ent_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2392.869459] FAULT_INJECTION: forcing a failure. [ 2392.869459] name failslab, interval 1, probability 0, space 0, times 0 [ 2392.870817] CPU: 1 PID: 10577 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2392.871624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2392.872586] Call Trace: [ 2392.872891] dump_stack+0x107/0x167 [ 2392.873318] should_fail.cold+0x5/0xa [ 2392.873767] ? percpu_ref_init+0xd8/0x3d0 [ 2392.874249] should_failslab+0x5/0x20 [ 2392.874695] kmem_cache_alloc_trace+0x55/0x320 [ 2392.875231] ? io_tctx_exit_cb+0xf0/0xf0 [ 2392.875710] percpu_ref_init+0xd8/0x3d0 [ 2392.876183] io_uring_setup+0x47a/0x2980 [ 2392.876661] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2392.877227] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2392.877818] ? wait_for_completion_io+0x270/0x270 [ 2392.878380] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2392.878992] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2392.879583] do_syscall_64+0x33/0x40 [ 2392.880018] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2392.880613] RIP: 0033:0x7f7d233a8b19 [ 2392.881048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2392.883184] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2392.884070] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2392.884894] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2392.885681] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2392.886506] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2392.887334] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:46:28 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, 0x0, 0x2bff3346) 22:46:28 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, 0x0, 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2406.359483] FAULT_INJECTION: forcing a failure. [ 2406.359483] name failslab, interval 1, probability 0, space 0, times 0 [ 2406.362038] CPU: 1 PID: 10598 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2406.363514] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2406.365312] Call Trace: [ 2406.365888] dump_stack+0x107/0x167 [ 2406.366679] should_fail.cold+0x5/0xa [ 2406.367505] ? create_object.isra.0+0x3a/0xa30 [ 2406.368513] should_failslab+0x5/0x20 [ 2406.369339] kmem_cache_alloc+0x5b/0x310 [ 2406.370221] create_object.isra.0+0x3a/0xa30 [ 2406.371159] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2406.372288] kmem_cache_alloc_trace+0x151/0x320 [ 2406.373295] ? io_tctx_exit_cb+0xf0/0xf0 [ 2406.374175] percpu_ref_init+0xd8/0x3d0 [ 2406.375043] io_uring_setup+0x47a/0x2980 [ 2406.375956] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2406.377006] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2406.378098] ? wait_for_completion_io+0x270/0x270 [ 2406.379613] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2406.380757] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2406.381876] do_syscall_64+0x33/0x40 [ 2406.382678] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2406.383813] RIP: 0033:0x7f7d233a8b19 22:46:42 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 11) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 10) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x0) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) [ 2406.384613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2406.388930] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0xb, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2406.390565] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2406.392268] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2406.393829] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2406.395381] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2406.396963] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2406.461301] FAULT_INJECTION: forcing a failure. [ 2406.461301] name failslab, interval 1, probability 0, space 0, times 0 [ 2406.464230] CPU: 0 PID: 10607 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2406.465969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2406.468117] Call Trace: [ 2406.468766] dump_stack+0x107/0x167 [ 2406.469629] should_fail.cold+0x5/0xa [ 2406.470555] should_failslab+0x5/0x20 [ 2406.471474] kmem_cache_alloc_bulk+0x4b/0x320 [ 2406.472601] io_submit_sqes+0x6fe4/0x8610 [ 2406.473638] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2406.474828] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2406.476006] ? find_held_lock+0x2c/0x110 [ 2406.476989] ? io_submit_sqes+0x8610/0x8610 [ 2406.478049] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2406.479204] ? wait_for_completion_io+0x270/0x270 [ 2406.480375] ? rcu_read_lock_any_held+0x75/0xa0 [ 2406.481491] ? vfs_write+0x354/0xb10 [ 2406.482370] ? fput_many+0x2f/0x1a0 [ 2406.483247] ? ksys_write+0x1a9/0x260 [ 2406.484167] ? __ia32_sys_read+0xb0/0xb0 [ 2406.485141] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2406.486399] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2406.487662] do_syscall_64+0x33/0x40 [ 2406.488556] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2406.489774] RIP: 0033:0x7f5689804b19 [ 2406.490676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2406.495049] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2406.496837] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2406.498479] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2406.500135] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2406.501778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2406.503422] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:46:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x10, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:46:42 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 12) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2406.661400] FAULT_INJECTION: forcing a failure. [ 2406.661400] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2406.664484] CPU: 0 PID: 10623 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2406.666087] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2406.668009] Call Trace: [ 2406.668630] dump_stack+0x107/0x167 [ 2406.669473] should_fail.cold+0x5/0xa [ 2406.670356] __alloc_pages_nodemask+0x182/0x600 [ 2406.671458] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2406.672870] ? cap_capable+0x1cd/0x230 [ 2406.673783] alloc_pages_current+0x187/0x280 [ 2406.674804] __get_free_pages+0xc/0xa0 [ 2406.675734] io_uring_setup+0xe27/0x2980 [ 2406.676679] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2406.677842] ? wait_for_completion_io+0x270/0x270 [ 2406.678987] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2406.680198] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2406.681414] do_syscall_64+0x33/0x40 [ 2406.682268] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2406.683449] RIP: 0033:0x7f7d233a8b19 [ 2406.684309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2406.688561] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2406.690300] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2406.691959] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2406.693610] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2406.695244] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2406.696921] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:46:42 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x0) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x11, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:46:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 11) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x12, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:46:42 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2406.929399] FAULT_INJECTION: forcing a failure. [ 2406.929399] name failslab, interval 1, probability 0, space 0, times 0 [ 2406.932131] CPU: 1 PID: 10638 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2406.933574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2406.935296] Call Trace: [ 2406.935879] dump_stack+0x107/0x167 [ 2406.936649] should_fail.cold+0x5/0xa [ 2406.937457] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2406.938549] should_failslab+0x5/0x20 [ 2406.939348] __kmalloc_node+0x76/0x420 [ 2406.940195] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2406.941257] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 2406.942302] kmem_cache_alloc_bulk+0x182/0x320 [ 2406.943268] io_submit_sqes+0x6fe4/0x8610 [ 2406.944185] ? __io_uring_add_tctx_node+0xe6/0x520 [ 2406.945238] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2406.946288] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2406.947296] ? find_held_lock+0x2c/0x110 [ 2406.948182] ? io_submit_sqes+0x8610/0x8610 [ 2406.949092] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2406.950103] ? wait_for_completion_io+0x270/0x270 [ 2406.951126] ? rcu_read_lock_any_held+0x75/0xa0 [ 2406.952118] ? vfs_write+0x354/0xb10 [ 2406.952896] ? fput_many+0x2f/0x1a0 [ 2406.953672] ? ksys_write+0x1a9/0x260 [ 2406.954462] ? __ia32_sys_read+0xb0/0xb0 [ 2406.955324] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2406.956460] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2406.957547] do_syscall_64+0x33/0x40 [ 2406.958334] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2406.959408] RIP: 0033:0x7f5689804b19 [ 2406.960203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2406.964097] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2406.965699] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2406.967194] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2406.968728] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2406.970238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2406.971765] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 [ 2420.626561] FAULT_INJECTION: forcing a failure. [ 2420.626561] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2420.628541] CPU: 0 PID: 10655 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2420.629523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2420.630685] Call Trace: [ 2420.631060] dump_stack+0x107/0x167 [ 2420.631575] should_fail.cold+0x5/0xa [ 2420.632124] __alloc_pages_nodemask+0x182/0x600 [ 2420.632773] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2420.633620] ? cap_capable+0x1cd/0x230 [ 2420.634185] alloc_pages_current+0x187/0x280 [ 2420.635120] __get_free_pages+0xc/0xa0 [ 2420.635667] io_uring_setup+0xf9a/0x2980 [ 2420.636258] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2420.636937] ? wait_for_completion_io+0x270/0x270 [ 2420.637599] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2420.638301] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2420.638991] do_syscall_64+0x33/0x40 [ 2420.639488] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2420.640178] RIP: 0033:0x7f7d233a8b19 [ 2420.640672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2420.643115] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2420.644136] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2420.645084] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2420.646030] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2420.646979] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2420.647937] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:46:56 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 13) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 12) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x13, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:46:56 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x0) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x14, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2420.734217] FAULT_INJECTION: forcing a failure. [ 2420.734217] name failslab, interval 1, probability 0, space 0, times 0 [ 2420.736914] CPU: 1 PID: 10668 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2420.738474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2420.740350] Call Trace: [ 2420.740952] dump_stack+0x107/0x167 [ 2420.741776] should_fail.cold+0x5/0xa [ 2420.742632] ? create_object.isra.0+0x3a/0xa30 [ 2420.743654] should_failslab+0x5/0x20 [ 2420.744521] kmem_cache_alloc+0x5b/0x310 [ 2420.745433] ? mark_held_locks+0x9e/0xe0 [ 2420.746351] create_object.isra.0+0x3a/0xa30 [ 2420.747333] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2420.748490] kmem_cache_alloc_bulk+0x168/0x320 [ 2420.749522] io_submit_sqes+0x6fe4/0x8610 [ 2420.750489] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2420.751602] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2420.752730] ? find_held_lock+0x2c/0x110 [ 2420.753657] ? io_submit_sqes+0x8610/0x8610 [ 2420.754637] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2420.755722] ? wait_for_completion_io+0x270/0x270 [ 2420.756808] ? rcu_read_lock_any_held+0x75/0xa0 [ 2420.757846] ? vfs_write+0x354/0xb10 [ 2420.758690] ? fput_many+0x2f/0x1a0 [ 2420.759506] ? ksys_write+0x1a9/0x260 [ 2420.760368] ? __ia32_sys_read+0xb0/0xb0 [ 2420.761288] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2420.762464] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2420.763629] do_syscall_64+0x33/0x40 [ 2420.764476] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2420.765621] RIP: 0033:0x7f5689804b19 [ 2420.766452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2420.770563] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2420.772276] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2420.773875] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2420.775469] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2420.777071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2420.778665] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:46:56 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 14) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:46:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x15, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:46:56 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2420.813240] FAULT_INJECTION: forcing a failure. [ 2420.813240] name failslab, interval 1, probability 0, space 0, times 0 [ 2420.814803] CPU: 0 PID: 10683 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2420.815661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2420.817011] Call Trace: [ 2420.817451] dump_stack+0x107/0x167 [ 2420.818036] should_fail.cold+0x5/0xa [ 2420.818659] ? io_rsrc_node_switch_start.part.0+0x43/0x250 [ 2420.819560] should_failslab+0x5/0x20 [ 2420.820202] kmem_cache_alloc_trace+0x55/0x320 [ 2420.820944] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 2420.821827] io_uring_setup+0x14f6/0x2980 [ 2420.822510] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2420.823327] ? wait_for_completion_io+0x270/0x270 [ 2420.824143] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2420.824837] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2420.825670] do_syscall_64+0x33/0x40 [ 2420.826279] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2420.827109] RIP: 0033:0x7f7d233a8b19 [ 2420.827706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2420.830787] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2420.832045] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2420.833186] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2420.834320] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2420.835447] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2420.836608] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:46:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x16, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:46:56 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 15) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x17, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:47:11 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, 0x0, 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2435.248116] FAULT_INJECTION: forcing a failure. [ 2435.248116] name failslab, interval 1, probability 0, space 0, times 0 [ 2435.251142] CPU: 1 PID: 10702 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2435.252668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2435.254755] Call Trace: [ 2435.255439] dump_stack+0x107/0x167 [ 2435.256386] should_fail.cold+0x5/0xa [ 2435.257346] ? create_object.isra.0+0x3a/0xa30 [ 2435.258505] should_failslab+0x5/0x20 [ 2435.259458] kmem_cache_alloc+0x5b/0x310 [ 2435.260354] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2435.261698] create_object.isra.0+0x3a/0xa30 [ 2435.262823] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2435.263944] kmem_cache_alloc_trace+0x151/0x320 [ 2435.264961] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 2435.266169] io_uring_setup+0x14f6/0x2980 [ 2435.267148] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2435.268246] ? wait_for_completion_io+0x270/0x270 [ 2435.269411] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2435.270584] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2435.271815] do_syscall_64+0x33/0x40 [ 2435.272660] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2435.273804] RIP: 0033:0x7f7d233a8b19 [ 2435.274614] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2435.278594] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2435.280203] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2435.281680] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2435.283221] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2435.284796] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2435.286302] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:47:11 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2435.355710] FAULT_INJECTION: forcing a failure. [ 2435.355710] name failslab, interval 1, probability 0, space 0, times 0 [ 2435.359020] CPU: 0 PID: 10714 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2435.360675] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2435.362437] Call Trace: [ 2435.363043] dump_stack+0x107/0x167 [ 2435.363829] should_fail.cold+0x5/0xa [ 2435.364673] should_failslab+0x5/0x20 [ 2435.365552] kmem_cache_alloc_bulk+0x4b/0x320 [ 2435.366623] io_submit_sqes+0x6fe4/0x8610 [ 2435.367532] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2435.368623] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2435.369698] ? find_held_lock+0x2c/0x110 [ 2435.370608] ? io_submit_sqes+0x8610/0x8610 [ 2435.371572] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2435.372716] ? wait_for_completion_io+0x270/0x270 [ 2435.373857] ? rcu_read_lock_any_held+0x75/0xa0 [ 2435.374943] ? vfs_write+0x354/0xb10 [ 2435.375839] ? fput_many+0x2f/0x1a0 [ 2435.377014] ? ksys_write+0x1a9/0x260 [ 2435.378048] ? __ia32_sys_read+0xb0/0xb0 [ 2435.379148] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2435.380468] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2435.381576] do_syscall_64+0x33/0x40 [ 2435.382362] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2435.383445] RIP: 0033:0x7f5689804b19 [ 2435.384255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2435.388179] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2435.389798] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2435.391497] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2435.393013] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2435.394505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2435.396014] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:47:11 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 16) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:11 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, 