800 [ 633.547280] ? lockdep_hardirqs_on+0x415/0x5d0 [ 633.551868] ? trace_hardirqs_on+0xbd/0x310 [ 633.556213] ? __ia32_sys_read+0xb0/0xb0 [ 633.556230] ? trace_hardirqs_off_caller+0x300/0x300 [ 633.556253] __x64_sys_renameat+0x9a/0x100 [ 633.569648] do_syscall_64+0x1a3/0x800 [ 633.569667] ? syscall_return_slowpath+0x5f0/0x5f0 [ 633.569685] ? prepare_exit_to_usermode+0x232/0x3b0 [ 633.583539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 633.588396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 633.593590] RIP: 0033:0x457ec9 [ 633.596786] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 633.615705] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 633.623428] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 633.630725] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 633.637995] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 633.645263] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 633.652543] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:36 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:36 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x2701, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r1, 0xc0385720, &(0x7f0000000100)={0x0, {0x0, 0x989680}, 0x9, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:06:36 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xe00000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:36 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:36 executing program 1 (fault-call:9 fault-nth:22): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 635.979457] FAULT_INJECTION: forcing a failure. [ 635.979457] name failslab, interval 1, probability 0, space 0, times 0 [ 636.010199] CPU: 0 PID: 25408 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 636.017069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 636.026429] Call Trace: 18:06:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x400000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xc00e, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 636.029047] dump_stack+0x1db/0x2d0 [ 636.032711] ? dump_stack_print_info.cold+0x20/0x20 [ 636.037853] ? kernel_text_address+0x73/0xf0 [ 636.042279] should_fail.cold+0xa/0x15 [ 636.046194] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 636.051314] ? ___might_sleep+0x1e7/0x310 [ 636.055981] ? save_stack+0xa9/0xd0 [ 636.059613] ? arch_local_save_flags+0x50/0x50 [ 636.064228] ? kasan_kmalloc+0xcf/0xe0 [ 636.068120] ? kasan_slab_alloc+0xf/0x20 [ 636.072206] ? kmem_cache_alloc+0x12d/0x710 18:06:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xa, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 636.076540] ? ovl_alloc_inode+0x1c/0x190 [ 636.080710] ? alloc_inode+0x66/0x190 [ 636.084520] ? iget5_locked+0x63/0xe0 [ 636.088331] ? ovl_get_inode+0x97c/0xd6d [ 636.092410] __should_failslab+0x121/0x190 [ 636.096654] should_failslab+0x9/0x14 [ 636.100462] kmem_cache_alloc+0x2be/0x710 [ 636.104623] ? lock_downgrade+0x910/0x910 [ 636.108965] ? kasan_check_read+0x11/0x20 [ 636.113142] selinux_inode_alloc_security+0x108/0x3b0 [ 636.118345] ? inode_free_rcu+0x20/0x20 [ 636.122330] ? __put_user_ns+0x70/0x70 [ 636.126242] ? ovl_alloc_inode+0x1c/0x190 [ 636.130398] ? lockdep_init_map+0x10c/0x5b0 [ 636.134727] security_inode_alloc+0x90/0xe0 [ 636.139117] inode_init_always+0x662/0xd30 [ 636.143351] ? get_nr_inodes+0x110/0x110 [ 636.147399] ? _raw_spin_unlock+0x2d/0x50 [ 636.151542] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 636.157071] ? ilookup5_nowait+0xaa/0xc0 [ 636.161152] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 636.166268] alloc_inode+0x83/0x190 [ 636.169880] iget5_locked+0x63/0xe0 [ 636.173529] ? ovl_inode_test+0x50/0x50 [ 636.177503] ovl_get_inode+0x97c/0xd6d [ 636.181390] ? ovl_alloc_entry+0x25/0x70 [ 636.185560] ovl_lookup+0xda2/0x29b0 [ 636.189274] ? ovl_path_next+0x2e0/0x2e0 [ 636.193321] ? kasan_check_read+0x11/0x20 [ 636.197495] ? _raw_spin_unlock+0x2d/0x50 [ 636.201683] ? __d_alloc+0xbe0/0xbe0 [ 636.205390] ? lock_rename+0xdb/0x290 [ 636.209217] __lookup_hash+0x122/0x190 [ 636.213093] do_renameat2+0x6b2/0x1120 [ 636.216989] ? user_path_create+0x50/0x50 [ 636.221141] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 636.226662] ? fput+0x128/0x1a0 [ 636.229926] ? do_syscall_64+0x8c/0x800 [ 636.233893] ? lockdep_hardirqs_on+0x415/0x5d0 [ 636.238478] ? trace_hardirqs_on+0xbd/0x310 [ 636.242797] ? __ia32_sys_read+0xb0/0xb0 [ 636.246840] ? trace_hardirqs_off_caller+0x300/0x300 [ 636.251930] __x64_sys_renameat+0x9a/0x100 [ 636.256156] do_syscall_64+0x1a3/0x800 [ 636.260072] ? syscall_return_slowpath+0x5f0/0x5f0 [ 636.264991] ? prepare_exit_to_usermode+0x232/0x3b0 [ 636.269996] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 636.274843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 636.280014] RIP: 0033:0x457ec9 [ 636.283215] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 636.302110] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 636.309829] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 636.317080] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 18:06:36 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:36 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000140)="91df6cda99a5d243979cf9a9469ca9bdcf363a073118a20cac3d3d4e27750e14520d3d6a68a7d0c1625e1c2c6d6ef6deee590d6f5b305e97d4768d254ba246d0f53c32f2d22260dd0a290e13bdb64497303b9fa773813407369e7e64a09dcc76c010287e83ef64fe72198930290936638ff570024af87b5919a37c409113f9707a5c7e60138a", 0x86, 0xfffffffffffffffa) r3 = add_key$user(&(0x7f00000005c0)='user\x00', &(0x7f0000000600)={'syz', 0x3}, &(0x7f0000000640)="e38dc0b1476a534e2f489492c300900d6ef562e472aa7594f7455eec8c2f69cb370f1286c35205dd1787cb6019a83b466cff596257b270b77075e049d33b5ab623c07ce4e25ea333ba247096e27fd179b49d04683c4dd5814f6ca858b1d7d2822edada959ddd45120bd262c655d4934637f31595fa0a3ff555a1063bda0a24194c25bbd57de0b706fba609", 0x8b, 0xfffffffffffffffd) keyctl$instantiate_iov(0x14, r2, &(0x7f0000000540)=[{&(0x7f0000000200)="26821726c56b642beb6b4cb2f6428d8aa0b874be29470f5a901a9b6d4aeb4c4c1a3014d555c674c82db1e24eee3368333308ffde5bc2c350d1b161bb864450d664ee3e50440293b9056a55c8bb77c1c8f53537b4008d0c56e93e28edcc41d5e0d3994e9e0ea00a3975e55ea933949231438dad7e203a7009390c62ddd504740c9b39ee12f4987f1682b639ea2008ce601a4210e24e083c7dd7b3141aa6f1eb8b0a6b4535835bf3e56cc874a672d08af227ddfbe0c01db7c5f51874547712dbf9b478fc", 0xc3}, {0x0}, {&(0x7f0000000300)="90542f05c2cd8db0bc8a9d64f8f5edcb77eb2f5b87e2b7fcd2", 0x19}, {&(0x7f0000000340)="92d297b6ca869f3db7fd7ef0d4e9524b19baaa7aa8cc4c689242c302a16b552d2a5f37b60880a09071d00fbd4c653e3ac77458fa3eaa7438b4ebdec05479559bcc5d02e527140e2e03", 0x49}, {&(0x7f00000003c0)="0b3a65ca3212ba245a45fdb863cc53d9b2d82bfcad364677b77d4bc3cebe2237021eff260a5ca11f97dbca6ebadfb396bb896b4ab3a500f2d38818f8255d5a63e36f082517673b1954c024535b1fd2d518a8709e56586a940a44d21e07dc0cc931259c464082554bcef8c06c2196adfe836f6f09d629e73b8bb03727666c01e801cd", 0x82}, {&(0x7f0000000480)="9e5c9dcf30a7000aac02855d54428be5cb5939d515409085fea3bb668f12a25bf3a263133a9bccaf809cc3ebc4bbb50605a12b09c513a46a9c35c53a3c229c195335f5d2f7f40d3496ebd8fe444583a9b18f2007ce18eeae62370034943e778e076960c51c3e57d509004a5df4d8bf6fcfabf678a24a12042baceee9d2fd4400cbd01b6f573d1764678d19f30d845e458b2b5da19ad711b1d346af5812ecb63144f0387c8ecc77", 0xa7}], 0x6, r3) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r4 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) [ 636.324329] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 636.331587] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 636.338840] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x10, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:39 executing program 1 (fault-call:9 fault-nth:23): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:39 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:39 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x80000, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:39 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x2000, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x404}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xe8, r1, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x8f}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7ff}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'nlmon0\x00'}]}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7f93acef}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x9}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xffffffffffffffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0xe8}, 0x1, 0x0, 0x0, 0x4000}, 0x800) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000004c0)={0x1000, 0x0, 0x10001, 0x1}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000500)={0x6, r2, 0x10002, 0x401}) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000600)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x24, r3, 0x200, 0x2, 0x25dfdbfe, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0xffff}}, ["", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40040}, 0x4000) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$KDSKBMODE(r5, 0x4b45, &(0x7f0000000700)=0x9) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000040)) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x200002, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000000c0)=@assoc_id=0x0, &(0x7f0000000100)=0x4) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000140)={r7}, &(0x7f0000000180)=0xc) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000440)={0x0, 0x0}) syslog(0x9, &(0x7f0000000540)=""/90, 0x5a) ioctl$DRM_IOCTL_GEM_OPEN(r6, 0xc010640b, &(0x7f0000000480)={r8, 0x0, 0x1}) r9 = syz_open_pts(r5, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000001c0)=0x19) 18:06:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x6000000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:39 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:39 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 639.061908] FAULT_INJECTION: forcing a failure. [ 639.061908] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 639.073754] CPU: 0 PID: 25445 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 639.080593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.089943] Call Trace: [ 639.092543] dump_stack+0x1db/0x2d0 [ 639.092568] ? dump_stack_print_info.cold+0x20/0x20 [ 639.092586] ? lock_downgrade+0x910/0x910 [ 639.092605] ? kasan_check_read+0x11/0x20 18:06:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf0ffffff, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 639.092631] should_fail.cold+0xa/0x15 [ 639.092650] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 639.118636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 639.124208] ? rcu_read_unlock+0x16/0x60 [ 639.128295] ? find_held_lock+0x35/0x120 [ 639.132372] ? rcu_read_unlock+0x16/0x60 [ 639.136463] should_fail_alloc_page+0x50/0x60 [ 639.140987] __alloc_pages_nodemask+0x323/0xdc0 [ 639.145665] ? lock_downgrade+0x910/0x910 [ 639.149817] ? kasan_check_read+0x11/0x20 [ 639.153978] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 18:06:39 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) [ 639.159270] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 639.164322] ? ___might_sleep+0x1e7/0x310 [ 639.168484] ? trace_hardirqs_off+0xb8/0x310 [ 639.172909] cache_grow_begin+0x9c/0x8c0 [ 639.177002] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 639.182582] ? check_preemption_disabled+0x48/0x290 [ 639.187638] kmem_cache_alloc+0x645/0x710 [ 639.191800] ? _raw_spin_unlock+0x2d/0x50 [ 639.195962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 639.201511] ? ilookup5_nowait+0xaa/0xc0 [ 639.205608] ? ovl_i_callback+0x30/0x30 18:06:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x10000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:39 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 639.209600] ? ovl_get_redirect_xattr.cold+0x3a/0x3a [ 639.214740] ovl_alloc_inode+0x1c/0x190 [ 639.218726] alloc_inode+0x66/0x190 [ 639.222360] iget5_locked+0x63/0xe0 [ 639.225997] ? ovl_inode_test+0x50/0x50 [ 639.229998] ovl_get_inode+0x97c/0xd6d [ 639.233889] ? ovl_alloc_entry+0x25/0x70 [ 639.238012] ovl_lookup+0xda2/0x29b0 [ 639.241770] ? ovl_path_next+0x2e0/0x2e0 [ 639.245839] ? kasan_check_read+0x11/0x20 [ 639.250013] ? _raw_spin_unlock+0x2d/0x50 [ 639.254173] ? __d_alloc+0xbe0/0xbe0 [ 639.257923] ? lock_rename+0xdb/0x290 [ 639.261745] __lookup_hash+0x122/0x190 [ 639.261767] do_renameat2+0x6b2/0x1120 [ 639.261799] ? user_path_create+0x50/0x50 [ 639.261819] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 639.261850] ? fput+0x128/0x1a0 [ 639.282591] ? do_syscall_64+0x8c/0x800 [ 639.286581] ? lockdep_hardirqs_on+0x415/0x5d0 [ 639.291184] ? trace_hardirqs_on+0xbd/0x310 [ 639.295529] ? __ia32_sys_read+0xb0/0xb0 [ 639.299603] ? trace_hardirqs_off_caller+0x300/0x300 [ 639.304730] __x64_sys_renameat+0x9a/0x100 [ 639.308973] do_syscall_64+0x1a3/0x800 18:06:39 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 639.312871] ? syscall_return_slowpath+0x5f0/0x5f0 [ 639.317811] ? prepare_exit_to_usermode+0x232/0x3b0 [ 639.322840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 639.327703] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 639.332921] RIP: 0033:0x457ec9 [ 639.336123] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 639.355030] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 639.362743] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 639.370017] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 639.377286] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 639.384569] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 639.391885] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:39 executing program 1 (fault-call:9 fault-nth:24): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x4, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f023c123f3188a070") r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x80, 0x0) ioctl$SIOCGIFHWADDR(r1, 0x8927, &(0x7f0000000200)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0xffffffbffffffffc, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="cd"]) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000440)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r3, 0x8008ae9d, &(0x7f0000000180)=""/117) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCCBRK(r6, 0x5428) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000040)) r7 = syz_open_pts(r6, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r6, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r7, 0x5412, &(0x7f0000000000)) [ 639.574835] FAULT_INJECTION: forcing a failure. [ 639.574835] name failslab, interval 1, probability 0, space 0, times 0 [ 639.587034] CPU: 0 PID: 25489 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 639.593898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.603259] Call Trace: [ 639.605852] dump_stack+0x1db/0x2d0 [ 639.609530] ? dump_stack_print_info.cold+0x20/0x20 [ 639.614552] ? kernel_poison_pages+0x16e/0x2b0 [ 639.619132] ? kasan_unpoison_shadow+0x35/0x50 [ 639.623709] should_fail.cold+0xa/0x15 [ 639.627583] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 639.632691] ? ___might_sleep+0x1e7/0x310 [ 639.636865] ? arch_local_save_flags+0x50/0x50 [ 639.641462] ? mark_held_locks+0x100/0x100 [ 639.645701] __should_failslab+0x121/0x190 [ 639.649927] should_failslab+0x9/0x14 [ 639.653712] kmem_cache_alloc+0x2be/0x710 [ 639.657846] ? check_noncircular+0x20/0x20 [ 639.662071] __d_alloc+0xae/0xbe0 [ 639.665520] ? __lock_acquire+0x572/0x4a30 [ 639.669739] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 639.674750] ? avc_has_perm_noaudit+0x418/0x630 [ 639.679430] ? find_held_lock+0x35/0x120 [ 639.683494] ? print_usage_bug+0xd0/0xd0 [ 639.687558] ? add_lock_to_list.isra.0+0x450/0x450 [ 639.692489] d_alloc+0x99/0x420 [ 639.695775] ? __d_alloc+0xbe0/0xbe0 [ 639.699476] ? __lock_acquire+0x572/0x4a30 [ 639.703722] ? find_held_lock+0x35/0x120 [ 639.707783] d_alloc_parallel+0x11b/0x1f10 [ 639.712019] ? mark_held_locks+0x100/0x100 [ 639.716340] ? __d_lookup+0x560/0x960 [ 639.720137] ? find_held_lock+0x35/0x120 [ 639.724196] ? __d_lookup_rcu+0x990/0x990 [ 639.728390] ? lock_downgrade+0x910/0x910 [ 639.732573] ? add_lock_to_list.isra.0+0x450/0x450 [ 639.737511] ? lockdep_init_map+0x10c/0x5b0 [ 639.741841] ? lockdep_init_map+0x10c/0x5b0 [ 639.746169] ? __init_waitqueue_head+0x92/0x150 [ 639.750847] ? init_wait_entry+0x1c0/0x1c0 [ 639.755088] ? __d_lookup+0x587/0x960 [ 639.758887] __lookup_slow+0x1fa/0x560 [ 639.762769] ? vfs_unlink+0x500/0x500 [ 639.766552] ? lock_release+0xc40/0xc40 [ 639.770544] ? __down_interruptible+0x740/0x740 [ 639.775243] ? inode_permission+0xb4/0x570 [ 639.779477] lookup_slow+0x58/0x80 [ 639.783022] lookup_one_len_unlocked+0xf6/0x100 [ 639.787675] ? lookup_slow+0x80/0x80 [ 639.791390] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 639.796939] ovl_lookup_single+0x63/0x880 [ 639.801086] ovl_lookup_layer+0x40d/0x4c0 [ 639.805260] ? rcu_read_lock_sched_held+0x110/0x130 [ 639.810289] ? ovl_lookup_single+0x880/0x880 [ 639.814710] ? ovl_path_real+0x410/0x410 [ 639.818759] ? ovl_lookup+0x12da/0x29b0 [ 639.822721] ovl_lookup+0x140b/0x29b0 [ 639.826515] ? ovl_path_next+0x2e0/0x2e0 [ 639.830579] ? kasan_check_read+0x11/0x20 [ 639.834772] ? _raw_spin_unlock+0x2d/0x50 [ 639.838905] ? d_alloc+0x2a3/0x420 [ 639.842432] ? __d_alloc+0xbe0/0xbe0 [ 639.846129] ? lock_rename+0xdb/0x290 [ 639.849916] __lookup_hash+0x122/0x190 [ 639.853796] do_renameat2+0x749/0x1120 [ 639.857680] ? user_path_create+0x50/0x50 [ 639.861819] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 639.867361] ? fput+0x128/0x1a0 [ 639.870643] ? do_syscall_64+0x8c/0x800 [ 639.874623] ? lockdep_hardirqs_on+0x415/0x5d0 [ 639.879220] ? trace_hardirqs_on+0xbd/0x310 [ 639.883528] ? __ia32_sys_read+0xb0/0xb0 [ 639.887573] ? trace_hardirqs_off_caller+0x300/0x300 [ 639.892679] __x64_sys_renameat+0x9a/0x100 [ 639.896908] do_syscall_64+0x1a3/0x800 [ 639.900794] ? syscall_return_slowpath+0x5f0/0x5f0 [ 639.905742] ? prepare_exit_to_usermode+0x232/0x3b0 [ 639.910763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 639.915621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 639.920802] RIP: 0033:0x457ec9 [ 639.923992] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 639.942932] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 639.950630] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 639.957907] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 639.965157] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 639.972422] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 639.979707] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:42 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:42 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x300, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:42 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$VIDIOC_G_ENC_INDEX(r1, 0x8818564c, &(0x7f0000000140)) r2 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x100000001, 0x1) getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, &(0x7f0000000100), 0x4) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000040)) r4 = syz_open_pts(r3, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r3, &(0x7f00000000c0)=ANY=[], 0xffa8) 18:06:42 executing program 1 (fault-call:9 fault-nth:25): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:42 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x2000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:42 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:06:42 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x103) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x4400001, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r2, 0x40106614, &(0x7f00000000c0)={0x0, @speck128}) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) fcntl$setflags(r0, 0x2, 0x1) [ 642.158473] FAULT_INJECTION: forcing a failure. [ 642.158473] name failslab, interval 1, probability 0, space 0, times 0 [ 642.190936] CPU: 1 PID: 25505 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 642.197803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.207153] Call Trace: [ 642.207218] dump_stack+0x1db/0x2d0 [ 642.207245] ? dump_stack_print_info.cold+0x20/0x20 [ 642.207270] ? save_stack+0x45/0xd0 [ 642.222076] ? kasan_kmalloc+0xcf/0xe0 [ 642.225974] ? kmem_cache_alloc+0x12d/0x710 [ 642.230311] should_fail.cold+0xa/0x15 [ 642.234220] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 642.239343] ? ___might_sleep+0x1e7/0x310 [ 642.243501] ? arch_local_save_flags+0x50/0x50 [ 642.248093] ? add_lock_to_list.isra.0+0x450/0x450 [ 642.253036] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 18:06:42 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 642.258618] __should_failslab+0x121/0x190 [ 642.262879] should_failslab+0x9/0x14 [ 642.262894] __kmalloc+0x2dc/0x740 [ 642.262914] ? ovl_path_real+0x410/0x410 [ 642.262932] ? ovl_lookup+0x12da/0x29b0 [ 642.270285] ovl_lookup+0x12da/0x29b0 [ 642.270322] ? ovl_path_next+0x2e0/0x2e0 [ 642.270337] ? kasan_check_read+0x11/0x20 [ 642.270366] ? _raw_spin_unlock+0x2d/0x50 [ 642.294482] ? d_alloc+0x2a3/0x420 [ 642.298035] ? __d_alloc+0xbe0/0xbe0 [ 642.301753] ? lock_rename+0xdb/0x290 [ 642.305570] __lookup_hash+0x122/0x190 18:06:42 executing program 2: r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0xee, 0x80400) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x5) socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'hwsim0\x00', 0x2800}) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0xbee) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) [ 642.309473] do_renameat2+0x749/0x1120 [ 642.313390] ? user_path_create+0x50/0x50 [ 642.317558] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 642.323118] ? fput+0x128/0x1a0 [ 642.326460] ? do_syscall_64+0x8c/0x800 [ 642.330462] ? lockdep_hardirqs_on+0x415/0x5d0 [ 642.335088] ? trace_hardirqs_on+0xbd/0x310 [ 642.339417] ? __ia32_sys_read+0xb0/0xb0 [ 642.343492] ? trace_hardirqs_off_caller+0x300/0x300 [ 642.348619] __x64_sys_renameat+0x9a/0x100 [ 642.352863] do_syscall_64+0x1a3/0x800 [ 642.356769] ? syscall_return_slowpath+0x5f0/0x5f0 [ 642.361738] ? prepare_exit_to_usermode+0x232/0x3b0 [ 642.366796] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 642.371649] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.376836] RIP: 0033:0x457ec9 [ 642.380030] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.398934] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 18:06:42 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) getsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f00000000c0)={@remote}, &(0x7f0000000100)=0xc) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r3 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x1, 0x2) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x6020200}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x64, r4, 0x200, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x100}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bcsh0\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8001}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffff}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x4800}, 0x20048000) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 642.406647] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 642.413919] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 642.421240] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 642.428511] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 642.435794] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:45 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:45 executing program 1 (fault-call:9 fault-nth:26): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:45 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x8, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:45 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf0ffffff00000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:45 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 645.228370] FAULT_INJECTION: forcing a failure. [ 645.228370] name failslab, interval 1, probability 0, space 0, times 0 [ 645.246466] CPU: 1 PID: 25549 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 645.253340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 645.262698] Call Trace: [ 645.265295] dump_stack+0x1db/0x2d0 [ 645.268944] ? dump_stack_print_info.cold+0x20/0x20 [ 645.273983] ? ovl_copy_up+0x18/0x1c [ 645.277704] ? ovl_rename+0x29e/0x1ab0 [ 645.281594] ? vfs_rename+0x80a/0x1ab0 [ 645.285486] ? do_renameat2+0xdf2/0x1120 [ 645.289549] ? __x64_sys_renameat+0x9a/0x100 [ 645.293951] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 645.299306] should_fail.cold+0xa/0x15 [ 645.303233] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 645.308327] ? ___might_sleep+0x1e7/0x310 [ 645.312463] ? arch_local_save_flags+0x50/0x50 [ 645.317038] __should_failslab+0x121/0x190 [ 645.321284] should_failslab+0x9/0x14 [ 645.325069] __kmalloc_track_caller+0x2d8/0x740 [ 645.329720] ? ___might_sleep+0x1e7/0x310 [ 645.333859] ? simple_xattr_set+0xcd/0x7d0 [ 645.338148] kstrdup+0x3a/0x70 [ 645.341337] simple_xattr_set+0xcd/0x7d0 [ 645.345401] ? simple_xattr_get+0x180/0x180 [ 645.349720] ? inode_has_perm.isra.0+0x17e/0x210 [ 645.354472] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 645.360071] ? evm_protected_xattr+0x200/0x280 [ 645.364642] shmem_xattr_handler_set+0x42/0x50 [ 645.369206] ? shmem_file_llseek+0x270/0x270 [ 645.373630] __vfs_setxattr+0x121/0x190 [ 645.377603] ? xattr_resolve_name+0x3e0/0x3e0 [ 645.382098] ? evm_protect_xattr.isra.0+0x9e/0x3e0 [ 645.387029] __vfs_setxattr_noperm+0x11c/0x410 [ 645.391599] vfs_setxattr+0xda/0x100 [ 645.395305] ovl_check_setxattr+0xf1/0x130 [ 645.399530] ovl_set_impure+0xb0/0x110 [ 645.403418] ovl_copy_up_one+0x9ea/0x3060 [ 645.407560] ? mark_held_locks+0x100/0x100 [ 645.411784] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 645.416812] ? mark_held_locks+0x100/0x100 [ 645.421044] ? add_lock_to_list.isra.0+0x450/0x450 [ 645.425960] ? print_usage_bug+0xd0/0xd0 [ 645.430006] ? add_lock_to_list.isra.0+0x450/0x450 [ 645.434918] ? __lock_acquire+0x572/0x4a30 [ 645.439218] ? lockref_get_not_zero+0x70/0x90 [ 645.443719] ? find_held_lock+0x35/0x120 [ 645.447773] ? dget_parent+0x1a5/0x680 [ 645.451646] ? find_held_lock+0x35/0x120 [ 645.455704] ? dget_parent+0x1a5/0x680 [ 645.459592] ? ovl_path_real+0x410/0x410 [ 645.463642] ovl_copy_up_flags+0x15a/0x1e0 [ 645.467871] ovl_copy_up+0x18/0x1c [ 645.471398] ovl_rename+0x29e/0x1ab0 [ 645.475101] ? lock_acquire+0x1db/0x570 [ 645.479064] ? ovl_clear_empty+0x6f0/0x6f0 [ 645.483306] vfs_rename+0x80a/0x1ab0 [ 645.487011] ? lookup_one_len+0x230/0x230 [ 645.491140] ? lock_rename+0xdb/0x290 [ 645.494930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 645.500454] ? security_path_rename+0x185/0x310 [ 645.505111] do_renameat2+0xdf2/0x1120 [ 645.508989] ? user_path_create+0x50/0x50 [ 645.513128] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 645.518681] ? fput+0x128/0x1a0 [ 645.521966] ? do_syscall_64+0x8c/0x800 [ 645.525922] ? lockdep_hardirqs_on+0x415/0x5d0 [ 645.530488] ? trace_hardirqs_on+0xbd/0x310 [ 645.534791] ? __ia32_sys_read+0xb0/0xb0 [ 645.538867] ? trace_hardirqs_off_caller+0x300/0x300 [ 645.543988] __x64_sys_renameat+0x9a/0x100 [ 645.548223] do_syscall_64+0x1a3/0x800 [ 645.552095] ? syscall_return_slowpath+0x5f0/0x5f0 [ 645.557010] ? prepare_exit_to_usermode+0x232/0x3b0 [ 645.562011] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 645.566855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 645.572035] RIP: 0033:0x457ec9 [ 645.575218] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 645.594101] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 645.601790] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 645.609057] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 645.616310] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 18:06:45 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x800000000000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 645.623563] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 645.630813] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:45 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:45 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f00000002c0)={'broute\x00', 0x0, 0x4, 0xd0, [], 0x2, &(0x7f0000000100)=[{}, {}], &(0x7f00000001c0)=""/208}, &(0x7f0000000340)=0x78) syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x4, 0x800) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000140)=""/32, &(0x7f0000000180)=0x20) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x9effffff00000000, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:48 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:48 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:48 executing program 1 (fault-call:9 fault-nth:27): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xab07, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:48 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x7fffffff) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0x47a) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='pids.current\x00', 0x0, 0x0) ioctl$SG_NEXT_CMD_LEN(r3, 0x2283, &(0x7f0000000100)=0xed) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0xf, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:48 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x1, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 648.213498] FAULT_INJECTION: forcing a failure. [ 648.213498] name failslab, interval 1, probability 0, space 0, times 0 [ 648.245385] CPU: 1 PID: 25584 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 648.252256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 648.261623] Call Trace: [ 648.264241] dump_stack+0x1db/0x2d0 [ 648.267886] ? dump_stack_print_info.cold+0x20/0x20 [ 648.272921] ? find_held_lock+0x35/0x120 [ 648.277001] ? avc_has_perm+0x460/0x7e0 [ 648.281004] should_fail.cold+0xa/0x15 [ 648.284901] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 648.290011] ? ___might_sleep+0x1e7/0x310 [ 648.294159] ? arch_local_save_flags+0x50/0x50 [ 648.298750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 648.298791] __should_failslab+0x121/0x190 [ 648.308540] should_failslab+0x9/0x14 18:06:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 648.312348] __kmalloc+0x2dc/0x740 [ 648.315900] ? ___might_sleep+0x1e7/0x310 [ 648.320062] ? arch_local_save_flags+0x50/0x50 [ 648.324648] ? simple_xattr_alloc+0x3e/0xb0 [ 648.328995] simple_xattr_alloc+0x3e/0xb0 [ 648.333150] simple_xattr_set+0xa8/0x7d0 [ 648.337228] ? simple_xattr_get+0x180/0x180 [ 648.341563] ? inode_has_perm.isra.0+0x17e/0x210 [ 648.346329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 648.351889] ? evm_protected_xattr+0x200/0x280 [ 648.356519] shmem_xattr_handler_set+0x42/0x50 18:06:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 648.361108] ? shmem_file_llseek+0x270/0x270 [ 648.365542] __vfs_setxattr+0x121/0x190 [ 648.369535] ? xattr_resolve_name+0x3e0/0x3e0 [ 648.374039] ? evm_protect_xattr.isra.0+0x9e/0x3e0 [ 648.379000] __vfs_setxattr_noperm+0x11c/0x410 [ 648.383601] vfs_setxattr+0xda/0x100 [ 648.387346] ovl_check_setxattr+0xf1/0x130 [ 648.391605] ovl_set_impure+0xb0/0x110 [ 648.395524] ovl_copy_up_one+0x9ea/0x3060 [ 648.399669] ? mark_held_locks+0x100/0x100 [ 648.403920] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 648.408967] ? mark_held_locks+0x100/0x100 [ 648.413216] ? add_lock_to_list.isra.0+0x450/0x450 [ 648.418159] ? print_usage_bug+0xd0/0xd0 [ 648.422264] ? add_lock_to_list.isra.0+0x450/0x450 [ 648.427215] ? __lock_acquire+0x572/0x4a30 [ 648.431468] ? lockref_get_not_zero+0x70/0x90 [ 648.435970] ? find_held_lock+0x35/0x120 [ 648.440051] ? dget_parent+0x1a5/0x680 [ 648.443944] ? find_held_lock+0x35/0x120 [ 648.448016] ? dget_parent+0x1a5/0x680 [ 648.451925] ? ovl_path_real+0x410/0x410 [ 648.455981] ovl_copy_up_flags+0x15a/0x1e0 [ 648.460222] ovl_copy_up+0x18/0x1c [ 648.463760] ovl_rename+0x29e/0x1ab0 [ 648.467481] ? lock_acquire+0x1db/0x570 [ 648.471446] ? ovl_clear_empty+0x6f0/0x6f0 [ 648.475707] vfs_rename+0x80a/0x1ab0 [ 