0x0, 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2435.603142] FAULT_INJECTION: forcing a failure. [ 2435.603142] name failslab, interval 1, probability 0, space 0, times 0 [ 2435.605810] CPU: 0 PID: 10732 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2435.607335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2435.609179] Call Trace: [ 2435.609765] dump_stack+0x107/0x167 [ 2435.610575] should_fail.cold+0x5/0xa [ 2435.611436] ? create_object.isra.0+0x3a/0xa30 [ 2435.612463] should_failslab+0x5/0x20 [ 2435.613309] kmem_cache_alloc+0x5b/0x310 [ 2435.614219] create_object.isra.0+0x3a/0xa30 [ 2435.615212] kmemleak_alloc_percpu+0xa0/0x100 [ 2435.616236] pcpu_alloc+0x4e2/0x1240 [ 2435.617083] ? io_async_queue_proc+0x80/0x80 [ 2435.618072] percpu_ref_init+0x31/0x3d0 [ 2435.618976] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2435.620195] io_uring_setup+0x14f6/0x2980 [ 2435.621144] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2435.622273] ? wait_for_completion_io+0x270/0x270 [ 2435.623381] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2435.624564] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2435.625736] do_syscall_64+0x33/0x40 [ 2435.626589] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2435.627756] RIP: 0033:0x7f7d233a8b19 [ 2435.628621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2435.632835] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2435.634558] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2435.636188] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2435.637814] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2435.639447] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2435.641093] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:47:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x19, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:47:28 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 17) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, 0x0, 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:47:28 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2452.406661] FAULT_INJECTION: forcing a failure. [ 2452.406661] name failslab, interval 1, probability 0, space 0, times 0 [ 2452.409431] CPU: 0 PID: 10757 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2452.410909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2452.412687] Call Trace: [ 2452.413262] dump_stack+0x107/0x167 [ 2452.414036] should_fail.cold+0x5/0xa [ 2452.414847] ? create_object.isra.0+0x3a/0xa30 [ 2452.415806] should_failslab+0x5/0x20 [ 2452.416618] kmem_cache_alloc+0x5b/0x310 [ 2452.417476] create_object.isra.0+0x3a/0xa30 [ 2452.418424] kmemleak_alloc_percpu+0xa0/0x100 [ 2452.419386] pcpu_alloc+0x4e2/0x1240 [ 2452.420206] ? io_async_queue_proc+0x80/0x80 [ 2452.421144] percpu_ref_init+0x31/0x3d0 [ 2452.421979] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2452.423133] io_uring_setup+0x14f6/0x2980 [ 2452.424028] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2452.425100] ? wait_for_completion_io+0x270/0x270 [ 2452.426142] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2452.427238] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2452.428344] do_syscall_64+0x33/0x40 [ 2452.429133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2452.430208] RIP: 0033:0x7f7d233a8b19 [ 2452.430990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2452.434913] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2452.436445] FAULT_INJECTION: forcing a failure. [ 2452.436445] name failslab, interval 1, probability 0, space 0, times 0 [ 2452.436544] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2452.436564] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2452.441946] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2452.443453] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2452.444966] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2452.446507] CPU: 1 PID: 10758 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2452.447985] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2452.449755] Call Trace: [ 2452.450318] dump_stack+0x107/0x167 [ 2452.451102] should_fail.cold+0x5/0xa [ 2452.451917] ? create_object.isra.0+0x3a/0xa30 [ 2452.452887] should_failslab+0x5/0x20 [ 2452.453696] kmem_cache_alloc+0x5b/0x310 [ 2452.454561] ? mark_held_locks+0x9e/0xe0 [ 2452.455430] create_object.isra.0+0x3a/0xa30 [ 2452.456362] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2452.457444] kmem_cache_alloc_bulk+0x168/0x320 [ 2452.458422] io_submit_sqes+0x6fe4/0x8610 [ 2452.459335] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2452.460415] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2452.461444] ? find_held_lock+0x2c/0x110 [ 2452.462311] ? io_submit_sqes+0x8610/0x8610 [ 2452.463228] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2452.464269] ? wait_for_completion_io+0x270/0x270 [ 2452.465294] ? rcu_read_lock_any_held+0x75/0xa0 [ 2452.466270] ? vfs_write+0x354/0xb10 [ 2452.467054] ? fput_many+0x2f/0x1a0 [ 2452.467821] ? ksys_write+0x1a9/0x260 [ 2452.468628] ? __ia32_sys_read+0xb0/0xb0 [ 2452.469487] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2452.470591] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2452.471681] do_syscall_64+0x33/0x40 [ 2452.472479] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2452.473560] RIP: 0033:0x7f5689804b19 [ 2452.474340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2452.478246] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2452.479854] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2452.481373] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2452.482875] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2452.484374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2452.485871] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:47:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1a, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:47:28 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 18) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:47:28 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1b, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:47:28 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x0, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:28 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2452.782683] FAULT_INJECTION: forcing a failure. [ 2452.782683] name failslab, interval 1, probability 0, space 0, times 0 [ 2452.785289] CPU: 0 PID: 10787 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2452.786760] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2452.788523] Call Trace: [ 2452.789093] dump_stack+0x107/0x167 [ 2452.789871] should_fail.cold+0x5/0xa [ 2452.790685] ? percpu_ref_init+0xd8/0x3d0 [ 2452.791561] should_failslab+0x5/0x20 [ 2452.792374] kmem_cache_alloc_trace+0x55/0x320 [ 2452.793347] ? io_async_queue_proc+0x80/0x80 [ 2452.794277] percpu_ref_init+0xd8/0x3d0 [ 2452.795126] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2452.796284] io_uring_setup+0x14f6/0x2980 [ 2452.797165] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2452.798233] ? wait_for_completion_io+0x270/0x270 [ 2452.799283] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2452.800404] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2452.801508] do_syscall_64+0x33/0x40 [ 2452.802299] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2452.803391] RIP: 0033:0x7f7d233a8b19 [ 2452.804193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2452.808079] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2452.809679] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2452.811186] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2452.812710] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2452.814299] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2452.815896] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2452.832174] FAULT_INJECTION: forcing a failure. [ 2452.832174] name failslab, interval 1, probability 0, space 0, times 0 [ 2452.835011] CPU: 1 PID: 10786 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2452.836504] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2452.838269] Call Trace: [ 2452.838834] dump_stack+0x107/0x167 [ 2452.839601] should_fail.cold+0x5/0xa [ 2452.840424] ? create_object.isra.0+0x3a/0xa30 [ 2452.841385] should_failslab+0x5/0x20 [ 2452.842187] kmem_cache_alloc+0x5b/0x310 [ 2452.843050] create_object.isra.0+0x3a/0xa30 [ 2452.843969] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2452.845065] kmem_cache_alloc_bulk+0x168/0x320 [ 2452.846035] io_submit_sqes+0x6fe4/0x8610 [ 2452.846950] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2452.848006] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2452.849032] ? find_held_lock+0x2c/0x110 [ 2452.849899] ? io_submit_sqes+0x8610/0x8610 [ 2452.850818] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2452.851834] ? wait_for_completion_io+0x270/0x270 [ 2452.852863] ? rcu_read_lock_any_held+0x75/0xa0 [ 2452.853845] ? vfs_write+0x354/0xb10 [ 2452.854634] ? fput_many+0x2f/0x1a0 [ 2452.855406] ? ksys_write+0x1a9/0x260 [ 2452.856221] ? __ia32_sys_read+0xb0/0xb0 [ 2452.857090] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2452.858194] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2452.859286] do_syscall_64+0x33/0x40 [ 2452.860086] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2452.861174] RIP: 0033:0x7f5689804b19 [ 2452.861974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2452.865869] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2452.867474] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2452.868986] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2452.870486] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2452.872000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2452.873521] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:47:45 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:45 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x0, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:45 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:47:45 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:45 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1c, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2469.453716] FAULT_INJECTION: forcing a failure. [ 2469.453716] name failslab, interval 1, probability 0, space 0, times 0 [ 2469.456564] CPU: 1 PID: 10817 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2469.458001] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2469.459713] Call Trace: [ 2469.460281] dump_stack+0x107/0x167 [ 2469.461045] should_fail.cold+0x5/0xa [ 2469.461838] ? create_object.isra.0+0x3a/0xa30 [ 2469.462804] should_failslab+0x5/0x20 [ 2469.463601] kmem_cache_alloc+0x5b/0x310 [ 2469.464476] create_object.isra.0+0x3a/0xa30 [ 2469.465390] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2469.466473] kmem_cache_alloc_trace+0x151/0x320 [ 2469.467443] ? io_async_queue_proc+0x80/0x80 [ 2469.468385] percpu_ref_init+0xd8/0x3d0 [ 2469.469215] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2469.470363] io_uring_setup+0x14f6/0x2980 [ 2469.471235] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2469.472314] ? wait_for_completion_io+0x270/0x270 [ 2469.473345] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.474509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.475583] do_syscall_64+0x33/0x40 [ 2469.476385] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.477450] RIP: 0033:0x7f7d233a8b19 [ 2469.478233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.482091] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2469.483702] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2469.485216] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2469.486718] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2469.488235] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 22:47:45 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:45 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 19) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2469.489741] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2469.506719] FAULT_INJECTION: forcing a failure. [ 2469.506719] name failslab, interval 1, probability 0, space 0, times 0 [ 2469.508097] CPU: 0 PID: 10815 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2469.508920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2469.509885] Call Trace: [ 2469.510198] dump_stack+0x107/0x167 [ 2469.510805] should_fail.cold+0x5/0xa [ 2469.511409] ? create_object.isra.0+0x3a/0xa30 [ 2469.512127] should_failslab+0x5/0x20 [ 2469.512749] kmem_cache_alloc+0x5b/0x310 [ 2469.513392] ? mark_held_locks+0x9e/0xe0 [ 2469.514041] create_object.isra.0+0x3a/0xa30 [ 2469.514722] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2469.515402] kmem_cache_alloc_bulk+0x168/0x320 [ 2469.515961] io_submit_sqes+0x6fe4/0x8610 [ 2469.516458] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2469.517112] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2469.517658] ? find_held_lock+0x2c/0x110 [ 2469.518147] ? io_submit_sqes+0x8610/0x8610 [ 2469.518657] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2469.519253] ? wait_for_completion_io+0x270/0x270 [ 2469.519817] ? rcu_read_lock_any_held+0x75/0xa0 [ 2469.520389] ? vfs_write+0x354/0xb10 [ 2469.520838] ? fput_many+0x2f/0x1a0 [ 2469.521329] ? ksys_write+0x1a9/0x260 [ 2469.521758] ? __ia32_sys_read+0xb0/0xb0 [ 2469.522233] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.522831] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.523436] do_syscall_64+0x33/0x40 [ 2469.523862] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.524467] RIP: 0033:0x7f5689804b19 [ 2469.524891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.527077] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2469.527941] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2469.528799] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2469.529650] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2469.530502] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2469.531359] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:47:45 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:45 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:45 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:47:45 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2469.695299] FAULT_INJECTION: forcing a failure. [ 2469.695299] name failslab, interval 1, probability 0, space 0, times 0 [ 2469.697854] CPU: 1 PID: 10834 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2469.699355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2469.701174] Call Trace: [ 2469.701763] dump_stack+0x107/0x167 [ 2469.702560] should_fail.cold+0x5/0xa [ 2469.703400] ? create_object.isra.0+0x3a/0xa30 [ 2469.704398] should_failslab+0x5/0x20 [ 2469.705241] kmem_cache_alloc+0x5b/0x310 [ 2469.706141] ? mark_held_locks+0x9e/0xe0 [ 2469.707034] create_object.isra.0+0x3a/0xa30 [ 2469.707992] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2469.709123] kmem_cache_alloc_bulk+0x168/0x320 [ 2469.710128] io_submit_sqes+0x6fe4/0x8610 [ 2469.711066] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2469.712148] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2469.713208] ? find_held_lock+0x2c/0x110 [ 2469.714088] ? io_submit_sqes+0x8610/0x8610 [ 2469.715030] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2469.716088] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.717237] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2469.718412] ? trace_hardirqs_on+0x5b/0x180 [ 2469.719352] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2469.720542] ? __io_uring_cancel+0x20/0x20 [ 2469.721475] do_syscall_64+0x33/0x40 [ 2469.722285] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.723399] RIP: 0033:0x7f5689804b19 [ 2469.724205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.728196] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2469.729857] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2469.731398] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2469.732944] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2469.734481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2469.736028] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:47:59 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:47:59 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 20) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x0, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1e, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:47:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x21, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2483.601511] FAULT_INJECTION: forcing a failure. [ 2483.601511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2483.604274] CPU: 0 PID: 10857 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2483.605757] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2483.607517] Call Trace: [ 2483.608077] dump_stack+0x107/0x167 [ 2483.608867] should_fail.cold+0x5/0xa [ 2483.609695] _copy_to_user+0x2e/0x180 [ 2483.610517] io_uring_setup+0x11b5/0x2980 [ 2483.611412] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2483.612502] ? wait_for_completion_io+0x270/0x270 [ 2483.613574] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2483.614696] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2483.615801] do_syscall_64+0x33/0x40 [ 2483.616621] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2483.617734] RIP: 0033:0x7f7d233a8b19 [ 2483.618535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2483.622518] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2483.624189] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2483.625764] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2483.627293] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2483.628859] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2483.630429] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2483.652468] FAULT_INJECTION: forcing a failure. [ 2483.652468] name failslab, interval 1, probability 0, space 0, times 0 [ 2483.655237] CPU: 0 PID: 10849 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2483.656750] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2483.658645] Call Trace: [ 2483.659239] dump_stack+0x107/0x167 [ 2483.660069] should_fail.cold+0x5/0xa [ 2483.660966] ? create_object.isra.0+0x3a/0xa30 [ 2483.662019] should_failslab+0x5/0x20 [ 2483.662899] kmem_cache_alloc+0x5b/0x310 [ 2483.663833] ? mark_held_locks+0x9e/0xe0 [ 2483.664789] create_object.isra.0+0x3a/0xa30 [ 2483.665807] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2483.666995] kmem_cache_alloc_bulk+0x168/0x320 [ 2483.667970] io_submit_sqes+0x6fe4/0x8610 [ 2483.668981] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2483.670137] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2483.671164] ? find_held_lock+0x2c/0x110 [ 2483.672123] ? io_submit_sqes+0x8610/0x8610 [ 2483.673147] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2483.674407] ? wait_for_completion_io+0x270/0x270 [ 2483.675629] ? rcu_read_lock_any_held+0x75/0xa0 [ 2483.676719] ? vfs_write+0x354/0xb10 [ 2483.677605] ? fput_many+0x2f/0x1a0 [ 2483.678437] ? ksys_write+0x1a9/0x260 [ 2483.679236] ? __ia32_sys_read+0xb0/0xb0 [ 2483.680097] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 22:47:59 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2483.681222] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2483.682637] do_syscall_64+0x33/0x40 [ 2483.683529] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2483.684783] RIP: 0033:0x7f5689804b19 [ 2483.685667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2483.689824] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2483.691524] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2483.693256] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2483.694872] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2483.696368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2483.698010] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:47:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x22, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:47:59 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:47:59 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 21) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:47:59 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x2a, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2483.981483] FAULT_INJECTION: forcing a failure. [ 2483.981483] name failslab, interval 1, probability 0, space 0, times 0 [ 2483.984089] CPU: 0 PID: 10881 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2483.985572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2483.987327] Call Trace: [ 2483.987893] dump_stack+0x107/0x167 [ 2483.988811] should_fail.cold+0x5/0xa [ 2483.989653] ? __d_alloc+0x2a/0x990 [ 2483.990430] should_failslab+0x5/0x20 [ 2483.991240] kmem_cache_alloc+0x5b/0x310 [ 2483.992110] __d_alloc+0x2a/0x990 [ 2483.992896] ? find_held_lock+0x2c/0x110 [ 2483.993800] d_alloc_pseudo+0x19/0x70 [ 2483.994601] alloc_file_pseudo+0xce/0x250 [ 2483.995481] ? trace_hardirqs_on+0x5b/0x180 [ 2483.996408] ? alloc_file+0x5a0/0x5a0 [ 2483.997244] anon_inode_getfile+0xc8/0x1f0 [ 2483.998151] io_uring_setup+0x138b/0x2980 [ 2483.999040] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2484.000111] ? wait_for_completion_io+0x270/0x270 [ 2484.001170] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2484.002287] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2484.003386] do_syscall_64+0x33/0x40 [ 2484.004186] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2484.005294] RIP: 0033:0x7f7d233a8b19 [ 2484.006083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2484.010010] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2484.011624] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2484.013146] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2484.014668] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2484.016184] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2484.017703] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:48:00 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x2b, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2484.091120] FAULT_INJECTION: forcing a failure. [ 2484.091120] name failslab, interval 1, probability 0, space 0, times 0 [ 2484.093612] CPU: 0 PID: 10892 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2484.095072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2484.096842] Call Trace: [ 2484.097408] dump_stack+0x107/0x167 [ 2484.098185] should_fail.cold+0x5/0xa [ 2484.099002] ? create_object.isra.0+0x3a/0xa30 [ 2484.099970] should_failslab+0x5/0x20 [ 2484.100787] kmem_cache_alloc+0x5b/0x310 [ 2484.101654] ? mark_held_locks+0x9e/0xe0 [ 2484.102520] create_object.isra.0+0x3a/0xa30 [ 2484.103451] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2484.104544] kmem_cache_alloc_bulk+0x168/0x320 [ 2484.105520] io_submit_sqes+0x6fe4/0x8610 [ 2484.106437] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2484.107495] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2484.108533] ? find_held_lock+0x2c/0x110 [ 2484.109403] ? io_submit_sqes+0x8610/0x8610 [ 2484.110327] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2484.111351] ? wait_for_completion_io+0x270/0x270 [ 2484.112388] ? rcu_read_lock_any_held+0x75/0xa0 [ 2484.113381] ? vfs_write+0x354/0xb10 [ 2484.114177] ? fput_many+0x2f/0x1a0 [ 2484.114949] ? ksys_write+0x1a9/0x260 [ 2484.115755] ? __ia32_sys_read+0xb0/0xb0 [ 2484.116640] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2484.117757] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2484.118856] do_syscall_64+0x33/0x40 [ 2484.119651] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2484.120744] RIP: 0033:0x7f5689804b19 [ 2484.121532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2484.125463] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2484.127084] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2484.128609] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2484.130130] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2484.131648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2484.133173] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:48:13 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:13 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2497.757591] FAULT_INJECTION: forcing a failure. [ 2497.757591] name failslab, interval 1, probability 0, space 0, times 0 [ 2497.760246] CPU: 0 PID: 10910 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2497.761718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2497.763467] Call Trace: [ 2497.764028] dump_stack+0x107/0x167 [ 2497.764822] should_fail.cold+0x5/0xa [ 2497.765628] ? create_object.isra.0+0x3a/0xa30 [ 2497.766596] should_failslab+0x5/0x20 [ 2497.767406] kmem_cache_alloc+0x5b/0x310 [ 2497.768271] create_object.isra.0+0x3a/0xa30 [ 2497.769211] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2497.770595] kmem_cache_alloc+0x159/0x310 [ 2497.771487] __d_alloc+0x2a/0x990 [ 2497.772226] ? find_held_lock+0x2c/0x110 [ 2497.773102] d_alloc_pseudo+0x19/0x70 [ 2497.773902] alloc_file_pseudo+0xce/0x250 [ 2497.774775] ? trace_hardirqs_on+0x5b/0x180 [ 2497.775690] ? alloc_file+0x5a0/0x5a0 [ 2497.776516] anon_inode_getfile+0xc8/0x1f0 [ 2497.777431] io_uring_setup+0x138b/0x2980 [ 2497.778320] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2497.779393] ? wait_for_completion_io+0x270/0x270 [ 2497.780428] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2497.781533] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2497.782618] do_syscall_64+0x33/0x40 [ 2497.783376] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2497.784458] RIP: 0033:0x7f7d233a8b19 [ 2497.785250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2497.789143] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2497.790751] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2497.792254] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2497.793774] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2497.795286] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2497.796800] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:48:13 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:48:13 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:13 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x2c, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:13 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:13 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:13 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 22) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2497.849729] FAULT_INJECTION: forcing a failure. [ 2497.849729] name failslab, interval 1, probability 0, space 0, times 0 [ 2497.852284] CPU: 0 PID: 10912 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2497.853745] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2497.855507] Call Trace: [ 2497.856069] dump_stack+0x107/0x167 [ 2497.856850] should_fail.cold+0x5/0xa [ 2497.857659] ? create_object.isra.0+0x3a/0xa30 [ 2497.858622] should_failslab+0x5/0x20 [ 2497.859435] kmem_cache_alloc+0x5b/0x310 [ 2497.860304] create_object.isra.0+0x3a/0xa30 [ 2497.861248] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2497.862345] kmem_cache_alloc_bulk+0x168/0x320 [ 2497.863323] io_submit_sqes+0x6fe4/0x8610 22:48:13 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x2d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2497.864246] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2497.865539] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2497.866595] ? find_held_lock+0x2c/0x110 [ 2497.867488] ? io_submit_sqes+0x8610/0x8610 [ 2497.868439] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2497.869500] ? wait_for_completion_io+0x270/0x270 [ 2497.870556] ? rcu_read_lock_any_held+0x75/0xa0 [ 2497.871571] ? vfs_write+0x354/0xb10 [ 2497.872383] ? fput_many+0x2f/0x1a0 [ 2497.873185] ? ksys_write+0x1a9/0x260 [ 2497.874015] ? __ia32_sys_read+0xb0/0xb0 [ 2497.874906] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2497.876056] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2497.877190] do_syscall_64+0x33/0x40 [ 2497.878002] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2497.879123] RIP: 0033:0x7f5689804b19 [ 2497.879929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2497.883934] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2497.885601] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2497.887147] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2497.888702] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2497.890417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2497.891970] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:48:13 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:13 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:13 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:13 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x2e, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:27 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 23) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:48:27 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x10, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x2f, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:27 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) [ 2511.600688] FAULT_INJECTION: forcing a failure. [ 2511.600688] name failslab, interval 1, probability 0, space 0, times 0 [ 2511.602123] CPU: 0 PID: 10953 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2511.602908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2511.603853] Call Trace: [ 2511.604161] dump_stack+0x107/0x167 [ 2511.604578] should_fail.cold+0x5/0xa [ 2511.605037] ? create_object.isra.0+0x3a/0xa30 [ 2511.605557] should_failslab+0x5/0x20 [ 2511.605992] kmem_cache_alloc+0x5b/0x310 [ 2511.606459] create_object.isra.0+0x3a/0xa30 [ 2511.606966] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2511.607551] kmem_cache_alloc_bulk+0x168/0x320 [ 2511.608081] io_submit_sqes+0x6fe4/0x8610 [ 2511.608574] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2511.609151] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2511.609705] ? find_held_lock+0x2c/0x110 [ 2511.610170] ? io_submit_sqes+0x8610/0x8610 [ 2511.610668] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2511.611218] ? wait_for_completion_io+0x270/0x270 [ 2511.611775] ? rcu_read_lock_any_held+0x75/0xa0 [ 2511.612301] ? vfs_write+0x354/0xb10 [ 2511.612735] ? fput_many+0x2f/0x1a0 [ 2511.613150] ? ksys_write+0x1a9/0x260 [ 2511.613586] ? __ia32_sys_read+0xb0/0xb0 [ 2511.614056] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2511.614656] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2511.615246] do_syscall_64+0x33/0x40 [ 2511.615671] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2511.616258] RIP: 0033:0x7f5689804b19 [ 2511.616692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2511.618798] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2511.619668] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2511.620483] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2511.621317] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2511.622135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2511.622951] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:48:27 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2511.638107] FAULT_INJECTION: forcing a failure. [ 2511.638107] name failslab, interval 1, probability 0, space 0, times 0 [ 2511.640940] CPU: 1 PID: 10958 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2511.642597] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2511.644570] Call Trace: [ 2511.645210] dump_stack+0x107/0x167 [ 2511.646079] should_fail.cold+0x5/0xa [ 2511.646977] ? __alloc_file+0x21/0x320 [ 2511.647909] should_failslab+0x5/0x20 [ 2511.648820] kmem_cache_alloc+0x5b/0x310 [ 2511.649792] __alloc_file+0x21/0x320 [ 2511.650675] alloc_empty_file+0x6d/0x170 [ 2511.651640] alloc_file+0x5e/0x5a0 [ 2511.652488] alloc_file_pseudo+0x16a/0x250 [ 2511.653499] ? alloc_file+0x5a0/0x5a0 [ 2511.654419] anon_inode_getfile+0xc8/0x1f0 [ 2511.655417] io_uring_setup+0x138b/0x2980 [ 2511.656407] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2511.657619] ? wait_for_completion_io+0x270/0x270 [ 2511.658805] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2511.660077] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2511.661317] do_syscall_64+0x33/0x40 [ 2511.662207] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2511.663439] RIP: 0033:0x7f7d233a8b19 [ 2511.664330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2511.668690] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2511.670478] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2511.672151] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2511.673842] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2511.675512] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2511.677187] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:48:27 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, 0x0, 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x30, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:27 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2511.806579] FAULT_INJECTION: forcing a failure. [ 2511.806579] name failslab, interval 1, probability 0, space 0, times 0 [ 2511.807947] CPU: 0 PID: 10975 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2511.808743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2511.809683] Call Trace: [ 2511.809989] dump_stack+0x107/0x167 [ 2511.810410] should_fail.cold+0x5/0xa [ 2511.810851] should_failslab+0x5/0x20 [ 2511.811293] kmem_cache_alloc_bulk+0x4b/0x320 [ 2511.811806] io_submit_sqes+0x6fe4/0x8610 [ 2511.812297] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2511.812873] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2511.813428] ? find_held_lock+0x2c/0x110 [ 2511.813897] ? io_submit_sqes+0x8610/0x8610 [ 2511.814395] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2511.814949] ? wait_for_completion_io+0x270/0x270 [ 2511.815504] ? rcu_read_lock_any_held+0x75/0xa0 [ 2511.816034] ? vfs_write+0x354/0xb10 [ 2511.816463] ? fput_many+0x2f/0x1a0 [ 2511.816889] ? ksys_write+0x1a9/0x260 [ 2511.817323] ? __ia32_sys_read+0xb0/0xb0 [ 2511.817788] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2511.818390] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2511.818980] do_syscall_64+0x33/0x40 [ 2511.819409] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2511.819990] RIP: 0033:0x7f5689804b19 [ 2511.820417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2511.822524] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2511.823391] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2511.824202] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2511.825016] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2511.825821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2511.826633] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:48:27 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:48:27 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x10, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:27 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:48:42 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 24) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:42 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:48:42 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:48:42 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:42 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x10, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:42 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2527.006084] FAULT_INJECTION: forcing a failure. [ 2527.006084] name failslab, interval 1, probability 0, space 0, times 0 [ 2527.007457] CPU: 0 PID: 10999 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2527.008260] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2527.009221] Call Trace: [ 2527.009536] dump_stack+0x107/0x167 [ 2527.009977] should_fail.cold+0x5/0xa [ 2527.010429] ? create_object.isra.0+0x3a/0xa30 [ 2527.010964] should_failslab+0x5/0x20 [ 2527.011419] kmem_cache_alloc+0x5b/0x310 [ 2527.011902] ? mark_held_locks+0x9e/0xe0 [ 2527.012381] create_object.isra.0+0x3a/0xa30 [ 2527.012905] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2527.013502] kmem_cache_alloc_bulk+0x168/0x320 [ 2527.014041] io_submit_sqes+0x6fe4/0x8610 [ 2527.014551] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2527.015137] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2527.015709] ? find_held_lock+0x2c/0x110 [ 2527.016193] ? io_submit_sqes+0x8610/0x8610 [ 2527.016699] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2527.017284] ? wait_for_completion_io+0x270/0x270 [ 2527.017857] ? rcu_read_lock_any_held+0x75/0xa0 [ 2527.018400] ? vfs_write+0x354/0xb10 [ 2527.018828] ? fput_many+0x2f/0x1a0 [ 2527.019255] ? ksys_write+0x1a9/0x260 [ 2527.019690] ? __ia32_sys_read+0xb0/0xb0 [ 2527.020166] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2527.020779] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2527.021405] do_syscall_64+0x33/0x40 [ 2527.021849] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2527.022456] RIP: 0033:0x7f5689804b19 [ 2527.022882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2527.025057] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2527.025933] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2527.026763] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2527.027578] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2527.028423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2527.029253] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 [ 2527.044542] FAULT_INJECTION: forcing a failure. [ 2527.044542] name failslab, interval 1, probability 0, space 0, times 0 [ 2527.047465] CPU: 1 PID: 11010 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2527.049073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2527.050964] Call Trace: [ 2527.051577] dump_stack+0x107/0x167 [ 2527.052419] should_fail.cold+0x5/0xa [ 2527.053307] ? create_object.isra.0+0x3a/0xa30 [ 2527.054362] should_failslab+0x5/0x20 [ 2527.055242] kmem_cache_alloc+0x5b/0x310 [ 2527.056186] create_object.isra.0+0x3a/0xa30 [ 2527.057257] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2527.058472] kmem_cache_alloc+0x159/0x310 [ 2527.059431] __alloc_file+0x21/0x320 [ 2527.060287] alloc_empty_file+0x6d/0x170 [ 2527.061234] alloc_file+0x5e/0x5a0 [ 2527.062059] alloc_file_pseudo+0x16a/0x250 [ 2527.063035] ? alloc_file+0x5a0/0x5a0 [ 2527.063930] anon_inode_getfile+0xc8/0x1f0 [ 2527.064918] io_uring_setup+0x138b/0x2980 [ 2527.065886] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2527.067056] ? wait_for_completion_io+0x270/0x270 [ 2527.068199] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2527.069420] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2527.070612] do_syscall_64+0x33/0x40 [ 2527.071470] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2527.072649] RIP: 