648.479437] ? lookup_one_len+0x230/0x230 [ 648.483575] ? lock_rename+0xdb/0x290 [ 648.487402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 648.492954] ? security_path_rename+0x185/0x310 [ 648.497628] do_renameat2+0xdf2/0x1120 [ 648.501560] ? user_path_create+0x50/0x50 [ 648.505729] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 648.511272] ? fput+0x128/0x1a0 [ 648.514573] ? do_syscall_64+0x8c/0x800 [ 648.518551] ? lockdep_hardirqs_on+0x415/0x5d0 [ 648.523141] ? trace_hardirqs_on+0xbd/0x310 [ 648.527492] ? __ia32_sys_read+0xb0/0xb0 [ 648.531562] ? trace_hardirqs_off_caller+0x300/0x300 [ 648.536692] __x64_sys_renameat+0x9a/0x100 [ 648.540941] do_syscall_64+0x1a3/0x800 [ 648.544829] ? syscall_return_slowpath+0x5f0/0x5f0 [ 648.549752] ? prepare_exit_to_usermode+0x232/0x3b0 [ 648.554767] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 648.559628] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 648.564800] RIP: 0033:0x457ec9 [ 648.567991] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 648.586875] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 648.594564] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 648.601814] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 648.609068] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 648.616320] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 648.623571] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:48 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:48 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0xfffffffffffffffd) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:51 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:51 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:51 executing program 1 (fault-call:9 fault-nth:28): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:51 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:51 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x400800, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)=0x1) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}) [ 651.258101] FAULT_INJECTION: forcing a failure. [ 651.258101] name failslab, interval 1, probability 0, space 0, times 0 [ 651.297815] CPU: 0 PID: 25631 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 651.304677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 651.314031] Call Trace: [ 651.316633] dump_stack+0x1db/0x2d0 [ 651.320314] ? dump_stack_print_info.cold+0x20/0x20 [ 651.325350] ? find_held_lock+0x35/0x120 [ 651.329427] ? avc_has_perm+0x460/0x7e0 [ 651.333424] should_fail.cold+0xa/0x15 [ 651.337325] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 651.337350] ? ___might_sleep+0x1e7/0x310 [ 651.337367] ? arch_local_save_flags+0x50/0x50 [ 651.337387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 651.351235] __should_failslab+0x121/0x190 [ 651.351255] should_failslab+0x9/0x14 [ 651.351273] __kmalloc+0x2dc/0x740 [ 651.368466] ? ___might_sleep+0x1e7/0x310 [ 651.368484] ? arch_local_save_flags+0x50/0x50 [ 651.368498] ? simple_xattr_alloc+0x3e/0xb0 [ 651.368516] simple_xattr_alloc+0x3e/0xb0 [ 651.381535] simple_xattr_set+0xa8/0x7d0 [ 651.381555] ? simple_xattr_get+0x180/0x180 [ 651.381573] ? inode_has_perm.isra.0+0x17e/0x210 [ 651.381595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 18:06:51 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:51 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:51 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) flock(r0, 0x6) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x400800, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x10000, 0x6, 0x200000000000, 0x40, 0x7fff}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r4, 0x0, 0x101, 0x10001, 0x6}, &(0x7f00000001c0)=0x14) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 651.381612] ? evm_protected_xattr+0x200/0x280 [ 651.381634] shmem_xattr_handler_set+0x42/0x50 [ 651.394130] ? shmem_file_llseek+0x270/0x270 [ 651.394147] __vfs_setxattr+0x121/0x190 [ 651.394177] ? xattr_resolve_name+0x3e0/0x3e0 [ 651.404455] ? evm_protect_xattr.isra.0+0x9e/0x3e0 [ 651.404484] __vfs_setxattr_noperm+0x11c/0x410 [ 651.404508] vfs_setxattr+0xda/0x100 [ 651.439688] ovl_check_setxattr+0xf1/0x130 [ 651.443954] ovl_set_impure+0xb0/0x110 [ 651.447857] ovl_copy_up_one+0x9ea/0x3060 [ 651.452010] ? mark_held_locks+0x100/0x100 [ 651.456270] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 651.461299] ? mark_held_locks+0x100/0x100 [ 651.465549] ? add_lock_to_list.isra.0+0x450/0x450 [ 651.470487] ? print_usage_bug+0xd0/0xd0 [ 651.474561] ? add_lock_to_list.isra.0+0x450/0x450 [ 651.479501] ? __lock_acquire+0x572/0x4a30 [ 651.483759] ? lockref_get_not_zero+0x70/0x90 [ 651.488265] ? find_held_lock+0x35/0x120 [ 651.492347] ? dget_parent+0x1a5/0x680 [ 651.496242] ? find_held_lock+0x35/0x120 [ 651.500315] ? dget_parent+0x1a5/0x680 [ 651.504273] ? ovl_path_real+0x410/0x410 18:06:51 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) connect$caif(r0, &(0x7f0000000100)=@rfm={0x25, 0x80000001, "5da5974b1327b3f09c0724f075cfa619"}, 0x18) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) [ 651.508363] ovl_copy_up_flags+0x15a/0x1e0 [ 651.512606] ovl_copy_up+0x18/0x1c [ 651.516149] ovl_rename+0x29e/0x1ab0 [ 651.519884] ? lock_acquire+0x1db/0x570 [ 651.523895] ? ovl_clear_empty+0x6f0/0x6f0 [ 651.528149] vfs_rename+0x80a/0x1ab0 [ 651.531918] ? lookup_one_len+0x230/0x230 [ 651.536078] ? lock_rename+0xdb/0x290 [ 651.539911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 651.545475] ? security_path_rename+0x185/0x310 [ 651.550159] do_renameat2+0xdf2/0x1120 [ 651.554098] ? user_path_create+0x50/0x50 [ 651.558263] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 651.563810] ? fput+0x128/0x1a0 [ 651.567122] ? do_syscall_64+0x8c/0x800 [ 651.571113] ? lockdep_hardirqs_on+0x415/0x5d0 [ 651.575713] ? trace_hardirqs_on+0xbd/0x310 [ 651.580040] ? __ia32_sys_read+0xb0/0xb0 [ 651.584115] ? trace_hardirqs_off_caller+0x300/0x300 [ 651.589236] __x64_sys_renameat+0x9a/0x100 [ 651.593487] do_syscall_64+0x1a3/0x800 [ 651.597388] ? syscall_return_slowpath+0x5f0/0x5f0 [ 651.602330] ? prepare_exit_to_usermode+0x232/0x3b0 18:06:51 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) syz_init_net_socket$bt_l2cap(0x1f, 0x7, 0x0) [ 651.607361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 651.612250] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 651.617448] RIP: 0033:0x457ec9 [ 651.620657] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 651.639563] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 651.647279] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 18:06:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 651.654556] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 651.661833] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 651.669133] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 651.676406] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:54 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:06:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:54 executing program 1 (fault-call:9 fault-nth:29): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:54 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) r3 = syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x68040) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000000100)={0x7, 0x1, 0x8}) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:06:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 654.379798] FAULT_INJECTION: forcing a failure. [ 654.379798] name failslab, interval 1, probability 0, space 0, times 0 [ 654.405361] CPU: 1 PID: 25674 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 654.412217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.421567] Call Trace: [ 654.424203] dump_stack+0x1db/0x2d0 [ 654.427845] ? dump_stack_print_info.cold+0x20/0x20 [ 654.432863] ? do_raw_spin_trylock+0x270/0x270 [ 654.437459] should_fail.cold+0xa/0x15 [ 654.441361] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 654.446470] ? ___might_sleep+0x1e7/0x310 [ 654.450623] ? arch_local_save_flags+0x50/0x50 [ 654.455218] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 654.460819] ? selinux_is_enabled+0x43/0x60 [ 654.465152] ? creds_are_invalid+0x59/0x150 [ 654.469498] __should_failslab+0x121/0x190 [ 654.473764] should_failslab+0x9/0x14 18:06:54 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:54 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x88, 0x105040) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x200000000000004, 0x6c9b}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000240)={r3, 0x3c, &(0x7f0000000200)=[@in6={0xa, 0x4e20, 0x9, @mcast2, 0x6}, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x4e22, @remote}]}, &(0x7f0000000280)=0x10) r4 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3) unshare(0x8050800) openat$sequencer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer\x00', 0x200801, 0x0) r5 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x101000, 0x0) bind$rxrpc(r5, &(0x7f0000000100)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e21, @local}}, 0x24) openat$nullb(0xffffffffffffff9c, &(0x7f0000000340)='/dev/nullb0\x00', 0x404802, 0x0) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f00000001c0)={'bridge_slave_1\x00', 0x2000}) ioctl$TCSETSF(r4, 0x5412, &(0x7f0000000000)) 18:06:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:06:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 654.473778] kmem_cache_alloc+0x2be/0x710 [ 654.473792] ? lock_release+0xc40/0xc40 [ 654.473807] ? up_write+0x7b/0x230 [ 654.473823] prepare_creds+0xa4/0x4e0 [ 654.493053] ? abort_creds+0x290/0x290 [ 654.496955] ? down_write_nested+0x8e/0x130 [ 654.501314] ? lock_rename+0x1ef/0x290 [ 654.505203] ? _down_write_nest_lock+0x130/0x130 [ 654.509979] selinux_inode_copy_up+0x130/0x180 [ 654.514571] security_inode_copy_up+0x71/0xb0 [ 654.519080] ovl_copy_up_one+0xda3/0x3060 [ 654.523239] ? mark_held_locks+0x100/0x100 [ 654.527495] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 654.532522] ? mark_held_locks+0x100/0x100 [ 654.536761] ? add_lock_to_list.isra.0+0x450/0x450 [ 654.541699] ? print_usage_bug+0xd0/0xd0 [ 654.541713] ? add_lock_to_list.isra.0+0x450/0x450 [ 654.541727] ? __lock_acquire+0x572/0x4a30 [ 654.541744] ? lockref_get_not_zero+0x70/0x90 [ 654.541763] ? dget_parent+0x1a5/0x680 [ 654.541775] ? find_held_lock+0x35/0x120 [ 654.541792] ? dget_parent+0x1a5/0x680 [ 654.550792] ? ovl_path_real+0x410/0x410 [ 654.550816] ovl_copy_up_flags+0x15a/0x1e0 18:06:54 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) write$cgroup_int(r3, &(0x7f0000000100)=0x6, 0x12) [ 654.550834] ovl_copy_up+0x18/0x1c [ 654.550849] ovl_rename+0x29e/0x1ab0 [ 654.586995] ? lock_acquire+0x1db/0x570 [ 654.590986] ? ovl_clear_empty+0x6f0/0x6f0 [ 654.595263] vfs_rename+0x80a/0x1ab0 [ 654.598995] ? lookup_one_len+0x230/0x230 [ 654.603160] ? lock_rename+0xdb/0x290 [ 654.607035] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 654.612576] ? security_path_rename+0x185/0x310 [ 654.617267] do_renameat2+0xdf2/0x1120 [ 654.617301] ? user_path_create+0x50/0x50 [ 654.617323] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 654.617337] ? fput+0x128/0x1a0 [ 654.617356] ? do_syscall_64+0x8c/0x800 [ 654.625388] ? lockdep_hardirqs_on+0x415/0x5d0 [ 654.625404] ? trace_hardirqs_on+0xbd/0x310 [ 654.625417] ? __ia32_sys_read+0xb0/0xb0 [ 654.625434] ? trace_hardirqs_off_caller+0x300/0x300 [ 654.625457] __x64_sys_renameat+0x9a/0x100 [ 654.625479] do_syscall_64+0x1a3/0x800 [ 654.664343] ? syscall_return_slowpath+0x5f0/0x5f0 [ 654.669279] ? prepare_exit_to_usermode+0x232/0x3b0 [ 654.674300] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 654.679153] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.684361] RIP: 0033:0x457ec9 [ 654.687552] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 654.706453] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 654.714160] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 654.721453] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 18:06:54 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0xd36b) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSW(r1, 0x5403, &(0x7f00000000c0)={0x3, 0x2000, 0x6, 0x9c, 0x6, 0x8, 0x7, 0x100, 0xfff, 0x3, 0xffffffffffff0001, 0x27ff}) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 654.728719] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 654.735988] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 654.743313] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:57 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:06:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:06:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:57 executing program 1 (fault-call:9 fault-nth:30): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:57 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400207) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x3, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x0, 0x2) ioctl$VIDIOC_LOG_STATUS(r3, 0x5646, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 657.394355] FAULT_INJECTION: forcing a failure. [ 657.394355] name failslab, interval 1, probability 0, space 0, times 0 [ 657.407057] vivid-004: ================= START STATUS ================= [ 657.430465] CPU: 1 PID: 25710 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 657.437317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 657.437702] vivid-004: Radio HW Seek Mode: Bounded [ 657.446692] Call Trace: [ 657.446719] dump_stack+0x1db/0x2d0 [ 657.446744] ? dump_stack_print_info.cold+0x20/0x20 [ 657.446793] ? save_stack+0xa9/0xd0 [ 657.446812] ? kasan_kmalloc+0xcf/0xe0 [ 657.446836] should_fail.cold+0xa/0x15 [ 657.446858] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 657.446885] ? ___might_sleep+0x1e7/0x310 [ 657.446909] ? arch_local_save_flags+0x50/0x50 [ 657.474514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.488449] vivid-004: Radio Programmable HW Seek: false [ 657.493827] __should_failslab+0x121/0x190 [ 657.493847] should_failslab+0x9/0x14 [ 657.493862] __kmalloc_track_caller+0x2d8/0x740 [ 657.493881] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.493899] ? refcount_inc_not_zero_checked+0x1d9/0x2e0 [ 657.493916] ? selinux_cred_prepare+0x49/0xb0 [ 657.493934] kmemdup+0x27/0x60 [ 657.507379] selinux_cred_prepare+0x49/0xb0 [ 657.507400] security_prepare_creds+0x7d/0xc0 [ 657.507421] prepare_creds+0x3c4/0x4e0 [ 657.507441] ? abort_creds+0x290/0x290 [ 657.512621] vivid-004: RDS Rx I/O Mode: Block I/O [ 657.517630] ? down_write_nested+0x8e/0x130 [ 657.517649] ? _down_write_nest_lock+0x130/0x130 [ 657.517672] selinux_inode_copy_up+0x130/0x180 [ 657.517695] security_inode_copy_up+0x71/0xb0 [ 657.556916] vivid-004: Generate RBDS Instead of RDS: false [ 657.561288] ovl_copy_up_one+0xda3/0x3060 [ 657.561304] ? mark_held_locks+0x100/0x100 [ 657.561335] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 657.561354] ? mark_held_locks+0x100/0x100 [ 657.561370] ? add_lock_to_list.isra.0+0x450/0x450 [ 657.561384] ? trace_hardirqs_on_caller+0x310/0x310 [ 657.561397] ? print_usage_bug+0xd0/0xd0 [ 657.561428] ? add_lock_to_list.isra.0+0x450/0x450 [ 657.561443] ? __lock_acquire+0x572/0x4a30 [ 657.561461] ? lockref_get_not_zero+0x70/0x90 [ 657.561481] ? dget_parent+0x1a5/0x680 [ 657.573947] vivid-004: RDS Reception: true [ 657.576148] ? find_held_lock+0x35/0x120 [ 657.576175] ? dget_parent+0x1a5/0x680 [ 657.576248] ? ovl_path_real+0x410/0x410 [ 657.576272] ovl_copy_up_flags+0x15a/0x1e0 [ 657.599276] vivid-004: RDS Program Type: 0 inactive [ 657.603829] ovl_copy_up+0x18/0x1c [ 657.603859] ovl_rename+0x29e/0x1ab0 [ 657.603874] ? lock_acquire+0x1db/0x570 [ 657.603901] ? ovl_clear_empty+0x6f0/0x6f0 [ 657.603946] vfs_rename+0x80a/0x1ab0 [ 657.603975] ? lookup_one_len+0x230/0x230 [ 657.637368] vivid-004: RDS PS Name: inactive [ 657.637712] ? lock_rename+0xdb/0x290 [ 657.645989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.646004] ? security_path_rename+0x185/0x310 [ 657.646040] do_renameat2+0xdf2/0x1120 [ 657.646085] ? user_path_create+0x50/0x50 [ 657.658328] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 657.671789] vivid-004: RDS Radio Text: inactive [ 657.674349] ? fput+0x128/0x1a0 [ 657.674368] ? do_syscall_64+0x8c/0x800 [ 657.674397] ? lockdep_hardirqs_on+0x415/0x5d0 [ 657.674412] ? trace_hardirqs_on+0xbd/0x310 [ 657.674429] ? __ia32_sys_read+0xb0/0xb0 [ 657.696125] vivid-004: RDS Traffic Announcement: false inactive [ 657.696786] ? trace_hardirqs_off_caller+0x300/0x300 18:06:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:06:57 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 657.724355] vivid-004: RDS Traffic Program: false inactive [ 657.727310] __x64_sys_renameat+0x9a/0x100 [ 657.727330] do_syscall_64+0x1a3/0x800 [ 657.727349] ? syscall_return_slowpath+0x5f0/0x5f0 [ 657.727383] ? prepare_exit_to_usermode+0x232/0x3b0 [ 657.727403] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 657.754236] vivid-004: RDS Music: false inactive [ 657.756328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 657.756340] RIP: 0033:0x457ec9 18:06:57 executing program 1 (fault-call:9 fault-nth:31): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:06:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 657.756356] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 657.756364] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 657.756378] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 657.756386] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 657.756395] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 657.756406] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 18:06:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:06:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 657.764712] vivid-004: ================== END STATUS ================== [ 657.766325] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:06:58 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 657.926903] vivid-004: ================= START STATUS ================= [ 657.949655] vivid-004: Radio HW Seek Mode: Bounded [ 657.969314] vivid-004: Radio Programmable HW Seek: false [ 657.976372] FAULT_INJECTION: forcing a failure. [ 657.976372] name failslab, interval 1, probability 0, space 0, times 0 [ 657.997131] vivid-004: RDS Rx I/O Mode: Block I/O [ 658.002498] vivid-004: Generate RBDS Instead of RDS: false [ 658.008290] CPU: 0 PID: 25743 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 658.015134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.024495] Call Trace: [ 658.027135] dump_stack+0x1db/0x2d0 [ 658.030422] vivid-004: RDS Reception: true [ 658.030807] ? dump_stack_print_info.cold+0x20/0x20 [ 658.030836] should_fail.cold+0xa/0x15 [ 658.030858] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 658.030885] ? ___might_sleep+0x1e7/0x310 [ 658.035254] vivid-004: RDS Program Type: 0 inactive [ 658.040106] ? arch_local_save_flags+0x50/0x50 [ 658.040137] __should_failslab+0x121/0x190 [ 658.040155] should_failslab+0x9/0x14 [ 658.040185] kmem_cache_alloc+0x2be/0x710 [ 658.051382] vivid-004: RDS PS Name: inactive [ 658.053806] __d_alloc+0xae/0xbe0 [ 658.053827] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 658.053842] ? find_held_lock+0x35/0x120 [ 658.053866] ? mark_held_locks+0x100/0x100 [ 658.058997] vivid-004: RDS Radio Text: inactive [ 658.063445] ? add_lock_to_list.isra.0+0x450/0x450 [ 658.063460] ? lock_downgrade+0x910/0x910 [ 658.063482] d_alloc+0x99/0x420 [ 658.063498] ? avc_has_perm_noaudit+0x418/0x630 [ 658.063514] ? __d_alloc+0xbe0/0xbe0 [ 658.063532] ? add_lock_to_list.isra.0+0x450/0x450 [ 658.063553] d_alloc_parallel+0x11b/0x1f10 [ 658.063567] ? lock_downgrade+0x910/0x910 [ 658.068989] vivid-004: RDS Traffic Announcement: false inactive [ 658.071575] ? kasan_check_read+0x11/0x20 [ 658.071594] ? __d_lookup+0x560/0x960 [ 658.071622] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.071641] ? __d_lookup_rcu+0x990/0x990 [ 658.071655] ? lock_downgrade+0x910/0x910 [ 658.071667] ? kasan_check_read+0x11/0x20 [ 658.071685] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 658.076280] vivid-004: RDS Traffic Program: false inactive [ 658.080311] ? rcu_read_unlock_special+0x380/0x380 [ 658.080327] ? lockdep_init_map+0x10c/0x5b0 [ 658.080342] ? lockdep_init_map+0x10c/0x5b0 [ 658.080360] ? __init_waitqueue_head+0x92/0x150 [ 658.080373] ? init_wait_entry+0x1c0/0x1c0 [ 658.080387] ? d_lookup+0x163/0x360 [ 658.080423] __lookup_slow+0x1fa/0x560 [ 658.084281] vivid-004: RDS Music: false inactive [ 658.088862] ? trace_hardirqs_off_caller+0x300/0x300 [ 658.088878] ? vfs_unlink+0x500/0x500 [ 658.088899] ? d_lookup+0x23c/0x360 [ 658.088930] lookup_one_len+0x1de/0x230 [ 658.093399] vivid-004: ================== END STATUS ================== [ 658.097202] ? vsprintf+0x40/0x40 [ 658.097221] ? lookup_one_len_unlocked+0x100/0x100 [ 658.097238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.097255] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.097273] ? prepare_creds+0x3fc/0x4e0 [ 658.131874] ovl_lookup_temp+0x114/0x1a0 [ 658.131889] ? ovl_read_iter+0x410/0x410 [ 658.131905] ? kasan_check_write+0x14/0x20 [ 658.131920] ? override_creds+0x190/0x1f0 [ 658.131936] ? __validate_process_creds+0x520/0x520 [ 658.131951] ? selinux_inode_copy_up+0x11a/0x180 [ 658.131969] ovl_create_temp+0x1e/0x60 [ 658.131985] ovl_copy_up_one+0xe4e/0x3060 [ 658.131998] ? mark_held_locks+0x100/0x100 [ 658.132026] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 658.132045] ? mark_held_locks+0x100/0x100 [ 658.132059] ? add_lock_to_list.isra.0+0x450/0x450 [ 658.132073] ? print_usage_bug+0xd0/0xd0 [ 658.132088] ? add_lock_to_list.isra.0+0x450/0x450 [ 658.132103] ? __lock_acquire+0x572/0x4a30 [ 658.142306] ? lockref_get_not_zero+0x70/0x90 [ 658.142325] ? dget_parent+0x1a5/0x680 [ 658.142339] ? find_held_lock+0x35/0x120 [ 658.142354] ? dget_parent+0x1a5/0x680 [ 658.142404] ? ovl_path_real+0x410/0x410 [ 658.142440] ovl_copy_up_flags+0x15a/0x1e0 [ 658.350717] ovl_copy_up+0x18/0x1c [ 658.354239] ovl_rename+0x29e/0x1ab0 [ 658.357944] ? lock_acquire+0x1db/0x570 [ 658.361930] ? ovl_clear_empty+0x6f0/0x6f0 [ 658.366199] vfs_rename+0x80a/0x1ab0 [ 658.369906] ? lookup_one_len+0x230/0x230 [ 658.374034] ? lock_rename+0xdb/0x290 [ 658.377838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 658.383369] ? security_path_rename+0x185/0x310 [ 658.388033] do_renameat2+0xdf2/0x1120 [ 658.391922] ? user_path_create+0x50/0x50 [ 658.396067] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 658.401609] ? fput+0x128/0x1a0 [ 658.404886] ? do_syscall_64+0x8c/0x800 [ 658.408845] ? lockdep_hardirqs_on+0x415/0x5d0 [ 658.413409] ? trace_hardirqs_on+0xbd/0x310 [ 658.417716] ? __ia32_sys_read+0xb0/0xb0 [ 658.421765] ? trace_hardirqs_off_caller+0x300/0x300 [ 658.426873] __x64_sys_renameat+0x9a/0x100 [ 658.431114] do_syscall_64+0x1a3/0x800 [ 658.434989] ? syscall_return_slowpath+0x5f0/0x5f0 [ 658.439916] ? prepare_exit_to_usermode+0x232/0x3b0 [ 658.444938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 658.449792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.454969] RIP: 0033:0x457ec9 [ 658.458144] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 658.477032] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 658.484719] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 658.491967] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 658.499214] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 658.506475] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 658.513737] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x200000, 0x0) 18:07:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:00 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:00 executing program 1 (fault-call:9 fault-nth:32): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 660.484243] FAULT_INJECTION: forcing a failure. [ 660.484243] name failslab, interval 1, probability 0, space 0, times 0 [ 660.512686] CPU: 0 PID: 25757 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 660.519543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.528896] Call Trace: 18:07:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 660.531497] dump_stack+0x1db/0x2d0 [ 660.535148] ? dump_stack_print_info.cold+0x20/0x20 [ 660.540202] ? mark_held_locks+0x100/0x100 [ 660.544463] should_fail.cold+0xa/0x15 [ 660.548374] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 660.553499] ? ___might_sleep+0x1e7/0x310 [ 660.557658] ? arch_local_save_flags+0x50/0x50 [ 660.562263] ? avc_has_perm+0x460/0x7e0 [ 660.566253] __should_failslab+0x121/0x190 [ 660.570501] should_failslab+0x9/0x14 [ 660.574303] kmem_cache_alloc+0x2be/0x710 [ 660.578458] ? lock_acquire+0x1db/0x570 [ 660.582463] ? shmem_destroy_callback+0xc0/0xc0 [ 660.587133] shmem_alloc_inode+0x1c/0x50 [ 660.587150] alloc_inode+0x66/0x190 [ 660.587180] new_inode_pseudo+0x71/0x1b0 [ 660.587196] ? prune_icache_sb+0x1c0/0x1c0 [ 660.587233] new_inode+0x1f/0x40 [ 660.594912] shmem_get_inode+0xe1/0x8d0 [ 660.594926] ? map_id_up+0x19c/0x3e0 [ 660.594945] ? shmem_encode_fh+0x340/0x340 [ 660.594958] ? __might_sleep+0x95/0x190 [ 660.594979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.627964] ? selinux_determine_inode_label+0x1a7/0x350 [ 660.633422] ? may_create+0x25b/0x560 [ 660.637256] shmem_symlink+0xfd/0x920 [ 660.641088] ? selinux_capable+0x40/0x40 [ 660.645180] ? shmem_file_read_iter+0xfe0/0xfe0 [ 660.649913] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 660.655033] ? selinux_inode_symlink+0x23/0x30 [ 660.659620] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.665184] vfs_symlink+0x378/0x5d0 [ 660.668908] ovl_create_real+0x1b5/0x420 [ 660.672972] ovl_create_temp+0x48/0x60 [ 660.676864] ovl_copy_up_one+0xe4e/0x3060 [ 660.681040] ? mark_held_locks+0x100/0x100 18:07:00 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 660.685323] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 660.690358] ? mark_held_locks+0x100/0x100 [ 660.694593] ? add_lock_to_list.isra.0+0x450/0x450 [ 660.699553] ? print_usage_bug+0xd0/0xd0 [ 660.703617] ? add_lock_to_list.isra.0+0x450/0x450 [ 660.708580] ? __lock_acquire+0x572/0x4a30 [ 660.712820] ? lockref_get_not_zero+0x70/0x90 [ 660.717325] ? dget_parent+0x1a5/0x680 [ 660.721221] ? find_held_lock+0x35/0x120 [ 660.725292] ? dget_parent+0x1a5/0x680 [ 660.729242] ? ovl_path_real+0x410/0x410 18:07:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x18000, 0x0) getsockopt$inet_tcp_int(r3, 0x6, 0x19, &(0x7f0000000100), &(0x7f0000000140)=0x4) [ 660.733315] ovl_copy_up_flags+0x15a/0x1e0 [ 660.737554] ovl_copy_up+0x18/0x1c [ 660.741108] ovl_rename+0x29e/0x1ab0 [ 660.744827] ? lock_acquire+0x1db/0x570 [ 660.748816] ? ovl_clear_empty+0x6f0/0x6f0 [ 660.753072] vfs_rename+0x80a/0x1ab0 [ 660.756802] ? lookup_one_len+0x230/0x230 [ 660.760949] ? lock_rename+0xdb/0x290 [ 660.764762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.770296] ? security_path_rename+0x185/0x310 [ 660.774987] do_renameat2+0xdf2/0x1120 [ 660.778895] ? user_path_create+0x50/0x50 [ 660.783060] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 660.788599] ? fput+0x128/0x1a0 [ 660.791886] ? do_syscall_64+0x8c/0x800 [ 660.795865] ? lockdep_hardirqs_on+0x415/0x5d0 [ 660.800471] ? trace_hardirqs_on+0xbd/0x310 [ 660.804795] ? __ia32_sys_read+0xb0/0xb0 [ 660.808864] ? trace_hardirqs_off_caller+0x300/0x300 [ 660.813986] __x64_sys_renameat+0x9a/0x100 [ 660.818239] do_syscall_64+0x1a3/0x800 [ 660.822132] ? syscall_return_slowpath+0x5f0/0x5f0 [ 660.827087] ? prepare_exit_to_usermode+0x232/0x3b0 18:07:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x0) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 660.832117] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 660.836995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.842201] RIP: 0033:0x457ec9 [ 660.845397] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 660.864298] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 660.872032] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 660.879317] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 660.879340] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 660.879348] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 660.879357] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:01 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:01 executing program 1 (fault-call:9 fault-nth:33): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:01 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 661.168109] FAULT_INJECTION: forcing a failure. [ 661.168109] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 661.179955] CPU: 1 PID: 25806 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 661.186788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.196141] Call Trace: [ 661.198745] dump_stack+0x1db/0x2d0 [ 661.202389] ? dump_stack_print_info.cold+0x20/0x20 [ 661.207413] ? lock_downgrade+0x910/0x910 [ 661.211572] ? kasan_check_read+0x11/0x20 [ 661.211594] should_fail.cold+0xa/0x15 [ 661.211611] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 661.211628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.211651] ? rcu_read_unlock+0x16/0x60 [ 661.211665] ? find_held_lock+0x35/0x120 [ 661.211688] ? rcu_read_unlock+0x16/0x60 [ 661.211713] should_fail_alloc_page+0x50/0x60 [ 661.211727] __alloc_pages_nodemask+0x323/0xdc0 [ 661.211738] ? lock_downgrade+0x910/0x910 [ 661.211754] ? kasan_check_read+0x11/0x20 [ 661.259917] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 661.265208] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 661.270277] ? ___might_sleep+0x1e7/0x310 [ 661.274433] ? trace_hardirqs_off+0xb8/0x310 [ 661.278840] cache_grow_begin+0x9c/0x8c0 [ 661.282893] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 661.288429] ? check_preemption_disabled+0x48/0x290 [ 661.293437] kmem_cache_alloc+0x645/0x710 [ 661.297565] ? lock_acquire+0x1db/0x570 [ 661.301538] ? shmem_destroy_callback+0xc0/0xc0 [ 661.306208] shmem_alloc_inode+0x1c/0x50 [ 661.310261] alloc_inode+0x66/0x190 [ 661.313894] new_inode_pseudo+0x71/0x1b0 [ 661.317968] ? prune_icache_sb+0x1c0/0x1c0 [ 661.322231] new_inode+0x1f/0x40 [ 661.325610] shmem_get_inode+0xe1/0x8d0 [ 661.329601] ? map_id_up+0x19c/0x3e0 [ 661.333299] ? shmem_encode_fh+0x340/0x340 [ 661.337512] ? __might_sleep+0x95/0x190 [ 661.341489] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.347031] ? selinux_determine_inode_label+0x1a7/0x350 [ 661.352486] ? may_create+0x25b/0x560 [ 661.356281] shmem_symlink+0xfd/0x920 [ 661.360077] ? selinux_capable+0x40/0x40 [ 661.364159] ? shmem_file_read_iter+0xfe0/0xfe0 [ 661.368841] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 661.373954] ? selinux_inode_symlink+0x23/0x30 [ 661.378520] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.384068] vfs_symlink+0x378/0x5d0 [ 661.387772] ovl_create_real+0x1b5/0x420 [ 661.391819] ovl_create_temp+0x48/0x60 [ 661.395692] ovl_copy_up_one+0xe4e/0x3060 [ 661.399820] ? mark_held_locks+0x100/0x100 [ 661.404057] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 661.409065] ? mark_held_locks+0x100/0x100 [ 661.413299] ? add_lock_to_list.isra.0+0x450/0x450 [ 661.418211] ? print_usage_bug+0xd0/0xd0 [ 661.422266] ? add_lock_to_list.isra.0+0x450/0x450 [ 661.427225] ? __lock_acquire+0x572/0x4a30 [ 661.431447] ? lockref_get_not_zero+0x70/0x90 [ 661.435943] ? dget_parent+0x1a5/0x680 [ 661.439811] ? find_held_lock+0x35/0x120 [ 661.443862] ? dget_parent+0x1a5/0x680 [ 661.447761] ? ovl_path_real+0x410/0x410 [ 661.451824] ovl_copy_up_flags+0x15a/0x1e0 [ 661.456057] ovl_copy_up+0x18/0x1c [ 661.459579] ovl_rename+0x29e/0x1ab0 [ 661.463286] ? lock_acquire+0x1db/0x570 [ 661.467287] ? ovl_clear_empty+0x6f0/0x6f0 [ 661.471538] vfs_rename+0x80a/0x1ab0 [ 661.475260] ? lookup_one_len+0x230/0x230 [ 661.479389] ? lock_rename+0xdb/0x290 [ 661.483203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 661.488742] ? security_path_rename+0x185/0x310 [ 661.493412] do_renameat2+0xdf2/0x1120 [ 661.497312] ? user_path_create+0x50/0x50 [ 661.501457] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 661.506986] ? fput+0x128/0x1a0 [ 661.510263] ? do_syscall_64+0x8c/0x800 [ 661.514249] ? lockdep_hardirqs_on+0x415/0x5d0 [ 661.518814] ? trace_hardirqs_on+0xbd/0x310 [ 661.523127] ? __ia32_sys_read+0xb0/0xb0 [ 661.527201] ? trace_hardirqs_off_caller+0x300/0x300 [ 661.532303] __x64_sys_renameat+0x9a/0x100 [ 661.536526] do_syscall_64+0x1a3/0x800 [ 661.540427] ? syscall_return_slowpath+0x5f0/0x5f0 [ 661.545391] ? prepare_exit_to_usermode+0x232/0x3b0 [ 661.550404] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 661.555234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.560422] RIP: 0033:0x457ec9 [ 661.563621] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 661.582551] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 661.590251] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 661.597517] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 661.604778] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 661.612053] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 661.619323] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:03 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:03 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:03 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_elf64(r1, &(0x7f00000000c0)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x0, 0x1, 0xf0a, 0x3, 0x3, 0x6, 0x7f, 0x187, 0x40, 0x39a, 0x0, 0x4, 0x38, 0x2, 0x4, 0x1, 0xffffffffffff0001}, [{0x3, 0xa7, 0x6, 0xd31d, 0x0, 0x3, 0x0, 0x6}, {0x70000001, 0x70f, 0x5, 0x1, 0x9, 0x6ea, 0x100000000}], "462ab642c22ab23f7f91a2c0cdc67129637694834f4b0cff56a85a25363047221e68ab39893f17133c48b91059b55d49ed68de24eb2045a9d495133a9488e4f6305f8ac61b8fcbe0a9b5cdcace871c66627f4bfbaa8401ff38b526ba6faadc0c229eb6129483", [[], [], [], [], [], [], [], [], []]}, 0xa16) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:07:03 executing program 1 (fault-call:9 fault-nth:34): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:03 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:03 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 663.909599] FAULT_INJECTION: forcing a failure. [ 663.909599] name failslab, interval 1, probability 0, space 0, times 0 [ 663.921218] CPU: 0 PID: 25837 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 663.928057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.928079] Call Trace: [ 663.928105] dump_stack+0x1db/0x2d0 [ 663.928131] ? dump_stack_print_info.cold+0x20/0x20 [ 663.948658] should_fail.cold+0xa/0x15 [ 663.952552] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 663.957690] ? mark_held_locks+0x100/0x100 [ 663.957707] ? __lock_is_held+0xb6/0x140 [ 663.957730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.957753] __should_failslab+0x121/0x190 [ 663.957771] should_failslab+0x9/0x14 [ 663.966035] __kmalloc+0x71/0x740 [ 663.966058] ? context_struct_to_string+0x42d/0x980 [ 663.966078] context_struct_to_string+0x42d/0x980 [ 663.966099] ? get_permissions_callback+0xb0/0xb0 [ 663.966125] security_sid_to_context_core.isra.0+0x244/0x320 [ 664.003505] security_sid_to_context_force+0x38/0x50 [ 664.008610] selinux_inode_init_security+0x3f7/0x870 [ 664.013722] ? selinux_inode_create+0x30/0x30 [ 664.018265] ? current_time+0x104/0x1b0 [ 664.022260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.027814] security_inode_init_security+0x1b3/0x430 [ 664.033020] ? shmem_tmpfile+0x120/0x120 [ 664.037086] ? unregister_lsm_notifier+0x30/0x30 [ 664.041858] ? may_create+0x25b/0x560 [ 664.045662] shmem_symlink+0x127/0x920 [ 664.049566] ? selinux_capable+0x40/0x40 [ 664.054156] ? shmem_file_read_iter+0xfe0/0xfe0 [ 664.058865] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 664.064016] ? selinux_inode_symlink+0x23/0x30 [ 664.068659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.074254] vfs_symlink+0x378/0x5d0 [ 664.078006] ovl_create_real+0x1b5/0x420 [ 664.082108] ovl_create_temp+0x48/0x60 [ 664.085999] ovl_copy_up_one+0xe4e/0x3060 [ 664.090178] ? mark_held_locks+0x100/0x100 [ 664.094441] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 664.099473] ? mark_held_locks+0x100/0x100 [ 664.103722] ? add_lock_to_list.isra.0+0x450/0x450 [ 664.108653] ? print_usage_bug+0xd0/0xd0 [ 664.112714] ? add_lock_to_list.isra.0+0x450/0x450 [ 664.117661] ? __lock_acquire+0x572/0x4a30 [ 664.121923] ? lockref_get_not_zero+0x70/0x90 [ 664.126430] ? dget_parent+0x1a5/0x680 [ 664.130320] ? find_held_lock+0x35/0x120 [ 664.134413] ? dget_parent+0x1a5/0x680 [ 664.138349] ? ovl_path_real+0x410/0x410 [ 664.142426] ovl_copy_up_flags+0x15a/0x1e0 [ 664.146666] ovl_copy_up+0x18/0x1c [ 664.150211] ovl_rename+0x29e/0x1ab0 [ 664.153927] ? lock_acquire+0x1db/0x570 [ 664.157916] ? ovl_clear_empty+0x6f0/0x6f0 [ 664.162185] vfs_rename+0x80a/0x1ab0 [ 664.165913] ? lookup_one_len+0x230/0x230 [ 664.170062] ? lock_rename+0xdb/0x290 [ 664.173894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.179439] ? security_path_rename+0x185/0x310 [ 664.184115] do_renameat2+0xdf2/0x1120 [ 664.188027] ? user_path_create+0x50/0x50 [ 664.192193] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 664.197746] ? fput+0x128/0x1a0 [ 664.201047] ? do_syscall_64+0x8c/0x800 [ 664.205052] ? lockdep_hardirqs_on+0x415/0x5d0 18:07:04 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:04 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r1, &(0x7f0000002100)=ANY=[@ANYRESDEC=0x0], 0x14) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0), &(0x7f0000000100)=0x8) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:07:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:04 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 664.209645] ? trace_hardirqs_on+0xbd/0x310 [ 664.213964] ? __ia32_sys_read+0xb0/0xb0 [ 664.218033] ? trace_hardirqs_off_caller+0x300/0x300 [ 664.223153] __x64_sys_renameat+0x9a/0x100 [ 664.227417] do_syscall_64+0x1a3/0x800 [ 664.231316] ? syscall_return_slowpath+0x5f0/0x5f0 [ 664.236250] ? prepare_exit_to_usermode+0x232/0x3b0 [ 664.241276] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 664.246131] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 664.251343] RIP: 0033:0x457ec9 [ 664.254566] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 664.273463] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 664.281161] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 664.288422] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 664.295677] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 664.302944] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 664.310215] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:06 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:06 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:06 executing program 1 (fault-call:9 fault-nth:35): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000100)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x4040, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)) r3 = syz_open_pts(r2, 0x0) r4 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)="25ba1dd4b7c4e87f217e68a07a744cd8824a4ce4b4470eeabfc731354d0045c5c749a440b1ef47e8147bd1a0d62831c9aa9f5593b6ab28f877c0f3674cfb03c5f3abccb3691a72427e54", 0x4a, 0xfffffffffffffffd) keyctl$invalidate(0x15, r4) ioctl$VT_GETSTATE(r2, 0x5603, &(0x7f0000000140)={0x9, 0x7, 0xfffffffffffffff7}) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3) write$binfmt_misc(r2, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETSF(r3, 0x5412, &(0x7f0000000000)) 18:07:06 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 666.915773] FAULT_INJECTION: forcing a failure. [ 666.915773] name failslab, interval 1, probability 0, space 0, times 0 [ 666.932329] CPU: 1 PID: 25872 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 666.939196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.948551] Call Trace: [ 666.951151] dump_stack+0x1db/0x2d0 [ 666.954798] ? dump_stack_print_info.cold+0x20/0x20 [ 666.959847] ? find_held_lock+0x35/0x120 [ 666.963913] ? security_sid_to_context_core.isra.0+0x272/0x320 [ 666.969885] should_fail.cold+0xa/0x15 [ 666.973788] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 666.978913] ? ___might_sleep+0x1e7/0x310 [ 666.983073] ? arch_local_save_flags+0x50/0x50 [ 666.988016] ? kasan_check_write+0x14/0x20 [ 666.992259] ? do_raw_read_unlock+0x3f/0x70 [ 666.996607] ? _raw_read_unlock+0x2d/0x50 [ 667.000765] __should_failslab+0x121/0x190 [ 667.005023] should_failslab+0x9/0x14 [ 667.008822] __kmalloc+0x2dc/0x740 18:07:07 executing program 2: r0 = socket(0x20002000000010, 0x802, 0x0) r1 = dup(r0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r1, &(0x7f0000000000)="fc00000048000700ab092500090007000aab07ff010000000000369321000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b59fe000000bc00020000036c6c256f1a272f2e117c22ebc211214000000000008934d07302ade09720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43cd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) [ 667.012370] ? selinux_inode_init_security+0x4ac/0x870 [ 667.017660] ? simple_xattr_alloc+0x3e/0xb0 [ 667.022025] simple_xattr_alloc+0x3e/0xb0 [ 667.026193] shmem_initxattrs+0xfc/0x1f0 [ 667.030285] security_inode_init_security+0x32f/0x430 [ 667.035502] ? shmem_tmpfile+0x120/0x120 [ 667.039603] ? unregister_lsm_notifier+0x30/0x30 [ 667.044395] ? may_create+0x25b/0x560 [ 667.048222] shmem_symlink+0x127/0x920 [ 667.052107] ? selinux_capable+0x40/0x40 [ 667.056155] ? shmem_file_read_iter+0xfe0/0xfe0 [ 667.060819] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 667.065921] ? selinux_inode_symlink+0x23/0x30 [ 667.070515] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.076048] vfs_symlink+0x378/0x5d0 [ 667.079752] ovl_create_real+0x1b5/0x420 [ 667.083810] ovl_create_temp+0x48/0x60 [ 667.087702] ovl_copy_up_one+0xe4e/0x3060 [ 667.091869] ? mark_held_locks+0x100/0x100 [ 667.096110] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 667.101138] ? mark_held_locks+0x100/0x100 [ 667.105388] ? add_lock_to_list.isra.0+0x450/0x450 [ 667.110420] ? print_usage_bug+0xd0/0xd0 [ 667.114469] ? add_lock_to_list.isra.0+0x450/0x450 [ 667.119380] ? __lock_acquire+0x572/0x4a30 [ 667.123641] ? lockref_get_not_zero+0x70/0x90 [ 667.128141] ? dget_parent+0x1a5/0x680 [ 667.132015] ? find_held_lock+0x35/0x120 [ 667.136057] ? dget_parent+0x1a5/0x680 [ 667.139970] ? ovl_path_real+0x410/0x410 [ 667.144029] ovl_copy_up_flags+0x15a/0x1e0 [ 667.148258] ovl_copy_up+0x18/0x1c [ 667.151782] ovl_rename+0x29e/0x1ab0 [ 667.155483] ? lock_acquire+0x1db/0x570 [ 667.159445] ? ovl_clear_empty+0x6f0/0x6f0 [ 667.163667] vfs_rename+0x80a/0x1ab0 [ 667.167375] ? lookup_one_len+0x230/0x230 [ 667.171505] ? lock_rename+0xdb/0x290 [ 667.175304] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.180851] ? security_path_rename+0x185/0x310 [ 667.185621] do_renameat2+0xdf2/0x1120 [ 667.189501] ? user_path_create+0x50/0x50 [ 667.193632] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 667.199158] ? fput+0x128/0x1a0 [ 667.202456] ? do_syscall_64+0x8c/0x800 [ 667.206439] ? lockdep_hardirqs_on+0x415/0x5d0 [ 667.211004] ? trace_hardirqs_on+0xbd/0x310 [ 667.215306] ? __ia32_sys_read+0xb0/0xb0 [ 667.219372] ? trace_hardirqs_off_caller+0x300/0x300 [ 667.224472] __x64_sys_renameat+0x9a/0x100 [ 667.228706] do_syscall_64+0x1a3/0x800 [ 667.232587] ? syscall_return_slowpath+0x5f0/0x5f0 [ 667.237536] ? prepare_exit_to_usermode+0x232/0x3b0 [ 667.242541] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 667.247370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.252554] RIP: 0033:0x457ec9 [ 667.255730] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 667.274635] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 667.282342] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 667.289602] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 667.296853] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 667.304109] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 18:07:07 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 667.311378] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:07 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_int(r0, 0x1, 0x5, 0x0, &(0x7f0000000400)) 18:07:07 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:07 executing program 1 (fault-call:9 fault-nth:36): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 667.555649] FAULT_INJECTION: forcing a failure. [ 667.555649] name failslab, interval 1, probability 0, space 0, times 0 [ 667.567062] CPU: 1 PID: 25903 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 667.573900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.583231] Call Trace: [ 667.585807] dump_stack+0x1db/0x2d0 [ 667.589426] ? dump_stack_print_info.cold+0x20/0x20 [ 667.594464] should_fail.cold+0xa/0x15 [ 667.598350] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 667.603498] ? mark_held_locks+0x100/0x100 [ 667.607715] ? __lock_is_held+0xb6/0x140 [ 667.611765] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.617301] __should_failslab+0x121/0x190 [ 667.621522] should_failslab+0x9/0x14 [ 667.625306] __kmalloc+0x71/0x740 [ 667.628748] ? context_struct_to_string+0x42d/0x980 [ 667.633747] context_struct_to_string+0x42d/0x980 [ 667.638575] ? get_permissions_callback+0xb0/0xb0 [ 667.643422] security_sid_to_context_core.isra.0+0x244/0x320 [ 667.649222] security_sid_to_context_force+0x38/0x50 [ 667.654330] selinux_inode_init_security+0x3f7/0x870 [ 667.659423] ? selinux_inode_create+0x30/0x30 [ 667.663902] ? current_time+0x104/0x1b0 [ 667.667873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.673422] security_inode_init_security+0x1b3/0x430 [ 667.678619] ? shmem_tmpfile+0x120/0x120 [ 667.682681] ? unregister_lsm_notifier+0x30/0x30 [ 667.687424] ? may_create+0x25b/0x560 [ 667.691224] shmem_symlink+0x127/0x920 [ 667.695121] ? selinux_capable+0x40/0x40 [ 667.699192] ? shmem_file_read_iter+0xfe0/0xfe0 [ 667.703847] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 667.708945] ? selinux_inode_symlink+0x23/0x30 [ 667.713510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.719050] vfs_symlink+0x378/0x5d0 [ 667.722765] ovl_create_real+0x1b5/0x420 [ 667.726819] ovl_create_temp+0x48/0x60 [ 667.730693] ovl_copy_up_one+0xe4e/0x3060 [ 667.734832] ? mark_held_locks+0x100/0x100 [ 667.739068] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 667.744093] ? mark_held_locks+0x100/0x100 [ 667.748314] ? add_lock_to_list.isra.0+0x450/0x450 [ 667.753225] ? print_usage_bug+0xd0/0xd0 [ 667.757304] ? add_lock_to_list.isra.0+0x450/0x450 [ 667.762217] ? __lock_acquire+0x572/0x4a30 [ 667.766462] ? lockref_get_not_zero+0x70/0x90 [ 667.770963] ? dget_parent+0x1a5/0x680 [ 667.774830] ? find_held_lock+0x35/0x120 [ 667.778878] ? dget_parent+0x1a5/0x680 [ 667.782773] ? ovl_path_real+0x410/0x410 [ 667.786994] ovl_copy_up_flags+0x15a/0x1e0 [ 667.791244] ovl_copy_up+0x18/0x1c [ 667.794807] ovl_rename+0x29e/0x1ab0 [ 667.798530] ? lock_acquire+0x1db/0x570 [ 667.802531] ? ovl_clear_empty+0x6f0/0x6f0 [ 667.806759] vfs_rename+0x80a/0x1ab0 [ 667.810504] ? lookup_one_len+0x230/0x230 [ 667.814694] ? lock_rename+0xdb/0x290 [ 667.818504] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.824050] ? security_path_rename+0x185/0x310 [ 667.828719] do_renameat2+0xdf2/0x1120 [ 667.832596] ? user_path_create+0x50/0x50 [ 667.836729] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 667.842257] ? fput+0x128/0x1a0 [ 667.845532] ? do_syscall_64+0x8c/0x800 [ 667.849522] ? lockdep_hardirqs_on+0x415/0x5d0 [ 667.854084] ? trace_hardirqs_on+0xbd/0x310 [ 667.858422] ? __ia32_sys_read+0xb0/0xb0 [ 667.862466] ? trace_hardirqs_off_caller+0x300/0x300 [ 667.867567] __x64_sys_renameat+0x9a/0x100 [ 667.871801] do_syscall_64+0x1a3/0x800 [ 667.875690] ? syscall_return_slowpath+0x5f0/0x5f0 [ 667.880629] ? prepare_exit_to_usermode+0x232/0x3b0 [ 667.885650] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 667.890483] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.895652] RIP: 0033:0x457ec9 [ 667.898868] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 667.917748] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 667.925437] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 667.932695] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 667.939956] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 667.947220] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 667.954471] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:10 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:10 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000006440)='/dev/audio\x00', 0x480000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r1, 0x0) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) write(r3, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) r5 = epoll_create(0x4000000000f17b) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 18:07:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:10 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:10 executing program 1 (fault-call:9 fault-nth:37): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:10 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 669.990651] FAULT_INJECTION: forcing a failure. [ 669.990651] name failslab, interval 1, probability 0, space 0, times 0 [ 670.023970] CPU: 0 PID: 25916 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 670.030824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 18:07:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 670.040214] Call Trace: [ 670.042833] dump_stack+0x1db/0x2d0 [ 670.046489] ? dump_stack_print_info.cold+0x20/0x20 [ 670.051523] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 670.057375] ? find_held_lock+0x35/0x120 [ 670.061450] should_fail.cold+0xa/0x15 [ 670.065348] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 670.070472] ? ___might_sleep+0x1e7/0x310 [ 670.074627] ? arch_local_save_flags+0x50/0x50 [ 670.079226] __should_failslab+0x121/0x190 [ 670.083532] should_failslab+0x9/0x14 [ 670.087358] __kmalloc+0x2dc/0x740 18:07:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 670.090909] ? memcpy+0x46/0x50 [ 670.094204] ? shmem_initxattrs+0x135/0x1f0 [ 670.098548] shmem_initxattrs+0x135/0x1f0 [ 670.102703] security_inode_init_security+0x32f/0x430 [ 670.107898] ? shmem_tmpfile+0x120/0x120 [ 670.111960] ? unregister_lsm_notifier+0x30/0x30 [ 670.116731] ? may_create+0x25b/0x560 [ 670.120535] shmem_symlink+0x127/0x920 [ 670.124433] ? selinux_capable+0x40/0x40 [ 670.128515] ? shmem_file_read_iter+0xfe0/0xfe0 [ 670.133212] ? privileged_wrt_inode_uidgid+0x68/0xd0 18:07:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 670.138434] ? selinux_inode_symlink+0x23/0x30 [ 670.143849] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.149398] vfs_symlink+0x378/0x5d0 [ 670.153119] ovl_create_real+0x1b5/0x420 [ 670.157200] ovl_create_temp+0x48/0x60 [ 670.161127] ovl_copy_up_one+0xe4e/0x3060 [ 670.165319] ? mark_held_locks+0x100/0x100 [ 670.169567] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 670.174589] ? mark_held_locks+0x100/0x100 [ 670.178825] ? add_lock_to_list.isra.0+0x450/0x450 [ 670.183900] ? print_usage_bug+0xd0/0xd0 [ 670.187992] ? add_lock_to_list.isra.0+0x450/0x450 [ 670.192928] ? __lock_acquire+0x572/0x4a30 [ 670.197283] ? lockref_get_not_zero+0x70/0x90 [ 670.201790] ? dget_parent+0x1a5/0x680 [ 670.205685] ? find_held_lock+0x35/0x120 [ 670.209750] ? dget_parent+0x1a5/0x680 [ 670.213679] ? ovl_path_real+0x410/0x410 [ 670.217759] ovl_copy_up_flags+0x15a/0x1e0 [ 670.222007] ovl_copy_up+0x18/0x1c [ 670.225552] ovl_rename+0x29e/0x1ab0 [ 670.229274] ? lock_acquire+0x1db/0x570 [ 670.233262] ? ovl_clear_empty+0x6f0/0x6f0 [ 670.237529] vfs_rename+0x80a/0x1ab0 [ 670.241273] ? lookup_one_len+0x230/0x230 [ 670.245422] ? lock_rename+0xdb/0x290 [ 670.249236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.254789] ? security_path_rename+0x185/0x310 [ 670.259465] do_renameat2+0xdf2/0x1120 [ 670.263390] ? user_path_create+0x50/0x50 [ 670.267544] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 670.273099] ? fput+0x128/0x1a0 [ 670.276385] ? do_syscall_64+0x8c/0x800 [ 670.280363] ? lockdep_hardirqs_on+0x415/0x5d0 [ 670.284963] ? trace_hardirqs_on+0xbd/0x310 [ 670.289282] ? __ia32_sys_read+0xb0/0xb0 [ 670.293361] ? trace_hardirqs_off_caller+0x300/0x300 [ 670.298470] __x64_sys_renameat+0x9a/0x100 [ 670.302749] do_syscall_64+0x1a3/0x800 [ 670.306687] ? syscall_return_slowpath+0x5f0/0x5f0 [ 670.311624] ? prepare_exit_to_usermode+0x232/0x3b0 [ 670.316657] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 670.321516] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 670.326825] RIP: 0033:0x457ec9 18:07:10 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:10 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 670.330024] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 670.348935] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 670.356660] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 670.363948] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 670.371218] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 670.378495] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 670.385764] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:13 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:13 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:13 executing program 1 (fault-call:9 fault-nth:38): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:13 executing program 2: r0 = socket(0x20002000000010, 0x802, 0x0) r1 = dup(r0) write(r1, &(0x7f0000000000)="fc00000049000700ab092500090007000aab07ff010000000000369321000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b59fe000000bc00020000036c6c256f1a272f2e117c22ebc211214000000000008934d07302ade09720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43cd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) 18:07:13 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:13 executing program 2: get_robust_list(0x0, &(0x7f0000000340)=0x0, &(0x7f0000000380)) [ 673.092234] FAULT_INJECTION: forcing a failure. [ 673.092234] name failslab, interval 1, probability 0, space 0, times 0 [ 673.113193] CPU: 0 PID: 25962 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 673.120045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 673.129411] Call Trace: [ 673.132024] dump_stack+0x1db/0x2d0 [ 673.135660] ? dump_stack_print_info.cold+0x20/0x20 18:07:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 673.140695] ? mark_held_locks+0xb1/0x100 [ 673.144857] should_fail.cold+0xa/0x15 [ 673.148755] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 673.153870] ? ___might_sleep+0x1e7/0x310 [ 673.158023] ? arch_local_save_flags+0x50/0x50 [ 673.162631] ? security_inode_init_security+0x251/0x430 [ 673.168006] __should_failslab+0x121/0x190 [ 673.172252] should_failslab+0x9/0x14 [ 673.176070] __kmalloc_track_caller+0x2d8/0x740 [ 673.180771] ? shmem_symlink+0x1a0/0x920 [ 673.184841] kmemdup+0x27/0x60 [ 673.188037] shmem_symlink+0x1a0/0x920 18:07:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:13 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) request_key(&(0x7f0000000380)='user\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0xffffffffffffffff) add_key(&(0x7f00000005c0)='ceph\x00', 0x0, &(0x7f0000000640)="c9c8919c575c557bbd16f952162654c0905d8c2ffac1e0b11498f2db1ca35a6e663fcba19f2a615a2e586047a08a8d070be312fa63f5a03721bab5a2c88eee64d686a09d1a9bfd32b83d3caa8a750f3c9ee5c2f80d625b85a723de8590243f908fa9702a8be6aac803fa08c1da676b342c", 0x71, 0xfffffffffffffffe) connect$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffe15) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000001c0)) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, 0x0, 0x0) [ 673.191943] ? selinux_capable+0x40/0x40 [ 673.196009] ? shmem_file_read_iter+0xfe0/0xfe0 [ 673.200683] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 673.205800] ? selinux_inode_symlink+0x23/0x30 [ 673.210389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.215936] vfs_symlink+0x378/0x5d0 [ 673.219654] ovl_create_real+0x1b5/0x420 [ 673.223720] ovl_create_temp+0x48/0x60 [ 673.227620] ovl_copy_up_one+0xe4e/0x3060 [ 673.231772] ? mark_held_locks+0x100/0x100 [ 673.236025] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 673.241048] ? mark_held_locks+0x100/0x100 [ 673.245281] ? add_lock_to_list.isra.0+0x450/0x450 [ 673.250212] ? print_usage_bug+0xd0/0xd0 [ 673.254282] ? add_lock_to_list.isra.0+0x450/0x450 [ 673.259219] ? __lock_acquire+0x572/0x4a30 [ 673.263462] ? lockref_get_not_zero+0x70/0x90 [ 673.267964] ? dget_parent+0x1a5/0x680 [ 673.271850] ? find_held_lock+0x35/0x120 [ 673.275906] ? dget_parent+0x1a5/0x680 [ 673.279820] ? ovl_path_real+0x410/0x410 [ 673.283888] ovl_copy_up_flags+0x15a/0x1e0 [ 673.288154] ovl_copy_up+0x18/0x1c [ 673.291718] ovl_rename+0x29e/0x1ab0 [ 673.295428] ? lock_acquire+0x1db/0x570 [ 673.299438] ? ovl_clear_empty+0x6f0/0x6f0 [ 673.303708] vfs_rename+0x80a/0x1ab0 [ 673.307456] ? lookup_one_len+0x230/0x230 [ 673.311613] ? lock_rename+0xdb/0x290 [ 673.315460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 673.320991] ? security_path_rename+0x185/0x310 [ 673.325659] do_renameat2+0xdf2/0x1120 [ 673.329560] ? user_path_create+0x50/0x50 [ 673.333713] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 673.339259] ? fput+0x128/0x1a0 [ 673.342536] ? do_syscall_64+0x8c/0x800 [ 673.346503] ? lockdep_hardirqs_on+0x415/0x5d0 [ 673.351110] ? trace_hardirqs_on+0xbd/0x310 [ 673.355468] ? __ia32_sys_read+0xb0/0xb0 [ 673.359523] ? trace_hardirqs_off_caller+0x300/0x300 [ 673.364626] __x64_sys_renameat+0x9a/0x100 [ 673.368857] do_syscall_64+0x1a3/0x800 [ 673.372749] ? syscall_return_slowpath+0x5f0/0x5f0 [ 673.377678] ? prepare_exit_to_usermode+0x232/0x3b0 [ 673.382727] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 673.387624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 673.392851] RIP: 0033:0x457ec9 [ 673.396036] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 673.414928] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 673.422629] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 673.429888] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 673.437188] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 18:07:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 673.444452] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 673.451712] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:13 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:16 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:16 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:16 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:16 executing program 1 (fault-call:9 fault-nth:39): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:16 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:16 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 676.113031] FAULT_INJECTION: forcing a failure. [ 676.113031] name failslab, interval 1, probability 0, space 0, times 0 [ 676.127428] CPU: 0 PID: 26000 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 676.134290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 676.143643] Call Trace: [ 676.143671] dump_stack+0x1db/0x2d0 [ 676.143697] ? dump_stack_print_info.cold+0x20/0x20 [ 676.143715] ? trace_hardirqs_on+0xbd/0x310 [ 676.143736] ? selinux_inode_getsecurity+0x2d8/0x340 [ 676.143754] ? trace_hardirqs_off_caller+0x300/0x300 [ 676.169497] should_fail.cold+0xa/0x15 [ 676.173394] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 676.178518] ? ___might_sleep+0x1e7/0x310 [ 676.182680] ? arch_local_save_flags+0x50/0x50 [ 676.187418] ? _raw_spin_unlock+0x2d/0x50 [ 676.191605] __should_failslab+0x121/0x190 [ 676.195854] should_failslab+0x9/0x14 [ 676.199659] __kmalloc_track_caller+0x2d8/0x740 [ 676.204328] ? vfs_getxattr+0xc4/0x390 [ 676.208233] ? xattr_permission+0x300/0x300 18:07:16 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 676.212557] ? ovl_copy_xattr+0x27b/0x470 [ 676.216709] krealloc+0x66/0xd0 [ 676.220032] ovl_copy_xattr+0x27b/0x470 [ 676.224024] ovl_copy_up_one+0xf0b/0x3060 [ 676.228192] ? mark_held_locks+0x100/0x100 [ 676.232453] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 676.237523] ? mark_held_locks+0x100/0x100 [ 676.241762] ? add_lock_to_list.isra.0+0x450/0x450 [ 676.246690] ? print_usage_bug+0xd0/0xd0 [ 676.246704] ? add_lock_to_list.isra.0+0x450/0x450 [ 676.246723] ? __lock_acquire+0x572/0x4a30 [ 676.259954] ? lockref_get_not_zero+0x70/0x90 [ 676.264486] ? dget_parent+0x1a5/0x680 [ 676.268383] ? find_held_lock+0x35/0x120 [ 676.272449] ? dget_parent+0x1a5/0x680 [ 676.276397] ? ovl_path_real+0x410/0x410 [ 676.280469] ovl_copy_up_flags+0x15a/0x1e0 [ 676.284711] ovl_copy_up+0x18/0x1c [ 676.288254] ovl_rename+0x29e/0x1ab0 [ 676.291972] ? lock_acquire+0x1db/0x570 [ 676.295956] ? ovl_clear_empty+0x6f0/0x6f0 [ 676.300215] vfs_rename+0x80a/0x1ab0 [ 676.303941] ? lookup_one_len+0x230/0x230 [ 676.308087] ? lock_rename+0xdb/0x290 18:07:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:16 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 676.311911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.317460] ? security_path_rename+0x185/0x310 [ 676.322141] do_renameat2+0xdf2/0x1120 [ 676.326062] ? user_path_create+0x50/0x50 [ 676.330220] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 676.335775] ? fput+0x128/0x1a0 [ 676.339065] ? do_syscall_64+0x8c/0x800 [ 676.343046] ? lockdep_hardirqs_on+0x415/0x5d0 [ 676.347632] ? trace_hardirqs_on+0xbd/0x310 [ 676.351959] ? __ia32_sys_read+0xb0/0xb0 [ 676.356026] ? trace_hardirqs_off_caller+0x300/0x300 [ 676.361144] __x64_sys_renameat+0x9a/0x100 [ 676.365399] do_syscall_64+0x1a3/0x800 [ 676.369294] ? syscall_return_slowpath+0x5f0/0x5f0 [ 676.374244] ? prepare_exit_to_usermode+0x232/0x3b0 [ 676.379300] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 676.384150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 676.389354] RIP: 0033:0x457ec9 [ 676.392546] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:07:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 676.411448] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 676.419176] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 676.426463] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 676.433750] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 676.441025] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 676.448300] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:16 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:19 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:19 executing program 1 (fault-call:9 fault-nth:40): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:19 executing program 2: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:19 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:19 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 679.171444] FAULT_INJECTION: forcing a failure. [ 679.171444] name failslab, interval 1, probability 0, space 0, times 0 [ 679.182847] CPU: 1 PID: 26049 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 679.189695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.199045] Call Trace: [ 679.201647] dump_stack+0x1db/0x2d0 [ 679.205295] ? dump_stack_print_info.cold+0x20/0x20 [ 679.210344] should_fail.cold+0xa/0x15 [ 679.214243] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 679.219361] ? avc_has_perm_noaudit+0x43f/0x630 [ 679.224060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.229611] __should_failslab+0x121/0x190 [ 679.233854] should_failslab+0x9/0x14 [ 679.237660] __kmalloc+0x71/0x740 [ 679.241137] ? context_struct_to_string+0x42d/0x980 [ 679.246190] context_struct_to_string+0x42d/0x980 [ 679.251057] ? get_permissions_callback+0xb0/0xb0 [ 679.255930] security_sid_to_context_core.isra.0+0x244/0x320 [ 679.261746] security_sid_to_context_force+0x38/0x50 [ 679.266856] selinux_inode_getsecurity+0x2c3/0x340 [ 679.271793] ? has_cap_mac_admin+0xc0/0xc0 [ 679.276044] ? rootid_owns_currentns+0x1d0/0x1d0 [ 679.280809] ? _raw_spin_unlock+0x2d/0x50 [ 679.284968] ? simple_xattr_list+0x339/0x410 [ 679.289386] security_inode_getsecurity+0xb6/0x130 [ 679.294331] vfs_getxattr+0x2ae/0x390 [ 679.298148] ? xattr_permission+0x300/0x300 [ 679.302502] ? shmem_listxattr+0x45/0x60 [ 679.306578] ? shmem_initxattrs+0x1f0/0x1f0 [ 679.310910] ovl_copy_xattr+0x2a0/0x470 [ 679.314900] ovl_copy_up_one+0xf0b/0x3060 18:07:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:19 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:19 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 