0033:0x7f7d233a8b19 [ 2527.073513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2527.077742] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2527.079498] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2527.081153] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2527.082792] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2527.084425] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2527.086072] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:48:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:43 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x32, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:43 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 25) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:43 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:43 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:43 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2527.247183] FAULT_INJECTION: forcing a failure. [ 2527.247183] name failslab, interval 1, probability 0, space 0, times 0 [ 2527.248707] CPU: 0 PID: 11027 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2527.249735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2527.250720] Call Trace: [ 2527.251035] dump_stack+0x107/0x167 [ 2527.251463] should_fail.cold+0x5/0xa [ 2527.251911] ? security_file_alloc+0x34/0x170 [ 2527.252433] should_failslab+0x5/0x20 [ 2527.252893] kmem_cache_alloc+0x5b/0x310 [ 2527.253373] security_file_alloc+0x34/0x170 [ 2527.253878] __alloc_file+0xb7/0x320 [ 2527.254315] alloc_empty_file+0x6d/0x170 [ 2527.254790] alloc_file+0x5e/0x5a0 [ 2527.255210] alloc_file_pseudo+0x16a/0x250 [ 2527.255706] ? alloc_file+0x5a0/0x5a0 [ 2527.256162] anon_inode_getfile+0xc8/0x1f0 [ 2527.256673] io_uring_setup+0x138b/0x2980 [ 2527.257173] ? vfs_write+0x7f8/0xb10 [ 2527.257608] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2527.258204] ? wait_for_completion_io+0x270/0x270 [ 2527.258784] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2527.259401] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2527.260006] do_syscall_64+0x33/0x40 [ 2527.260442] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2527.261053] RIP: 0033:0x7f7d233a8b19 [ 2527.261489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2527.263647] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2527.264538] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2527.265381] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2527.266212] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2527.267046] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2527.267879] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:48:43 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2527.323372] FAULT_INJECTION: forcing a failure. [ 2527.323372] name failslab, interval 1, probability 0, space 0, times 0 [ 2527.326149] CPU: 1 PID: 11031 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2527.327747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2527.329691] Call Trace: [ 2527.330306] dump_stack+0x107/0x167 [ 2527.331150] should_fail.cold+0x5/0xa [ 2527.332033] ? create_object.isra.0+0x3a/0xa30 [ 2527.333103] should_failslab+0x5/0x20 [ 2527.333979] kmem_cache_alloc+0x5b/0x310 [ 2527.334917] ? mark_held_locks+0x9e/0xe0 [ 2527.335859] create_object.isra.0+0x3a/0xa30 [ 2527.336876] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2527.338058] kmem_cache_alloc_bulk+0x168/0x320 [ 2527.339117] io_submit_sqes+0x6fe4/0x8610 [ 2527.340113] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2527.341266] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2527.342380] ? find_held_lock+0x2c/0x110 [ 2527.343319] ? io_submit_sqes+0x8610/0x8610 [ 2527.344318] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2527.345442] ? wait_for_completion_io+0x270/0x270 [ 2527.346553] ? rcu_read_lock_any_held+0x75/0xa0 [ 2527.347625] ? vfs_write+0x354/0xb10 [ 2527.348484] ? fput_many+0x2f/0x1a0 [ 2527.349326] ? ksys_write+0x1a9/0x260 [ 2527.350203] ? __ia32_sys_read+0xb0/0xb0 [ 2527.351146] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2527.352348] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2527.353548] do_syscall_64+0x33/0x40 [ 2527.354404] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2527.355588] RIP: 0033:0x7f5689804b19 [ 2527.356444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2527.360695] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2527.362458] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2527.364095] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2527.365723] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2527.367349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2527.368993] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:48:56 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:56 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x33, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:56 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:56 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:56 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:56 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 26) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:56 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2540.864271] FAULT_INJECTION: forcing a failure. [ 2540.864271] name failslab, interval 1, probability 0, space 0, times 0 [ 2540.865901] CPU: 1 PID: 11048 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2540.866848] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2540.867968] Call Trace: [ 2540.868332] dump_stack+0x107/0x167 [ 2540.868826] should_fail.cold+0x5/0xa [ 2540.869352] ? create_object.isra.0+0x3a/0xa30 [ 2540.869971] should_failslab+0x5/0x20 [ 2540.870499] kmem_cache_alloc+0x5b/0x310 [ 2540.871050] ? percpu_ref_put_many.constprop.0+0x4e/0x110 [ 2540.871800] create_object.isra.0+0x3a/0xa30 [ 2540.872406] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2540.873102] kmem_cache_alloc+0x159/0x310 [ 2540.873672] security_file_alloc+0x34/0x170 [ 2540.874260] __alloc_file+0xb7/0x320 [ 2540.874763] alloc_empty_file+0x6d/0x170 [ 2540.875303] alloc_file+0x5e/0x5a0 [ 2540.875778] alloc_file_pseudo+0x16a/0x250 [ 2540.876342] ? alloc_file+0x5a0/0x5a0 [ 2540.876863] anon_inode_getfile+0xc8/0x1f0 [ 2540.877441] io_uring_setup+0x138b/0x2980 [ 2540.878010] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2540.878686] ? wait_for_completion_io+0x270/0x270 [ 2540.879376] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2540.880178] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2540.880863] do_syscall_64+0x33/0x40 [ 2540.881367] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2540.882050] RIP: 0033:0x7f7d233a8b19 [ 2540.882548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2540.885023] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2540.886055] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2540.887003] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2540.887958] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2540.888911] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2540.889864] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2540.927666] FAULT_INJECTION: forcing a failure. [ 2540.927666] name failslab, interval 1, probability 0, space 0, times 0 [ 2540.929244] CPU: 1 PID: 11045 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2540.930145] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2540.931228] Call Trace: [ 2540.931581] dump_stack+0x107/0x167 [ 2540.932064] should_fail.cold+0x5/0xa [ 2540.932571] ? create_object.isra.0+0x3a/0xa30 [ 2540.933173] should_failslab+0x5/0x20 [ 2540.933689] kmem_cache_alloc+0x5b/0x310 [ 2540.934224] ? mark_held_locks+0x9e/0xe0 [ 2540.934758] create_object.isra.0+0x3a/0xa30 [ 2540.935332] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2540.936001] kmem_cache_alloc_bulk+0x168/0x320 [ 2540.936611] io_submit_sqes+0x6fe4/0x8610 [ 2540.937187] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2540.937854] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2540.938489] ? find_held_lock+0x2c/0x110 [ 2540.939019] ? io_submit_sqes+0x8610/0x8610 [ 2540.939596] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2540.940232] ? wait_for_completion_io+0x270/0x270 [ 2540.940883] ? rcu_read_lock_any_held+0x75/0xa0 [ 2540.941496] ? vfs_write+0x354/0xb10 [ 2540.941998] ? fput_many+0x2f/0x1a0 [ 2540.942468] ? ksys_write+0x1a9/0x260 [ 2540.942973] ? __ia32_sys_read+0xb0/0xb0 [ 2540.943509] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2540.944201] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2540.944882] do_syscall_64+0x33/0x40 [ 2540.945380] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2540.946045] RIP: 0033:0x7f5689804b19 [ 2540.946542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2540.948945] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2540.949948] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2540.950867] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2540.951799] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2540.952725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2540.953658] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:48:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x35, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:56 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:56 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:56 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2541.063184] FAULT_INJECTION: forcing a failure. [ 2541.063184] name failslab, interval 1, probability 0, space 0, times 0 [ 2541.066425] CPU: 1 PID: 11068 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2541.067287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2541.068375] Call Trace: [ 2541.068721] dump_stack+0x107/0x167 [ 2541.069190] should_fail.cold+0x5/0xa [ 2541.069675] ? create_object.isra.0+0x3a/0xa30 [ 2541.070248] should_failslab+0x5/0x20 [ 2541.070727] kmem_cache_alloc+0x5b/0x310 [ 2541.071356] ? mark_held_locks+0x9e/0xe0 [ 2541.071869] create_object.isra.0+0x3a/0xa30 [ 2541.072540] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2541.073185] kmem_cache_alloc_bulk+0x168/0x320 [ 2541.073885] io_submit_sqes+0x6fe4/0x8610 [ 2541.074424] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2541.075179] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2541.075922] ? find_held_lock+0x2c/0x110 [ 2541.076434] ? io_submit_sqes+0x8610/0x8610 [ 2541.077105] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2541.077843] ? wait_for_completion_io+0x270/0x270 [ 2541.078576] ? rcu_read_lock_any_held+0x75/0xa0 [ 2541.079281] ? vfs_write+0x354/0xb10 [ 2541.079848] ? fput_many+0x2f/0x1a0 [ 2541.080392] ? ksys_write+0x1a9/0x260 [ 2541.080966] ? __ia32_sys_read+0xb0/0xb0 [ 2541.081590] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2541.082379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2541.083018] do_syscall_64+0x33/0x40 [ 2541.083584] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2541.084360] RIP: 0033:0x7f5689804b19 [ 2541.084919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2541.087687] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2541.088826] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2541.089900] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2541.090963] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2541.092029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2541.093107] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:48:57 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:57 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 27) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x36, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2541.136197] FAULT_INJECTION: forcing a failure. [ 2541.136197] name failslab, interval 1, probability 0, space 0, times 0 [ 2541.137804] CPU: 1 PID: 11076 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2541.138838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2541.140045] Call Trace: [ 2541.140375] dump_stack+0x107/0x167 [ 2541.140905] should_fail.cold+0x5/0xa [ 2541.141471] ? io_uring_alloc_task_context+0x99/0x6a0 [ 2541.142224] should_failslab+0x5/0x20 [ 2541.142782] kmem_cache_alloc_trace+0x55/0x320 [ 2541.143449] io_uring_alloc_task_context+0x99/0x6a0 [ 2541.144179] ? io_import_iovec+0x1120/0x1120 [ 2541.144822] ? lock_downgrade+0x6d0/0x6d0 [ 2541.145435] ? do_raw_spin_lock+0x121/0x260 [ 2541.146062] ? rwlock_bug.part.0+0x90/0x90 [ 2541.146568] __io_uring_add_tctx_node+0x2c6/0x520 [ 2541.147265] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2541.147946] ? alloc_fd+0x2e7/0x670 [ 2541.148489] io_uring_setup+0x1fbb/0x2980 [ 2541.149096] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2541.149822] ? wait_for_completion_io+0x270/0x270 [ 2541.150533] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2541.151289] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2541.152039] do_syscall_64+0x33/0x40 [ 2541.152579] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2541.153330] RIP: 0033:0x7f7d233a8b19 [ 2541.153782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2541.156442] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2541.157551] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2541.158569] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2541.159579] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2541.160420] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2541.161459] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:48:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x37, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:48:57 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:57 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:48:57 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2541.341472] FAULT_INJECTION: forcing a failure. [ 2541.341472] name failslab, interval 1, probability 0, space 0, times 0 [ 2541.343108] CPU: 1 PID: 11090 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2541.344069] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2541.345031] Call Trace: [ 2541.345404] dump_stack+0x107/0x167 [ 2541.345908] should_fail.cold+0x5/0xa [ 2541.346441] ? create_object.isra.0+0x3a/0xa30 [ 2541.347076] should_failslab+0x5/0x20 [ 2541.347601] kmem_cache_alloc+0x5b/0x310 [ 2541.348164] ? mark_held_locks+0x9e/0xe0 [ 2541.348732] create_object.isra.0+0x3a/0xa30 [ 2541.349351] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2541.350066] kmem_cache_alloc_bulk+0x168/0x320 [ 2541.350707] io_submit_sqes+0x6fe4/0x8610 [ 2541.351306] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2541.351999] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2541.352665] ? find_held_lock+0x2c/0x110 [ 2541.353232] ? io_submit_sqes+0x8610/0x8610 [ 2541.353836] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2541.354508] ? wait_for_completion_io+0x270/0x270 [ 2541.355177] ? rcu_read_lock_any_held+0x75/0xa0 [ 2541.355818] ? vfs_write+0x354/0xb10 [ 2541.356346] ? fput_many+0x2f/0x1a0 [ 2541.356853] ? ksys_write+0x1a9/0x260 [ 2541.357387] ? __ia32_sys_read+0xb0/0xb0 [ 2541.357948] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2541.358669] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2541.359387] do_syscall_64+0x33/0x40 [ 2541.359904] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2541.360613] RIP: 0033:0x7f5689804b19 [ 2541.361057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2541.363582] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2541.364629] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2541.365619] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2541.366432] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2541.367427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2541.368239] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:49:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:10 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x38, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:10 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:10 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:10 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:10 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:10 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 28) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2554.837260] FAULT_INJECTION: forcing a failure. [ 2554.837260] name failslab, interval 1, probability 0, space 0, times 0 [ 2554.838663] CPU: 1 PID: 11110 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2554.839452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2554.840406] Call Trace: [ 2554.840715] dump_stack+0x107/0x167 [ 2554.841144] should_fail.cold+0x5/0xa [ 2554.841584] ? create_object.isra.0+0x3a/0xa30 [ 2554.842109] should_failslab+0x5/0x20 [ 2554.842549] kmem_cache_alloc+0x5b/0x310 [ 2554.843019] create_object.isra.0+0x3a/0xa30 [ 2554.843522] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2554.844103] kmem_cache_alloc_trace+0x151/0x320 [ 2554.844642] io_uring_alloc_task_context+0x99/0x6a0 [ 2554.845224] ? io_import_iovec+0x1120/0x1120 [ 2554.845734] ? lock_downgrade+0x6d0/0x6d0 [ 2554.846207] ? do_raw_spin_lock+0x121/0x260 [ 2554.846707] ? rwlock_bug.part.0+0x90/0x90 [ 2554.847197] __io_uring_add_tctx_node+0x2c6/0x520 [ 2554.847749] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2554.848347] ? alloc_fd+0x2e7/0x670 [ 2554.848772] io_uring_setup+0x1fbb/0x2980 [ 2554.849259] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2554.849840] ? wait_for_completion_io+0x270/0x270 [ 2554.850409] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2554.851013] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2554.851611] do_syscall_64+0x33/0x40 [ 2554.852040] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2554.852628] RIP: 0033:0x7f7d233a8b19 [ 2554.853057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2554.855175] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2554.856044] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2554.856858] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2554.857686] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2554.858503] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2554.859317] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:49:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2554.890553] FAULT_INJECTION: forcing a failure. [ 2554.890553] name failslab, interval 1, probability 0, space 0, times 0 [ 2554.893554] CPU: 0 PID: 11108 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2554.895227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2554.897264] Call Trace: [ 2554.897925] dump_stack+0x107/0x167 [ 2554.898811] should_fail.cold+0x5/0xa [ 2554.899748] should_failslab+0x5/0x20 [ 2554.900683] kmem_cache_alloc_bulk+0x4b/0x320 [ 2554.901787] io_submit_sqes+0x6fe4/0x8610 [ 2554.902838] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2554.904056] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2554.905246] ? find_held_lock+0x2c/0x110 [ 2554.906258] ? io_submit_sqes+0x8610/0x8610 [ 2554.907307] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2554.908481] ? wait_for_completion_io+0x270/0x270 [ 2554.909690] ? rcu_read_lock_any_held+0x75/0xa0 [ 2554.910829] ? vfs_write+0x354/0xb10 [ 2554.911736] ? fput_many+0x2f/0x1a0 [ 2554.912630] ? ksys_write+0x1a9/0x260 [ 2554.913577] ? __ia32_sys_read+0xb0/0xb0 [ 2554.914577] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2554.915850] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2554.917099] do_syscall_64+0x33/0x40 [ 2554.918029] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2554.919272] RIP: 0033:0x7f5689804b19 [ 2554.920190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2554.924937] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2554.926727] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2554.928345] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2554.929967] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2554.931581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2554.933187] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:49:32 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 29) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x39, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:32 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r7, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) [ 2576.773530] FAULT_INJECTION: forcing a failure. [ 2576.773530] name failslab, interval 1, probability 0, space 0, times 0 [ 2576.775157] CPU: 1 PID: 11144 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2576.776065] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2576.777153] Call Trace: [ 2576.777521] dump_stack+0x107/0x167 [ 2576.778001] should_fail.cold+0x5/0xa [ 2576.778500] ? create_object.isra.0+0x3a/0xa30 [ 2576.779117] should_failslab+0x5/0x20 [ 2576.779612] kmem_cache_alloc+0x5b/0x310 [ 2576.780161] create_object.isra.0+0x3a/0xa30 [ 2576.780204] FAULT_INJECTION: forcing a failure. [ 2576.780204] name failslab, interval 1, probability 0, space 0, times 0 [ 2576.780731] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2576.780749] kmem_cache_alloc_bulk+0x168/0x320 [ 2576.780768] io_submit_sqes+0x6fe4/0x8610 [ 2576.780802] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2576.780813] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2576.780836] ? find_held_lock+0x2c/0x110 [ 2576.786762] ? io_submit_sqes+0x8610/0x8610 [ 2576.787319] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2576.787931] ? wait_for_completion_io+0x270/0x270 [ 2576.788548] ? rcu_read_lock_any_held+0x75/0xa0 [ 2576.789141] ? vfs_write+0x354/0xb10 [ 2576.789631] ? fput_many+0x2f/0x1a0 [ 2576.790096] ? ksys_write+0x1a9/0x260 [ 2576.790578] ? __ia32_sys_read+0xb0/0xb0 [ 2576.791099] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2576.791763] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2576.792429] do_syscall_64+0x33/0x40 [ 2576.792913] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2576.793574] RIP: 0033:0x7f5689804b19 [ 2576.794049] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2576.796395] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2576.797391] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2576.798296] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2576.799202] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2576.800106] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2576.801010] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 [ 2576.801958] CPU: 0 PID: 11141 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2576.803462] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2576.805258] Call Trace: [ 2576.805875] dump_stack+0x107/0x167 [ 2576.806668] should_fail.cold+0x5/0xa [ 2576.807498] ? create_object.isra.0+0x3a/0xa30 [ 2576.808474] should_failslab+0x5/0x20 [ 2576.809305] kmem_cache_alloc+0x5b/0x310 [ 2576.810200] create_object.isra.0+0x3a/0xa30 [ 2576.811163] kmemleak_alloc_percpu+0xa0/0x100 [ 2576.812136] pcpu_alloc+0x4e2/0x1240 [ 2576.812944] __percpu_counter_init+0x10d/0x2d0 [ 2576.813930] io_uring_alloc_task_context+0xcc/0x6a0 [ 2576.814994] ? io_import_iovec+0x1120/0x1120 [ 2576.815933] ? lock_downgrade+0x6d0/0x6d0 [ 2576.816971] ? do_raw_spin_lock+0x121/0x260 [ 2576.817977] ? rwlock_bug.part.0+0x90/0x90 [ 2576.818903] __io_uring_add_tctx_node+0x2c6/0x520 [ 2576.819940] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2576.821078] ? alloc_fd+0x2e7/0x670 [ 2576.821882] io_uring_setup+0x1fbb/0x2980 [ 2576.822794] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2576.823882] ? wait_for_completion_io+0x270/0x270 [ 2576.824930] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2576.826055] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2576.827166] do_syscall_64+0x33/0x40 [ 2576.827982] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2576.829087] RIP: 0033:0x7f7d233a8b19 [ 2576.829900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2576.833844] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2576.835501] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2576.837048] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2576.838617] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2576.840169] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2576.841725] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:49:32 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x3a, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:32 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r7, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:49:32 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x3b, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:32 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 30) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:32 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2577.081512] FAULT_INJECTION: forcing a failure. [ 2577.081512] name failslab, interval 1, probability 0, space 0, times 0 [ 2577.082875] CPU: 1 PID: 11171 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2577.083664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2577.084632] Call Trace: [ 2577.084950] dump_stack+0x107/0x167 [ 2577.085393] should_fail.cold+0x5/0xa [ 2577.085847] ? create_object.isra.0+0x3a/0xa30 [ 2577.086377] should_failslab+0x5/0x20 [ 2577.086831] kmem_cache_alloc+0x5b/0x310 [ 2577.087304] create_object.isra.0+0x3a/0xa30 [ 2577.087826] kmemleak_alloc_percpu+0xa0/0x100 [ 2577.088366] pcpu_alloc+0x4e2/0x1240 [ 2577.088808] __percpu_counter_init+0x10d/0x2d0 [ 2577.089368] io_uring_alloc_task_context+0xcc/0x6a0 [ 2577.089946] ? io_import_iovec+0x1120/0x1120 [ 2577.090460] ? lock_downgrade+0x6d0/0x6d0 [ 2577.090930] ? do_raw_spin_lock+0x121/0x260 [ 2577.091429] ? rwlock_bug.part.0+0x90/0x90 [ 2577.091918] __io_uring_add_tctx_node+0x2c6/0x520 [ 2577.092496] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2577.093108] ? alloc_fd+0x2e7/0x670 [ 2577.093553] io_uring_setup+0x1fbb/0x2980 [ 2577.094055] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2577.094656] ? wait_for_completion_io+0x270/0x270 [ 2577.095246] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2577.095866] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2577.096468] do_syscall_64+0x33/0x40 [ 2577.096898] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2577.097502] RIP: 0033:0x7f7d233a8b19 [ 2577.097930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2577.100090] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2577.100978] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2577.101838] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2577.102682] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2577.103518] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2577.104359] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2577.144654] FAULT_INJECTION: forcing a failure. [ 2577.144654] name failslab, interval 1, probability 0, space 0, times 0 [ 2577.147400] CPU: 0 PID: 11172 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2577.148875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2577.150672] Call Trace: [ 2577.151254] dump_stack+0x107/0x167 [ 2577.152054] should_fail.cold+0x5/0xa [ 2577.152883] ? create_object.isra.0+0x3a/0xa30 [ 2577.153889] should_failslab+0x5/0x20 [ 2577.154717] kmem_cache_alloc+0x5b/0x310 [ 2577.155598] ? mark_held_locks+0x9e/0xe0 [ 2577.156482] create_object.isra.0+0x3a/0xa30 [ 2577.157444] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2577.158548] kmem_cache_alloc_bulk+0x168/0x320 [ 2577.159531] io_submit_sqes+0x6fe4/0x8610 [ 2577.160430] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2577.161493] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2577.162556] ? find_held_lock+0x2c/0x110 [ 2577.163438] ? io_submit_sqes+0x8610/0x8610 [ 2577.164386] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2577.165445] ? wait_for_completion_io+0x270/0x270 [ 2577.166498] ? rcu_read_lock_any_held+0x75/0xa0 [ 2577.167502] ? vfs_write+0x354/0xb10 [ 2577.168295] ? fput_many+0x2f/0x1a0 [ 2577.169063] ? ksys_write+0x1a9/0x260 [ 2577.169885] ? __ia32_sys_read+0xb0/0xb0 [ 2577.170774] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2577.171903] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2577.173030] do_syscall_64+0x33/0x40 [ 2577.173844] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2577.174952] RIP: 0033:0x7f5689804b19 [ 2577.175752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2577.179731] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2577.181371] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2577.182892] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2577.184439] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2577.185998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2577.187521] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:49:47 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x3c, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:47 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:49:47 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:47 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:47 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:47 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 31) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:47 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r7, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:47 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) [ 2592.046208] FAULT_INJECTION: forcing a failure. [ 2592.046208] name failslab, interval 1, probability 0, space 0, times 0 [ 2592.049008] CPU: 1 PID: 11201 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2592.050538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2592.052347] Call Trace: [ 2592.052941] dump_stack+0x107/0x167 [ 2592.053769] should_fail.cold+0x5/0xa [ 2592.054698] ? io_uring_alloc_task_context+0x4a3/0x6a0 [ 2592.055861] should_failslab+0x5/0x20 [ 2592.056699] kmem_cache_alloc_trace+0x55/0x320 [ 2592.057720] io_uring_alloc_task_context+0x4a3/0x6a0 [ 2592.058823] ? io_import_iovec+0x1120/0x1120 [ 2592.059769] ? lock_downgrade+0x6d0/0x6d0 [ 2592.060678] ? do_raw_spin_lock+0x121/0x260 [ 2592.061650] ? rwlock_bug.part.0+0x90/0x90 [ 2592.062575] __io_uring_add_tctx_node+0x2c6/0x520 [ 2592.063623] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2592.064754] ? alloc_fd+0x2e7/0x670 [ 2592.065572] io_uring_setup+0x1fbb/0x2980 [ 2592.066488] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2592.067580] ? wait_for_completion_io+0x270/0x270 [ 2592.068642] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2592.069790] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2592.070904] do_syscall_64+0x33/0x40 [ 2592.071779] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2592.072891] RIP: 0033:0x7f7d233a8b19 [ 2592.073702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2592.078062] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2592.080020] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2592.081558] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2592.083085] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2592.084587] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2592.086096] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:49:48 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:48 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x3e, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2592.119508] FAULT_INJECTION: forcing a failure. [ 2592.119508] name failslab, interval 1, probability 0, space 0, times 0 [ 2592.121532] CPU: 0 PID: 11202 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2592.122699] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2592.124034] Call Trace: [ 2592.124477] dump_stack+0x107/0x167 [ 2592.125097] should_fail.cold+0x5/0xa [ 2592.125756] ? create_object.isra.0+0x3a/0xa30 [ 2592.126526] should_failslab+0x5/0x20 [ 2592.127176] kmem_cache_alloc+0x5b/0x310 [ 2592.127863] ? mark_held_locks+0x9e/0xe0 [ 2592.128561] create_object.isra.0+0x3a/0xa30 [ 2592.129301] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2592.130171] kmem_cache_alloc_bulk+0x168/0x320 [ 2592.130957] io_submit_sqes+0x6fe4/0x8610 [ 2592.131693] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2592.132533] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2592.133323] ? find_held_lock+0x2c/0x110 [ 2592.134027] ? io_submit_sqes+0x8610/0x8610 [ 2592.134761] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2592.135592] ? wait_for_completion_io+0x270/0x270 [ 2592.136413] ? rcu_read_lock_any_held+0x75/0xa0 [ 2592.137204] ? vfs_write+0x354/0xb10 [ 2592.137842] ? fput_many+0x2f/0x1a0 [ 2592.138441] ? ksys_write+0x1a9/0x260 [ 2592.139085] ? __ia32_sys_read+0xb0/0xb0 [ 2592.139782] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2592.140683] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2592.141574] do_syscall_64+0x33/0x40 [ 2592.142202] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2592.143026] RIP: 0033:0x7f5689804b19 [ 2592.143668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2592.146779] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2592.148014] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2592.149185] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2592.150366] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2592.151539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2592.152710] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:49:48 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:49:48 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:48 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:48 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:48 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:48 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 32) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:48 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) [ 2592.343499] FAULT_INJECTION: forcing a failure. [ 2592.343499] name failslab, interval 1, probability 0, space 0, times 0 [ 2592.345482] CPU: 0 PID: 11224 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2592.346609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2592.347933] Call Trace: [ 2592.348364] dump_stack+0x107/0x167 [ 2592.348979] should_fail.cold+0x5/0xa [ 2592.349604] ? create_object.isra.0+0x3a/0xa30 [ 2592.350344] should_failslab+0x5/0x20 [ 2592.350956] kmem_cache_alloc+0x5b/0x310 [ 2592.351612] create_object.isra.0+0x3a/0xa30 [ 2592.352318] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2592.353143] kmem_cache_alloc_trace+0x151/0x320 [ 2592.353916] io_uring_alloc_task_context+0x4a3/0x6a0 [ 2592.354737] ? io_import_iovec+0x1120/0x1120 [ 2592.355445] ? lock_downgrade+0x6d0/0x6d0 [ 2592.356108] ? do_raw_spin_lock+0x121/0x260 [ 2592.356796] ? rwlock_bug.part.0+0x90/0x90 22:49:48 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2592.357488] __io_uring_add_tctx_node+0x2c6/0x520 [ 2592.358446] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2592.359297] ? alloc_fd+0x2e7/0x670 [ 2592.359910] io_uring_setup+0x1fbb/0x2980 [ 2592.360600] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2592.361449] ? wait_for_completion_io+0x270/0x270 [ 2592.362261] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2592.363134] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2592.363982] do_syscall_64+0x33/0x40 [ 2592.364606] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2592.365460] RIP: 0033:0x7f7d233a8b19 [ 2592.366085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2592.369024] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2592.370241] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2592.371375] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2592.372512] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2592.373683] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2592.374831] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:49:48 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:49:48 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:49:48 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2592.486099] FAULT_INJECTION: forcing a failure. [ 2592.486099] name failslab, interval 1, probability 0, space 0, times 0 [ 2592.488265] CPU: 0 PID: 11231 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2592.489413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2592.490734] Call Trace: [ 2592.491158] dump_stack+0x107/0x167 [ 2592.491739] should_fail.cold+0x5/0xa [ 2592.492374] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2592.493239] should_failslab+0x5/0x20 [ 2592.493876] __kmalloc_node+0x76/0x420 [ 2592.494528] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2592.495368] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 2592.496211] kmem_cache_alloc_bulk+0x182/0x320 [ 2592.496976] io_submit_sqes+0x6fe4/0x8610 [ 2592.497696] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2592.498527] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2592.499295] ? find_held_lock+0x2c/0x110 [ 2592.499941] ? io_submit_sqes+0x8610/0x8610 [ 2592.500632] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2592.501430] ? wait_for_completion_io+0x270/0x270 [ 2592.502230] ? rcu_read_lock_any_held+0x75/0xa0 [ 2592.503005] ? vfs_write+0x354/0xb10 [ 2592.503618] ? fput_many+0x2f/0x1a0 [ 2592.504218] ? ksys_write+0x1a9/0x260 [ 2592.504844] ? __ia32_sys_read+0xb0/0xb0 [ 2592.505528] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2592.506403] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2592.507259] do_syscall_64+0x33/0x40 [ 2592.507875] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2592.508698] RIP: 0033:0x7f5689804b19 [ 2592.509314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2592.513091] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2592.514737] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2592.515929] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2592.517241] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2592.518487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2592.519793] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:50:02 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:02 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:50:02 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:50:02 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:02 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x46, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:02 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:02 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:02 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 33) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2606.237067] FAULT_INJECTION: forcing a failure. [ 2606.237067] name failslab, interval 1, probability 0, space 0, times 0 [ 2606.238530] CPU: 0 PID: 11257 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2606.239316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2606.240250] Call Trace: [ 2606.240559] dump_stack+0x107/0x167 [ 2606.240982] should_fail.cold+0x5/0xa [ 2606.241424] ? io_wq_create+0xeb/0xc00 [ 2606.241876] should_failslab+0x5/0x20 [ 2606.242318] __kmalloc+0x72/0x390 [ 2606.242713] io_wq_create+0xeb/0xc00 [ 2606.243139] io_uring_alloc_task_context+0x1f1/0x6a0 [ 2606.243718] ? io_import_iovec+0x1120/0x1120 [ 2606.244222] ? io_apoll_task_func+0x2d0/0x2d0 [ 2606.244725] ? __io_req_find_next+0x300/0x300 [ 2606.245230] ? do_raw_spin_lock+0x121/0x260 [ 2606.245723] ? rwlock_bug.part.0+0x90/0x90 [ 2606.246204] __io_uring_add_tctx_node+0x2c6/0x520 [ 2606.246748] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2606.247339] ? alloc_fd+0x2e7/0x670 [ 2606.247760] io_uring_setup+0x1fbb/0x2980 [ 2606.248232] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2606.248804] ? wait_for_completion_io+0x270/0x270 [ 2606.249370] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2606.249972] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2606.250552] do_syscall_64+0x33/0x40 [ 2606.250974] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2606.251557] RIP: 0033:0x7f7d233a8b19 [ 2606.251983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2606.254058] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2606.254920] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2606.255722] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2606.256521] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2606.257336] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2606.258159] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2606.271452] FAULT_INJECTION: forcing a failure. [ 2606.271452] name failslab, interval 1, probability 0, space 0, times 0 [ 2606.272788] CPU: 0 PID: 11263 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2606.273595] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2606.274582] Call Trace: [ 2606.274895] dump_stack+0x107/0x167 [ 2606.275329] should_fail.cold+0x5/0xa [ 2606.275773] ? create_object.isra.0+0x3a/0xa30 [ 2606.276301] should_failslab+0x5/0x20 [ 2606.276748] kmem_cache_alloc+0x5b/0x310 [ 2606.277225] ? mark_held_locks+0x9e/0xe0 [ 2606.277707] create_object.isra.0+0x3a/0xa30 [ 2606.278217] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2606.278817] kmem_cache_alloc_bulk+0x168/0x320 [ 2606.279363] io_submit_sqes+0x6fe4/0x8610 [ 2606.279877] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2606.280460] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2606.281027] ? find_held_lock+0x2c/0x110 [ 2606.281511] ? io_submit_sqes+0x8610/0x8610 [ 2606.282028] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2606.282591] ? wait_for_completion_io+0x270/0x270 [ 2606.283156] ? rcu_read_lock_any_held+0x75/0xa0 [ 2606.283694] ? vfs_write+0x354/0xb10 [ 2606.284125] ? fput_many+0x2f/0x1a0 [ 2606.284546] ? ksys_write+0x1a9/0x260 [ 2606.284988] ? __ia32_sys_read+0xb0/0xb0 [ 2606.285466] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2606.286084] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2606.286688] do_syscall_64+0x33/0x40 [ 2606.287123] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2606.287720] RIP: 0033:0x7f5689804b19 [ 2606.288157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2606.290314] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2606.291208] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2606.292044] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2606.292874] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2606.293711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2606.294540] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:50:15 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, 0x0, 0x2bff3346) 22:50:15 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:50:15 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 34) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2619.109694] FAULT_INJECTION: forcing a failure. [ 2619.109694] name failslab, interval 1, probability 0, space 0, times 0 [ 2619.111314] CPU: 0 PID: 11279 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2619.112252] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2619.113386] Call Trace: [ 2619.113755] dump_stack+0x107/0x167 [ 2619.114263] should_fail.cold+0x5/0xa [ 2619.114791] ? create_object.isra.0+0x3a/0xa30 [ 2619.115419] should_failslab+0x5/0x20 [ 2619.115938] kmem_cache_alloc+0x5b/0x310 [ 2619.116496] create_object.isra.0+0x3a/0xa30 [ 2619.117090] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2619.117789] __kmalloc+0x16e/0x390 [ 2619.118316] io_wq_create+0xeb/0xc00 [ 2619.118855] io_uring_alloc_task_context+0x1f1/0x6a0 [ 2619.119548] ? io_import_iovec+0x1120/0x1120 [ 2619.120149] ? io_apoll_task_func+0x2d0/0x2d0 [ 2619.120762] ? __io_req_find_next+0x300/0x300 [ 2619.121374] ? do_raw_spin_lock+0x121/0x260 [ 2619.121982] ? rwlock_bug.part.0+0x90/0x90 [ 2619.122562] __io_uring_add_tctx_node+0x2c6/0x520 [ 2619.123222] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2619.123932] ? alloc_fd+0x2e7/0x670 [ 2619.124444] io_uring_setup+0x1fbb/0x2980 [ 2619.125020] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2619.125730] ? wait_for_completion_io+0x270/0x270 [ 2619.126423] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2619.127140] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2619.127849] do_syscall_64+0x33/0x40 [ 2619.128365] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2619.129072] RIP: 0033:0x7f7d233a8b19 [ 2619.129575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2619.132096] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2619.133134] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2619.134104] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2619.135070] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2619.136045] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2619.137026] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:50:15 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x48, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2619.215778] FAULT_INJECTION: forcing a failure. [ 2619.215778] name failslab, interval 1, probability 0, space 0, times 0 [ 2619.218617] CPU: 1 PID: 11286 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2619.220212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2619.222145] Call Trace: [ 2619.222756] dump_stack+0x107/0x167 [ 2619.223600] should_fail.cold+0x5/0xa [ 2619.224480] ? create_object.isra.0+0x3a/0xa30 [ 2619.225526] should_failslab+0x5/0x20 [ 2619.226413] kmem_cache_alloc+0x5b/0x310 [ 2619.227352] ? mark_held_locks+0x9e/0xe0 [ 2619.228281] create_object.isra.0+0x3a/0xa30 [ 2619.229271] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2619.230448] kmem_cache_alloc_bulk+0x168/0x320 [ 2619.231503] io_submit_sqes+0x6fe4/0x8610 [ 2619.232488] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2619.233624] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2619.234748] ? find_held_lock+0x2c/0x110 [ 2619.235686] ? io_submit_sqes+0x8610/0x8610 [ 2619.236678] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2619.237775] ? wait_for_completion_io+0x270/0x270 [ 2619.238886] ? rcu_read_lock_any_held+0x75/0xa0 [ 2619.239946] ? vfs_write+0x354/0xb10 [ 2619.240792] ? fput_many+0x2f/0x1a0 [ 2619.241607] ? ksys_write+0x1a9/0x260 22:50:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 35) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2619.242473] ? __ia32_sys_read+0xb0/0xb0 [ 2619.243614] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2619.244801] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2619.245980] do_syscall_64+0x33/0x40 [ 2619.246820] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2619.247978] RIP: 0033:0x7f5689804b19 [ 2619.248818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2619.252950] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2619.254661] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2619.256276] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2619.258094] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2619.259934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2619.261762] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 [ 2619.264668] FAULT_INJECTION: forcing a failure. [ 2619.264668] name failslab, interval 1, probability 0, space 0, times 0 [ 2619.266477] CPU: 0 PID: 11298 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2619.267383] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2619.268489] Call Trace: [ 2619.268840] dump_stack+0x107/0x167 [ 2619.269331] should_fail.cold+0x5/0xa [ 2619.269860] ? io_wq_create+0x6ef/0xc00 [ 2619.270377] should_failslab+0x5/0x20 [ 2619.270873] kmem_cache_alloc_node_trace+0x59/0x340 [ 2619.271527] io_wq_create+0x6ef/0xc00 [ 2619.272028] io_uring_alloc_task_context+0x1f1/0x6a0 [ 2619.272688] ? io_import_iovec+0x1120/0x1120 [ 2619.273277] ? io_apoll_task_func+0x2d0/0x2d0 [ 2619.273862] ? __io_req_find_next+0x300/0x300 [ 2619.274447] ? do_raw_spin_lock+0x121/0x260 [ 2619.275015] ? rwlock_bug.part.0+0x90/0x90 [ 2619.275568] __io_uring_add_tctx_node+0x2c6/0x520 [ 2619.276198] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2619.276880] ? alloc_fd+0x2e7/0x670 [ 2619.277356] io_uring_setup+0x1fbb/0x2980 [ 2619.277902] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2619.278559] ? wait_for_completion_io+0x270/0x270 [ 2619.279208] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2619.279885] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2619.280554] do_syscall_64+0x33/0x40 [ 2619.281027] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2619.281695] RIP: 0033:0x7f7d233a8b19 [ 2619.282172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2619.284544] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2619.285532] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2619.286477] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2619.287409] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2619.288313] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2619.289227] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:50:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x49, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:50:15 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4a, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 36) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4b, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:15 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2619.608564] FAULT_INJECTION: forcing a failure. [ 2619.608564] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2619.610171] CPU: 0 PID: 11328 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2619.610970] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2619.611908] Call Trace: [ 2619.612214] dump_stack+0x107/0x167 [ 2619.612640] should_fail.cold+0x5/0xa [ 2619.613077] __alloc_pages_nodemask+0x182/0x600 [ 2619.613611] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2619.614324] alloc_pages_current+0x187/0x280 [ 2619.614832] allocate_slab+0x26f/0x380 [ 2619.615286] ___slab_alloc+0x470/0x700 [ 2619.615744] ? io_submit_sqes+0x6fe4/0x8610 [ 2619.616239] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2619.616834] ? trace_hardirqs_on+0x5b/0x180 [ 2619.617337] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 2619.617887] kmem_cache_alloc_bulk+0x1ec/0x320 [ 2619.618415] io_submit_sqes+0x6fe4/0x8610 [ 2619.618914] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2619.619482] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2619.620040] ? find_held_lock+0x2c/0x110 [ 2619.620501] ? io_submit_sqes+0x8610/0x8610 [ 2619.621003] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2619.621562] ? wait_for_completion_io+0x270/0x270 [ 2619.622123] ? rcu_read_lock_any_held+0x75/0xa0 [ 2619.622651] ? vfs_write+0x354/0xb10 [ 2619.623082] ? fput_many+0x2f/0x1a0 [ 2619.623499] ? ksys_write+0x1a9/0x260 [ 2619.623932] ? __ia32_sys_read+0xb0/0xb0 [ 2619.624402] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2619.625004] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2619.625594] do_syscall_64+0x33/0x40 [ 2619.626030] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2619.626612] RIP: 0033:0x7f5689804b19 [ 2619.627040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2619.629127] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2619.630009] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2619.630828] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2619.631647] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2619.632458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2619.633283] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 [ 2619.635421] FAULT_INJECTION: forcing a failure. [ 2619.635421] name failslab, interval 1, probability 0, space 0, times 0 [ 2619.636731] CPU: 0 PID: 11329 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2619.637522] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2619.638478] Call Trace: [ 2619.638775] dump_stack+0x107/0x167 [ 2619.639187] should_fail.cold+0x5/0xa [ 2619.639612] ? create_object.isra.0+0x3a/0xa30 [ 2619.640126] should_failslab+0x5/0x20 [ 2619.640555] kmem_cache_alloc+0x5b/0x310 [ 2619.641015] ? io_wq_create+0x114/0xc00 [ 2619.641472] create_object.isra.0+0x3a/0xa30 [ 2619.641978] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2619.642566] kmem_cache_alloc_node_trace+0x16d/0x340 [ 2619.643152] io_wq_create+0x6ef/0xc00 [ 2619.643592] io_uring_alloc_task_context+0x1f1/0x6a0 [ 2619.644177] ? io_import_iovec+0x1120/0x1120 [ 2619.644683] ? io_apoll_task_func+0x2d0/0x2d0 [ 2619.645193] ? __io_req_find_next+0x300/0x300 [ 2619.645705] ? do_raw_spin_lock+0x121/0x260 [ 2619.646197] ? rwlock_bug.part.0+0x90/0x90 [ 2619.646689] __io_uring_add_tctx_node+0x2c6/0x520 [ 2619.647253] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2619.647860] ? alloc_fd+0x2e7/0x670 [ 2619.648285] io_uring_setup+0x1fbb/0x2980 [ 2619.648766] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2619.649346] ? wait_for_completion_io+0x270/0x270 [ 2619.649920] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2619.650521] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2619.651116] do_syscall_64+0x33/0x40 [ 2619.651547] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2619.652131] RIP: 0033:0x7f7d233a8b19 [ 2619.652556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2619.654646] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2619.655524] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2619.656342] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2619.657156] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2619.657981] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2619.658800] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:50:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:50:29 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 37) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2633.438136] FAULT_INJECTION: forcing a failure. [ 2633.438136] name failslab, interval 1, probability 0, space 0, times 0 [ 2633.441045] CPU: 0 PID: 11349 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2633.442587] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2633.444425] Call Trace: [ 2633.445021] dump_stack+0x107/0x167 [ 2633.445850] should_fail.cold+0x5/0xa [ 2633.446712] ? __io_uring_add_tctx_node+0x15c/0x520 [ 2633.447820] should_failslab+0x5/0x20 [ 2633.448667] kmem_cache_alloc_trace+0x55/0x320 [ 2633.449674] __io_uring_add_tctx_node+0x15c/0x520 [ 2633.450762] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2633.451933] ? alloc_fd+0x2e7/0x670 [ 2633.452751] io_uring_setup+0x1fbb/0x2980 [ 2633.453674] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2633.454807] ? wait_for_completion_io+0x270/0x270 [ 2633.455906] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2633.457067] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2633.458230] do_syscall_64+0x33/0x40 [ 2633.459068] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2633.460214] RIP: 0033:0x7f7d233a8b19 [ 2633.461056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2633.465126] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2633.466807] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2633.468150] FAULT_INJECTION: forcing a failure. [ 2633.468150] name failslab, interval 1, probability 0, space 0, times 0 [ 2633.468388] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2633.468411] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2633.472782] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2633.474694] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2633.477040] CPU: 1 PID: 11356 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2633.477801] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2633.478698] Call Trace: [ 2633.478997] dump_stack+0x107/0x167 [ 2633.479394] should_fail.cold+0x5/0xa [ 2633.479812] ? create_object.isra.0+0x3a/0xa30 [ 2633.480319] should_failslab+0x5/0x20 [ 2633.480746] kmem_cache_alloc+0x5b/0x310 [ 2633.481185] create_object.isra.0+0x3a/0xa30 [ 2633.481658] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2633.482211] kmem_cache_alloc_bulk+0x168/0x320 [ 2633.482706] io_submit_sqes+0x6fe4/0x8610 [ 2633.483169] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2633.483702] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2633.484226] ? find_held_lock+0x2c/0x110 [ 2633.484668] ? io_submit_sqes+0x8610/0x8610 [ 2633.485137] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2633.485655] ? wait_for_completion_io+0x270/0x270 [ 2633.486181] ? rcu_read_lock_any_held+0x75/0xa0 [ 2633.486677] ? vfs_write+0x354/0xb10 [ 2633.487079] ? fput_many+0x2f/0x1a0 [ 2633.487468] ? ksys_write+0x1a9/0x260 [ 2633.487875] ? __ia32_sys_read+0xb0/0xb0 [ 2633.488314] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2633.488883] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2633.489440] do_syscall_64+0x33/0x40 [ 2633.489841] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2633.490396] RIP: 0033:0x7f5689804b19 [ 2633.490802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2633.492769] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2633.493591] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2633.494366] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2633.495131] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2633.495893] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2633.496652] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:50:29 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4c, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:29 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:29 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:29 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4e, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:29 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:50:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:50:29 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:29 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2633.713316] FAULT_INJECTION: forcing a failure. [ 2633.713316] name failslab, interval 1, probability 0, space 0, times 0 [ 2633.714568] CPU: 1 PID: 11380 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2633.715301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2633.716182] Call Trace: [ 2633.716474] dump_stack+0x107/0x167 [ 2633.716869] should_fail.cold+0x5/0xa [ 2633.717281] ? create_object.isra.0+0x3a/0xa30 [ 2633.717769] should_failslab+0x5/0x20 [ 2633.718185] kmem_cache_alloc+0x5b/0x310 [ 2633.718623] ? mark_held_locks+0x9e/0xe0 [ 2633.719065] create_object.isra.0+0x3a/0xa30 [ 