679.319071] ? mark_held_locks+0x100/0x100 [ 679.323331] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 679.328368] ? mark_held_locks+0x100/0x100 [ 679.332609] ? add_lock_to_list.isra.0+0x450/0x450 [ 679.337543] ? print_usage_bug+0xd0/0xd0 [ 679.341612] ? add_lock_to_list.isra.0+0x450/0x450 [ 679.346563] ? __lock_acquire+0x572/0x4a30 [ 679.350808] ? lockref_get_not_zero+0x70/0x90 [ 679.355319] ? dget_parent+0x1a5/0x680 [ 679.359208] ? find_held_lock+0x35/0x120 [ 679.363312] ? dget_parent+0x1a5/0x680 [ 679.367260] ? ovl_path_real+0x410/0x410 [ 679.371339] ovl_copy_up_flags+0x15a/0x1e0 [ 679.375601] ovl_copy_up+0x18/0x1c [ 679.379148] ovl_rename+0x29e/0x1ab0 [ 679.379172] ? lock_acquire+0x1db/0x570 [ 679.379199] ? ovl_clear_empty+0x6f0/0x6f0 [ 679.379229] vfs_rename+0x80a/0x1ab0 [ 679.379256] ? lookup_one_len+0x230/0x230 [ 679.379276] ? lock_rename+0xdb/0x290 [ 679.379307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.394950] ? security_path_rename+0x185/0x310 [ 679.395001] do_renameat2+0xdf2/0x1120 [ 679.395032] ? user_path_create+0x50/0x50 [ 679.421117] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 679.426669] ? fput+0x128/0x1a0 [ 679.429948] ? do_syscall_64+0x8c/0x800 [ 679.433918] ? lockdep_hardirqs_on+0x415/0x5d0 [ 679.438530] ? trace_hardirqs_on+0xbd/0x310 [ 679.442852] ? __ia32_sys_read+0xb0/0xb0 [ 679.446911] ? trace_hardirqs_off_caller+0x300/0x300 [ 679.452062] __x64_sys_renameat+0x9a/0x100 [ 679.456304] do_syscall_64+0x1a3/0x800 [ 679.460195] ? syscall_return_slowpath+0x5f0/0x5f0 [ 679.465128] ? prepare_exit_to_usermode+0x232/0x3b0 [ 679.470164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 679.475030] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.480233] RIP: 0033:0x457ec9 [ 679.483425] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 679.502324] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 679.510027] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 18:07:19 executing program 2: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000940)='./file0/file0\x00', 0x0, 0x5004, 0x0) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 679.517292] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 679.524576] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 679.531839] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 679.539102] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:22 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:22 executing program 1 (fault-call:9 fault-nth:41): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 682.196579] FAULT_INJECTION: forcing a failure. [ 682.196579] name failslab, interval 1, probability 0, space 0, times 0 [ 682.269314] CPU: 1 PID: 26094 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 682.276202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.285555] Call Trace: [ 682.288168] dump_stack+0x1db/0x2d0 [ 682.291827] ? dump_stack_print_info.cold+0x20/0x20 [ 682.296880] ? lock_acquire+0x1db/0x570 [ 682.300877] should_fail.cold+0xa/0x15 [ 682.304775] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 682.309903] ? ___might_sleep+0x1e7/0x310 [ 682.314058] ? arch_local_save_flags+0x50/0x50 [ 682.318674] ? simple_xattr_set+0x7d0/0x7d0 [ 682.323009] __should_failslab+0x121/0x190 [ 682.327252] should_failslab+0x9/0x14 [ 682.331059] __kmalloc+0x2dc/0x740 [ 682.334606] ? shmem_listxattr+0x45/0x60 [ 682.338679] ? shmem_initxattrs+0x1f0/0x1f0 [ 682.343024] ? ovl_copy_xattr+0x177/0x470 [ 682.347191] ovl_copy_xattr+0x177/0x470 [ 682.351190] ovl_copy_up_one+0xf0b/0x3060 [ 682.355347] ? mark_held_locks+0x100/0x100 [ 682.359604] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 682.364637] ? mark_held_locks+0x100/0x100 [ 682.368886] ? add_lock_to_list.isra.0+0x450/0x450 [ 682.373825] ? print_usage_bug+0xd0/0xd0 [ 682.377896] ? add_lock_to_list.isra.0+0x450/0x450 [ 682.382835] ? __lock_acquire+0x572/0x4a30 [ 682.387076] ? lockref_get_not_zero+0x70/0x90 [ 682.391583] ? dget_parent+0x1a5/0x680 [ 682.395492] ? find_held_lock+0x35/0x120 [ 682.399557] ? dget_parent+0x1a5/0x680 [ 682.403532] ? ovl_path_real+0x410/0x410 [ 682.407608] ovl_copy_up_flags+0x15a/0x1e0 [ 682.411850] ovl_copy_up+0x18/0x1c [ 682.415393] ovl_rename+0x29e/0x1ab0 [ 682.419117] ? lock_acquire+0x1db/0x570 [ 682.423121] ? ovl_clear_empty+0x6f0/0x6f0 [ 682.427383] vfs_rename+0x80a/0x1ab0 [ 682.431119] ? lookup_one_len+0x230/0x230 [ 682.435286] ? lock_rename+0xdb/0x290 [ 682.439139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 682.444719] ? security_path_rename+0x185/0x310 [ 682.449399] do_renameat2+0xdf2/0x1120 [ 682.453327] ? user_path_create+0x50/0x50 [ 682.457487] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 682.463045] ? fput+0x128/0x1a0 [ 682.466342] ? do_syscall_64+0x8c/0x800 18:07:22 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 682.470354] ? lockdep_hardirqs_on+0x415/0x5d0 [ 682.474949] ? trace_hardirqs_on+0xbd/0x310 [ 682.479291] ? __ia32_sys_read+0xb0/0xb0 [ 682.483369] ? trace_hardirqs_off_caller+0x300/0x300 [ 682.488500] __x64_sys_renameat+0x9a/0x100 [ 682.492776] do_syscall_64+0x1a3/0x800 [ 682.496674] ? syscall_return_slowpath+0x5f0/0x5f0 [ 682.501630] ? prepare_exit_to_usermode+0x232/0x3b0 [ 682.506671] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 682.511533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 682.516726] RIP: 0033:0x457ec9 [ 682.519921] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 682.538826] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 682.546537] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 682.553808] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 682.561086] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 682.568370] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 682.575657] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) r6 = gettid() write$cgroup_pid(r4, &(0x7f00000001c0)=r6, 0x12) 18:07:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:22 executing program 1 (fault-call:9 fault-nth:42): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 682.768093] FAULT_INJECTION: forcing a failure. [ 682.768093] name failslab, interval 1, probability 0, space 0, times 0 18:07:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:23 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 682.855300] CPU: 0 PID: 26123 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 682.862179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.871532] Call Trace: [ 682.874133] dump_stack+0x1db/0x2d0 [ 682.877791] ? dump_stack_print_info.cold+0x20/0x20 [ 682.882832] ? __x64_sys_renameat+0x9a/0x100 [ 682.887292] ? do_syscall_64+0x1a3/0x800 [ 682.891377] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 682.891401] should_fail.cold+0xa/0x15 [ 682.891434] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 682.891455] ? ___might_sleep+0x1e7/0x310 [ 682.909957] ? arch_local_save_flags+0x50/0x50 [ 682.914624] __should_failslab+0x121/0x190 [ 682.918888] should_failslab+0x9/0x14 [ 682.922714] __kmalloc+0x2dc/0x740 [ 682.926300] ? ovl_encode_real_fh+0x1a7/0x520 [ 682.930806] ovl_encode_real_fh+0x1a7/0x520 [ 682.935139] ? ovl_set_attr+0x530/0x530 [ 682.939223] ? lockdep_hardirqs_on+0x415/0x5d0 [ 682.943815] ? trace_hardirqs_on+0xbd/0x310 [ 682.948143] ovl_set_origin+0x67/0x130 [ 682.952102] ovl_copy_up_inode.part.0+0x361/0x5d0 [ 682.952119] ? ovl_set_origin+0x130/0x130 [ 682.952136] ? ovl_copy_xattr+0x10c/0x470 [ 682.952171] ovl_copy_up_one+0xf32/0x3060 [ 682.969417] ? mark_held_locks+0x100/0x100 [ 682.973786] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 682.978820] ? mark_held_locks+0x100/0x100 [ 682.983063] ? add_lock_to_list.isra.0+0x450/0x450 [ 682.988000] ? print_usage_bug+0xd0/0xd0 [ 682.992079] ? add_lock_to_list.isra.0+0x450/0x450 [ 682.997019] ? __lock_acquire+0x572/0x4a30 [ 683.001269] ? lockref_get_not_zero+0x70/0x90 [ 683.005774] ? dget_parent+0x1a5/0x680 [ 683.009689] ? find_held_lock+0x35/0x120 [ 683.013782] ? dget_parent+0x1a5/0x680 [ 683.017724] ? ovl_path_real+0x410/0x410 [ 683.021804] ovl_copy_up_flags+0x15a/0x1e0 [ 683.026052] ovl_copy_up+0x18/0x1c [ 683.029607] ovl_rename+0x29e/0x1ab0 [ 683.033345] ? lock_acquire+0x1db/0x570 [ 683.037337] ? ovl_clear_empty+0x6f0/0x6f0 [ 683.041610] vfs_rename+0x80a/0x1ab0 [ 683.045348] ? lookup_one_len+0x230/0x230 [ 683.049507] ? lock_rename+0xdb/0x290 [ 683.053316] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 683.058840] ? security_path_rename+0x185/0x310 [ 683.063509] do_renameat2+0xdf2/0x1120 [ 683.067391] ? user_path_create+0x50/0x50 [ 683.071543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 683.077064] ? fput+0x128/0x1a0 [ 683.080353] ? do_syscall_64+0x8c/0x800 [ 683.084317] ? lockdep_hardirqs_on+0x415/0x5d0 [ 683.088895] ? trace_hardirqs_on+0xbd/0x310 [ 683.093198] ? __ia32_sys_read+0xb0/0xb0 [ 683.097244] ? trace_hardirqs_off_caller+0x300/0x300 [ 683.102334] __x64_sys_renameat+0x9a/0x100 [ 683.106554] do_syscall_64+0x1a3/0x800 [ 683.110441] ? syscall_return_slowpath+0x5f0/0x5f0 [ 683.115398] ? prepare_exit_to_usermode+0x232/0x3b0 [ 683.120402] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 683.125230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.130415] RIP: 0033:0x457ec9 [ 683.133608] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 683.152500] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 683.160190] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 683.167442] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 683.174691] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 683.181943] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 683.189194] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:25 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:25 executing program 1 (fault-call:9 fault-nth:43): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) r6 = gettid() write$cgroup_pid(r4, &(0x7f00000001c0)=r6, 0x12) 18:07:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 685.668059] FAULT_INJECTION: forcing a failure. [ 685.668059] name failslab, interval 1, probability 0, space 0, times 0 [ 685.723982] CPU: 1 PID: 26167 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 685.730847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.740200] Call Trace: [ 685.742807] dump_stack+0x1db/0x2d0 [ 685.746464] ? dump_stack_print_info.cold+0x20/0x20 [ 685.751512] ? __x64_sys_renameat+0x9a/0x100 [ 685.755929] ? do_syscall_64+0x1a3/0x800 [ 685.759994] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.765375] should_fail.cold+0xa/0x15 [ 685.769273] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 685.774420] ? ___might_sleep+0x1e7/0x310 [ 685.778592] ? arch_local_save_flags+0x50/0x50 [ 685.783207] __should_failslab+0x121/0x190 [ 685.787468] should_failslab+0x9/0x14 [ 685.791291] __kmalloc+0x2dc/0x740 [ 685.794848] ? ovl_encode_real_fh+0x1a7/0x520 [ 685.799355] ovl_encode_real_fh+0x1a7/0x520 [ 685.803715] ? ovl_set_attr+0x530/0x530 [ 685.807712] ? lockdep_hardirqs_on+0x415/0x5d0 [ 685.812306] ? trace_hardirqs_on+0xbd/0x310 [ 685.816635] ovl_set_origin+0x67/0x130 [ 685.820554] ovl_copy_up_inode.part.0+0x361/0x5d0 [ 685.825437] ? ovl_set_origin+0x130/0x130 [ 685.829596] ? ovl_copy_xattr+0x10c/0x470 [ 685.833755] ovl_copy_up_one+0xf32/0x3060 [ 685.837908] ? mark_held_locks+0x100/0x100 [ 685.842185] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 685.847226] ? mark_held_locks+0x100/0x100 [ 685.851465] ? add_lock_to_list.isra.0+0x450/0x450 [ 685.856429] ? print_usage_bug+0xd0/0xd0 [ 685.860527] ? add_lock_to_list.isra.0+0x450/0x450 [ 685.865478] ? __lock_acquire+0x572/0x4a30 [ 685.869726] ? lockref_get_not_zero+0x70/0x90 18:07:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) r6 = gettid() write$cgroup_pid(r4, &(0x7f00000001c0)=r6, 0x12) 18:07:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 685.874260] ? dget_parent+0x1a5/0x680 [ 685.878167] ? find_held_lock+0x35/0x120 [ 685.882234] ? dget_parent+0x1a5/0x680 [ 685.886168] ? ovl_path_real+0x410/0x410 [ 685.890246] ovl_copy_up_flags+0x15a/0x1e0 [ 685.894503] ovl_copy_up+0x18/0x1c [ 685.898050] ovl_rename+0x29e/0x1ab0 [ 685.901766] ? lock_acquire+0x1db/0x570 [ 685.905793] ? ovl_clear_empty+0x6f0/0x6f0 [ 685.910087] vfs_rename+0x80a/0x1ab0 [ 685.910113] ? lookup_one_len+0x230/0x230 [ 685.910125] ? lock_rename+0xdb/0x290 [ 685.910157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 685.917997] ? security_path_rename+0x185/0x310 [ 685.918016] do_renameat2+0xdf2/0x1120 [ 685.918044] ? user_path_create+0x50/0x50 [ 685.918062] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 685.927358] ? fput+0x128/0x1a0 [ 685.927388] ? do_syscall_64+0x8c/0x800 [ 685.927402] ? lockdep_hardirqs_on+0x415/0x5d0 [ 685.927416] ? trace_hardirqs_on+0xbd/0x310 [ 685.927430] ? __ia32_sys_read+0xb0/0xb0 [ 685.935974] ? trace_hardirqs_off_caller+0x300/0x300 [ 685.936011] __x64_sys_renameat+0x9a/0x100 [ 685.936042] do_syscall_64+0x1a3/0x800 [ 685.936060] ? syscall_return_slowpath+0x5f0/0x5f0 [ 685.945714] ? prepare_exit_to_usermode+0x232/0x3b0 [ 685.945735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 685.945757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.945771] RIP: 0033:0x457ec9 [ 685.953005] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 685.953014] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 685.953029] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 685.953039] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 685.953048] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 685.953057] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 685.953066] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) gettid() 18:07:28 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:28 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:28 executing program 1 (fault-call:9 fault-nth:44): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:28 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 688.672545] FAULT_INJECTION: forcing a failure. [ 688.672545] name failslab, interval 1, probability 0, space 0, times 0 [ 688.683876] CPU: 1 PID: 26207 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 688.690747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.700102] Call Trace: [ 688.702722] dump_stack+0x1db/0x2d0 [ 688.706372] ? dump_stack_print_info.cold+0x20/0x20 [ 688.711401] should_fail.cold+0xa/0x15 [ 688.715294] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 688.720440] ? avc_has_perm_noaudit+0x43f/0x630 [ 688.725129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.730696] __should_failslab+0x121/0x190 [ 688.734964] should_failslab+0x9/0x14 [ 688.738777] __kmalloc+0x71/0x740 [ 688.742250] ? context_struct_to_string+0x42d/0x980 [ 688.747284] context_struct_to_string+0x42d/0x980 [ 688.752155] ? get_permissions_callback+0xb0/0xb0 [ 688.757017] security_sid_to_context_core.isra.0+0x244/0x320 [ 688.762829] security_sid_to_context_force+0x38/0x50 [ 688.767953] selinux_inode_getsecurity+0x2c3/0x340 18:07:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:28 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) [ 688.772888] ? has_cap_mac_admin+0xc0/0xc0 [ 688.777126] ? rootid_owns_currentns+0x1d0/0x1d0 [ 688.781915] security_inode_getsecurity+0xb6/0x130 [ 688.786887] vfs_getxattr+0x1db/0x390 [ 688.790708] ? xattr_permission+0x300/0x300 [ 688.795040] ? rcu_read_lock_sched_held+0x110/0x130 [ 688.800067] ? kfree+0x1fa/0x230 [ 688.803454] ovl_copy_xattr+0x2a0/0x470 [ 688.807450] ovl_copy_up_one+0xf0b/0x3060 [ 688.811609] ? mark_held_locks+0x100/0x100 [ 688.815870] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 688.820925] ? mark_held_locks+0x100/0x100 [ 688.825200] ? add_lock_to_list.isra.0+0x450/0x450 [ 688.830142] ? print_usage_bug+0xd0/0xd0 [ 688.834241] ? add_lock_to_list.isra.0+0x450/0x450 [ 688.839196] ? __lock_acquire+0x572/0x4a30 [ 688.843448] ? lockref_get_not_zero+0x70/0x90 [ 688.847965] ? dget_parent+0x1a5/0x680 [ 688.851855] ? find_held_lock+0x35/0x120 [ 688.855929] ? dget_parent+0x1a5/0x680 [ 688.859869] ? ovl_path_real+0x410/0x410 [ 688.863954] ovl_copy_up_flags+0x15a/0x1e0 [ 688.868199] ovl_copy_up+0x18/0x1c 18:07:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 688.871762] ovl_rename+0x29e/0x1ab0 [ 688.875483] ? lock_acquire+0x1db/0x570 [ 688.879506] ? ovl_clear_empty+0x6f0/0x6f0 [ 688.883785] vfs_rename+0x80a/0x1ab0 [ 688.887531] ? lookup_one_len+0x230/0x230 [ 688.891687] ? lock_rename+0xdb/0x290 [ 688.895507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 688.901068] ? security_path_rename+0x185/0x310 [ 688.905750] do_renameat2+0xdf2/0x1120 [ 688.909689] ? user_path_create+0x50/0x50 [ 688.913858] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 688.919415] ? fput+0x128/0x1a0 [ 688.922710] ? do_syscall_64+0x8c/0x800 [ 688.926694] ? lockdep_hardirqs_on+0x415/0x5d0 [ 688.931292] ? trace_hardirqs_on+0xbd/0x310 [ 688.935627] ? __ia32_sys_read+0xb0/0xb0 [ 688.939707] ? trace_hardirqs_off_caller+0x300/0x300 [ 688.944840] __x64_sys_renameat+0x9a/0x100 [ 688.949101] do_syscall_64+0x1a3/0x800 [ 688.953005] ? syscall_return_slowpath+0x5f0/0x5f0 [ 688.957941] ? prepare_exit_to_usermode+0x232/0x3b0 [ 688.962970] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 688.967827] entry_SYSCALL_64_after_hwframe+0x49/0xbe 18:07:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:29 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) [ 688.973032] RIP: 0033:0x457ec9 [ 688.976246] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 688.995162] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 689.002883] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 689.010164] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 689.017436] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 689.024708] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 689.031980] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:31 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:31 executing program 1 (fault-call:9 fault-nth:45): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) 18:07:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 691.767001] FAULT_INJECTION: forcing a failure. [ 691.767001] name failslab, interval 1, probability 0, space 0, times 0 [ 691.794186] CPU: 0 PID: 26257 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 691.801059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.810422] Call Trace: [ 691.813031] dump_stack+0x1db/0x2d0 [ 691.816673] ? dump_stack_print_info.cold+0x20/0x20 [ 691.821698] ? __lock_acquire+0x572/0x4a30 [ 691.825952] should_fail.cold+0xa/0x15 [ 691.829848] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 691.834965] ? ___might_sleep+0x1e7/0x310 [ 691.839121] ? arch_local_save_flags+0x50/0x50 [ 691.843745] __should_failslab+0x121/0x190 [ 691.843764] should_failslab+0x9/0x14 [ 691.843777] kmem_cache_alloc+0x2be/0x710 [ 691.843800] __d_alloc+0xae/0xbe0 [ 691.859440] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 691.864477] ? find_held_lock+0x35/0x120 [ 691.868583] ? mark_held_locks+0x100/0x100 [ 691.872828] ? add_lock_to_list.isra.0+0x450/0x450 [ 691.877765] ? lock_downgrade+0x910/0x910 [ 691.881923] ? kasan_check_read+0x11/0x20 [ 691.886100] d_alloc+0x99/0x420 [ 691.889394] ? avc_has_perm_noaudit+0x418/0x630 [ 691.894089] ? __d_alloc+0xbe0/0xbe0 [ 691.897812] ? avc_has_perm_noaudit+0x418/0x630 [ 691.902490] ? add_lock_to_list.isra.0+0x450/0x450 [ 691.907420] d_alloc_parallel+0x11b/0x1f10 [ 691.911660] ? lock_downgrade+0x910/0x910 [ 691.915802] ? kasan_check_read+0x11/0x20 [ 691.919963] ? __d_lookup+0x560/0x960 [ 691.923756] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 691.929345] ? __d_lookup_rcu+0x990/0x990 [ 691.933529] ? lock_downgrade+0x910/0x910 [ 691.937660] ? kasan_check_read+0x11/0x20 [ 691.941796] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 691.947059] ? rcu_read_unlock_special+0x380/0x380 [ 691.951973] ? lockdep_init_map+0x10c/0x5b0 [ 691.956282] ? lockdep_init_map+0x10c/0x5b0 [ 691.960589] ? __init_waitqueue_head+0x92/0x150 [ 691.965246] ? init_wait_entry+0x1c0/0x1c0 [ 691.969469] ? d_lookup+0x163/0x360 [ 691.973083] __lookup_slow+0x1fa/0x560 [ 691.976954] ? trace_hardirqs_off_caller+0x300/0x300 [ 691.982076] ? vfs_unlink+0x500/0x500 [ 691.985872] ? d_lookup+0x23c/0x360 [ 691.989521] lookup_one_len+0x1de/0x230 [ 691.993477] ? ovl_copy_up_inode.part.0+0x22a/0x5d0 [ 691.998478] ? lookup_one_len_unlocked+0x100/0x100 [ 692.003407] ? ovl_copy_xattr+0x10c/0x470 [ 692.007538] ovl_copy_up_one+0x1089/0x3060 [ 692.011782] ? mark_held_locks+0x100/0x100 [ 692.016009] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 692.021010] ? mark_held_locks+0x100/0x100 [ 692.025229] ? add_lock_to_list.isra.0+0x450/0x450 [ 692.030155] ? print_usage_bug+0xd0/0xd0 [ 692.034205] ? add_lock_to_list.isra.0+0x450/0x450 [ 692.039125] ? __lock_acquire+0x572/0x4a30 [ 692.043374] ? lockref_get_not_zero+0x70/0x90 [ 692.047887] ? dget_parent+0x1a5/0x680 [ 692.051759] ? find_held_lock+0x35/0x120 [ 692.055836] ? dget_parent+0x1a5/0x680 [ 692.059725] ? ovl_path_real+0x410/0x410 [ 692.063785] ovl_copy_up_flags+0x15a/0x1e0 [ 692.068005] ovl_copy_up+0x18/0x1c [ 692.071531] ovl_rename+0x29e/0x1ab0 [ 692.075244] ? lock_acquire+0x1db/0x570 [ 692.079210] ? ovl_clear_empty+0x6f0/0x6f0 [ 692.083501] vfs_rename+0x80a/0x1ab0 [ 692.087216] ? lookup_one_len+0x230/0x230 [ 692.091345] ? lock_rename+0xdb/0x290 [ 692.095138] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.100699] ? security_path_rename+0x185/0x310 [ 692.105473] do_renameat2+0xdf2/0x1120 [ 692.109359] ? user_path_create+0x50/0x50 [ 692.113491] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 692.119010] ? fput+0x128/0x1a0 [ 692.122306] ? do_syscall_64+0x8c/0x800 [ 692.126277] ? lockdep_hardirqs_on+0x415/0x5d0 [ 692.130842] ? trace_hardirqs_on+0xbd/0x310 [ 692.135154] ? __ia32_sys_read+0xb0/0xb0 [ 692.139227] ? trace_hardirqs_off_caller+0x300/0x300 [ 692.144321] __x64_sys_renameat+0x9a/0x100 [ 692.148541] do_syscall_64+0x1a3/0x800 [ 692.152419] ? syscall_return_slowpath+0x5f0/0x5f0 [ 692.157335] ? prepare_exit_to_usermode+0x232/0x3b0 [ 692.162339] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 692.167181] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.172355] RIP: 0033:0x457ec9 [ 692.175535] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 692.194596] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 692.202284] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 692.209568] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 18:07:32 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:32 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:32 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) [ 692.216819] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 692.224092] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 692.231343] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:32 executing program 1 (fault-call:9 fault-nth:46): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 692.450080] FAULT_INJECTION: forcing a failure. [ 692.450080] name failslab, interval 1, probability 0, space 0, times 0 [ 692.462189] CPU: 0 PID: 26285 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 692.469028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.478370] Call Trace: [ 692.480953] dump_stack+0x1db/0x2d0 [ 692.484595] ? dump_stack_print_info.cold+0x20/0x20 [ 692.489601] should_fail.cold+0xa/0x15 [ 692.493474] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 692.498565] ? ___might_sleep+0x1e7/0x310 [ 692.502697] ? arch_local_save_flags+0x50/0x50 [ 692.507269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.512811] ? selinux_is_enabled+0x43/0x60 [ 692.517128] ? creds_are_invalid+0x59/0x150 [ 692.521487] __should_failslab+0x121/0x190 [ 692.525719] should_failslab+0x9/0x14 [ 692.529506] kmem_cache_alloc+0x2be/0x710 [ 692.533637] ? lock_release+0xc40/0xc40 [ 692.537601] prepare_creds+0xa4/0x4e0 [ 692.541395] ? abort_creds+0x290/0x290 [ 692.545293] ? down_write_nested+0x8e/0x130 [ 692.549612] ? lock_rename+0x1ef/0x290 [ 692.553491] ? _down_write_nest_lock+0x130/0x130 [ 692.558276] selinux_inode_copy_up+0x130/0x180 [ 692.562885] security_inode_copy_up+0x71/0xb0 [ 692.567374] ovl_copy_up_one+0xda3/0x3060 [ 692.571517] ? mark_held_locks+0x100/0x100 [ 692.575754] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 692.580757] ? mark_held_locks+0x100/0x100 [ 692.584988] ? add_lock_to_list.isra.0+0x450/0x450 [ 692.589921] ? print_usage_bug+0xd0/0xd0 [ 692.593974] ? add_lock_to_list.isra.0+0x450/0x450 [ 692.598889] ? add_lock_to_list.isra.0+0x450/0x450 [ 692.603816] ? lockref_get_not_zero+0x70/0x90 [ 692.608340] ? dget_parent+0x1a5/0x680 [ 692.612222] ? find_held_lock+0x35/0x120 [ 692.616273] ? dget_parent+0x1a5/0x680 [ 692.620184] ? ovl_path_real+0x410/0x410 [ 692.624249] ovl_copy_up_flags+0x15a/0x1e0 [ 692.628497] ovl_copy_up+0x18/0x1c [ 692.632028] ovl_rename+0x2e5/0x1ab0 [ 692.635733] ? lock_acquire+0x1db/0x570 [ 692.639721] ? ovl_clear_empty+0x6f0/0x6f0 [ 692.643947] vfs_rename+0x80a/0x1ab0 [ 692.647659] ? lookup_one_len+0x230/0x230 [ 692.651808] ? lock_rename+0xdb/0x290 [ 692.655643] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 692.661190] ? security_path_rename+0x185/0x310 [ 692.665853] do_renameat2+0xdf2/0x1120 [ 692.669733] ? user_path_create+0x50/0x50 [ 692.673873] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 692.679406] ? fput+0x128/0x1a0 [ 692.682672] ? do_syscall_64+0x8c/0x800 [ 692.686634] ? lockdep_hardirqs_on+0x415/0x5d0 [ 692.691214] ? trace_hardirqs_on+0xbd/0x310 [ 692.695537] ? __ia32_sys_read+0xb0/0xb0 [ 692.699596] ? trace_hardirqs_off_caller+0x300/0x300 [ 692.704696] __x64_sys_renameat+0x9a/0x100 [ 692.708920] do_syscall_64+0x1a3/0x800 [ 692.712792] ? syscall_return_slowpath+0x5f0/0x5f0 [ 692.717714] ? prepare_exit_to_usermode+0x232/0x3b0 [ 692.722741] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 692.727596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.732801] RIP: 0033:0x457ec9 [ 692.735987] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 692.754876] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 692.762572] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 692.769837] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 692.777094] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 692.784369] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 692.791631] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:34 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:34 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) 18:07:34 executing program 1 (fault-call:9 fault-nth:47): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 694.794004] FAULT_INJECTION: forcing a failure. [ 694.794004] name failslab, interval 1, probability 0, space 0, times 0 [ 694.836778] CPU: 1 PID: 26295 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 694.843637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.853009] Call Trace: [ 694.855621] dump_stack+0x1db/0x2d0 [ 694.859264] ? dump_stack_print_info.cold+0x20/0x20 [ 694.864304] should_fail.cold+0xa/0x15 [ 694.868219] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 694.873351] ? ___might_sleep+0x1e7/0x310 [ 694.877519] ? arch_local_save_flags+0x50/0x50 [ 694.882107] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 694.887672] ? selinux_is_enabled+0x43/0x60 [ 694.892006] ? creds_are_invalid+0x59/0x150 [ 694.896344] __should_failslab+0x121/0x190 [ 694.900584] should_failslab+0x9/0x14 [ 694.900598] kmem_cache_alloc+0x2be/0x710 [ 694.900615] ? lock_release+0xc40/0xc40 [ 694.908569] prepare_creds+0xa4/0x4e0 [ 694.916323] ? abort_creds+0x290/0x290 [ 694.920222] ? down_write_nested+0x8e/0x130 [ 694.924729] ? lock_rename+0x1ef/0x290 [ 694.928629] ? _down_write_nest_lock+0x130/0x130 [ 694.933412] selinux_inode_copy_up+0x130/0x180 [ 694.938009] security_inode_copy_up+0x71/0xb0 [ 694.942522] ovl_copy_up_one+0xda3/0x3060 [ 694.946685] ? mark_held_locks+0x100/0x100 [ 694.950955] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 694.950975] ? mark_held_locks+0x100/0x100 [ 694.950990] ? add_lock_to_list.isra.0+0x450/0x450 [ 694.951005] ? print_usage_bug+0xd0/0xd0 [ 694.960258] ? add_lock_to_list.isra.0+0x450/0x450 [ 694.974186] ? add_lock_to_list.isra.0+0x450/0x450 [ 694.979141] ? lockref_get_not_zero+0x70/0x90 [ 694.983673] ? dget_parent+0x1a5/0x680 [ 694.987574] ? find_held_lock+0x35/0x120 [ 694.991648] ? dget_parent+0x1a5/0x680 [ 694.995607] ? ovl_path_real+0x410/0x410 [ 694.999700] ovl_copy_up_flags+0x15a/0x1e0 [ 695.003980] ovl_copy_up+0x18/0x1c [ 695.007538] ovl_rename+0x2e5/0x1ab0 [ 695.011267] ? lock_acquire+0x1db/0x570 [ 695.015262] ? ovl_clear_empty+0x6f0/0x6f0 [ 695.019523] vfs_rename+0x80a/0x1ab0 [ 695.023255] ? lookup_one_len+0x230/0x230 [ 695.027421] ? lock_rename+0xdb/0x290 [ 695.031273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.036815] ? security_path_rename+0x185/0x310 [ 695.041473] do_renameat2+0xdf2/0x1120 [ 695.045353] ? user_path_create+0x50/0x50 [ 695.049485] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 695.055006] ? fput+0x128/0x1a0 [ 695.058272] ? do_syscall_64+0x8c/0x800 [ 695.062243] ? lockdep_hardirqs_on+0x415/0x5d0 [ 695.066820] ? trace_hardirqs_on+0xbd/0x310 [ 695.071121] ? __ia32_sys_read+0xb0/0xb0 [ 695.075175] ? trace_hardirqs_off_caller+0x300/0x300 [ 695.080263] __x64_sys_renameat+0x9a/0x100 [ 695.084485] do_syscall_64+0x1a3/0x800 [ 695.088357] ? syscall_return_slowpath+0x5f0/0x5f0 [ 695.093271] ? prepare_exit_to_usermode+0x232/0x3b0 [ 695.098274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 695.103105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.108304] RIP: 0033:0x457ec9 [ 695.111484] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.130370] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 695.138060] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 695.145311] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 695.152568] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 695.159941] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 695.167194] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:35 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:35 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:35 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:35 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) 18:07:35 executing program 1 (fault-call:9 fault-nth:48): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:35 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:35 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 695.485667] FAULT_INJECTION: forcing a failure. [ 695.485667] name failslab, interval 1, probability 0, space 0, times 0 18:07:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:35 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) [ 695.527389] CPU: 0 PID: 26322 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 695.534253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.543628] Call Trace: [ 695.546259] dump_stack+0x1db/0x2d0 [ 695.549915] ? dump_stack_print_info.cold+0x20/0x20 [ 695.554955] ? __lock_acquire+0x572/0x4a30 [ 695.559208] should_fail.cold+0xa/0x15 [ 695.563123] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 695.568253] ? ___might_sleep+0x1e7/0x310 [ 695.572413] ? arch_local_save_flags+0x50/0x50 [ 695.577017] __should_failslab+0x121/0x190 [ 695.581260] should_failslab+0x9/0x14 [ 695.585076] kmem_cache_alloc+0x2be/0x710 [ 695.589266] __d_alloc+0xae/0xbe0 [ 695.592733] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 695.597777] ? find_held_lock+0x35/0x120 [ 695.601882] ? mark_held_locks+0x100/0x100 [ 695.606135] ? add_lock_to_list.isra.0+0x450/0x450 [ 695.611121] ? lock_downgrade+0x910/0x910 [ 695.615303] ? kasan_check_read+0x11/0x20 [ 695.619486] d_alloc+0x99/0x420 [ 695.622784] ? avc_has_perm_noaudit+0x418/0x630 [ 695.627477] ? __d_alloc+0xbe0/0xbe0 [ 695.631205] ? avc_has_perm_noaudit+0x418/0x630 [ 695.635880] ? add_lock_to_list.isra.0+0x450/0x450 [ 695.640833] d_alloc_parallel+0x11b/0x1f10 [ 695.645079] ? lock_downgrade+0x910/0x910 [ 695.649243] ? kasan_check_read+0x11/0x20 [ 695.653402] ? __d_lookup+0x560/0x960 [ 695.657224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.662776] ? __d_lookup_rcu+0x990/0x990 [ 695.666943] ? lock_downgrade+0x910/0x910 [ 695.671094] ? kasan_check_read+0x11/0x20 18:07:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 695.671112] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 695.671129] ? rcu_read_unlock_special+0x380/0x380 [ 695.671161] ? lockdep_init_map+0x10c/0x5b0 [ 695.671178] ? lockdep_init_map+0x10c/0x5b0 [ 695.671197] ? __init_waitqueue_head+0x92/0x150 [ 695.671212] ? init_wait_entry+0x1c0/0x1c0 [ 695.671230] ? d_lookup+0x163/0x360 [ 695.706717] __lookup_slow+0x1fa/0x560 [ 695.710633] ? trace_hardirqs_off_caller+0x300/0x300 [ 695.715759] ? vfs_unlink+0x500/0x500 [ 695.719611] ? d_lookup+0x23c/0x360 [ 695.723274] lookup_one_len+0x1de/0x230 [ 695.727262] ? ovl_copy_up_inode.part.0+0x22a/0x5d0 [ 695.732288] ? lookup_one_len_unlocked+0x100/0x100 [ 695.737230] ? ovl_copy_xattr+0x10c/0x470 [ 695.741401] ovl_copy_up_one+0x1089/0x3060 [ 695.745643] ? mark_held_locks+0x100/0x100 [ 695.749910] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 695.754939] ? mark_held_locks+0x100/0x100 [ 695.759227] ? add_lock_to_list.isra.0+0x450/0x450 [ 695.764191] ? print_usage_bug+0xd0/0xd0 [ 695.768266] ? add_lock_to_list.isra.0+0x450/0x450 [ 695.773225] ? __lock_acquire+0x572/0x4a30 [ 695.777472] ? lockref_get_not_zero+0x70/0x90 [ 695.781984] ? dget_parent+0x1a5/0x680 [ 695.785911] ? find_held_lock+0x35/0x120 [ 695.789983] ? dget_parent+0x1a5/0x680 [ 695.793921] ? ovl_path_real+0x410/0x410 [ 695.798006] ovl_copy_up_flags+0x15a/0x1e0 [ 695.802262] ovl_copy_up+0x18/0x1c [ 695.805812] ovl_rename+0x29e/0x1ab0 [ 695.809538] ? lock_acquire+0x1db/0x570 [ 695.813577] ? ovl_clear_empty+0x6f0/0x6f0 [ 695.817836] vfs_rename+0x80a/0x1ab0 [ 695.821634] ? lookup_one_len+0x230/0x230 18:07:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 695.825791] ? lock_rename+0xdb/0x290 [ 695.829617] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 695.835195] ? security_path_rename+0x185/0x310 [ 695.839878] do_renameat2+0xdf2/0x1120 [ 695.843792] ? user_path_create+0x50/0x50 [ 695.847964] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 695.853509] ? fput+0x128/0x1a0 [ 695.856796] ? do_syscall_64+0x8c/0x800 [ 695.860790] ? lockdep_hardirqs_on+0x415/0x5d0 [ 695.865411] ? trace_hardirqs_on+0xbd/0x310 [ 695.869783] ? __ia32_sys_read+0xb0/0xb0 [ 695.873855] ? trace_hardirqs_off_caller+0x300/0x300 [ 695.878985] __x64_sys_renameat+0x9a/0x100 [ 695.883245] do_syscall_64+0x1a3/0x800 [ 695.887160] ? syscall_return_slowpath+0x5f0/0x5f0 [ 695.892164] ? prepare_exit_to_usermode+0x232/0x3b0 [ 695.897200] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 695.902062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.907254] RIP: 0033:0x457ec9 [ 695.910458] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.929379] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 695.937112] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 695.944397] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 695.951665] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 695.958949] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 695.966221] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:38 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) 18:07:38 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:38 executing program 1 (fault-call:9 fault-nth:49): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 698.509223] FAULT_INJECTION: forcing a failure. [ 698.509223] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 698.521073] CPU: 0 PID: 26365 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 698.527912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.537266] Call Trace: [ 698.539895] dump_stack+0x1db/0x2d0 [ 698.543535] ? dump_stack_print_info.cold+0x20/0x20 [ 698.548555] ? lock_downgrade+0x910/0x910 [ 698.552707] ? kasan_check_read+0x11/0x20 18:07:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 698.556866] should_fail.cold+0xa/0x15 [ 698.560766] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 698.565892] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.571467] ? rcu_read_unlock+0x16/0x60 [ 698.575528] ? find_held_lock+0x35/0x120 [ 698.579590] ? rcu_read_unlock+0x16/0x60 [ 698.583665] should_fail_alloc_page+0x50/0x60 [ 698.588183] __alloc_pages_nodemask+0x323/0xdc0 [ 698.592868] ? lock_downgrade+0x910/0x910 [ 698.597014] ? kasan_check_read+0x11/0x20 [ 698.597031] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 698.606461] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 698.611508] ? ___might_sleep+0x1e7/0x310 [ 698.615662] ? trace_hardirqs_off+0xb8/0x310 [ 698.620080] cache_grow_begin+0x9c/0x8c0 [ 698.624170] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 698.629715] ? check_preemption_disabled+0x48/0x290 [ 698.634741] kmem_cache_alloc+0x645/0x710 [ 698.639531] prepare_creds+0xa4/0x4e0 [ 698.643358] ? abort_creds+0x290/0x290 [ 698.647253] ? down_write_nested+0x8e/0x130 [ 698.651610] ? lock_rename+0x1ef/0x290 [ 698.655500] ? _down_write_nest_lock+0x130/0x130 [ 698.660242] selinux_inode_copy_up+0x130/0x180 [ 698.664824] security_inode_copy_up+0x71/0xb0 [ 698.669320] ovl_copy_up_one+0xda3/0x3060 [ 698.673447] ? mark_held_locks+0x100/0x100 [ 698.677687] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 698.682690] ? mark_held_locks+0x100/0x100 [ 698.686905] ? add_lock_to_list.isra.0+0x450/0x450 [ 698.691817] ? print_usage_bug+0xd0/0xd0 [ 698.695877] ? add_lock_to_list.isra.0+0x450/0x450 [ 698.700788] ? add_lock_to_list.isra.0+0x450/0x450 [ 698.705699] ? lockref_get_not_zero+0x70/0x90 [ 698.710193] ? dget_parent+0x1a5/0x680 [ 698.714059] ? find_held_lock+0x35/0x120 [ 698.718100] ? dget_parent+0x1a5/0x680 [ 698.721985] ? ovl_path_real+0x410/0x410 [ 698.726030] ovl_copy_up_flags+0x15a/0x1e0 [ 698.730247] ovl_copy_up+0x18/0x1c [ 698.733784] ovl_rename+0x2e5/0x1ab0 [ 698.737479] ? lock_acquire+0x1db/0x570 [ 698.741438] ? ovl_clear_empty+0x6f0/0x6f0 [ 698.745658] vfs_rename+0x80a/0x1ab0 [ 698.749372] ? lookup_one_len+0x230/0x230 [ 698.753498] ? lock_rename+0xdb/0x290 [ 698.757285] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 698.762822] ? security_path_rename+0x185/0x310 [ 698.767474] do_renameat2+0xdf2/0x1120 [ 698.771363] ? user_path_create+0x50/0x50 [ 698.775497] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 698.781015] ? fput+0x128/0x1a0 [ 698.784309] ? do_syscall_64+0x8c/0x800 [ 698.788276] ? lockdep_hardirqs_on+0x415/0x5d0 [ 698.792853] ? trace_hardirqs_on+0xbd/0x310 [ 698.797158] ? __ia32_sys_read+0xb0/0xb0 [ 698.801204] ? trace_hardirqs_off_caller+0x300/0x300 [ 698.806311] __x64_sys_renameat+0x9a/0x100 [ 698.810531] do_syscall_64+0x1a3/0x800 [ 698.814399] ? syscall_return_slowpath+0x5f0/0x5f0 [ 698.819329] ? prepare_exit_to_usermode+0x232/0x3b0 [ 698.824349] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 698.829194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.834366] RIP: 0033:0x457ec9 [ 698.837544] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:07:39 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:39 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:39 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) [ 698.856426] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 698.864128] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 698.871385] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 698.878647] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 698.885912] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 698.893162] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:39 executing program 1 (fault-call:9 fault-nth:50): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 699.092188] FAULT_INJECTION: forcing a failure. [ 699.092188] name failslab, interval 1, probability 0, space 0, times 0 [ 699.124110] CPU: 0 PID: 26396 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 699.130985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.140337] Call Trace: [ 699.142941] dump_stack+0x1db/0x2d0 [ 699.146611] ? dump_stack_print_info.cold+0x20/0x20 [ 699.151638] ? save_stack+0xa9/0xd0 [ 699.155259] ? kasan_kmalloc+0xcf/0xe0 [ 699.159192] should_fail.cold+0xa/0x15 [ 699.163101] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 699.168226] ? ___might_sleep+0x1e7/0x310 [ 699.172385] ? arch_local_save_flags+0x50/0x50 [ 699.176965] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.182515] __should_failslab+0x121/0x190 [ 699.186759] should_failslab+0x9/0x14 [ 699.190570] __kmalloc_track_caller+0x2d8/0x740 [ 699.195251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.200797] ? refcount_inc_not_zero_checked+0x1d9/0x2e0 [ 699.206238] ? selinux_cred_prepare+0x49/0xb0 [ 699.210726] kmemdup+0x27/0x60 [ 699.213912] selinux_cred_prepare+0x49/0xb0 [ 699.218219] security_prepare_creds+0x7d/0xc0 [ 699.222711] prepare_creds+0x3c4/0x4e0 [ 699.226608] ? abort_creds+0x290/0x290 [ 699.230506] ? down_write_nested+0x8e/0x130 [ 699.234819] ? _down_write_nest_lock+0x130/0x130 [ 699.239558] selinux_inode_copy_up+0x130/0x180 [ 699.244133] security_inode_copy_up+0x71/0xb0 [ 699.248654] ovl_copy_up_one+0xda3/0x3060 [ 699.252832] ? mark_held_locks+0x100/0x100 [ 699.257057] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 699.262097] ? mark_held_locks+0x100/0x100 [ 699.266321] ? add_lock_to_list.isra.0+0x450/0x450 [ 699.271241] ? print_usage_bug+0xd0/0xd0 [ 699.275295] ? add_lock_to_list.isra.0+0x450/0x450 [ 699.280233] ? add_lock_to_list.isra.0+0x450/0x450 [ 699.285179] ? lockref_get_not_zero+0x70/0x90 [ 699.289667] ? dget_parent+0x1a5/0x680 [ 699.293566] ? find_held_lock+0x35/0x120 [ 699.297631] ? dget_parent+0x1a5/0x680 [ 699.301548] ? ovl_path_real+0x410/0x410 [ 699.305601] ovl_copy_up_flags+0x15a/0x1e0 [ 699.309833] ovl_copy_up+0x18/0x1c [ 699.313352] ovl_rename+0x2e5/0x1ab0 [ 699.317048] ? lock_acquire+0x1db/0x570 [ 699.321026] ? ovl_clear_empty+0x6f0/0x6f0 [ 699.325256] vfs_rename+0x80a/0x1ab0 [ 699.328971] ? lookup_one_len+0x230/0x230 [ 699.333099] ? lock_rename+0xdb/0x290 [ 699.336884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 699.342414] ? security_path_rename+0x185/0x310 [ 699.347072] do_renameat2+0xdf2/0x1120 [ 699.350964] ? user_path_create+0x50/0x50 [ 699.355108] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 699.360633] ? fput+0x128/0x1a0 [ 699.363914] ? do_syscall_64+0x8c/0x800 [ 699.367893] ? lockdep_hardirqs_on+0x415/0x5d0 [ 699.372456] ? trace_hardirqs_on+0xbd/0x310 [ 699.376758] ? __ia32_sys_read+0xb0/0xb0 [ 699.380811] ? trace_hardirqs_off_caller+0x300/0x300 [ 699.385918] __x64_sys_renameat+0x9a/0x100 [ 699.390167] do_syscall_64+0x1a3/0x800 [ 699.394179] ? syscall_return_slowpath+0x5f0/0x5f0 [ 699.399119] ? prepare_exit_to_usermode+0x232/0x3b0 [ 699.404163] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 699.409020] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.414194] RIP: 0033:0x457ec9 [ 699.417370] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 699.436257] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 699.443953] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 699.451227] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 699.458500] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 699.465758] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 699.473020] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:41 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:41 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301}, 0x14}}, 0x0) 18:07:41 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) 18:07:41 executing program 1 (fault-call:9 fault-nth:51): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 701.563770] FAULT_INJECTION: forcing a failure. [ 701.563770] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 701.575658] CPU: 1 PID: 26402 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 701.582529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 701.591893] Call Trace: [ 701.594498] dump_stack+0x1db/0x2d0 [ 701.598155] ? dump_stack_print_info.cold+0x20/0x20 [ 701.603204] ? lock_downgrade+0x910/0x910 [ 701.607366] ? kasan_check_read+0x11/0x20 [ 701.611545] should_fail.cold+0xa/0x15 [ 701.615468] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 701.620583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.626149] ? rcu_read_unlock+0x16/0x60 [ 701.630222] ? find_held_lock+0x35/0x120 [ 701.634300] ? rcu_read_unlock+0x16/0x60 [ 701.638378] should_fail_alloc_page+0x50/0x60 [ 701.642879] __alloc_pages_nodemask+0x323/0xdc0 [ 701.647557] ? lock_downgrade+0x910/0x910 [ 701.651714] ? kasan_check_read+0x11/0x20 [ 701.655869] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 18:07:41 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 701.661163] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 701.666210] ? ___might_sleep+0x1e7/0x310 [ 701.670378] ? trace_hardirqs_off+0xb8/0x310 [ 701.674818] cache_grow_begin+0x9c/0x8c0 [ 701.678897] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 701.684447] ? check_preemption_disabled+0x48/0x290 [ 701.689479] kmem_cache_alloc+0x645/0x710 [ 701.693628] ? lock_acquire+0x1db/0x570 [ 701.697608] ? shmem_destroy_callback+0xc0/0xc0 [ 701.702274] shmem_alloc_inode+0x1c/0x50 [ 701.706325] alloc_inode+0x66/0x190 [ 701.709951] new_inode_pseudo+0x71/0x1b0 [ 701.714003] ? prune_icache_sb+0x1c0/0x1c0 [ 701.718261] new_inode+0x1f/0x40 [ 701.721632] shmem_get_inode+0xe1/0x8d0 [ 701.725609] ? may_create+0x25b/0x560 [ 701.729396] ? shmem_encode_fh+0x340/0x340 [ 701.733611] ? selinux_dentry_init_security+0x2e0/0x2e0 [ 701.738965] ? selinux_capable+0x40/0x40 [ 701.743016] ? __sanitizer_cov_trace_cmp4+0xa/0x20 [ 701.748031] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 701.753158] shmem_mknod+0x5a/0x1f0 [ 701.756771] ? selinux_inode_mkdir+0x23/0x30 [ 701.761200] shmem_mkdir+0x29/0x60 [ 701.764741] vfs_mkdir+0x433/0x690 [ 701.768292] ovl_create_real+0x287/0x420 [ 701.772370] ovl_create_temp+0x48/0x60 [ 701.776255] ovl_copy_up_one+0xe4e/0x3060 [ 701.780400] ? mark_held_locks+0x100/0x100 [ 701.784638] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 701.789642] ? mark_held_locks+0x100/0x100 [ 701.793872] ? add_lock_to_list.isra.0+0x450/0x450 [ 701.798796] ? print_usage_bug+0xd0/0xd0 [ 701.802880] ? add_lock_to_list.isra.0+0x450/0x450 [ 701.807833] ? add_lock_to_list.isra.0+0x450/0x450 [ 701.812755] ? lockref_get_not_zero+0x70/0x90 [ 701.817252] ? dget_parent+0x1a5/0x680 [ 701.821135] ? find_held_lock+0x35/0x120 [ 701.825224] ? dget_parent+0x1a5/0x680 [ 701.829147] ? ovl_path_real+0x410/0x410 [ 701.833221] ovl_copy_up_flags+0x15a/0x1e0 [ 701.837458] ovl_copy_up+0x18/0x1c [ 701.840998] ovl_rename+0x2e5/0x1ab0 [ 701.844731] ? lock_acquire+0x1db/0x570 [ 701.848711] ? ovl_clear_empty+0x6f0/0x6f0 [ 701.852941] vfs_rename+0x80a/0x1ab0 [ 701.856665] ? lookup_one_len+0x230/0x230 [ 701.860808] ? lock_rename+0xdb/0x290 [ 701.864599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 701.870122] ? security_path_rename+0x185/0x310 [ 701.874801] do_renameat2+0xdf2/0x1120 [ 701.878695] ? user_path_create+0x50/0x50 [ 701.882891] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 701.888422] ? fput+0x128/0x1a0 [ 701.891688] ? do_syscall_64+0x8c/0x800 [ 701.895643] ? lockdep_hardirqs_on+0x415/0x5d0 [ 701.900233] ? trace_hardirqs_on+0xbd/0x310 [ 701.904561] ? __ia32_sys_read+0xb0/0xb0 [ 701.908727] ? trace_hardirqs_off_caller+0x300/0x300 [ 701.913816] __x64_sys_renameat+0x9a/0x100 [ 701.918051] do_syscall_64+0x1a3/0x800 [ 701.921938] ? syscall_return_slowpath+0x5f0/0x5f0 [ 701.926852] ? prepare_exit_to_usermode+0x232/0x3b0 [ 701.931885] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 701.936728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.941900] RIP: 0033:0x457ec9 [ 701.945076] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:07:42 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0xc0, r1, 0x301}, 0x14}}, 0x0) 18:07:42 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 701.963960] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 701.971645] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 701.978904] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 701.986173] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 701.993433] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 702.000718] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:42 executing program 1 (fault-call:9 fault-nth:52): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0xec0, r1, 0x301}, 0x14}}, 0x0) 18:07:42 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 702.177109] FAULT_INJECTION: forcing a failure. [ 702.177109] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 702.189433] CPU: 1 PID: 26432 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 702.196272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.205665] Call Trace: [ 702.208271] dump_stack+0x1db/0x2d0 [ 702.211923] ? dump_stack_print_info.cold+0x20/0x20 [ 702.216948] ? lock_downgrade+0x910/0x910 [ 702.221108] ? kasan_check_read+0x11/0x20 [ 702.225244] should_fail.cold+0xa/0x15 [ 702.229165] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 702.234257] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.239800] ? rcu_read_unlock+0x16/0x60 [ 702.243852] ? find_held_lock+0x35/0x120 [ 702.247899] ? rcu_read_unlock+0x16/0x60 [ 702.251957] should_fail_alloc_page+0x50/0x60 [ 702.256439] __alloc_pages_nodemask+0x323/0xdc0 [ 702.261092] ? lock_downgrade+0x910/0x910 [ 702.265230] ? kasan_check_read+0x11/0x20 [ 702.269366] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 702.274631] ? __alloc_pages_slowpath+0x2cc0/0x2cc0 [ 702.279643] ? ___might_sleep+0x1e7/0x310 [ 702.283779] ? trace_hardirqs_off+0xb8/0x310 [ 702.288178] cache_grow_begin+0x9c/0x8c0 [ 702.292242] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 702.297781] ? check_preemption_disabled+0x48/0x290 [ 702.302786] kmem_cache_alloc+0x645/0x710 [ 702.306922] ? lock_acquire+0x1db/0x570 [ 702.310909] ? shmem_destroy_callback+0xc0/0xc0 [ 702.315562] shmem_alloc_inode+0x1c/0x50 [ 702.319609] alloc_inode+0x66/0x190 [ 702.323222] new_inode_pseudo+0x71/0x1b0 [ 702.327270] ? prune_icache_sb+0x1c0/0x1c0 [ 702.331495] new_inode+0x1f/0x40 [ 702.334845] shmem_get_inode+0xe1/0x8d0 [ 702.338800] ? may_create+0x25b/0x560 [ 702.342582] ? shmem_encode_fh+0x340/0x340 [ 702.346797] ? selinux_dentry_init_security+0x2e0/0x2e0 [ 702.352150] ? selinux_capable+0x40/0x40 [ 702.356201] ? __sanitizer_cov_trace_cmp4+0xa/0x20 [ 702.361114] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 702.366217] shmem_mknod+0x5a/0x1f0 [ 702.369827] ? selinux_inode_mkdir+0x23/0x30 [ 702.374237] shmem_mkdir+0x29/0x60 [ 702.377773] vfs_mkdir+0x433/0x690 [ 702.381301] ovl_create_real+0x287/0x420 [ 702.385357] ovl_create_temp+0x48/0x60 [ 702.389234] ovl_copy_up_one+0xe4e/0x3060 [ 702.393374] ? mark_held_locks+0x100/0x100 [ 702.397601] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 702.402605] ? mark_held_locks+0x100/0x100 [ 702.406825] ? add_lock_to_list.isra.0+0x450/0x450 [ 702.411752] ? print_usage_bug+0xd0/0xd0 [ 702.415794] ? add_lock_to_list.isra.0+0x450/0x450 [ 702.420706] ? add_lock_to_list.isra.0+0x450/0x450 [ 702.425622] ? lockref_get_not_zero+0x70/0x90 [ 702.430104] ? dget_parent+0x1a5/0x680 [ 702.434003] ? find_held_lock+0x35/0x120 [ 702.438050] ? dget_parent+0x1a5/0x680 [ 702.441946] ? ovl_path_real+0x410/0x410 [ 702.445994] ovl_copy_up_flags+0x15a/0x1e0 [ 702.450215] ovl_copy_up+0x18/0x1c [ 702.453740] ovl_rename+0x2e5/0x1ab0 [ 702.457479] ? lock_acquire+0x1db/0x570 [ 702.461443] ? ovl_clear_empty+0x6f0/0x6f0 [ 702.465677] vfs_rename+0x80a/0x1ab0 [ 702.469401] ? lookup_one_len+0x230/0x230 [ 702.473531] ? lock_rename+0xdb/0x290 [ 702.477324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 702.482846] ? security_path_rename+0x185/0x310 [ 702.487502] do_renameat2+0xdf2/0x1120 [ 702.491392] ? user_path_create+0x50/0x50 [ 702.495543] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 702.501076] ? fput+0x128/0x1a0 [ 702.504344] ? do_syscall_64+0x8c/0x800 [ 702.508309] ? lockdep_hardirqs_on+0x415/0x5d0 [ 702.512876] ? trace_hardirqs_on+0xbd/0x310 [ 702.517178] ? __ia32_sys_read+0xb0/0xb0 [ 702.521245] ? trace_hardirqs_off_caller+0x300/0x300 [ 702.526336] __x64_sys_renameat+0x9a/0x100 [ 702.530556] do_syscall_64+0x1a3/0x800 [ 702.534453] ? syscall_return_slowpath+0x5f0/0x5f0 [ 702.539390] ? prepare_exit_to_usermode+0x232/0x3b0 [ 702.544395] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 702.549241] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.554428] RIP: 0033:0x457ec9 [ 702.557609] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 702.576505] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 702.584220] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 702.591472] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 702.598722] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 702.605980] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 702.613260] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:44 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:44 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0xf, r1, 0x301}, 0x14}}, 0x0) 18:07:44 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) 18:07:44 executing program 1 (fault-call:9 fault-nth:53): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:44 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) [ 704.625926] FAULT_INJECTION: forcing a failure. [ 704.625926] name failslab, interval 1, probability 0, space 0, times 0 [ 704.637420] CPU: 1 PID: 26447 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 704.644268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.653622] Call Trace: [ 704.656225] dump_stack+0x1db/0x2d0 [ 704.659872] ? dump_stack_print_info.cold+0x20/0x20 [ 704.664906] should_fail.cold+0xa/0x15 [ 704.668807] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 704.673924] ? mark_held_locks+0x100/0x100 [ 704.678195] ? mark_held_locks+0x100/0x100 [ 704.682455] ? __lock_is_held+0xb6/0x140 [ 704.686533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.692090] __should_failslab+0x121/0x190 [ 704.696336] should_failslab+0x9/0x14 [ 704.700151] __kmalloc+0x71/0x740 [ 704.703623] ? context_struct_to_string+0x42d/0x980 [ 704.708694] context_struct_to_string+0x42d/0x980 [ 704.713557] ? get_permissions_callback+0xb0/0xb0 [ 704.718450] security_sid_to_context_core.isra.0+0x244/0x320 [ 704.724263] security_sid_to_context_force+0x38/0x50 [ 704.729380] selinux_inode_init_security+0x3f7/0x870 [ 704.734524] ? selinux_inode_create+0x30/0x30 [ 704.739103] ? set_posix_acl+0x2f0/0x2f0 [ 704.743197] ? lockdep_init_map+0x10c/0x5b0 [ 704.747537] security_inode_init_security+0x1b3/0x430 [ 704.752729] ? shmem_tmpfile+0x120/0x120 [ 704.756774] ? unregister_lsm_notifier+0x30/0x30 [ 704.761522] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 704.766622] shmem_mknod+0xc9/0x1f0 [ 704.770231] ? selinux_inode_mkdir+0x23/0x30 [ 704.774644] shmem_mkdir+0x29/0x60 [ 704.778205] vfs_mkdir+0x433/0x690 [ 704.781743] ovl_create_real+0x287/0x420 [ 704.785798] ovl_create_temp+0x48/0x60 [ 704.789682] ovl_copy_up_one+0xe4e/0x3060 [ 704.793819] ? mark_held_locks+0x100/0x100 [ 704.798058] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 704.803067] ? mark_held_locks+0x100/0x100 [ 704.807294] ? add_lock_to_list.isra.0+0x450/0x450 [ 704.812237] ? print_usage_bug+0xd0/0xd0 [ 704.816286] ? add_lock_to_list.isra.0+0x450/0x450 [ 704.821272] ? add_lock_to_list.isra.0+0x450/0x450 [ 704.826194] ? lockref_get_not_zero+0x70/0x90 [ 704.830679] ? dget_parent+0x1a5/0x680 [ 704.834552] ? find_held_lock+0x35/0x120 [ 704.838598] ? dget_parent+0x1a5/0x680 [ 704.842510] ? ovl_path_real+0x410/0x410 [ 704.846573] ovl_copy_up_flags+0x15a/0x1e0 [ 704.850800] ovl_copy_up+0x18/0x1c [ 704.854323] ovl_rename+0x2e5/0x1ab0 [ 704.858022] ? lock_acquire+0x1db/0x570 [ 704.861998] ? ovl_clear_empty+0x6f0/0x6f0 [ 704.866232] vfs_rename+0x80a/0x1ab0 [ 704.869949] ? lookup_one_len+0x230/0x230 [ 704.874083] ? lock_rename+0xdb/0x290 [ 704.877905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 704.883446] ? security_path_rename+0x185/0x310 [ 704.888122] do_renameat2+0xdf2/0x1120 [ 704.892033] ? user_path_create+0x50/0x50 [ 704.896174] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 704.901704] ? fput+0x128/0x1a0 [ 704.904995] ? do_syscall_64+0x8c/0x800 [ 704.908960] ? lockdep_hardirqs_on+0x415/0x5d0 [ 704.913529] ? trace_hardirqs_on+0xbd/0x310 [ 704.917837] ? __ia32_sys_read+0xb0/0xb0 [ 704.921895] ? trace_hardirqs_off_caller+0x300/0x300 [ 704.926989] __x64_sys_renameat+0x9a/0x100 [ 704.931212] do_syscall_64+0x1a3/0x800 [ 704.935085] ? syscall_return_slowpath+0x5f0/0x5f0 [ 704.940024] ? prepare_exit_to_usermode+0x232/0x3b0 [ 704.945099] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 704.949945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.955117] RIP: 0033:0x457ec9 [ 704.958318] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 704.977207] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 704.984913] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 704.992167] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 704.999491] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 705.006751] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 705.014022] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:45 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:45 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0xfffffdef, r1, 0x301}, 0x14}}, 0x0) 18:07:45 executing program 1 (fault-call:9 fault-nth:54): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x20000214, r1, 0x301}, 0x14}}, 0x0) 18:07:45 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 705.154662] FAULT_INJECTION: forcing a failure. [ 705.154662] name failslab, interval 1, probability 0, space 0, times 0 [ 705.187580] CPU: 1 PID: 26466 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 705.194437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.203788] Call Trace: [ 705.206390] dump_stack+0x1db/0x2d0 [ 705.210032] ? dump_stack_print_info.cold+0x20/0x20 [ 705.215081] ? find_held_lock+0x35/0x120 [ 705.219181] ? security_sid_to_context_core.isra.0+0x272/0x320 [ 705.225172] should_fail.cold+0xa/0x15 [ 705.229070] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 705.234193] ? ___might_sleep+0x1e7/0x310 [ 705.238349] ? arch_local_save_flags+0x50/0x50 [ 705.242937] ? kasan_check_write+0x14/0x20 [ 705.247184] ? do_raw_read_unlock+0x3f/0x70 [ 705.251508] ? _raw_read_unlock+0x2d/0x50 [ 705.255679] __should_failslab+0x121/0x190 [ 705.259926] should_failslab+0x9/0x14 [ 705.263733] __kmalloc+0x2dc/0x740 [ 705.267307] ? selinux_inode_init_security+0x4ac/0x870 [ 705.272595] ? simple_xattr_alloc+0x3e/0xb0 [ 705.276930] simple_xattr_alloc+0x3e/0xb0 [ 705.281093] shmem_initxattrs+0xfc/0x1f0 [ 705.285181] security_inode_init_security+0x32f/0x430 [ 705.290396] ? shmem_tmpfile+0x120/0x120 [ 705.294502] ? unregister_lsm_notifier+0x30/0x30 [ 705.299344] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 705.304470] shmem_mknod+0xc9/0x1f0 [ 705.308081] ? selinux_inode_mkdir+0x23/0x30 [ 705.312504] shmem_mkdir+0x29/0x60 [ 705.316061] vfs_mkdir+0x433/0x690 [ 705.319584] ovl_create_real+0x287/0x420 [ 705.323629] ovl_create_temp+0x48/0x60 [ 705.327502] ovl_copy_up_one+0xe4e/0x3060 [ 705.331632] ? mark_held_locks+0x100/0x100 [ 705.335873] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 705.340881] ? mark_held_locks+0x100/0x100 [ 705.345099] ? add_lock_to_list.isra.0+0x450/0x450 [ 705.350033] ? print_usage_bug+0xd0/0xd0 [ 705.354100] ? add_lock_to_list.isra.0+0x450/0x450 [ 705.359042] ? add_lock_to_list.isra.0+0x450/0x450 [ 705.363981] ? lockref_get_not_zero+0x70/0x90 [ 705.368463] ? dget_parent+0x1a5/0x680 [ 705.372334] ? find_held_lock+0x35/0x120 [ 705.376377] ? dget_parent+0x1a5/0x680 [ 705.380268] ? ovl_path_real+0x410/0x410 [ 705.384335] ovl_copy_up_flags+0x15a/0x1e0 [ 705.388556] ovl_copy_up+0x18/0x1c [ 705.392080] ovl_rename+0x2e5/0x1ab0 [ 705.395798] ? lock_acquire+0x1db/0x570 [ 705.399779] ? ovl_clear_empty+0x6f0/0x6f0 [ 705.404016] vfs_rename+0x80a/0x1ab0 [ 705.407750] ? lookup_one_len+0x230/0x230 [ 705.411881] ? lock_rename+0xdb/0x290 [ 705.415675] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 705.421206] ? security_path_rename+0x185/0x310 [ 705.425892] do_renameat2+0xdf2/0x1120 [ 705.429795] ? user_path_create+0x50/0x50 [ 705.433929] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 705.439474] ? fput+0x128/0x1a0 [ 705.442749] ? do_syscall_64+0x8c/0x800 [ 705.446706] ? lockdep_hardirqs_on+0x415/0x5d0 [ 705.451282] ? trace_hardirqs_on+0xbd/0x310 [ 705.455619] ? __ia32_sys_read+0xb0/0xb0 [ 705.459669] ? trace_hardirqs_off_caller+0x300/0x300 [ 705.464757] __x64_sys_renameat+0x9a/0x100 [ 705.468985] do_syscall_64+0x1a3/0x800 [ 705.472870] ? syscall_return_slowpath+0x5f0/0x5f0 [ 705.477782] ? prepare_exit_to_usermode+0x232/0x3b0 [ 705.482787] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 705.487624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.492800] RIP: 0033:0x457ec9 [ 705.495997] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 705.514878] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 705.522571] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 705.529821] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 705.537081] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 705.544358] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 705.551610] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:47 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x7ffff000, r1, 0x301}, 0x14}}, 0x0) 18:07:47 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:47 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) 18:07:47 executing program 1 (fault-call:9 fault-nth:55): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 707.709807] FAULT_INJECTION: forcing a failure. [ 707.709807] name failslab, interval 1, probability 0, space 0, times 0 [ 707.729534] CPU: 1 PID: 26489 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 707.736389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.745740] Call Trace: [ 707.748340] dump_stack+0x1db/0x2d0 [ 707.751986] ? dump_stack_print_info.cold+0x20/0x20 [ 707.757009] ? lock_acquire+0x1db/0x570 [ 707.760997] should_fail.cold+0xa/0x15 [ 707.764887] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 707.769979] ? ___might_sleep+0x1e7/0x310 [ 707.774129] ? arch_local_save_flags+0x50/0x50 [ 707.778727] ? simple_xattr_set+0x7d0/0x7d0 [ 707.783041] __should_failslab+0x121/0x190 [ 707.787264] should_failslab+0x9/0x14 [ 707.791064] __kmalloc+0x2dc/0x740 [ 707.794623] ? shmem_listxattr+0x45/0x60 [ 707.798679] ? shmem_initxattrs+0x1f0/0x1f0 [ 707.802986] ? ovl_copy_xattr+0x177/0x470 [ 707.807124] ovl_copy_xattr+0x177/0x470 [ 707.811114] ovl_copy_up_one+0xf0b/0x3060 [ 707.815331] ? mark_held_locks+0x100/0x100 [ 707.819566] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 707.824567] ? mark_held_locks+0x100/0x100 [ 707.828788] ? add_lock_to_list.isra.0+0x450/0x450 [ 707.833713] ? print_usage_bug+0xd0/0xd0 [ 707.837803] ? add_lock_to_list.isra.0+0x450/0x450 [ 707.842746] ? add_lock_to_list.isra.0+0x450/0x450 [ 707.847704] ? lockref_get_not_zero+0x70/0x90 [ 707.852206] ? dget_parent+0x1a5/0x680 [ 707.856094] ? find_held_lock+0x35/0x120 [ 707.860171] ? dget_parent+0x1a5/0x680 [ 707.864086] ? ovl_path_real+0x410/0x410 [ 707.868166] ovl_copy_up_flags+0x15a/0x1e0 [ 707.872406] ovl_copy_up+0x18/0x1c [ 707.875954] ovl_rename+0x2e5/0x1ab0 [ 707.879679] ? lock_acquire+0x1db/0x570 [ 707.883671] ? ovl_clear_empty+0x6f0/0x6f0 [ 707.887895] vfs_rename+0x80a/0x1ab0 [ 707.891614] ? lookup_one_len+0x230/0x230 [ 707.895761] ? lock_rename+0xdb/0x290 [ 707.899563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 707.905084] ? security_path_rename+0x185/0x310 [ 707.909754] do_renameat2+0xdf2/0x1120 [ 707.913675] ? user_path_create+0x50/0x50 [ 707.917838] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 707.923361] ? fput+0x128/0x1a0 [ 707.926651] ? do_syscall_64+0x8c/0x800 [ 707.930654] ? lockdep_hardirqs_on+0x415/0x5d0 [ 707.935243] ? trace_hardirqs_on+0xbd/0x310 [ 707.939557] ? __ia32_sys_read+0xb0/0xb0 [ 707.943601] ? trace_hardirqs_off_caller+0x300/0x300 [ 707.948705] __x64_sys_renameat+0x9a/0x100 [ 707.952972] do_syscall_64+0x1a3/0x800 [ 707.956853] ? syscall_return_slowpath+0x5f0/0x5f0 [ 707.961766] ? prepare_exit_to_usermode+0x232/0x3b0 [ 707.966766] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 707.971607] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.976803] RIP: 0033:0x457ec9 [ 707.980030] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 707.998913] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 18:07:48 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 708.006672] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 708.013929] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 708.021203] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 708.028454] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 708.035713] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:48 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x33fe0, r1, 0x301}, 0x14}}, 0x0) 18:07:48 executing program 1 (fault-call:9 fault-nth:56): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:48 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 708.252085] FAULT_INJECTION: forcing a failure. [ 708.252085] name failslab, interval 1, probability 0, space 0, times 0 [ 708.263586] CPU: 0 PID: 26510 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 708.270467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.279820] Call Trace: [ 708.282418] dump_stack+0x1db/0x2d0 [ 708.286076] ? dump_stack_print_info.cold+0x20/0x20 [ 708.291110] should_fail.cold+0xa/0x15 [ 708.295055] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 708.300186] ? avc_has_perm_noaudit+0x43f/0x630 [ 708.304886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.310464] __should_failslab+0x121/0x190 [ 708.314705] should_failslab+0x9/0x14 [ 708.318519] __kmalloc+0x71/0x740 [ 708.321987] ? context_struct_to_string+0x42d/0x980 [ 708.327098] context_struct_to_string+0x42d/0x980 [ 708.331973] ? get_permissions_callback+0xb0/0xb0 [ 708.336835] security_sid_to_context_core.isra.0+0x244/0x320 [ 708.342643] security_sid_to_context_force+0x38/0x50 [ 708.347755] selinux_inode_getsecurity+0x2c3/0x340 18:07:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x302}, 0x14}}, 0x0) 18:07:48 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 708.352696] ? has_cap_mac_admin+0xc0/0xc0 [ 708.356948] ? rootid_owns_currentns+0x1d0/0x1d0 [ 708.361721] ? _raw_spin_unlock+0x2d/0x50 [ 708.365876] ? simple_xattr_list+0x339/0x410 [ 708.370299] security_inode_getsecurity+0xb6/0x130 [ 708.375267] vfs_getxattr+0x2ae/0x390 [ 708.379079] ? xattr_permission+0x300/0x300 [ 708.383399] ? shmem_listxattr+0x45/0x60 [ 708.383412] ? shmem_initxattrs+0x1f0/0x1f0 [ 708.383433] ovl_copy_xattr+0x2a0/0x470 [ 708.383454] ovl_copy_up_one+0xf0b/0x3060 [ 708.383470] ? mark_held_locks+0x100/0x100 [ 708.404125] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 708.409179] ? mark_held_locks+0x100/0x100 [ 708.413432] ? add_lock_to_list.isra.0+0x450/0x450 [ 708.418359] ? add_lock_to_list.isra.0+0x450/0x450 [ 708.423297] ? add_lock_to_list.isra.0+0x450/0x450 [ 708.428215] ? lockref_get_not_zero+0x70/0x90 [ 708.432698] ? dget_parent+0x1a5/0x680 [ 708.436585] ? find_held_lock+0x35/0x120 [ 708.440640] ? dget_parent+0x1a5/0x680 [ 708.444530] ? ovl_path_real+0x410/0x410 [ 708.448581] ovl_copy_up_flags+0x15a/0x1e0 [ 708.452816] ovl_copy_up+0x18/0x1c [ 708.456364] ovl_rename+0x2e5/0x1ab0 [ 708.460059] ? lock_acquire+0x1db/0x570 [ 708.464023] ? ovl_clear_empty+0x6f0/0x6f0 [ 708.468248] vfs_rename+0x80a/0x1ab0 [ 708.471951] ? lookup_one_len+0x230/0x230 [ 708.476094] ? lock_rename+0xdb/0x290 [ 708.479895] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 708.485429] ? security_path_rename+0x185/0x310 [ 708.490129] do_renameat2+0xdf2/0x1120 [ 708.494060] ? user_path_create+0x50/0x50 [ 708.498234] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 708.503779] ? fput+0x128/0x1a0 [ 708.507069] ? do_syscall_64+0x8c/0x800 [ 708.511044] ? lockdep_hardirqs_on+0x415/0x5d0 [ 708.511060] ? trace_hardirqs_on+0xbd/0x310 [ 708.511074] ? __ia32_sys_read+0xb0/0xb0 [ 708.511090] ? trace_hardirqs_off_caller+0x300/0x300 [ 708.511112] __x64_sys_renameat+0x9a/0x100 [ 708.533404] do_syscall_64+0x1a3/0x800 [ 708.537348] ? syscall_return_slowpath+0x5f0/0x5f0 [ 708.542303] ? prepare_exit_to_usermode+0x232/0x3b0 [ 708.547338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 708.552195] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.557386] RIP: 0033:0x457ec9 [ 708.560575] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 708.579457] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 708.587156] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 708.594418] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 708.601687] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 708.608943] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 708.616204] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:50 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x315}, 0x14}}, 0x0) 18:07:50 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:50 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:07:50 executing program 1 (fault-call:9 fault-nth:57): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 710.795877] FAULT_INJECTION: forcing a failure. [ 710.795877] name failslab, interval 1, probability 0, space 0, times 0 [ 710.807418] CPU: 1 PID: 26535 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 710.814284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 710.823638] Call Trace: [ 710.826256] dump_stack+0x1db/0x2d0 [ 710.829903] ? dump_stack_print_info.cold+0x20/0x20 [ 710.834956] should_fail.cold+0xa/0x15 [ 710.838855] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 710.843976] ? avc_has_perm_noaudit+0x43f/0x630 [ 710.848688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 710.854247] __should_failslab+0x121/0x190 [ 710.858494] should_failslab+0x9/0x14 [ 710.862330] __kmalloc+0x71/0x740 [ 710.865802] ? context_struct_to_string+0x42d/0x980 [ 710.870834] context_struct_to_string+0x42d/0x980 [ 710.875714] ? get_permissions_callback+0xb0/0xb0 [ 710.880594] security_sid_to_context_core.isra.0+0x244/0x320 [ 710.886420] security_sid_to_context_force+0x38/0x50 [ 710.891526] selinux_inode_getsecurity+0x2c3/0x340 18:07:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x308}, 0x14}}, 0x0) [ 710.891545] ? has_cap_mac_admin+0xc0/0xc0 [ 710.891559] ? rootid_owns_currentns+0x1d0/0x1d0 [ 710.891580] ? _raw_spin_unlock+0x2d/0x50 [ 710.909615] ? simple_xattr_list+0x339/0x410 [ 710.914058] security_inode_getsecurity+0xb6/0x130 [ 710.919007] vfs_getxattr+0x2ae/0x390 [ 710.922845] ? xattr_permission+0x300/0x300 [ 710.927221] ? shmem_listxattr+0x45/0x60 [ 710.931293] ? shmem_initxattrs+0x1f0/0x1f0 [ 710.935620] ovl_copy_xattr+0x2a0/0x470 [ 710.939586] ovl_copy_up_one+0xf0b/0x3060 [ 710.943725] ? mark_held_locks+0x100/0x100 [ 710.947970] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 710.952986] ? mark_held_locks+0x100/0x100 [ 710.957211] ? add_lock_to_list.isra.0+0x450/0x450 [ 710.962122] ? print_usage_bug+0xd0/0xd0 [ 710.966188] ? add_lock_to_list.isra.0+0x450/0x450 [ 710.971113] ? add_lock_to_list.isra.0+0x450/0x450 [ 710.976038] ? lockref_get_not_zero+0x70/0x90 [ 710.980538] ? dget_parent+0x1a5/0x680 [ 710.984446] ? find_held_lock+0x35/0x120 [ 710.988520] ? dget_parent+0x1a5/0x680 [ 710.992415] ? ovl_path_real+0x410/0x410 [ 710.996467] ovl_copy_up_flags+0x15a/0x1e0 [ 711.000704] ovl_copy_up+0x18/0x1c [ 711.004230] ovl_rename+0x2e5/0x1ab0 [ 711.007937] ? lock_acquire+0x1db/0x570 [ 711.011931] ? ovl_clear_empty+0x6f0/0x6f0 [ 711.016205] vfs_rename+0x80a/0x1ab0 [ 711.019928] ? lookup_one_len+0x230/0x230 [ 711.024071] ? lock_rename+0xdb/0x290 [ 711.027862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.033383] ? security_path_rename+0x185/0x310 [ 711.038039] do_renameat2+0xdf2/0x1120 [ 711.041953] ? user_path_create+0x50/0x50 [ 711.046104] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 711.051626] ? fput+0x128/0x1a0 [ 711.054899] ? do_syscall_64+0x8c/0x800 [ 711.058877] ? lockdep_hardirqs_on+0x415/0x5d0 [ 711.063457] ? trace_hardirqs_on+0xbd/0x310 [ 711.067764] ? __ia32_sys_read+0xb0/0xb0 [ 711.071809] ? trace_hardirqs_off_caller+0x300/0x300 [ 711.076911] __x64_sys_renameat+0x9a/0x100 [ 711.081155] do_syscall_64+0x1a3/0x800 [ 711.085030] ? syscall_return_slowpath+0x5f0/0x5f0 [ 711.089949] ? prepare_exit_to_usermode+0x232/0x3b0 [ 711.094951] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 711.099810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 711.105093] RIP: 0033:0x457ec9 [ 711.108296] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 711.127188] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 711.134905] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 711.142163] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 711.149429] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 711.156695] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 711.164071] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:51 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x7ab}, 0x14}}, 0x0) 18:07:51 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:51 executing program 1 (fault-call:9 fault-nth:58): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:51 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x8}, 0x14}}, 0x0) [ 711.331673] FAULT_INJECTION: forcing a failure. [ 711.331673] name failslab, interval 1, probability 0, space 0, times 0 [ 711.355356] CPU: 1 PID: 26551 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 711.362229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.371579] Call Trace: [ 711.374184] dump_stack+0x1db/0x2d0 [ 711.377831] ? dump_stack_print_info.cold+0x20/0x20 [ 711.382858] ? lock_acquire+0x1db/0x570 [ 711.386847] should_fail.cold+0xa/0x15 [ 711.390747] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 711.395864] ? ___might_sleep+0x1e7/0x310 [ 711.400033] ? arch_local_save_flags+0x50/0x50 [ 711.404656] ? simple_xattr_set+0x7d0/0x7d0 [ 711.408993] __should_failslab+0x121/0x190 [ 711.413246] should_failslab+0x9/0x14 [ 711.417065] __kmalloc+0x2dc/0x740 [ 711.420609] ? shmem_listxattr+0x45/0x60 [ 711.424696] ? shmem_initxattrs+0x1f0/0x1f0 [ 711.429039] ? ovl_copy_xattr+0x177/0x470 [ 711.433194] ovl_copy_xattr+0x177/0x470 [ 711.437182] ovl_copy_up_one+0xf0b/0x3060 [ 711.441369] ? mark_held_locks+0x100/0x100 [ 711.445668] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 711.450698] ? mark_held_locks+0x100/0x100 [ 711.454942] ? add_lock_to_list.isra.0+0x450/0x450 [ 711.459894] ? print_usage_bug+0xd0/0xd0 [ 711.463987] ? add_lock_to_list.isra.0+0x450/0x450 [ 711.468921] ? add_lock_to_list.isra.0+0x450/0x450 [ 711.473861] ? lockref_get_not_zero+0x70/0x90 [ 711.478368] ? dget_parent+0x1a5/0x680 [ 711.482263] ? find_held_lock+0x35/0x120 [ 711.486335] ? dget_parent+0x1a5/0x680 [ 711.490270] ? ovl_path_real+0x410/0x410 [ 711.494350] ovl_copy_up_flags+0x15a/0x1e0 [ 711.498601] ovl_copy_up+0x18/0x1c [ 711.502160] ovl_rename+0x2e5/0x1ab0 [ 711.505878] ? lock_acquire+0x1db/0x570 [ 711.509887] ? ovl_clear_empty+0x6f0/0x6f0 [ 711.514115] vfs_rename+0x80a/0x1ab0 [ 711.517857] ? lookup_one_len+0x230/0x230 [ 711.521992] ? lock_rename+0xdb/0x290 [ 711.525816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 711.531367] ? security_path_rename+0x185/0x310 [ 711.536039] do_renameat2+0xdf2/0x1120 [ 711.539974] ? user_path_create+0x50/0x50 [ 711.544133] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 711.549715] ? fput+0x128/0x1a0 [ 711.553005] ? do_syscall_64+0x8c/0x800 [ 711.556983] ? lockdep_hardirqs_on+0x415/0x5d0 [ 711.561570] ? trace_hardirqs_on+0xbd/0x310 [ 711.565882] ? __ia32_sys_read+0xb0/0xb0 [ 711.569935] ? trace_hardirqs_off_caller+0x300/0x300 [ 711.575034] __x64_sys_renameat+0x9a/0x100 [ 711.579299] do_syscall_64+0x1a3/0x800 [ 711.583176] ? syscall_return_slowpath+0x5f0/0x5f0 [ 711.588107] ? prepare_exit_to_usermode+0x232/0x3b0 [ 711.593110] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 711.597959] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 711.603149] RIP: 0033:0x457ec9 [ 711.606324] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 711.625223] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 711.632910] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 711.640177] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 711.647446] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 711.654698] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 711.661948] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:53 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf00000000000000}, 0x14}}, 0x0) 18:07:53 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:53 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) 18:07:53 executing program 1 (fault-call:9 fault-nth:59): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 713.848329] FAULT_INJECTION: forcing a failure. [ 713.848329] name failslab, interval 1, probability 0, space 0, times 0 [ 713.860237] CPU: 0 PID: 26575 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 713.867107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.876483] Call Trace: [ 713.879085] dump_stack+0x1db/0x2d0 [ 713.882729] ? dump_stack_print_info.cold+0x20/0x20 [ 713.887751] ? __x64_sys_renameat+0x9a/0x100 [ 713.892178] ? do_syscall_64+0x1a3/0x800 [ 713.896237] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 713.901632] should_fail.cold+0xa/0x15 [ 713.905524] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 713.910656] ? ___might_sleep+0x1e7/0x310 [ 713.914800] ? arch_local_save_flags+0x50/0x50 [ 713.919377] __should_failslab+0x121/0x190 [ 713.923611] should_failslab+0x9/0x14 [ 713.927394] __kmalloc+0x2dc/0x740 [ 713.930949] ? ovl_encode_real_fh+0x1a7/0x520 [ 713.935440] ovl_encode_real_fh+0x1a7/0x520 [ 713.939762] ? ovl_set_attr+0x530/0x530 [ 713.943727] ? lockdep_hardirqs_on+0x415/0x5d0 [ 713.948305] ? trace_hardirqs_on+0xbd/0x310 [ 713.952644] ovl_set_origin+0x67/0x130 [ 713.956531] ovl_copy_up_inode.part.0+0x361/0x5d0 [ 713.961384] ? ovl_set_origin+0x130/0x130 [ 713.965529] ? ovl_copy_xattr+0x10c/0x470 [ 713.969665] ovl_copy_up_one+0xf32/0x3060 [ 713.973796] ? mark_held_locks+0x100/0x100 [ 713.978020] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 713.983037] ? mark_held_locks+0x100/0x100 [ 713.987268] ? add_lock_to_list.isra.0+0x450/0x450 [ 713.992201] ? print_usage_bug+0xd0/0xd0 [ 713.996295] ? add_lock_to_list.isra.0+0x450/0x450 [ 714.001233] ? add_lock_to_list.isra.0+0x450/0x450 [ 714.006169] ? lockref_get_not_zero+0x70/0x90 [ 714.010663] ? dget_parent+0x1a5/0x680 [ 714.014544] ? find_held_lock+0x35/0x120 [ 714.018590] ? dget_parent+0x1a5/0x680 [ 714.022541] ? ovl_path_real+0x410/0x410 [ 714.026639] ovl_copy_up_flags+0x15a/0x1e0 [ 714.030877] ovl_copy_up+0x18/0x1c [ 714.034419] ovl_rename+0x2e5/0x1ab0 [ 714.038127] ? lock_acquire+0x1db/0x570 [ 714.042124] ? ovl_clear_empty+0x6f0/0x6f0 [ 714.046376] vfs_rename+0x80a/0x1ab0 [ 714.050087] ? lookup_one_len+0x230/0x230 [ 714.054709] ? lock_rename+0xdb/0x290 [ 714.058502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.064026] ? security_path_rename+0x185/0x310 [ 714.068686] do_renameat2+0xdf2/0x1120 [ 714.072589] ? user_path_create+0x50/0x50 [ 714.076737] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 714.082268] ? fput+0x128/0x1a0 [ 714.085549] ? do_syscall_64+0x8c/0x800 [ 714.089508] ? lockdep_hardirqs_on+0x415/0x5d0 [ 714.094093] ? trace_hardirqs_on+0xbd/0x310 [ 714.098396] ? __ia32_sys_read+0xb0/0xb0 [ 714.102460] ? trace_hardirqs_off_caller+0x300/0x300 [ 714.107561] __x64_sys_renameat+0x9a/0x100 [ 714.111811] do_syscall_64+0x1a3/0x800 [ 714.115755] ? syscall_return_slowpath+0x5f0/0x5f0 [ 714.120682] ? prepare_exit_to_usermode+0x232/0x3b0 [ 714.125701] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.130546] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.135727] RIP: 0033:0x457ec9 [ 714.138910] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 714.158640] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 714.166342] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 714.173610] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 714.180869] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 714.188282] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 18:07:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 714.195533] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:54 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:54 executing program 1 (fault-call:9 fault-nth:60): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xab07000000000000}, 0x14}}, 0x0) 18:07:54 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xffffff7f00000000}, 0x14}}, 0x0) [ 714.417343] FAULT_INJECTION: forcing a failure. [ 714.417343] name failslab, interval 1, probability 0, space 0, times 0 [ 714.438107] CPU: 0 PID: 26596 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 714.444980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.454335] Call Trace: [ 714.456937] dump_stack+0x1db/0x2d0 [ 714.460582] ? dump_stack_print_info.cold+0x20/0x20 [ 714.465622] ? __x64_sys_renameat+0x9a/0x100 [ 714.470040] ? do_syscall_64+0x1a3/0x800 [ 714.474108] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.479502] should_fail.cold+0xa/0x15 [ 714.483403] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 714.488525] ? ___might_sleep+0x1e7/0x310 [ 714.492694] ? arch_local_save_flags+0x50/0x50 [ 714.497299] __should_failslab+0x121/0x190 [ 714.501541] should_failslab+0x9/0x14 [ 714.505364] __kmalloc+0x2dc/0x740 [ 714.508915] ? ovl_encode_real_fh+0x1a7/0x520 [ 714.513423] ovl_encode_real_fh+0x1a7/0x520 18:07:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x60}, 0x14}}, 0x0) [ 714.517753] ? ovl_set_attr+0x530/0x530 [ 714.521734] ? lockdep_hardirqs_on+0x415/0x5d0 [ 714.526339] ? trace_hardirqs_on+0xbd/0x310 [ 714.530707] ovl_set_origin+0x67/0x130 [ 714.534650] ovl_copy_up_inode.part.0+0x361/0x5d0 [ 714.539505] ? ovl_set_origin+0x130/0x130 [ 714.543663] ? ovl_copy_xattr+0x10c/0x470 [ 714.547819] ovl_copy_up_one+0xf32/0x3060 [ 714.552014] ? mark_held_locks+0x100/0x100 [ 714.552044] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 714.552063] ? mark_held_locks+0x100/0x100 [ 714.552078] ? add_lock_to_list.isra.0+0x450/0x450 [ 714.552094] ? print_usage_bug+0xd0/0xd0 [ 714.552111] ? add_lock_to_list.isra.0+0x450/0x450 [ 714.561381] ? add_lock_to_list.isra.0+0x450/0x450 [ 714.561403] ? lockref_get_not_zero+0x70/0x90 [ 714.561424] ? dget_parent+0x1a5/0x680 [ 714.561438] ? find_held_lock+0x35/0x120 [ 714.561454] ? dget_parent+0x1a5/0x680 [ 714.561511] ? ovl_path_real+0x410/0x410 [ 714.561535] ovl_copy_up_flags+0x15a/0x1e0 [ 714.574722] ovl_copy_up+0x18/0x1c [ 714.574737] ovl_rename+0x2e5/0x1ab0 [ 714.574752] ? lock_acquire+0x1db/0x570 [ 714.620469] ? ovl_clear_empty+0x6f0/0x6f0 [ 714.624717] vfs_rename+0x80a/0x1ab0 [ 714.628453] ? lookup_one_len+0x230/0x230 [ 714.632608] ? lock_rename+0xdb/0x290 [ 714.636426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 714.641987] ? security_path_rename+0x185/0x310 [ 714.646678] do_renameat2+0xdf2/0x1120 [ 714.650597] ? user_path_create+0x50/0x50 [ 714.654760] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 714.660303] ? fput+0x128/0x1a0 [ 714.663592] ? do_syscall_64+0x8c/0x800 [ 714.667575] ? lockdep_hardirqs_on+0x415/0x5d0 [ 714.672193] ? trace_hardirqs_on+0xbd/0x310 [ 714.676549] ? __ia32_sys_read+0xb0/0xb0 [ 714.680636] ? trace_hardirqs_off_caller+0x300/0x300 [ 714.685757] __x64_sys_renameat+0x9a/0x100 [ 714.690038] do_syscall_64+0x1a3/0x800 [ 714.693933] ? syscall_return_slowpath+0x5f0/0x5f0 [ 714.698888] ? prepare_exit_to_usermode+0x232/0x3b0 [ 714.703918] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 714.708779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.713966] RIP: 0033:0x457ec9 [ 714.717157] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 714.736044] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 714.743741] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 714.751010] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 714.758274] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 714.765527] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 714.772787] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:56 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:56 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:56 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:07:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xa000000}, 0x14}}, 0x0) 18:07:56 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) 18:07:56 executing program 1 (fault-call:9 fault-nth:61): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:07:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:57 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xec0}, 0x14}}, 0x0) [ 716.957388] FAULT_INJECTION: forcing a failure. [ 716.957388] name failslab, interval 1, probability 0, space 0, times 0 [ 717.021615] CPU: 1 PID: 26623 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 717.028510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 717.037863] Call Trace: [ 717.040505] dump_stack+0x1db/0x2d0 [ 717.044158] ? dump_stack_print_info.cold+0x20/0x20 [ 717.049189] ? ovl_copy_up_flags+0x15a/0x1e0 [ 717.053605] ? ovl_copy_up+0x18/0x1c [ 717.057336] ? ovl_rename+0x2e5/0x1ab0 [ 717.061242] ? vfs_rename+0x80a/0x1ab0 [ 717.065150] ? do_renameat2+0xdf2/0x1120 [ 717.069256] ? do_syscall_64+0x1a3/0x800 [ 717.073346] should_fail.cold+0xa/0x15 [ 717.077254] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 717.082378] ? ___might_sleep+0x1e7/0x310 [ 717.086537] ? arch_local_save_flags+0x50/0x50 [ 717.091174] __should_failslab+0x121/0x190 [ 717.095427] should_failslab+0x9/0x14 [ 717.099255] __kmalloc_track_caller+0x2d8/0x740 [ 717.103939] ? ___might_sleep+0x1e7/0x310 [ 717.108091] ? save_stack+0xa9/0xd0 [ 717.111734] ? simple_xattr_set+0xcd/0x7d0 [ 717.115984] kstrdup+0x3a/0x70 [ 717.119206] simple_xattr_set+0xcd/0x7d0 [ 717.123276] ? simple_xattr_get+0x180/0x180 [ 717.127631] ? inode_has_perm.isra.0+0x17e/0x210 [ 717.132406] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 717.137948] ? evm_protected_xattr+0x200/0x280 [ 717.142760] shmem_xattr_handler_set+0x42/0x50 [ 717.147355] ? shmem_file_llseek+0x270/0x270 [ 717.151773] __vfs_setxattr+0x121/0x190 [ 717.155758] ? xattr_resolve_name+0x3e0/0x3e0 [ 717.160266] ? evm_protect_xattr.isra.0+0x9e/0x3e0 [ 717.165219] __vfs_setxattr_noperm+0x11c/0x410 [ 717.169830] vfs_setxattr+0xda/0x100 [ 717.173576] ovl_check_setxattr+0xf1/0x130 [ 717.177843] ovl_set_origin+0xec/0x130 [ 717.181749] ovl_copy_up_inode.part.0+0x361/0x5d0 [ 717.186602] ? ovl_set_origin+0x130/0x130 [ 717.190769] ? ovl_copy_xattr+0x10c/0x470 [ 717.194944] ovl_copy_up_one+0xf32/0x3060 [ 717.199109] ? mark_held_locks+0x100/0x100 [ 717.203391] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 717.208420] ? mark_held_locks+0x100/0x100 [ 717.212667] ? add_lock_to_list.isra.0+0x450/0x450 [ 717.217619] ? print_usage_bug+0xd0/0xd0 [ 717.221706] ? add_lock_to_list.isra.0+0x450/0x450 [ 717.226666] ? add_lock_to_list.isra.0+0x450/0x450 [ 717.231611] ? lockref_get_not_zero+0x70/0x90 [ 717.236143] ? dget_parent+0x1a5/0x680 [ 717.240041] ? find_held_lock+0x35/0x120 [ 717.244115] ? dget_parent+0x1a5/0x680 [ 717.248066] ? ovl_path_real+0x410/0x410 [ 717.252156] ovl_copy_up_flags+0x15a/0x1e0 [ 717.256406] ovl_copy_up+0x18/0x1c [ 717.259956] ovl_rename+0x2e5/0x1ab0 [ 717.263687] ? lock_acquire+0x1db/0x570 [ 717.267701] ? ovl_clear_empty+0x6f0/0x6f0 [ 717.271958] vfs_rename+0x80a/0x1ab0 [ 717.275700] ? lookup_one_len+0x230/0x230 [ 717.279860] ? lock_rename+0xdb/0x290 [ 717.283687] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 717.289233] ? security_path_rename+0x185/0x310 [ 717.293935] do_renameat2+0xdf2/0x1120 [ 717.297863] ? user_path_create+0x50/0x50 [ 717.302025] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 717.307567] ? fput+0x128/0x1a0 [ 717.310855] ? do_syscall_64+0x8c/0x800 [ 717.314839] ? lockdep_hardirqs_on+0x415/0x5d0 [ 717.319431] ? trace_hardirqs_on+0xbd/0x310 [ 717.323760] ? __ia32_sys_read+0xb0/0xb0 [ 717.327831] ? trace_hardirqs_off_caller+0x300/0x300 [ 717.332952] __x64_sys_renameat+0x9a/0x100 [ 717.337218] do_syscall_64+0x1a3/0x800 [ 717.341142] ? syscall_return_slowpath+0x5f0/0x5f0 [ 717.346085] ? prepare_exit_to_usermode+0x232/0x3b0 [ 717.351130] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 717.355995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 717.361193] RIP: 0033:0x457ec9 [ 717.364395] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 717.383317] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 717.391032] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 717.398304] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 717.405591] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 717.412862] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 18:07:57 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:07:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x10}, 0x14}}, 0x0) 18:07:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf0ffff}, 0x14}}, 0x0) 18:07:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:07:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x400300}, 0x14}}, 0x0) [ 717.420157] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:07:57 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) 18:07:57 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:07:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xe}, 0x14}}, 0x0) 18:08:00 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:00 executing program 1 (fault-call:9 fault-nth:62): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 720.076202] FAULT_INJECTION: forcing a failure. [ 720.076202] name failslab, interval 1, probability 0, space 0, times 0 [ 720.097065] CPU: 1 PID: 26683 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 720.103925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.113297] Call Trace: [ 720.115901] dump_stack+0x1db/0x2d0 [ 720.119536] ? dump_stack_print_info.cold+0x20/0x20 [ 720.124560] ? __lock_acquire+0x572/0x4a30 [ 720.128803] should_fail.cold+0xa/0x15 [ 720.132694] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 720.137822] ? ___might_sleep+0x1e7/0x310 [ 720.141978] ? arch_local_save_flags+0x50/0x50 [ 720.146596] __should_failslab+0x121/0x190 [ 720.150854] should_failslab+0x9/0x14 [ 720.154678] kmem_cache_alloc+0x2be/0x710 [ 720.158847] __d_alloc+0xae/0xbe0 [ 720.162308] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 720.167339] ? find_held_lock+0x35/0x120 [ 720.171428] ? mark_held_locks+0x100/0x100 [ 720.175674] ? add_lock_to_list.isra.0+0x450/0x450 [ 720.180604] ? lock_downgrade+0x910/0x910 [ 720.185237] ? kasan_check_read+0x11/0x20 [ 720.189473] d_alloc+0x99/0x420 [ 720.192755] ? avc_has_perm_noaudit+0x418/0x630 [ 720.197446] ? __d_alloc+0xbe0/0xbe0 [ 720.201172] ? avc_has_perm_noaudit+0x418/0x630 [ 720.205861] ? add_lock_to_list.isra.0+0x450/0x450 [ 720.210810] d_alloc_parallel+0x11b/0x1f10 [ 720.215056] ? lock_downgrade+0x910/0x910 [ 720.219207] ? kasan_check_read+0x11/0x20 [ 720.223356] ? __d_lookup+0x560/0x960 [ 720.227183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.232723] ? __d_lookup_rcu+0x990/0x990 [ 720.236867] ? lock_downgrade+0x910/0x910 [ 720.241011] ? kasan_check_read+0x11/0x20 [ 720.245167] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 720.250501] ? rcu_read_unlock_special+0x380/0x380 [ 720.255432] ? lockdep_init_map+0x10c/0x5b0 [ 720.259752] ? lockdep_init_map+0x10c/0x5b0 [ 720.264082] ? __init_waitqueue_head+0x92/0x150 [ 720.268748] ? init_wait_entry+0x1c0/0x1c0 [ 720.272998] ? d_lookup+0x163/0x360 [ 720.276651] __lookup_slow+0x1fa/0x560 [ 720.280545] ? trace_hardirqs_off_caller+0x300/0x300 [ 720.285659] ? vfs_unlink+0x500/0x500 [ 720.289470] ? d_lookup+0x23c/0x360 [ 720.293153] lookup_one_len+0x1de/0x230 [ 720.297129] ? ovl_copy_up_inode.part.0+0x22a/0x5d0 [ 720.302169] ? lookup_one_len_unlocked+0x100/0x100 [ 720.307102] ? ovl_copy_xattr+0x10c/0x470 [ 720.311296] ovl_copy_up_one+0x1089/0x3060 [ 720.315530] ? mark_held_locks+0x100/0x100 [ 720.319854] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 [ 720.324875] ? mark_held_locks+0x100/0x100 [ 720.329114] ? add_lock_to_list.isra.0+0x450/0x450 [ 720.334072] ? print_usage_bug+0xd0/0xd0 [ 720.338160] ? add_lock_to_list.isra.0+0x450/0x450 [ 720.343104] ? add_lock_to_list.isra.0+0x450/0x450 [ 720.348047] ? lockref_get_not_zero+0x70/0x90 [ 720.352544] ? dget_parent+0x1a5/0x680 [ 720.356433] ? find_held_lock+0x35/0x120 [ 720.360495] ? dget_parent+0x1a5/0x680 [ 720.364449] ? ovl_path_real+0x410/0x410 [ 720.368517] ovl_copy_up_flags+0x15a/0x1e0 [ 720.372774] ovl_copy_up+0x18/0x1c [ 720.376313] ovl_rename+0x2e5/0x1ab0 [ 720.380054] ? lock_acquire+0x1db/0x570 [ 720.384041] ? ovl_clear_empty+0x6f0/0x6f0 [ 720.388307] vfs_rename+0x80a/0x1ab0 [ 720.392032] ? lookup_one_len+0x230/0x230 [ 720.396179] ? lock_rename+0xdb/0x290 [ 720.400000] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 720.405568] ? security_path_rename+0x185/0x310 [ 720.410260] do_renameat2+0xdf2/0x1120 [ 720.414175] ? user_path_create+0x50/0x50 [ 720.418332] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 720.423871] ? fput+0x128/0x1a0 [ 720.427179] ? do_syscall_64+0x8c/0x800 [ 720.431161] ? lockdep_hardirqs_on+0x415/0x5d0 [ 720.435743] ? trace_hardirqs_on+0xbd/0x310 [ 720.440069] ? __ia32_sys_read+0xb0/0xb0 [ 720.444149] ? trace_hardirqs_off_caller+0x300/0x300 [ 720.449266] __x64_sys_renameat+0x9a/0x100 [ 720.453512] do_syscall_64+0x1a3/0x800 [ 720.457406] ? syscall_return_slowpath+0x5f0/0x5f0 [ 720.462340] ? prepare_exit_to_usermode+0x232/0x3b0 [ 720.467364] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 720.472214] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 720.477404] RIP: 0033:0x457ec9 [ 720.480605] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 720.499506] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 720.507213] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 720.514480] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 18:08:00 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:08:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xffffff9e}, 0x14}}, 0x0) 18:08:00 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 720.521747] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 720.529017] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 720.536286] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f'}) 18:08:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf0ffffffffffff}, 0x14}}, 0x0) 18:08:00 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:00 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd'}) 18:08:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x300}, 0x14}}, 0x0) 18:08:01 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:03 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 18:08:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xe00}, 0x14}}, 0x0) 18:08:03 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:03 executing program 1 (fault-call:9 fault-nth:63): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:03 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 723.135776] FAULT_INJECTION: forcing a failure. [ 723.135776] name failslab, interval 1, probability 0, space 0, times 0 [ 723.147802] CPU: 0 PID: 26732 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 723.154650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.164000] Call Trace: [ 723.166605] dump_stack+0x1db/0x2d0 [ 723.170262] ? dump_stack_print_info.cold+0x20/0x20 [ 723.175288] ? ovl_copy_up_flags+0x15a/0x1e0 [ 723.179700] ? ovl_copy_up+0x18/0x1c 18:08:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf0}, 0x14}}, 0x0) 18:08:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xa00000000000000}, 0x14}}, 0x0) [ 723.183432] ? ovl_rename+0x2e5/0x1ab0 [ 723.187356] ? vfs_rename+0x80a/0x1ab0 [ 723.191255] ? do_renameat2+0xdf2/0x1120 [ 723.195341] ? do_syscall_64+0x1a3/0x800 [ 723.199442] should_fail.cold+0xa/0x15 [ 723.203351] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 723.208499] ? ___might_sleep+0x1e7/0x310 [ 723.212649] ? arch_local_save_flags+0x50/0x50 [ 723.217248] __should_failslab+0x121/0x190 [ 723.221489] should_failslab+0x9/0x14 [ 