2633.719533] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2633.720084] kmem_cache_alloc_bulk+0x168/0x320 [ 2633.720581] io_submit_sqes+0x6fe4/0x8610 [ 2633.721044] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2633.721576] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2633.722107] ? find_held_lock+0x2c/0x110 [ 2633.722547] ? io_submit_sqes+0x8610/0x8610 [ 2633.723014] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2633.723530] ? wait_for_completion_io+0x270/0x270 [ 2633.724053] ? rcu_read_lock_any_held+0x75/0xa0 [ 2633.724549] ? vfs_write+0x354/0xb10 [ 2633.724956] ? fput_many+0x2f/0x1a0 [ 2633.725346] ? ksys_write+0x1a9/0x260 [ 2633.725752] ? __ia32_sys_read+0xb0/0xb0 [ 2633.726202] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2633.726764] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2633.727318] do_syscall_64+0x33/0x40 [ 2633.727718] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2633.728265] RIP: 0033:0x7f5689804b19 [ 2633.728664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2633.730632] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2633.731446] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2633.732206] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2633.732966] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2633.733732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2633.734498] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 [ 2646.164624] FAULT_INJECTION: forcing a failure. [ 2646.164624] name failslab, interval 1, probability 0, space 0, times 0 [ 2646.167875] CPU: 1 PID: 11399 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2646.169667] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2646.171775] Call Trace: [ 2646.172462] dump_stack+0x107/0x167 [ 2646.173397] should_fail.cold+0x5/0xa [ 2646.174384] ? create_object.isra.0+0x3a/0xa30 [ 2646.175541] should_failslab+0x5/0x20 [ 2646.176510] kmem_cache_alloc+0x5b/0x310 [ 2646.177564] create_object.isra.0+0x3a/0xa30 22:50:42 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 38) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:42 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:42 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:50:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:42 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:50:42 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:42 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2646.179068] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2646.180663] kmem_cache_alloc_trace+0x151/0x320 [ 2646.182078] __io_uring_add_tctx_node+0x15c/0x520 [ 2646.183372] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2646.184725] ? alloc_fd+0x2e7/0x670 [ 2646.185673] io_uring_setup+0x1fbb/0x2980 [ 2646.186751] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2646.188024] ? wait_for_completion_io+0x270/0x270 [ 2646.189272] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2646.190613] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2646.191909] do_syscall_64+0x33/0x40 [ 2646.192847] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2646.194154] RIP: 0033:0x7f7d233a8b19 [ 2646.195121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2646.199732] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2646.201740] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2646.203663] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2646.205566] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2646.207366] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2646.209153] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:50:42 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2646.245072] FAULT_INJECTION: forcing a failure. [ 2646.245072] name failslab, interval 1, probability 0, space 0, times 0 [ 2646.246476] CPU: 0 PID: 11411 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2646.247293] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2646.248266] Call Trace: [ 2646.248610] dump_stack+0x107/0x167 [ 2646.249051] should_fail.cold+0x5/0xa [ 2646.249513] ? create_object.isra.0+0x3a/0xa30 [ 2646.250044] should_failslab+0x5/0x20 [ 2646.250490] kmem_cache_alloc+0x5b/0x310 [ 2646.250952] create_object.isra.0+0x3a/0xa30 [ 2646.251458] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2646.252046] kmem_cache_alloc_bulk+0x168/0x320 [ 2646.252578] io_submit_sqes+0x6fe4/0x8610 [ 2646.253069] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2646.253643] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2646.254205] ? find_held_lock+0x2c/0x110 [ 2646.254676] ? io_submit_sqes+0x8610/0x8610 [ 2646.255181] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2646.255748] ? wait_for_completion_io+0x270/0x270 [ 2646.256313] ? rcu_read_lock_any_held+0x75/0xa0 [ 2646.256841] ? vfs_write+0x354/0xb10 [ 2646.257274] ? fput_many+0x2f/0x1a0 [ 2646.257699] ? ksys_write+0x1a9/0x260 [ 2646.258145] ? __ia32_sys_read+0xb0/0xb0 [ 2646.258609] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2646.259202] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2646.259799] do_syscall_64+0x33/0x40 [ 2646.260222] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2646.260810] RIP: 0033:0x7f5689804b19 [ 2646.261243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2646.263347] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2646.264221] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2646.265035] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2646.265849] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2646.266666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2646.267487] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:50:42 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2}}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:42 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:50:42 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:42 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2646.384268] FAULT_INJECTION: forcing a failure. [ 2646.384268] name failslab, interval 1, probability 0, space 0, times 0 [ 2646.386533] CPU: 1 PID: 11427 Comm: syz-executor.2 Not tainted 5.10.250 #1 [ 2646.387867] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2646.389196] Call Trace: [ 2646.389618] dump_stack+0x107/0x167 [ 2646.390214] should_fail.cold+0x5/0xa [ 2646.390814] ? create_object.isra.0+0x3a/0xa30 [ 2646.391530] should_failslab+0x5/0x20 [ 2646.392124] kmem_cache_alloc+0x5b/0x310 [ 2646.392761] ? mark_held_locks+0x9e/0xe0 [ 2646.393394] create_object.isra.0+0x3a/0xa30 [ 2646.394086] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2646.394906] kmem_cache_alloc_bulk+0x168/0x320 [ 2646.395630] io_submit_sqes+0x6fe4/0x8610 [ 2646.396348] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2646.397170] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2646.397972] ? find_held_lock+0x2c/0x110 [ 2646.398629] ? io_submit_sqes+0x8610/0x8610 [ 2646.399314] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2646.400081] ? wait_for_completion_io+0x270/0x270 [ 2646.400849] ? rcu_read_lock_any_held+0x75/0xa0 [ 2646.401578] ? vfs_write+0x354/0xb10 [ 2646.402180] ? fput_many+0x2f/0x1a0 [ 2646.402760] ? ksys_write+0x1a9/0x260 [ 2646.403352] ? __ia32_sys_read+0xb0/0xb0 [ 2646.404002] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2646.404824] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2646.405642] do_syscall_64+0x33/0x40 [ 2646.406234] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2646.407043] RIP: 0033:0x7f5689804b19 [ 2646.407627] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2646.410465] RSP: 002b:00007f5686d7a188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2646.411672] RAX: ffffffffffffffda RBX: 00007f5689917f60 RCX: 00007f5689804b19 [ 2646.412781] RDX: 0000000000000000 RSI: 00000000000058a7 RDI: 0000000000000004 [ 2646.413892] RBP: 00007f5686d7a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2646.415007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2646.416119] R13: 00007ffe9eb77f8f R14: 00007f5686d7a300 R15: 0000000000022000 22:50:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3}}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:54 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:54 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:54 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:50:54 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 39) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:54 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:50:54 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:50:54 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2658.806592] FAULT_INJECTION: forcing a failure. [ 2658.806592] name failslab, interval 1, probability 0, space 0, times 0 [ 2658.809612] CPU: 1 PID: 11451 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2658.811165] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2658.813023] Call Trace: [ 2658.813619] dump_stack+0x107/0x167 [ 2658.814453] should_fail.cold+0x5/0xa [ 2658.815314] ? xas_alloc+0x336/0x440 [ 2658.816148] should_failslab+0x5/0x20 [ 2658.817000] kmem_cache_alloc+0x5b/0x310 [ 2658.817912] ? stack_trace_consume_entry+0x160/0x160 [ 2658.819061] xas_alloc+0x336/0x440 [ 2658.819866] xas_create+0x34a/0x10d0 [ 2658.820709] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2658.821884] xas_store+0x8c/0x1c40 [ 2658.822705] __xa_store+0x164/0x2d0 [ 2658.823528] ? xa_delete_node+0x280/0x280 [ 2658.824465] ? trace_hardirqs_on+0x5b/0x180 [ 2658.825443] xa_store+0x31/0x50 [ 2658.826203] __io_uring_add_tctx_node+0x1cf/0x520 [ 2658.827299] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2658.828470] ? alloc_fd+0x2e7/0x670 [ 2658.829306] io_uring_setup+0x1fbb/0x2980 [ 2658.830266] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2658.831417] ? wait_for_completion_io+0x270/0x270 [ 2658.832522] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2658.833696] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2658.834859] do_syscall_64+0x33/0x40 [ 2658.835694] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2658.836847] RIP: 0033:0x7f7d233a8b19 [ 2658.837675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2658.841751] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2658.843463] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2658.845053] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2658.846645] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2658.848240] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2658.849822] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:50:54 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, 0x0, 0x0) 22:50:54 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:07 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:07 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:07 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 40) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:07 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:51:07 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, 0x0, 0x0) 22:51:07 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:51:07 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:07 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, 0x0, 0x0) [ 2671.245583] FAULT_INJECTION: forcing a failure. [ 2671.245583] name failslab, interval 1, probability 0, space 0, times 0 [ 2671.248324] CPU: 1 PID: 11487 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2671.249874] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2671.251850] Call Trace: [ 2671.252493] dump_stack+0x107/0x167 [ 2671.253373] should_fail.cold+0x5/0xa [ 2671.254295] ? xas_alloc+0x336/0x440 [ 2671.255209] should_failslab+0x5/0x20 [ 2671.256130] kmem_cache_alloc+0x5b/0x310 [ 2671.257094] ? stack_trace_consume_entry+0x160/0x160 [ 2671.258298] xas_alloc+0x336/0x440 [ 2671.259169] xas_create+0x34a/0x10d0 [ 2671.260078] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2671.261319] xas_store+0x8c/0x1c40 [ 2671.262175] __xa_store+0x164/0x2d0 [ 2671.263063] ? xa_delete_node+0x280/0x280 [ 2671.264055] ? trace_hardirqs_on+0x5b/0x180 [ 2671.265080] xa_store+0x31/0x50 [ 2671.265867] __io_uring_add_tctx_node+0x1cf/0x520 [ 2671.267026] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2671.268267] ? alloc_fd+0x2e7/0x670 [ 2671.269146] io_uring_setup+0x1fbb/0x2980 [ 2671.270134] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2671.271327] ? wait_for_completion_io+0x270/0x270 [ 2671.272494] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2671.273720] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2671.274968] do_syscall_64+0x33/0x40 [ 2671.275852] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2671.277096] RIP: 0033:0x7f7d233a8b19 [ 2671.277974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2671.282451] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2671.284226] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2671.285902] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2671.287571] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2671.289228] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2671.290889] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:51:22 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:22 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:22 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:22 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:51:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:22 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:51:22 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 41) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2686.890537] FAULT_INJECTION: forcing a failure. [ 2686.890537] name failslab, interval 1, probability 0, space 0, times 0 [ 2686.893531] CPU: 0 PID: 11512 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2686.895153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2686.897080] Call Trace: [ 2686.897692] dump_stack+0x107/0x167 [ 2686.898556] should_fail.cold+0x5/0xa [ 2686.899440] ? xas_alloc+0x336/0x440 [ 2686.900305] should_failslab+0x5/0x20 [ 2686.901188] kmem_cache_alloc+0x5b/0x310 [ 2686.902162] xas_alloc+0x336/0x440 [ 2686.903005] xas_create+0x34a/0x10d0 [ 2686.903902] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2686.905111] xas_store+0x8c/0x1c40 22:51:22 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2686.905964] __xa_store+0x164/0x2d0 [ 2686.907262] ? xa_delete_node+0x280/0x280 [ 2686.908515] ? trace_hardirqs_on+0x5b/0x180 [ 2686.909811] xa_store+0x31/0x50 [ 2686.910816] __io_uring_add_tctx_node+0x1cf/0x520 [ 2686.912247] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2686.913787] ? alloc_fd+0x2e7/0x670 [ 2686.914910] io_uring_setup+0x1fbb/0x2980 [ 2686.916060] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2686.917266] ? wait_for_completion_io+0x270/0x270 [ 2686.918624] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2686.919956] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2686.921139] do_syscall_64+0x33/0x40 [ 2686.921999] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2686.923193] RIP: 0033:0x7f7d233a8b19 [ 2686.924046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2686.928248] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2686.929979] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2686.931614] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2686.933219] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2686.934823] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2686.936458] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:51:22 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:22 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x3, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:23 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:23 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x2, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:23 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 42) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:23 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:51:23 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x3}}, 0x2bff3346) 22:51:23 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x31, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@broadcast}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2687.209707] FAULT_INJECTION: forcing a failure. [ 2687.209707] name failslab, interval 1, probability 0, space 0, times 0 [ 2687.212364] CPU: 0 PID: 11535 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2687.213837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2687.215592] Call Trace: [ 2687.216156] dump_stack+0x107/0x167 [ 2687.216931] should_fail.cold+0x5/0xa [ 2687.217743] ? create_object.isra.0+0x3a/0xa30 [ 2687.218717] should_failslab+0x5/0x20 [ 2687.219538] kmem_cache_alloc+0x5b/0x310 [ 2687.220401] ? mark_held_locks+0x9e/0xe0 [ 2687.221266] create_object.isra.0+0x3a/0xa30 [ 2687.222187] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2687.223270] kmem_cache_alloc+0x159/0x310 [ 2687.224157] xas_alloc+0x336/0x440 [ 2687.224912] xas_create+0x34a/0x10d0 [ 2687.225713] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2687.226837] xas_store+0x8c/0x1c40 [ 2687.227600] __xa_store+0x164/0x2d0 [ 2687.228366] ? xa_delete_node+0x280/0x280 [ 2687.229244] ? trace_hardirqs_on+0x5b/0x180 [ 2687.230167] xa_store+0x31/0x50 [ 2687.230886] __io_uring_add_tctx_node+0x1cf/0x520 [ 2687.231917] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2687.233010] ? alloc_fd+0x2e7/0x670 [ 2687.233785] io_uring_setup+0x1fbb/0x2980 [ 2687.234675] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2687.235738] ? wait_for_completion_io+0x270/0x270 [ 2687.236776] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2687.237880] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2687.238990] do_syscall_64+0x33/0x40 [ 2687.239780] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2687.240856] RIP: 0033:0x7f7d233a8b19 [ 2687.241634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2687.245518] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2687.247128] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2687.248621] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2687.250162] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2687.251706] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2687.253254] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:51:23 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:23 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x4, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:23 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:23 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x6, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:23 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:23 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:39 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0xc, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:39 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:51:39 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:39 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 43) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:39 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x8, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:39 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:51:39 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:39 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, 0x0, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2703.746233] FAULT_INJECTION: forcing a