723.225292] __kmalloc_track_caller+0x2d8/0x740 [ 723.229994] ? ___might_sleep+0x1e7/0x310 [ 723.234206] ? save_stack+0xa9/0xd0 [ 723.237847] ? simple_xattr_set+0xcd/0x7d0 [ 723.242171] kstrdup+0x3a/0x70 [ 723.245373] simple_xattr_set+0xcd/0x7d0 [ 723.249440] ? simple_xattr_get+0x180/0x180 [ 723.253768] ? inode_has_perm.isra.0+0x17e/0x210 [ 723.258538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.264084] ? evm_protected_xattr+0x200/0x280 [ 723.268685] shmem_xattr_handler_set+0x42/0x50 [ 723.273276] ? shmem_file_llseek+0x270/0x270 [ 723.277697] __vfs_setxattr+0x121/0x190 [ 723.281696] ? xattr_resolve_name+0x3e0/0x3e0 18:08:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x800000000000000}, 0x14}}, 0x0) [ 723.286208] ? evm_protect_xattr.isra.0+0x9e/0x3e0 [ 723.291196] __vfs_setxattr_noperm+0x11c/0x410 [ 723.295795] vfs_setxattr+0xda/0x100 [ 723.299569] ovl_check_setxattr+0xf1/0x130 [ 723.303831] ovl_set_origin+0xec/0x130 [ 723.307724] ovl_copy_up_inode.part.0+0x361/0x5d0 [ 723.312579] ? ovl_set_origin+0x130/0x130 [ 723.316735] ? ovl_copy_xattr+0x10c/0x470 [ 723.320895] ovl_copy_up_one+0xf32/0x3060 [ 723.325046] ? mark_held_locks+0x100/0x100 [ 723.329349] ? ovl_copy_up_inode.part.0+0x5d0/0x5d0 18:08:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xc00e0000}, 0x14}}, 0x0) [ 723.334380] ? mark_held_locks+0x100/0x100 [ 723.338615] ? add_lock_to_list.isra.0+0x450/0x450 [ 723.343548] ? print_usage_bug+0xd0/0xd0 [ 723.347615] ? add_lock_to_list.isra.0+0x450/0x450 [ 723.352564] ? add_lock_to_list.isra.0+0x450/0x450 [ 723.357501] ? lockref_get_not_zero+0x70/0x90 [ 723.362014] ? dget_parent+0x1a5/0x680 [ 723.365908] ? find_held_lock+0x35/0x120 [ 723.369973] ? dget_parent+0x1a5/0x680 [ 723.373904] ? ovl_path_real+0x410/0x410 [ 723.377980] ovl_copy_up_flags+0x15a/0x1e0 [ 723.382223] ovl_copy_up+0x18/0x1c 18:08:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf000000}, 0x14}}, 0x0) [ 723.385781] ovl_rename+0x2e5/0x1ab0 [ 723.389536] ? lock_acquire+0x1db/0x570 [ 723.393530] ? ovl_clear_empty+0x6f0/0x6f0 [ 723.397793] vfs_rename+0x80a/0x1ab0 [ 723.401559] ? lookup_one_len+0x230/0x230 [ 723.405705] ? lock_rename+0xdb/0x290 [ 723.409517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.415060] ? security_path_rename+0x185/0x310 [ 723.419740] do_renameat2+0xdf2/0x1120 [ 723.423649] ? user_path_create+0x50/0x50 [ 723.427814] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 723.433366] ? fput+0x128/0x1a0 18:08:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xffffff7f}, 0x14}}, 0x0) [ 723.436654] ? do_syscall_64+0x8c/0x800 [ 723.440640] ? lockdep_hardirqs_on+0x415/0x5d0 [ 723.445228] ? trace_hardirqs_on+0xbd/0x310 [ 723.449557] ? __ia32_sys_read+0xb0/0xb0 [ 723.453628] ? trace_hardirqs_off_caller+0x300/0x300 [ 723.458771] __x64_sys_renameat+0x9a/0x100 [ 723.463040] do_syscall_64+0x1a3/0x800 [ 723.466934] ? syscall_return_slowpath+0x5f0/0x5f0 [ 723.471872] ? prepare_exit_to_usermode+0x232/0x3b0 [ 723.476899] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 723.481756] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.486962] RIP: 0033:0x457ec9 [ 723.490169] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 723.509073] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 723.516791] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 723.524059] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 723.531327] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 723.538607] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 723.545900] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:04 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:06 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 18:08:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xab07}, 0x14}}, 0x0) 18:08:06 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:08:06 executing program 1 (fault-call:9 fault-nth:64): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:06 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:06 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 726.207835] FAULT_INJECTION: forcing a failure. [ 726.207835] name failslab, interval 1, probability 0, space 0, times 0 [ 726.226556] CPU: 0 PID: 26774 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 726.233405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.242760] Call Trace: [ 726.245365] dump_stack+0x1db/0x2d0 [ 726.249043] ? dump_stack_print_info.cold+0x20/0x20 [ 726.254070] ? do_renameat2+0xdf2/0x1120 18:08:06 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xc00e}, 0x14}}, 0x0) 18:08:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf}, 0x14}}, 0x0) [ 726.258162] ? __x64_sys_renameat+0x9a/0x100 [ 726.262583] ? do_syscall_64+0x1a3/0x800 [ 726.266648] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.272019] ? print_usage_bug+0xd0/0xd0 [ 726.276096] should_fail.cold+0xa/0x15 [ 726.280018] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 726.285159] ? ___might_sleep+0x1e7/0x310 [ 726.289325] ? arch_local_save_flags+0x50/0x50 [ 726.293946] __should_failslab+0x121/0x190 [ 726.298189] should_failslab+0x9/0x14 [ 726.302001] __kmalloc_track_caller+0x2d8/0x740 [ 726.306674] ? ___might_sleep+0x1e7/0x310 [ 726.310857] ? mark_held_locks+0x100/0x100 [ 726.315115] ? simple_xattr_set+0xcd/0x7d0 [ 726.319405] kstrdup+0x3a/0x70 [ 726.322614] simple_xattr_set+0xcd/0x7d0 [ 726.322632] ? simple_xattr_get+0x180/0x180 [ 726.322656] ? inode_has_perm.isra.0+0x17e/0x210 [ 726.335778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 726.341328] ? evm_protected_xattr+0x200/0x280 [ 726.345926] shmem_xattr_handler_set+0x42/0x50 [ 726.350519] ? shmem_file_llseek+0x270/0x270 [ 726.354946] __vfs_setxattr+0x121/0x190 18:08:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x100000000000000}, 0x14}}, 0x0) [ 726.358934] ? xattr_resolve_name+0x3e0/0x3e0 [ 726.363447] ? evm_protect_xattr.isra.0+0x9e/0x3e0 [ 726.368399] __vfs_setxattr_noperm+0x11c/0x410 [ 726.373009] vfs_setxattr+0xda/0x100 [ 726.376736] ovl_check_setxattr+0xf1/0x130 [ 726.380985] ovl_set_impure+0xb0/0x110 [ 726.384887] ovl_rename+0x895/0x1ab0 [ 726.388612] ? lock_acquire+0x1db/0x570 [ 726.392606] ? ovl_clear_empty+0x6f0/0x6f0 [ 726.396867] vfs_rename+0x80a/0x1ab0 [ 726.400597] ? lookup_one_len+0x230/0x230 [ 726.404746] ? lock_rename+0xdb/0x290 18:08:06 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 726.408578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 726.414148] ? security_path_rename+0x185/0x310 [ 726.418843] do_renameat2+0xdf2/0x1120 [ 726.422749] ? user_path_create+0x50/0x50 [ 726.422772] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 726.422786] ? fput+0x128/0x1a0 [ 726.422819] ? do_syscall_64+0x8c/0x800 [ 726.422834] ? lockdep_hardirqs_on+0x415/0x5d0 [ 726.422849] ? trace_hardirqs_on+0xbd/0x310 [ 726.422862] ? __ia32_sys_read+0xb0/0xb0 [ 726.422878] ? trace_hardirqs_off_caller+0x300/0x300 [ 726.422897] __x64_sys_renameat+0x9a/0x100 [ 726.422914] do_syscall_64+0x1a3/0x800 [ 726.422962] ? syscall_return_slowpath+0x5f0/0x5f0 [ 726.422978] ? prepare_exit_to_usermode+0x232/0x3b0 [ 726.422999] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 726.423022] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.423034] RIP: 0033:0x457ec9 [ 726.423051] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:08:06 executing program 1 (fault-call:9 fault-nth:65): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 726.423059] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 726.423073] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 726.423082] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 726.423090] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 726.423099] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 726.423107] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 [ 726.631649] FAULT_INJECTION: forcing a failure. [ 726.631649] name failslab, interval 1, probability 0, space 0, times 0 [ 726.643769] CPU: 0 PID: 26802 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 726.650636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.659979] Call Trace: [ 726.662566] dump_stack+0x1db/0x2d0 [ 726.666211] ? dump_stack_print_info.cold+0x20/0x20 [ 726.671234] should_fail.cold+0xa/0x15 [ 726.675104] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 726.680204] ? ___might_sleep+0x1e7/0x310 [ 726.684357] ? arch_local_save_flags+0x50/0x50 [ 726.688942] __should_failslab+0x121/0x190 [ 726.693169] should_failslab+0x9/0x14 [ 726.696948] kmem_cache_alloc+0x2be/0x710 [ 726.701099] __d_alloc+0xae/0xbe0 [ 726.704568] ? __lock_acquire+0x572/0x4a30 [ 726.708800] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 726.713808] ? find_held_lock+0x35/0x120 [ 726.717857] ? mark_held_locks+0x100/0x100 [ 726.722087] ? add_lock_to_list.isra.0+0x450/0x450 [ 726.727035] ? lock_downgrade+0x910/0x910 [ 726.731168] ? kasan_check_read+0x11/0x20 [ 726.735297] d_alloc+0x99/0x420 [ 726.738556] ? avc_has_perm_noaudit+0x418/0x630 [ 726.743218] ? __d_alloc+0xbe0/0xbe0 [ 726.746925] ? avc_has_perm_noaudit+0x418/0x630 [ 726.751589] ? add_lock_to_list.isra.0+0x450/0x450 [ 726.756518] d_alloc_parallel+0x11b/0x1f10 [ 726.760743] ? lock_downgrade+0x910/0x910 [ 726.764908] ? kasan_check_read+0x11/0x20 [ 726.769076] ? __d_lookup+0x560/0x960 [ 726.772870] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 726.778389] ? __d_lookup_rcu+0x990/0x990 [ 726.782533] ? lock_downgrade+0x910/0x910 [ 726.786677] ? kasan_check_read+0x11/0x20 [ 726.790819] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 726.796076] ? rcu_read_unlock_special+0x380/0x380 [ 726.800997] ? lockdep_init_map+0x10c/0x5b0 [ 726.805322] ? lockdep_init_map+0x10c/0x5b0 [ 726.809639] ? __init_waitqueue_head+0x92/0x150 [ 726.814305] ? init_wait_entry+0x1c0/0x1c0 [ 726.818549] ? d_lookup+0x163/0x360 [ 726.822189] __lookup_slow+0x1fa/0x560 [ 726.826076] ? trace_hardirqs_off_caller+0x300/0x300 [ 726.831173] ? vfs_unlink+0x500/0x500 [ 726.834958] ? d_lookup+0x23c/0x360 [ 726.838579] lookup_one_len+0x1de/0x230 [ 726.842553] ? lookup_one_len_unlocked+0x100/0x100 [ 726.847473] ? ovl_dentry_upper+0x65/0x120 [ 726.851689] ? ovl_path_real+0x410/0x410 [ 726.855736] ovl_rename+0x9ae/0x1ab0 [ 726.859436] ? ovl_clear_empty+0x6f0/0x6f0 [ 726.863674] vfs_rename+0x80a/0x1ab0 [ 726.867384] ? lookup_one_len+0x230/0x230 [ 726.871536] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 726.877055] ? security_path_rename+0x185/0x310 [ 726.881719] do_renameat2+0xdf2/0x1120 [ 726.885634] ? user_path_create+0x50/0x50 [ 726.889821] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 726.895344] ? fput+0x128/0x1a0 [ 726.898619] ? do_syscall_64+0x8c/0x800 [ 726.902585] ? lockdep_hardirqs_on+0x415/0x5d0 [ 726.907224] ? trace_hardirqs_on+0xbd/0x310 [ 726.911544] ? __ia32_sys_read+0xb0/0xb0 [ 726.915588] ? trace_hardirqs_off_caller+0x300/0x300 [ 726.920689] __x64_sys_renameat+0x9a/0x100 [ 726.924928] do_syscall_64+0x1a3/0x800 [ 726.928816] ? syscall_return_slowpath+0x5f0/0x5f0 [ 726.933731] ? prepare_exit_to_usermode+0x232/0x3b0 [ 726.938731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 726.943608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.948822] RIP: 0033:0x457ec9 [ 726.952000] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 726.970906] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 726.978592] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 726.985865] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 726.993153] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 727.000425] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 727.007713] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:09 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 18:08:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:08:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x9effffff00000000}, 0x14}}, 0x0) 18:08:09 executing program 1 (fault-call:9 fault-nth:66): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:09 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:09 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x34000}, 0x14}}, 0x0) 18:08:09 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) [ 729.312945] FAULT_INJECTION: forcing a failure. [ 729.312945] name failslab, interval 1, probability 0, space 0, times 0 [ 729.389005] CPU: 0 PID: 26819 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 729.395879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.405235] Call Trace: [ 729.407838] dump_stack+0x1db/0x2d0 [ 729.411499] ? dump_stack_print_info.cold+0x20/0x20 [ 729.416537] should_fail.cold+0xa/0x15 [ 729.420455] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 729.425578] ? ___might_sleep+0x1e7/0x310 [ 729.429732] ? arch_local_save_flags+0x50/0x50 [ 729.434342] __should_failslab+0x121/0x190 [ 729.438591] should_failslab+0x9/0x14 [ 729.442401] kmem_cache_alloc+0x2be/0x710 [ 729.446559] ? add_lock_to_list.isra.0+0x450/0x450 [ 729.451524] ? avc_has_perm_noaudit+0x630/0x630 [ 729.456210] __d_alloc+0xae/0xbe0 [ 729.459696] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 729.464718] ? find_held_lock+0x35/0x120 [ 729.468786] ? simple_empty+0xdc/0x160 [ 729.472694] ? lock_acquire+0x1db/0x570 [ 729.476687] ? kasan_check_read+0x11/0x20 [ 729.480847] d_alloc+0x99/0x420 [ 729.484154] ? __d_alloc+0xbe0/0xbe0 18:08:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd'}) [ 729.487891] ? _raw_spin_unlock+0x2d/0x50 [ 729.492050] shmem_rename2+0x33a/0x780 [ 729.495955] vfs_rename+0x80a/0x1ab0 [ 729.499691] ? lookup_one_len+0x230/0x230 [ 729.503863] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 729.509409] ? ovl_path_type+0x2b6/0x3e0 [ 729.513497] ? ovl_dentry_weird+0x50/0x50 [ 729.517660] ? ovl_path_real+0x410/0x410 [ 729.521740] ovl_rename+0xcc1/0x1ab0 [ 729.525476] ? ovl_clear_empty+0x6f0/0x6f0 [ 729.529738] vfs_rename+0x80a/0x1ab0 [ 729.533487] ? lookup_one_len+0x230/0x230 18:08:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 729.537636] ? lock_rename+0xdb/0x290 [ 729.541502] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 729.547066] ? security_path_rename+0x185/0x310 [ 729.551772] do_renameat2+0xdf2/0x1120 [ 729.555701] ? user_path_create+0x50/0x50 [ 729.559934] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 729.565498] ? fput+0x128/0x1a0 [ 729.568795] ? do_syscall_64+0x8c/0x800 [ 729.572779] ? lockdep_hardirqs_on+0x415/0x5d0 [ 729.577374] ? trace_hardirqs_on+0xbd/0x310 [ 729.581703] ? __ia32_sys_read+0xb0/0xb0 18:08:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 729.585776] ? trace_hardirqs_off_caller+0x300/0x300 [ 729.590893] __x64_sys_renameat+0x9a/0x100 [ 729.595181] do_syscall_64+0x1a3/0x800 [ 729.599084] ? syscall_return_slowpath+0x5f0/0x5f0 [ 729.604027] ? prepare_exit_to_usermode+0x232/0x3b0 [ 729.609076] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 729.613959] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.613987] RIP: 0033:0x457ec9 18:08:09 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff'}) 18:08:09 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 729.614003] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 729.641299] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 729.649016] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 729.656291] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 729.663578] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 729.670854] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 729.678143] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:09 executing program 1 (fault-call:9 fault-nth:67): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x400000000000000}, 0x14}}, 0x0) [ 729.909516] FAULT_INJECTION: forcing a failure. [ 729.909516] name failslab, interval 1, probability 0, space 0, times 0 [ 729.921327] CPU: 0 PID: 26865 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 729.928159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.937498] Call Trace: [ 729.940088] dump_stack+0x1db/0x2d0 [ 729.943726] ? dump_stack_print_info.cold+0x20/0x20 [ 729.948727] ? mark_held_locks+0x100/0x100 [ 729.952946] ? do_syscall_64+0x1a3/0x800 [ 729.957173] should_fail.cold+0xa/0x15 [ 729.961049] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 729.966159] ? ___might_sleep+0x1e7/0x310 [ 729.970294] ? arch_local_save_flags+0x50/0x50 [ 729.974926] __should_failslab+0x121/0x190 [ 729.979165] should_failslab+0x9/0x14 [ 729.982957] kmem_cache_alloc+0x2be/0x710 [ 729.987122] ? lock_acquire+0x1db/0x570 [ 729.991103] ? shmem_destroy_callback+0xc0/0xc0 [ 729.995771] shmem_alloc_inode+0x1c/0x50 [ 729.999849] alloc_inode+0x66/0x190 [ 730.003488] new_inode_pseudo+0x71/0x1b0 [ 730.007547] ? prune_icache_sb+0x1c0/0x1c0 [ 730.011775] new_inode+0x1f/0x40 [ 730.015132] shmem_get_inode+0xe1/0x8d0 [ 730.019142] ? shmem_encode_fh+0x340/0x340 [ 730.023403] ? _raw_spin_unlock+0x2d/0x50 [ 730.027547] ? d_alloc+0x2a3/0x420 [ 730.031083] ? __d_alloc+0xbe0/0xbe0 [ 730.034788] shmem_mknod+0x5a/0x1f0 [ 730.038400] shmem_rename2+0x362/0x780 [ 730.042307] vfs_rename+0x80a/0x1ab0 [ 730.046031] ? lookup_one_len+0x230/0x230 [ 730.050195] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 730.055735] ? ovl_path_type+0x2b6/0x3e0 [ 730.059781] ? ovl_dentry_weird+0x50/0x50 [ 730.063926] ? ovl_path_real+0x410/0x410 [ 730.068004] ovl_rename+0xcc1/0x1ab0 [ 730.071734] ? ovl_clear_empty+0x6f0/0x6f0 [ 730.075990] vfs_rename+0x80a/0x1ab0 [ 730.079707] ? lookup_one_len+0x230/0x230 [ 730.083847] ? lock_rename+0xdb/0x290 [ 730.087669] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 730.093219] ? security_path_rename+0x185/0x310 [ 730.097887] do_renameat2+0xdf2/0x1120 [ 730.101785] ? user_path_create+0x50/0x50 [ 730.105928] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 730.111463] ? fput+0x128/0x1a0 [ 730.114744] ? do_syscall_64+0x8c/0x800 [ 730.118702] ? lockdep_hardirqs_on+0x415/0x5d0 [ 730.123270] ? trace_hardirqs_on+0xbd/0x310 [ 730.127588] ? __ia32_sys_read+0xb0/0xb0 [ 730.131666] ? trace_hardirqs_off_caller+0x300/0x300 [ 730.136755] __x64_sys_renameat+0x9a/0x100 [ 730.141002] do_syscall_64+0x1a3/0x800 [ 730.144914] ? syscall_return_slowpath+0x5f0/0x5f0 [ 730.149833] ? prepare_exit_to_usermode+0x232/0x3b0 [ 730.154836] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 730.159671] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 730.164856] RIP: 0033:0x457ec9 [ 730.168041] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 730.187079] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 730.194781] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 730.202062] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 730.209318] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 730.216578] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 730.223843] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:12 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:12 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:12 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) 18:08:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x3f00000000000000}, 0x14}}, 0x0) 18:08:12 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:08:12 executing program 1 (fault-call:9 fault-nth:68): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:12 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:12 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf00}, 0x14}}, 0x0) [ 732.559546] FAULT_INJECTION: forcing a failure. [ 732.559546] name failslab, interval 1, probability 0, space 0, times 0 18:08:12 executing program 0: mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) [ 732.618255] CPU: 1 PID: 26880 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 732.625150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.634510] Call Trace: [ 732.637132] dump_stack+0x1db/0x2d0 [ 732.640776] ? dump_stack_print_info.cold+0x20/0x20 [ 732.645822] ? kernel_text_address+0x73/0xf0 [ 732.650246] should_fail.cold+0xa/0x15 [ 732.654157] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 732.659280] ? ___might_sleep+0x1e7/0x310 [ 732.663449] ? save_stack+0xa9/0xd0 [ 732.663465] ? arch_local_save_flags+0x50/0x50 [ 732.663479] ? kasan_kmalloc+0xcf/0xe0 [ 732.663495] ? kasan_slab_alloc+0xf/0x20 [ 732.671692] ? kmem_cache_alloc+0x12d/0x710 [ 732.671706] ? shmem_alloc_inode+0x1c/0x50 [ 732.671721] ? alloc_inode+0x66/0x190 [ 732.671735] ? new_inode_pseudo+0x71/0x1b0 [ 732.671749] ? new_inode+0x1f/0x40 [ 732.671771] __should_failslab+0x121/0x190 [ 732.671790] should_failslab+0x9/0x14 [ 732.671804] kmem_cache_alloc+0x2be/0x710 [ 732.671822] ? lock_downgrade+0x910/0x910 [ 732.716092] ? kasan_check_read+0x11/0x20 [ 732.720264] selinux_inode_alloc_security+0x108/0x3b0 [ 732.725476] ? inode_free_rcu+0x20/0x20 [ 732.729477] ? __put_user_ns+0x70/0x70 [ 732.733411] ? shmem_alloc_inode+0x1c/0x50 [ 732.737668] security_inode_alloc+0x90/0xe0 [ 732.742018] inode_init_always+0x662/0xd30 [ 732.746261] ? get_nr_inodes+0x110/0x110 [ 732.750338] ? rcu_read_lock_sched_held+0x110/0x130 [ 732.755382] ? lock_acquire+0x1db/0x570 [ 732.759400] alloc_inode+0x83/0x190 [ 732.763039] new_inode_pseudo+0x71/0x1b0 18:08:12 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 732.767122] ? prune_icache_sb+0x1c0/0x1c0 [ 732.771436] new_inode+0x1f/0x40 [ 732.774808] shmem_get_inode+0xe1/0x8d0 [ 732.778793] ? shmem_encode_fh+0x340/0x340 [ 732.783050] ? _raw_spin_unlock+0x2d/0x50 [ 732.787204] ? d_alloc+0x2a3/0x420 [ 732.790760] ? __d_alloc+0xbe0/0xbe0 [ 732.794486] shmem_mknod+0x5a/0x1f0 [ 732.798121] shmem_rename2+0x362/0x780 [ 732.802038] vfs_rename+0x80a/0x1ab0 [ 732.805775] ? lookup_one_len+0x230/0x230 [ 732.809929] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 732.815491] ? ovl_path_type+0x2b6/0x3e0 [ 732.819569] ? ovl_dentry_weird+0x50/0x50 [ 732.823734] ? ovl_path_real+0x410/0x410 [ 732.827811] ovl_rename+0xcc1/0x1ab0 [ 732.831545] ? ovl_clear_empty+0x6f0/0x6f0 [ 732.835815] vfs_rename+0x80a/0x1ab0 [ 732.839580] ? lookup_one_len+0x230/0x230 [ 732.843735] ? lock_rename+0xdb/0x290 [ 732.847555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 732.853099] ? security_path_rename+0x185/0x310 [ 732.857787] do_renameat2+0xdf2/0x1120 [ 732.861708] ? user_path_create+0x50/0x50 18:08:13 executing program 2: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 732.865878] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 732.871432] ? fput+0x128/0x1a0 [ 732.874722] ? do_syscall_64+0x8c/0x800 [ 732.878709] ? lockdep_hardirqs_on+0x415/0x5d0 [ 732.883313] ? trace_hardirqs_on+0xbd/0x310 [ 732.887657] ? __ia32_sys_read+0xb0/0xb0 [ 732.891726] ? trace_hardirqs_off_caller+0x300/0x300 [ 732.896842] __x64_sys_renameat+0x9a/0x100 [ 732.901091] do_syscall_64+0x1a3/0x800 [ 732.904996] ? syscall_return_slowpath+0x5f0/0x5f0 [ 732.909933] ? prepare_exit_to_usermode+0x232/0x3b0 [ 732.914958] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 732.919818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 732.925016] RIP: 0033:0x457ec9 [ 732.928215] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 732.947117] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 732.954835] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 732.962107] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 732.969401] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 732.976688] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 732.983957] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:15 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x60000000}, 0x14}}, 0x0) 18:08:15 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:15 executing program 1 (fault-call:9 fault-nth:69): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:15 executing program 2: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:15 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:08:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x2}, 0x14}}, 0x0) [ 735.578549] FAULT_INJECTION: forcing a failure. [ 735.578549] name failslab, interval 1, probability 0, space 0, times 0 [ 735.590390] CPU: 0 PID: 26915 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 735.597255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.606626] Call Trace: [ 735.609230] dump_stack+0x1db/0x2d0 [ 735.612886] ? dump_stack_print_info.cold+0x20/0x20 [ 735.617920] should_fail.cold+0xa/0x15 [ 735.621832] ? fault_create_debugfs_attr+0x1e0/0x1e0 18:08:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x40030000000000}, 0x14}}, 0x0) [ 735.626951] ? security_compute_sid+0x12d9/0x1f00 [ 735.631803] ? memset+0x32/0x40 [ 735.635108] ? add_lock_to_list.isra.0+0x450/0x450 [ 735.640087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 735.645654] __should_failslab+0x121/0x190 [ 735.649904] should_failslab+0x9/0x14 [ 735.653716] __kmalloc+0x71/0x740 [ 735.657193] ? context_struct_to_string+0x42d/0x980 [ 735.662231] context_struct_to_string+0x42d/0x980 [ 735.667086] ? get_permissions_callback+0xb0/0xb0 [ 735.671947] security_sid_to_context_core.isra.0+0x244/0x320 [ 735.677759] security_sid_to_context_force+0x38/0x50 [ 735.682878] selinux_inode_init_security+0x3f7/0x870 [ 735.687995] ? selinux_inode_create+0x30/0x30 [ 735.692517] ? set_posix_acl+0x2f0/0x2f0 [ 735.696602] ? current_time+0x104/0x1b0 [ 735.700605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 735.706194] security_inode_init_security+0x1b3/0x430 [ 735.711394] ? shmem_tmpfile+0x120/0x120 [ 735.715477] ? unregister_lsm_notifier+0x30/0x30 [ 735.720262] ? d_alloc+0x2a3/0x420 [ 735.723826] ? __d_alloc+0xbe0/0xbe0 18:08:15 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mounts\x00') pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x10000014c) syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 18:08:15 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) [ 735.727554] shmem_mknod+0xc9/0x1f0 [ 735.731194] shmem_rename2+0x362/0x780 [ 735.735093] vfs_rename+0x80a/0x1ab0 [ 735.738860] ? lookup_one_len+0x230/0x230 [ 735.743025] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 735.748574] ? ovl_path_type+0x2b6/0x3e0 [ 735.752649] ? ovl_dentry_weird+0x50/0x50 [ 735.756810] ? ovl_path_real+0x410/0x410 [ 735.760899] ovl_rename+0xcc1/0x1ab0 [ 735.764664] ? ovl_clear_empty+0x6f0/0x6f0 [ 735.768924] vfs_rename+0x80a/0x1ab0 [ 735.772671] ? lookup_one_len+0x230/0x230 [ 735.776844] ? lock_rename+0xdb/0x290 [ 735.780665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 735.786210] ? security_path_rename+0x185/0x310 [ 735.786248] do_renameat2+0xdf2/0x1120 [ 735.794827] ? user_path_create+0x50/0x50 [ 735.799009] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 735.804554] ? fput+0x128/0x1a0 [ 735.807849] ? do_syscall_64+0x8c/0x800 [ 735.811832] ? lockdep_hardirqs_on+0x415/0x5d0 [ 735.816422] ? trace_hardirqs_on+0xbd/0x310 [ 735.816436] ? __ia32_sys_read+0xb0/0xb0 [ 735.816457] ? trace_hardirqs_off_caller+0x300/0x300 18:08:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x6000}, 0x14}}, 0x0) [ 735.829970] __x64_sys_renameat+0x9a/0x100 [ 735.834247] do_syscall_64+0x1a3/0x800 [ 735.838165] ? syscall_return_slowpath+0x5f0/0x5f0 [ 735.843112] ? prepare_exit_to_usermode+0x232/0x3b0 [ 735.848195] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 735.853056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.858249] RIP: 0033:0x457ec9 [ 735.861469] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:08:16 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00'}) [ 735.880388] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 735.888099] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 735.895388] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 735.902659] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 735.909938] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 735.917210] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:18 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:18 executing program 2: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xfffff000}, 0x14}}, 0x0) 18:08:18 executing program 1 (fault-call:9 fault-nth:70): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:18 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000300)=""/11, 0xb) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = dup2(r0, r0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) syz_execute_func(&(0x7f0000000040)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) recvmmsg(r1, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000500)=""/53, 0x35}], 0x1}}], 0x1, 0x0, 0x0) ioctl$EVIOCGBITSND(r2, 0x80404532, 0x0) r3 = fcntl$dupfd(r1, 0x0, r1) shutdown(r3, 0x0) [ 738.637591] FAULT_INJECTION: forcing a failure. [ 738.637591] name failslab, interval 1, probability 0, space 0, times 0 [ 738.662170] CPU: 1 PID: 26960 Comm: syz-executor1 Not tainted 4.20.0+ #1 [ 738.669025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.678381] Call Trace: [ 738.680984] dump_stack+0x1db/0x2d0 [ 738.684638] ? dump_stack_print_info.cold+0x20/0x20 [ 738.689674] ? find_held_lock+0x35/0x120 [ 738.693766] ? security_sid_to_context_core.isra.0+0x272/0x320 [ 738.699767] should_fail.cold+0xa/0x15 [ 738.703687] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 738.708848] ? ___might_sleep+0x1e7/0x310 [ 738.708867] ? arch_local_save_flags+0x50/0x50 [ 738.708883] ? kasan_check_write+0x14/0x20 [ 738.708900] ? do_raw_read_unlock+0x3f/0x70 [ 738.717638] ? _raw_read_unlock+0x2d/0x50 [ 738.717662] __should_failslab+0x121/0x190 [ 738.717700] should_failslab+0x9/0x14 [ 738.738374] __kmalloc+0x2dc/0x740 [ 738.741946] ? selinux_inode_init_security+0x4ac/0x870 [ 738.747251] ? simple_xattr_alloc+0x3e/0xb0 [ 738.751596] simple_xattr_alloc+0x3e/0xb0 [ 738.755764] shmem_initxattrs+0xfc/0x1f0 [ 738.759846] security_inode_init_security+0x32f/0x430 [ 738.765048] ? shmem_tmpfile+0x120/0x120 [ 738.769132] ? unregister_lsm_notifier+0x30/0x30 [ 738.773907] ? d_alloc+0x2a3/0x420 [ 738.777463] ? __d_alloc+0xbe0/0xbe0 [ 738.781197] shmem_mknod+0xc9/0x1f0 18:08:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x9effffff}, 0x14}}, 0x0) 18:08:18 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff\x00'}) 18:08:18 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) [ 738.784850] shmem_rename2+0x362/0x780 [ 738.788761] vfs_rename+0x80a/0x1ab0 [ 738.792513] ? lookup_one_len+0x230/0x230 [ 738.796672] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 738.802215] ? ovl_path_type+0x2b6/0x3e0 [ 738.806284] ? ovl_dentry_weird+0x50/0x50 [ 738.810453] ? ovl_path_real+0x410/0x410 [ 738.814529] ovl_rename+0xcc1/0x1ab0 [ 738.818262] ? ovl_clear_empty+0x6f0/0x6f0 [ 738.822586] vfs_rename+0x80a/0x1ab0 [ 738.822615] ? lookup_one_len+0x230/0x230 [ 738.822629] ? lock_rename+0xdb/0x290 [ 738.822662] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 738.830519] ? security_path_rename+0x185/0x310 [ 738.830540] do_renameat2+0xdf2/0x1120 [ 738.830588] ? user_path_create+0x50/0x50 [ 738.830610] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 738.830624] ? fput+0x128/0x1a0 [ 738.830648] ? do_syscall_64+0x8c/0x800 [ 738.865548] ? lockdep_hardirqs_on+0x415/0x5d0 [ 738.870149] ? trace_hardirqs_on+0xbd/0x310 [ 738.874473] ? __ia32_sys_read+0xb0/0xb0 [ 738.878541] ? trace_hardirqs_off_caller+0x300/0x300 [ 738.883660] __x64_sys_renameat+0x9a/0x100 18:08:19 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff'}) 18:08:19 executing program 0: syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply={0xffffff83, 0x2}}}}}, 0x0) [ 738.887920] do_syscall_64+0x1a3/0x800 [ 738.891816] ? syscall_return_slowpath+0x5f0/0x5f0 [ 738.896776] ? prepare_exit_to_usermode+0x232/0x3b0 [ 738.901807] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 738.906673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 738.911865] RIP: 0033:0x457ec9 [ 738.911882] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:08:19 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 738.911890] RSP: 002b:00007f254f1b5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 738.911905] RAX: ffffffffffffffda RBX: 00007f254f1b5c90 RCX: 0000000000457ec9 [ 738.911913] RDX: 0000000000000004 RSI: 0000000020000240 RDI: 0000000000000004 [ 738.911925] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 738.934018] R10: 00000000200007c0 R11: 0000000000000246 R12: 00007f254f1b66d4 [ 738.934027] R13: 00000000004c491b R14: 00000000004d7e70 R15: 0000000000000005 18:08:21 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:21 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x3f000000}, 0x14}}, 0x0) 18:08:21 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}}], 0x0, 0x0, 0x0}) 18:08:21 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:21 executing program 1 (fault-call:9 fault-nth:71): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:21 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:21 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 741.718089] binder: 27000:27009 got transaction to invalid handle [ 741.756826] binder: 27000:27009 transaction failed 29201/-22, size 0-0 line 2896 18:08:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf000}, 0x14}}, 0x0) 18:08:21 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 741.804784] binder: undelivered TRANSACTION_ERROR: 29201 18:08:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000240)=0x4000000, 0x4) 18:08:22 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f'}) 18:08:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x6000000000000000}, 0x14}}, 0x0) 18:08:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000240)=0x4000000, 0x4) 18:08:22 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000340)) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd'}) 18:08:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x1000000000000000}, 0x14}}, 0x0) 18:08:22 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000240)=0x4000000, 0x4) 18:08:22 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:22 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:25 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x4000000}, 0x14}}, 0x0) 18:08:25 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, &(0x7f0000000340)={0x0, 0x0, {0x1ff, 0x6, 0x0, 0x7, 0x7, 0x1, 0x1, 0x3}}) open(&(0x7f0000000000)='.//ile0\x00', 0x8000, 0x24) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff\xff'}) 18:08:25 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000000240)=0x4000000, 0x4) 18:08:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x6, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:25 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x1000000}, 0x14}}, 0x0) 18:08:25 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) 18:08:25 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:25 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x4000000000000000) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000000)={0x4, 0x0, 0x2, 0x4}) ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, &(0x7f0000000180)={0x2, r2, 0x0, 0x80000001}) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') pivot_root(&(0x7f0000000280)='./file1\x00', &(0x7f0000000340)='./file0\x00') 18:08:28 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:28 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) 18:08:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xe000000}, 0x14}}, 0x0) 18:08:28 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd\xff'}) 18:08:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:28 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000340)) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,wo=./file1']) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000000)={0x0}) chroot(&(0x7f0000000280)='./file1\x00') ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f0000000180)={r1, 0x2}) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) [ 748.183011] overlayfs: unrecognized mount option "wo=./file1" or missing value 18:08:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x3f00}, 0x14}}, 0x0) 18:08:28 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:28 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) [ 748.257301] overlayfs: unrecognized mount option "wo=./file1" or missing value 18:08:28 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723c9d8fcc0b32403cc8a940dfe9f62e2f66696c65302c6c6fdf2e726469723d2e3a666d6c65302c776f726b6469723d2e2f66696c6531"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xa}, 0x14}}, 0x0) [ 748.473132] overlayfs: unrecognized mount option "upperdir< 2@<ȩ@./file0" or missing value [ 748.522860] overlayfs: unrecognized mount option "upperdir< 2@<ȩ@./file0" or missing value 18:08:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf0ffffff00000000}, 0x14}}, 0x0) 18:08:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) ioctl$IMGETCOUNT(r5, 0x80044943, &(0x7f0000000240)) 18:08:31 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:31 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$KDSETMODE(r0, 0x4b3a, 0x1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xf0ffffff}, 0x14}}, 0x0) 18:08:31 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 751.315397] overlayfs: filesystem on './file0' not supported as upperdir 18:08:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000000)) 18:08:31 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x27e, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000180)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xa00}, 0x14}}, 0x0) 18:08:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd'}) [ 751.583841] overlayfs: workdir and upperdir must reside under the same mount [ 751.597743] overlayfs: workdir and upperdir must reside under the same mount 18:08:31 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) r5 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) ioctl$KDENABIO(r5, 0x4b36) 18:08:31 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000000000)='tmpfs\x00', 0x48, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = getpid() getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@mcast2, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@multicast1}}, &(0x7f0000000540)=0xe8) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000580)={0x1, 0x8, r1, 0x0, r2, 0x0, 0x29, 0xbc}) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="757070657264dad13d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469723d2e2f66696c6531"]) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000180)=0x6ef2dafdbdeadb97, 0x4) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r3, 0x4008ae73, &(0x7f00000003c0)={0x7, 0x4}) renameat(r3, &(0x7f0000000240)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') open$dir(&(0x7f0000000400)='./file1\x00', 0x40, 0x80) r4 = getpgrp(0x0) fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000280)={0x3, 0xfff, r4, 0x0, r5, 0x0, 0xe3, 0x5}) 18:08:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x2000000}, 0x14}}, 0x0) 18:08:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) 18:08:31 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) [ 751.838003] overlayfs: unrecognized mount option "upperd=./file0" or missing value 18:08:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x8000000}, 0x14}}, 0x0) [ 751.886415] overlayfs: unrecognized mount option "upperd=./file0" or missing value 18:08:34 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd\xfd'}) 18:08:34 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) 18:08:34 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x100, 0x0) 18:08:34 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="75704f000000000000002f66696c65302c6c6f776572e469723d2e3a66696c65302c776f726b6469723d2e18535b88c41c979dd7292f66696c653177a66d7555688f1e610421a3f26d2b284d35d573"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x1, 0x41) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') fchmodat(r1, &(0x7f0000000000)='./file0\x00', 0x1) 18:08:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x10000000}, 0x14}}, 0x0) 18:08:34 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x100, 0x0) 18:08:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x3}, 0x14}}, 0x0) [ 754.504485] overlayfs: unrecognized mount option "upO" or missing value [ 754.525785] overlayfs: unrecognized mount option "upO" or missing value 18:08:34 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:34 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) 18:08:34 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469723d2e2f6669a679a19797f3b42d13d5fae38487dc3068ebcaef4a2bec6a2ad542c99b2f1c0c8329a92a966bd4bba063450aec8760824f391852b2911a10ad47e194dda0b30beb2e09f6373379f52db2238827fddba30caeef731377ff7932070fb43c31b018f1f1375e52f9ef0a00993613bfc343b79e93e78adfb7e9152cf4a9a000c0ed949efe1f8d668e488894681f7edf074487df9dbd4195020e9e91e6aa67b147179f2c110718a0fabf7096d849aaab22024c76f1440000000000000000"]) r2 = open(&(0x7f0000000080)='./file0\x00', 0x2100, 0x4) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xfffffffffffff000}, 0x14}}, 0x0) [ 754.811506] overlayfs: failed to resolve './fiy-ㄇ0hJ+j*Bɛ/ )*kԻcE [ 754.811506] `O9RGݠ . 73y-#'ۣ swy2<17^R [ 754.811506] ': -2 [ 754.834840] overlayfs: failed to resolve './fiy-ㄇ0hJ+j*Bɛ/ )*kԻcE [ 754.834840] `O9RGݠ . 73y-#'ۣ swy2<17^R [ 754.834840] ': -2 18:08:37 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) 18:08:37 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x100, 0x0) 18:08:37 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xc00e000000000000}, 0x14}}, 0x0) 18:08:37 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r3, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000180)={0x5, 0x20, 0x0, 0x3ca, 0x1a, 0x8001, 0x2fb, 0xffffffffffffffa7, 0x12}) 18:08:37 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000180)={0x0, &(0x7f0000000000), 0x2, r1, 0xe}) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xe00000000000000}, 0x14}}, 0x0) 18:08:37 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) 18:08:37 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:37 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) creat(&(0x7f0000000000)='./file1\x00', 0x4) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e3a66696c65302c776f726b6469723d2e2f66696c6531ed091177ec6d63985a9251cd1ef8db984034892438b134bd42cc523e2dffc0ecf39007cc7e21129d884cbcbec34588e5d6957404e6e6deef95ffb9460d39bb428b6fd8f5723c5628396e44fb2b34c337cb676f4d223aac0557a8894b6cb0e919"]) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:37 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) 18:08:37 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 757.823515] overlayfs: failed to resolve './file1 wmcZQۘ@4$84BR>-~!LE֕tF 9Bor-~!LE֕tF 9Bor0x0, @in={{0x2, 0x4e22, @empty}}}, &(0x7f0000000000)=0x84) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000180)={r2, 0x7f}, &(0x7f0000000280)=0x8) 18:08:40 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x100, 0x0) 18:08:40 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) write$binfmt_misc(r1, &(0x7f00000000c0)=ANY=[], 0xffa8) 18:08:40 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x1000000}, 0x14}}, 0x0) [ 760.664922] overlayfs: unrecognized mount option "upperdiZ{./file0" or missing value 18:08:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xffffffff00000000}, 0x14}}, 0x0) 18:08:40 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f'}) [ 760.705382] overlayfs: unrecognized mount option "upperdiZ{./file0" or missing value 18:08:40 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x400, 0x430400) 18:08:40 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f0000000180)='./file0\x00', 0x101, 0x7, &(0x7f0000000640)=[{&(0x7f0000000280)="61951d6b7387fc48f335efb2b4e7a707e2abc2b75462", 0x16, 0x4}, {&(0x7f0000000340)="5b13e4fa6f86487d6f0358fea6dd8a2e4c", 0x11}, {&(0x7f0000000380)="6b6fb3d3cff493fe6330afe53b18d6af02c78e0dc77a9b7652c40d89d5886126630bde83998f23b31836f863ff0ac282a2611ad24f3b49", 0x37, 0x400}, {&(0x7f00000003c0)="afdacdf27419076602af03a8eecdf03887ae0e717550006ab7cd8215fbfb19286270a3a590fe2cd21e005fc3b7ab89a75d4edec5dd4779af51e1ffda5f1042d69241a3e4620e1c47c8ee94fe97164b6eb44a12b910110a461674b0041bbcaf90c695ccab32a997d7bea43a4f00e41b94b8a6fca1bf80a06bdbe830a1f6e6a2fdf95aeefa945f50980fa1226ab8c55b2d4d799055b70eb645333b2e2e00c12f728c27f707633d868bfe92522ae4f739a99835ddf2a4ee6779a50cdf0764e07b040f2171d320ba73d95f228d123400c81f", 0xd0, 0xfff}, {&(0x7f00000004c0)="3c7223f8b3182fd97e56104a26f9b260d26baf9e367da445820a1e34f7b9e9282b27449564276b52ddeb5fbfa55e55beae0da7215e1d0d7cb76580575a2bc32244dba5df3dbc625cd992df5db45bac40cf16a7aa22c8492a30", 0x59, 0x39925e4c}, {&(0x7f0000000540)="49fd57c65629760612d19de80216bc1d2c628003920190d7f316e8c5e900", 0x1e, 0x710da135}, {&(0x7f0000000580)="860e2dfd539f9a1b75f69dff510e37a1818d4afafb62886f2917c0ed6a336c27f0ee8e169435f89f6fee6aa94407e82904b6050f5d94a9788b93df30107058ef70eec4863ef9ec59287145484fa00704e86a020adb98b2922500ed51df329e67294fe8596f27ab424c6f64c22d3cbb994a35f4855474d1a50dadaddc21162f163f8e00709d074163279f2c21728cfffddbe05968b41672568be0128def3e34590815fd0d26", 0xa5, 0xffffffffffffffe0}], 0x2000000, 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x3000000}, 0x14}}, 0x0) [ 760.987216] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 761.066432] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. 18:08:43 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 18:08:43 executing program 2: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00'}) 18:08:43 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:43 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) 18:08:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x4}, 0x14}}, 0x0) 18:08:43 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') 18:08:43 executing program 2 (fault-call:3 fault-nth:0): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) 18:08:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xfffffff0}, 0x14}}, 0x0) 18:08:43 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfd'}) [ 763.759357] overlayfs: filesystem on './file0' not supported as upperdir 18:08:43 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7570706572646972392e01726469723d2e3a7b696c655af82bae714e59302c776f726b6469723d"]) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000000)=0x4, 0x4) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 763.904292] FAULT_INJECTION: forcing a failure. [ 763.904292] name failslab, interval 1, probability 0, space 0, times 0 [ 763.938918] CPU: 0 PID: 27403 Comm: syz-executor2 Not tainted 4.20.0+ #1 [ 763.945776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 763.955141] overlayfs: unrecognized mount option "upperdir9.rdir=.:{ileZ+qNY0" or missing value [ 763.964230] Call Trace: [ 763.964281] dump_stack+0x1db/0x2d0 [ 763.964306] ? dump_stack_print_info.cold+0x20/0x20 [ 763.964337] should_fail.cold+0xa/0x15 [ 763.979409] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 763.984523] ? ___might_sleep+0x1e7/0x310 [ 763.988497] overlayfs: unrecognized mount option "upperdir9.rdir=.:{ileZ+qNY0" or missing value [ 763.988680] ? arch_local_save_flags+0x50/0x50 18:08:44 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) connect$unix(r0, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000440)='/dev/autofs\x00', 0x0, 0x0) renameat(r2, &(0x7f0000000240)='.//ile0\x00', r2, &(0x7f00000007c0)='./file0/f.le.\x00') ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f00000003c0)={0x8, 0x3, 0x4, 0x4, {}, {0x2, 0x0, 0x8, 0x9, 0x79f, 0x20, "a60f3c5a"}, 0x7, 0x0, @planes=&(0x7f0000000280)={0x7, 0x4, @userptr, 0x2}, 0x4}) bind$bt_rfcomm(r2, &(0x7f0000000180)={0x1f, {0x1ff, 0x7, 0x81, 0x0, 0x1, 0x9}, 0x2}, 0xa) [ 764.002397] __should_failslab+0x121/0x190 [ 764.006726] should_failslab+0x9/0x14 [ 764.010531] __kmalloc+0x2dc/0x740 [ 764.014095] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 764.019751] ? x25_asy_open_tty+0x470/0x80b [ 764.024120] x25_asy_open_tty+0x470/0x80b [ 764.028267] ? x25_asy_close_tty+0x220/0x220 [ 764.032670] ? up_write+0x7b/0x230 [ 764.036193] ? down_write_nested+0x130/0x130 [ 764.040615] ? down_read+0x120/0x120 [ 764.044370] ? x25_asy_close_tty+0x220/0x220 [ 764.048819] tty_ldisc_open.isra.0+0x8b/0xe0 [ 764.053225] tty_set_ldisc+0x2d7/0x690 [ 764.057137] tty_ioctl+0xffa/0x16c0 [ 764.060751] ? tty_vhangup+0x30/0x30 [ 764.064481] ? __fget+0x472/0x710 [ 764.067942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 764.073475] ? lock_downgrade+0x910/0x910 [ 764.077614] ? kasan_check_read+0x11/0x20 [ 764.081765] ? ___might_sleep+0x1e7/0x310 [ 764.085897] ? arch_local_save_flags+0x50/0x50 [ 764.090462] ? __fget+0x499/0x710 [ 764.093905] ? __might_sleep+0x95/0x190 [ 764.097912] ? tty_vhangup+0x30/0x30 [ 764.101609] do_vfs_ioctl+0x107b/0x17d0 [ 764.105600] ? selinux_file_ioctl+0x511/0x720 [ 764.110095] ? selinux_file_ioctl+0x125/0x720 [ 764.114608] ? ioctl_preallocate+0x2f0/0x2f0 [ 764.119010] ? selinux_file_mprotect+0x620/0x620 [ 764.123749] ? __fget_light+0x2db/0x420 [ 764.127748] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 764.133270] ? fput+0x128/0x1a0 [ 764.136535] ? do_syscall_64+0x8c/0x800 [ 764.140508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 764.146031] ? security_file_ioctl+0x93/0xc0 [ 764.150424] ksys_ioctl+0xab/0xd0 [ 764.153880] __x64_sys_ioctl+0x73/0xb0 [ 764.157750] do_syscall_64+0x1a3/0x800 [ 764.161623] ? syscall_return_slowpath+0x5f0/0x5f0 [ 764.166540] ? prepare_exit_to_usermode+0x232/0x3b0 [ 764.171557] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 764.176414] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 764.181583] RIP: 0033:0x457ec9 [ 764.184942] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 18:08:44 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x300000000000000}, 0x14}}, 0x0) [ 764.203921] RSP: 002b:00007feb197e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 764.211615] RAX: ffffffffffffffda RBX: 00007feb197e4c90 RCX: 0000000000457ec9 [ 764.218905] RDX: 0000000020000740 RSI: 0000000000005423 RDI: 0000000000000004 [ 764.226171] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 764.233442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb197e56d4 [ 764.240699] R13: 00000000004c207b R14: 00000000004d4450 R15: 0000000000000005 [ 764.386311] overlayfs: filesystem on './file0' not supported as upperdir 18:08:46 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 18:08:46 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) 18:08:46 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0xab070000}, 0x14}}, 0x0) 18:08:46 executing program 2 (fault-call:3 fault-nth:1): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) 18:08:46 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r0, &(0x7f0000000280)='.//ile0\x00', r1, &(0x7f0000000340)='./file0/f.le.\x00') 18:08:46 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00003e0000)='/dev/ptmx\x00', 0x6, 0x0) recvmsg(r0, &(0x7f00000006c0)={&(0x7f0000000440)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)=""/176, 0xb0}], 0x1, &(0x7f00000005c0)=""/207, 0xcf}, 0x40000100) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)) syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000740)=0x6) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x100, 0x0) write$UHID_CREATE(r2, &(0x7f0000000300)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f00000002c0)=""/41, 0x29, 0x0, 0x3, 0x0, 0x63c3, 0x20}, 0x120) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x3e, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000100)={0x3, 0x100000000, 0x400, 0x8000, 0xc248, 0x1169}) [ 766.848695] FAULT_INJECTION: forcing a failure. [ 766.848695] name failslab, interval 1, probability 0, space 0, times 0 [ 766.873137] CPU: 0 PID: 27436 Comm: syz-executor2 Not tainted 4.20.0+ #1 [ 766.879992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 766.879999] Call Trace: [ 766.880023] dump_stack+0x1db/0x2d0 18:08:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x0, 0x400000000000000}, 0x14}}, 0x0) 18:08:47 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x5890, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x2a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 18:08:47 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) [ 766.880048] ? dump_stack_print_info.cold+0x20/0x20 [ 766.900574] ? print_usage_bug+0xd0/0xd0 [ 766.904645] should_fail.cold+0xa/0x15 [ 766.908533] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 766.913638] ? ___might_sleep+0x1e7/0x310 [ 766.913653] ? arch_local_save_flags+0x50/0x50 [ 766.913680] __should_failslab+0x121/0x190 [ 766.913697] should_failslab+0x9/0x14 [ 766.913710] __kmalloc+0x2dc/0x740 [ 766.913729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 766.913746] ? x25_asy_open_tty+0x4b8/0x80b [ 766.913764] x25_asy_open_tty+0x4b8/0x80b [ 766.913780] ? x25_asy_close_tty+0x220/0x220 [ 766.952405] ? up_write+0x7b/0x230 [ 766.955961] ? down_write_nested+0x130/0x130 [ 766.960371] ? down_read+0x120/0x120 [ 766.964095] ? x25_asy_close_tty+0x220/0x220 [ 766.968563] tty_ldisc_open.isra.0+0x8b/0xe0 [ 766.968579] tty_set_ldisc+0x2d7/0x690 [ 766.968600] tty_ioctl+0xffa/0x16c0 [ 766.968617] ? tty_vhangup+0x30/0x30 [ 766.984208] ? __fget+0x472/0x710 [ 766.987665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 766.993214] ? lock_downgrade+0x910/0x910 [ 766.997380] ? kasan_check_read+0x11/0x20 [ 767.001559] ? ___might_sleep+0x1e7/0x310 [ 767.005715] ? arch_local_save_flags+0x50/0x50 [ 767.010294] ? __fget+0x499/0x710 [ 767.010318] ? __might_sleep+0x95/0x190 [ 767.010336] ? tty_vhangup+0x30/0x30 [ 767.010350] do_vfs_ioctl+0x107b/0x17d0 [ 767.010383] ? selinux_file_ioctl+0x511/0x720 [ 767.010398] ? selinux_file_ioctl+0x125/0x720 [ 767.010412] ? ioctl_preallocate+0x2f0/0x2f0 [ 767.010427] ? selinux_file_mprotect+0x620/0x620 [ 767.010441] ? __fget_light+0x2db/0x420 18:08:47 executing program 4: r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000440)={0x0, 0x0, 0x0, 'queue1\x00'}) [ 767.010463] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 767.050922] overlayfs: filesystem on './file0' not supported as upperdir [ 767.053645] ? fput+0x128/0x1a0 [ 767.063791] ? do_syscall_64+0x8c/0x800 [ 767.067777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.073325] ? security_file_ioctl+0x93/0xc0 [ 767.077743] ksys_ioctl+0xab/0xd0 [ 767.081204] __x64_sys_ioctl+0x73/0xb0 [ 767.085133] do_syscall_64+0x1a3/0x800 [ 767.089031] ? syscall_return_slowpath+0x5f0/0x5f0 [ 767.093961] ? prepare_exit_to_usermode+0x232/0x3b0 18:08:47 executing program 1: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='overlay\x00') symlink(&(0x7f0000000040)='./file0/f.le.\x00', &(0x7f0000000140)='.//ile0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r1, &(0x7f0000000240)='.//ile0\x00', r1, &(0x7f00000007c0)='./file0/f.le.\x00') [ 767.098988] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 767.103880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.109064] RIP: 0033:0x457ec9 [ 767.112258] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 767.112267] RSP: 002b:00007feb197e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 767.112280] RAX: ffffffffffffffda RBX: 00007feb197e4c90 RCX: 0000000000457ec9 [ 767.112288] RDX: 0000000020000740 RSI: 0000000000005423 RDI: 0000000000000004 [ 767.112296] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 767.112303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb197e56d4 [ 767.112311] R13: 00000000004c207b R14: 00000000004d4450 R15: 0000000000000005 [ 767.145029] ================================================================== [ 767.183048] BUG: KASAN: double-free or invalid-free in x25_asy_free+0x37/0x140 [ 767.190395] [ 767.192042] CPU: 0 PID: 27436 Comm: syz-executor2 Not tainted 4.20.0+ #1 18:08:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x0, 0xab07000000000000}, 0x14}}, 0x0) [ 767.198876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.208219] Call Trace: [ 767.210809] dump_stack+0x1db/0x2d0 [ 767.214447] ? dump_stack_print_info.cold+0x20/0x20 [ 767.219469] ? debug_check_no_obj_freed+0x2f8/0x588 [ 767.224498] print_address_description.cold+0x7c/0x20d [ 767.229787] ? x25_asy_free+0x37/0x140 [ 767.233685] kasan_report_invalid_free+0x65/0xa0 [ 767.238453] ? x25_asy_free+0x37/0x140 [ 767.242349] __kasan_slab_free+0x13a/0x150 [ 767.246606] ? x25_asy_free+0x37/0x140 18:08:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x0, 0x9effffff}, 0x14}}, 0x0) [ 767.250506] kasan_slab_free+0xe/0x10 [ 767.254331] kfree+0xcf/0x230 [ 767.257452] x25_asy_free+0x37/0x140 [ 767.261177] x25_asy_open_tty+0x67b/0x80b [ 767.265398] ? x25_asy_close_tty+0x220/0x220 [ 767.269814] ? up_write+0x7b/0x230 [ 767.273378] ? down_write_nested+0x130/0x130 [ 767.277803] ? down_read+0x120/0x120 [ 767.281527] ? x25_asy_close_tty+0x220/0x220 [ 767.285958] tty_ldisc_open.isra.0+0x8b/0xe0 [ 767.290381] tty_set_ldisc+0x2d7/0x690 [ 767.294284] tty_ioctl+0xffa/0x16c0 18:08:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x0, 0xc00e}, 0x14}}, 0x0) [ 767.297926] ? tty_vhangup+0x30/0x30 [ 767.301648] ? __fget+0x472/0x710 [ 767.305125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.310675] ? lock_downgrade+0x910/0x910 [ 767.314828] ? kasan_check_read+0x11/0x20 [ 767.318992] ? ___might_sleep+0x1e7/0x310 [ 767.323157] ? arch_local_save_flags+0x50/0x50 [ 767.327739] ? __fget+0x499/0x710 [ 767.331221] ? __might_sleep+0x95/0x190 [ 767.335205] ? tty_vhangup+0x30/0x30 [ 767.338930] do_vfs_ioctl+0x107b/0x17d0 [ 767.342931] ? selinux_file_ioctl+0x511/0x720 [ 767.347444] ? selinux_file_ioctl+0x125/0x720 [ 767.351943] ? ioctl_preallocate+0x2f0/0x2f0 [ 767.356374] ? selinux_file_mprotect+0x620/0x620 [ 767.361145] ? __fget_light+0x2db/0x420 [ 767.365173] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 767.370712] ? fput+0x128/0x1a0 [ 767.373991] ? do_syscall_64+0x8c/0x800 [ 767.377991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.383531] ? security_file_ioctl+0x93/0xc0 [ 767.387941] ksys_ioctl+0xab/0xd0 [ 767.391402] __x64_sys_ioctl+0x73/0xb0 [ 767.395306] do_syscall_64+0x1a3/0x800 18:08:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x14, r1, 0x301, 0x0, 0xe00}, 0x14}}, 0x0) [ 767.399225] ? syscall_return_slowpath+0x5f0/0x5f0 [ 767.404189] ? prepare_exit_to_usermode+0x232/0x3b0 [ 767.409217] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 767.414087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.419287] RIP: 0033:0x457ec9 [ 767.422482] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 767.441385] RSP: 002b:00007feb197e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 767.449095] RAX: ffffffffffffffda RBX: 00007feb197e4c90 RCX: 0000000000457ec9 [ 767.456377] RDX: 0000000020000740 RSI: 0000000000005423 RDI: 0000000000000004 [ 767.463643] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 767.470908] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb197e56d4 [ 767.478193] R13: 00000000004c207b R14: 00000000004d4450 R15: 0000000000000005 [ 767.485498] [ 767.487152] Allocated by task 27436: [ 767.490901] save_stack+0x45/0xd0 [ 767.494369] kasan_kmalloc+0xcf/0xe0 [ 767.498081] __kmalloc+0x15c/0x740 [ 767.501637] x25_asy_open_tty+0x470/0x80b [ 767.505797] tty_ldisc_open.isra.0+0x8b/0xe0 [ 767.510208] tty_set_ldisc+0x2d7/0x690 [ 767.514122] tty_ioctl+0xffa/0x16c0 [ 767.517750] do_vfs_ioctl+0x107b/0x17d0 [ 767.521736] ksys_ioctl+0xab/0xd0 [ 767.525188] __x64_sys_ioctl+0x73/0xb0 [ 767.529088] do_syscall_64+0x1a3/0x800 [ 767.533002] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.538183] [ 767.539808] Freed by task 27436: [ 767.543181] save_stack+0x45/0xd0 [ 767.546631] __kasan_slab_free+0x102/0x150 [ 767.550863] kasan_slab_free+0xe/0x10 [ 767.550874] kfree+0xcf/0x230 [ 767.550886] x25_asy_open_tty+0x66e/0x80b [ 767.550896] tty_ldisc_open.isra.0+0x8b/0xe0 [ 767.550937] tty_set_ldisc+0x2d7/0x690 [ 767.550949] tty_ioctl+0xffa/0x16c0 [ 767.550975] do_vfs_ioctl+0x107b/0x17d0 [ 767.550985] ksys_ioctl+0xab/0xd0 [ 767.551010] __x64_sys_ioctl+0x73/0xb0 [ 767.551037] do_syscall_64+0x1a3/0x800 [ 767.551051] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.562052] [ 767.562063] The buggy address belongs to the object at ffff88808f27c940 [ 767.562063] which belongs to the cache kmalloc-1k of size 1024 [ 767.562075] The buggy address is located 0 bytes inside of [ 767.562075] 1024-byte region [ffff88808f27c940, ffff88808f27cd40) [ 767.562079] The buggy address belongs to the page: [ 767.562092] page:ffffea00023c9f00 count:1 mapcount:0 mapping:ffff88812c3f0ac0 index:0x0 compound_mapcount: 0 [ 767.562133] flags: 0x1fffc0000010200(slab|head) [ 767.562152] raw: 01fffc0000010200 ffffea00022c8c88 ffffea000226d708 ffff88812c3f0ac0 [ 767.562184] raw: 0000000000000000 ffff88808f27c040 0000000100000007 0000000000000000 [ 767.562189] page dumped because: kasan: bad access detected [ 767.562193] [ 767.562197] Memory state around the buggy address: [ 767.562224] ffff88808f27c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 767.562235] ffff88808f27c880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 767.562247] >ffff88808f27c900: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 767.562253] ^ [ 767.562264] ffff88808f27c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 767.562275] ffff88808f27ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 767.562284] ================================================================== [ 767.717657] Disabling lock debugging due to kernel taint [ 767.723124] Kernel panic - not syncing: panic_on_warn set ... [ 767.729021] CPU: 0 PID: 27436 Comm: syz-executor2 Tainted: G B 4.20.0+ #1 [ 767.737267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 767.746598] Call Trace: [ 767.749190] dump_stack+0x1db/0x2d0 [ 767.752817] ? dump_stack_print_info.cold+0x20/0x20 [ 767.757894] panic+0x2cb/0x589 [ 767.761098] ? add_taint.cold+0x16/0x16 [ 767.765068] ? kasan_check_read+0x11/0x20 [ 767.769199] ? trace_hardirqs_on_caller+0x310/0x310 [ 767.774217] ? do_raw_spin_trylock+0x270/0x270 [ 767.778781] ? add_taint.cold+0x5/0x16 [ 767.782647] ? trace_hardirqs_off+0xaf/0x310 [ 767.787042] ? x25_asy_free+0x37/0x140 [ 767.790924] end_report+0x47/0x4f [ 767.794383] kasan_report_invalid_free+0x82/0xa0 [ 767.799135] ? x25_asy_free+0x37/0x140 [ 767.803032] __kasan_slab_free+0x13a/0x150 [ 767.809087] ? x25_asy_free+0x37/0x140 [ 767.812978] kasan_slab_free+0xe/0x10 [ 767.816807] kfree+0xcf/0x230 [ 767.819934] x25_asy_free+0x37/0x140 [ 767.823636] x25_asy_open_tty+0x67b/0x80b [ 767.827768] ? x25_asy_close_tty+0x220/0x220 [ 767.832197] ? up_write+0x7b/0x230 [ 767.835743] ? down_write_nested+0x130/0x130 [ 767.840136] ? down_read+0x120/0x120 [ 767.843834] ? x25_asy_close_tty+0x220/0x220 [ 767.848226] tty_ldisc_open.isra.0+0x8b/0xe0 [ 767.852621] tty_set_ldisc+0x2d7/0x690 [ 767.856520] tty_ioctl+0xffa/0x16c0 [ 767.860182] ? tty_vhangup+0x30/0x30 [ 767.863879] ? __fget+0x472/0x710 [ 767.867318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.872848] ? lock_downgrade+0x910/0x910 [ 767.876986] ? kasan_check_read+0x11/0x20 [ 767.881141] ? ___might_sleep+0x1e7/0x310 [ 767.885294] ? arch_local_save_flags+0x50/0x50 [ 767.889874] ? __fget+0x499/0x710 [ 767.893347] ? __might_sleep+0x95/0x190 [ 767.897317] ? tty_vhangup+0x30/0x30 [ 767.901011] do_vfs_ioctl+0x107b/0x17d0 [ 767.904968] ? selinux_file_ioctl+0x511/0x720 [ 767.909446] ? selinux_file_ioctl+0x125/0x720 [ 767.913942] ? ioctl_preallocate+0x2f0/0x2f0 [ 767.918332] ? selinux_file_mprotect+0x620/0x620 [ 767.923069] ? __fget_light+0x2db/0x420 [ 767.927037] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 767.932561] ? fput+0x128/0x1a0 [ 767.935831] ? do_syscall_64+0x8c/0x800 [ 767.939787] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 767.945302] ? security_file_ioctl+0x93/0xc0 [ 767.949703] ksys_ioctl+0xab/0xd0 [ 767.953137] __x64_sys_ioctl+0x73/0xb0 [ 767.957004] do_syscall_64+0x1a3/0x800 [ 767.960874] ? syscall_return_slowpath+0x5f0/0x5f0 [ 767.965794] ? prepare_exit_to_usermode+0x232/0x3b0 [ 767.970804] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 767.975634] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 767.980825] RIP: 0033:0x457ec9 [ 767.983996] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 768.002875] RSP: 002b:00007feb197e4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 768.010575] RAX: ffffffffffffffda RBX: 00007feb197e4c90 RCX: 0000000000457ec9 [ 768.017833] RDX: 0000000020000740 RSI: 0000000000005423 RDI: 0000000000000004 [ 768.025079] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 768.032333] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feb197e56d4 [ 768.039619] R13: 00000000004c207b R14: 00000000004d4450 R15: 0000000000000005 [ 768.047911] Kernel Offset: disabled [ 768.051534] Rebooting in 86400 seconds..