failure. [ 2703.746233] name failslab, interval 1, probability 0, space 0, times 0 [ 2703.748753] CPU: 1 PID: 11574 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2703.750191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2703.751939] Call Trace: [ 2703.752570] dump_stack+0x107/0x167 [ 2703.753426] should_fail.cold+0x5/0xa [ 2703.754330] ? xas_alloc+0x336/0x440 [ 2703.755221] should_failslab+0x5/0x20 [ 2703.756119] kmem_cache_alloc+0x5b/0x310 [ 2703.757080] xas_alloc+0x336/0x440 [ 2703.757914] xas_create+0x34a/0x10d0 [ 2703.758823] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2703.760036] xas_store+0x8c/0x1c40 [ 2703.760899] __xa_store+0x164/0x2d0 [ 2703.761754] ? xa_delete_node+0x280/0x280 [ 2703.762742] ? trace_hardirqs_on+0x5b/0x180 [ 2703.763768] xa_store+0x31/0x50 [ 2703.764564] __io_uring_add_tctx_node+0x1cf/0x520 [ 2703.765685] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2703.766933] ? alloc_fd+0x2e7/0x670 [ 2703.767811] io_uring_setup+0x1fbb/0x2980 [ 2703.768797] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2703.769967] ? wait_for_completion_io+0x270/0x270 [ 2703.771142] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2703.772403] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2703.773654] do_syscall_64+0x33/0x40 [ 2703.774549] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2703.775787] RIP: 0033:0x7f7d233a8b19 [ 2703.776682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2703.781094] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2703.782953] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2703.784625] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2703.786261] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 22:51:39 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2703.787895] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2703.789767] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:51:39 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x300, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:55 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:51:55 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, 0x0, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:55 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x2000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:55 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x12, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:55 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:51:55 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:51:55 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 44) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:55 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2719.719171] FAULT_INJECTION: forcing a failure. [ 2719.719171] name failslab, interval 1, probability 0, space 0, times 0 [ 2719.722378] CPU: 1 PID: 11614 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2719.724152] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2719.725936] Call Trace: [ 2719.726507] dump_stack+0x107/0x167 [ 2719.727306] should_fail.cold+0x5/0xa [ 2719.728134] ? create_object.isra.0+0x3a/0xa30 [ 2719.729121] should_failslab+0x5/0x20 [ 2719.729941] kmem_cache_alloc+0x5b/0x310 [ 2719.730819] ? mark_held_locks+0x9e/0xe0 [ 2719.731710] create_object.isra.0+0x3a/0xa30 [ 2719.732653] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2719.733753] kmem_cache_alloc+0x159/0x310 [ 2719.734653] xas_alloc+0x336/0x440 [ 2719.735422] xas_create+0x34a/0x10d0 [ 2719.736238] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2719.737366] xas_store+0x8c/0x1c40 [ 2719.738144] __xa_store+0x164/0x2d0 [ 2719.738937] ? xa_delete_node+0x280/0x280 [ 2719.739835] ? trace_hardirqs_on+0x5b/0x180 [ 2719.740767] xa_store+0x31/0x50 [ 2719.741478] __io_uring_add_tctx_node+0x1cf/0x520 [ 2719.742520] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2719.743658] ? alloc_fd+0x2e7/0x670 [ 2719.744455] io_uring_setup+0x1fbb/0x2980 [ 2719.745356] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2719.746438] ? wait_for_completion_io+0x270/0x270 [ 2719.747514] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2719.748635] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2719.749743] do_syscall_64+0x33/0x40 [ 2719.750539] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2719.751646] RIP: 0033:0x7f7d233a8b19 [ 2719.752443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2719.756400] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2719.758031] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2719.759567] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2719.761103] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2719.762641] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2719.764176] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:51:55 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:55 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x80000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:55 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x18, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:55 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:55 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, 0x0, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:55 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:51:55 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4c, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:55 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2bff3346) 22:51:55 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:55 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 45) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:56 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:56 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0x0, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:51:56 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r8, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2720.149034] FAULT_INJECTION: forcing a failure. [ 2720.149034] name failslab, interval 1, probability 0, space 0, times 0 [ 2720.151825] CPU: 1 PID: 11646 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2720.153440] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2720.155399] Call Trace: [ 2720.156028] dump_stack+0x107/0x167 [ 2720.156895] should_fail.cold+0x5/0xa [ 2720.157798] ? xas_alloc+0x336/0x440 22:51:56 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x1e, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2720.158677] should_failslab+0x5/0x20 [ 2720.159753] kmem_cache_alloc+0x5b/0x310 [ 2720.160723] xas_alloc+0x336/0x440 [ 2720.161573] xas_create+0x34a/0x10d0 [ 2720.162471] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2720.163730] xas_store+0x8c/0x1c40 [ 2720.164595] __xa_store+0x164/0x2d0 [ 2720.165459] ? xa_delete_node+0x280/0x280 [ 2720.166448] ? trace_hardirqs_on+0x5b/0x180 [ 2720.167492] xa_store+0x31/0x50 [ 2720.168277] __io_uring_add_tctx_node+0x1cf/0x520 [ 2720.169415] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2720.170647] ? alloc_fd+0x2e7/0x670 [ 2720.171531] io_uring_setup+0x1fbb/0x2980 [ 2720.172526] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2720.173718] ? wait_for_completion_io+0x270/0x270 [ 2720.174903] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2720.176148] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2720.177374] do_syscall_64+0x33/0x40 [ 2720.178256] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2720.179576] RIP: 0033:0x7f7d233a8b19 [ 2720.180494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2720.185328] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2720.187369] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2720.189317] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2720.191259] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2720.193183] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2720.195114] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:51:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x2000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:51:56 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2735.047250] FAULT_INJECTION: forcing a failure. [ 2735.047250] name failslab, interval 1, probability 0, space 0, times 0 [ 2735.049940] CPU: 0 PID: 11681 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2735.051423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2735.053170] Call Trace: [ 2735.053735] dump_stack+0x107/0x167 [ 2735.054502] should_fail.cold+0x5/0xa [ 2735.055341] ? create_object.isra.0+0x3a/0xa30 [ 2735.056406] should_failslab+0x5/0x20 [ 2735.057447] kmem_cache_alloc+0x5b/0x310 [ 2735.058565] ? mark_held_locks+0x9e/0xe0 [ 2735.059694] create_object.isra.0+0x3a/0xa30 [ 2735.060876] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2735.062277] kmem_cache_alloc+0x159/0x310 [ 2735.063432] xas_alloc+0x336/0x440 [ 2735.064409] xas_create+0x34a/0x10d0 [ 2735.065438] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2735.066753] xas_store+0x8c/0x1c40 [ 2735.067536] __xa_store+0x164/0x2d0 [ 2735.068334] ? xa_delete_node+0x280/0x280 [ 2735.069415] ? trace_hardirqs_on+0x5b/0x180 [ 2735.070452] xa_store+0x31/0x50 [ 2735.071207] __io_uring_add_tctx_node+0x1cf/0x520 [ 2735.072226] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2735.073328] ? alloc_fd+0x2e7/0x670 [ 2735.074105] io_uring_setup+0x1fbb/0x2980 [ 2735.074993] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2735.076081] ? wait_for_completion_io+0x270/0x270 [ 2735.077122] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2735.078228] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2735.079355] do_syscall_64+0x33/0x40 [ 2735.080140] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2735.081228] RIP: 0033:0x7f7d233a8b19 [ 2735.082008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2735.085884] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2735.087500] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2735.089005] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2735.090495] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2735.092020] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2735.093522] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:52:10 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 46) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:10 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x24, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x3000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:10 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:52:10 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0x0, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:10 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:10 executing program 6: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x18, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:11 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0x0, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 47) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x0, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:52:24 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x2a, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x4000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 7: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x24, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2748.506264] FAULT_INJECTION: forcing a failure. [ 2748.506264] name failslab, interval 1, probability 0, space 0, times 0 [ 2748.508865] CPU: 1 PID: 11712 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2748.510379] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2748.512205] Call Trace: [ 2748.512795] dump_stack+0x107/0x167 [ 2748.513605] should_fail.cold+0x5/0xa [ 2748.514444] ? create_object.isra.0+0x3a/0xa30 [ 2748.515457] should_failslab+0x5/0x20 [ 2748.516298] kmem_cache_alloc+0x5b/0x310 [ 2748.517199] ? mark_held_locks+0x9e/0xe0 [ 2748.518104] create_object.isra.0+0x3a/0xa30 [ 2748.519064] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2748.520198] kmem_cache_alloc+0x159/0x310 [ 2748.521126] xas_alloc+0x336/0x440 [ 2748.521920] xas_create+0x34a/0x10d0 [ 2748.522762] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2748.523938] xas_store+0x8c/0x1c40 [ 2748.524746] __xa_store+0x164/0x2d0 [ 2748.525561] ? xa_delete_node+0x280/0x280 [ 2748.526493] ? trace_hardirqs_on+0x5b/0x180 [ 2748.527471] xa_store+0x31/0x50 [ 2748.528201] __io_uring_add_tctx_node+0x1cf/0x520 [ 2748.529264] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2748.530425] ? alloc_fd+0x2e7/0x670 [ 2748.531247] io_uring_setup+0x1fbb/0x2980 [ 2748.532168] ? setup_APIC_eilvt+0x2f0/0x2f0 [ 2748.533122] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2748.534242] ? tick_program_event+0xa8/0x140 [ 2748.535244] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2748.536408] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2748.537543] do_syscall_64+0x33/0x40 [ 2748.538372] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2748.539511] RIP: 0033:0x7f7d233a8b19 [ 2748.540339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2748.544395] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2748.546062] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2748.547638] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2748.549204] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2748.550775] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2748.552356] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:52:24 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private=0x20000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x0, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x0) 22:52:24 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x30, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 48) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x0, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:24 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2748.932256] FAULT_INJECTION: forcing a failure. [ 2748.932256] name failslab, interval 1, probability 0, space 0, times 0 [ 2748.935118] CPU: 1 PID: 11746 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2748.936854] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2748.938938] Call Trace: [ 2748.939611] dump_stack+0x107/0x167 [ 2748.940518] should_fail.cold+0x5/0xa [ 2748.941466] ? create_object.isra.0+0x3a/0xa30 [ 2748.942589] should_failslab+0x5/0x20 [ 2748.943540] kmem_cache_alloc+0x5b/0x310 [ 2748.944537] ? mark_held_locks+0x9e/0xe0 [ 2748.945539] create_object.isra.0+0x3a/0xa30 [ 2748.946623] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2748.947887] kmem_cache_alloc+0x159/0x310 [ 2748.948909] xas_alloc+0x336/0x440 [ 2748.949796] xas_create+0x34a/0x10d0 [ 2748.950733] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2748.952061] xas_store+0x8c/0x1c40 [ 2748.952957] __xa_store+0x164/0x2d0 [ 2748.953882] ? xa_delete_node+0x280/0x280 [ 2748.954927] ? trace_hardirqs_on+0x5b/0x180 [ 2748.956028] xa_store+0x31/0x50 [ 2748.956862] __io_uring_add_tctx_node+0x1cf/0x520 [ 2748.958070] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2748.959369] ? alloc_fd+0x2e7/0x670 [ 2748.960284] io_uring_setup+0x1fbb/0x2980 [ 2748.961316] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2748.962564] ? wait_for_completion_io+0x270/0x270 [ 2748.963796] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2748.965088] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2748.966364] do_syscall_64+0x33/0x40 [ 2748.967291] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2748.968553] RIP: 0033:0x7f7d233a8b19 [ 2748.969467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2748.973991] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2748.975879] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2748.977632] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2748.979397] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2748.981150] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2748.982890] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:52:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:24 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:25 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 49) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:38 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x36, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:38 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:38 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x0, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:38 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2762.839691] FAULT_INJECTION: forcing a failure. [ 2762.839691] name failslab, interval 1, probability 0, space 0, times 0 [ 2762.843062] CPU: 1 PID: 11774 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2762.844844] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2762.846959] Call Trace: [ 2762.847646] dump_stack+0x107/0x167 [ 2762.848586] should_fail.cold+0x5/0xa [ 2762.849565] ? xas_alloc+0x336/0x440 [ 2762.850516] should_failslab+0x5/0x20 [ 2762.851506] kmem_cache_alloc+0x5b/0x310 [ 2762.852554] xas_alloc+0x336/0x440 [ 2762.853468] xas_create+0x34a/0x10d0 [ 2762.854444] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2762.855798] xas_store+0x8c/0x1c40 [ 2762.856727] __xa_store+0x164/0x2d0 [ 2762.857664] ? xa_delete_node+0x280/0x280 [ 2762.858739] ? trace_hardirqs_on+0x5b/0x180 [ 2762.859865] xa_store+0x31/0x50 [ 2762.860722] __io_uring_add_tctx_node+0x1cf/0x520 [ 2762.861963] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2762.863304] ? alloc_fd+0x2e7/0x670 [ 2762.864262] io_uring_setup+0x1fbb/0x2980 [ 2762.865340] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2762.866636] ? wait_for_completion_io+0x270/0x270 [ 2762.867915] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2762.869091] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2762.870193] do_syscall_64+0x33/0x40 [ 2762.870985] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2762.872074] RIP: 0033:0x7f7d233a8b19 [ 2762.872858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2762.876758] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2762.878375] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2762.879919] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2762.881435] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2762.882954] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2762.884472] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:52:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:38 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x0, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:38 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 50) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:38 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:39 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x8, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2763.161416] FAULT_INJECTION: forcing a failure. [ 2763.161416] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.164034] CPU: 0 PID: 11805 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2763.165481] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2763.167218] Call Trace: [ 2763.167782] dump_stack+0x107/0x167 [ 2763.168547] should_fail.cold+0x5/0xa [ 2763.169356] ? create_object.isra.0+0x3a/0xa30 [ 2763.170320] should_failslab+0x5/0x20 [ 2763.171116] kmem_cache_alloc+0x5b/0x310 [ 2763.171976] ? mark_held_locks+0x9e/0xe0 [ 2763.172832] create_object.isra.0+0x3a/0xa30 [ 2763.173744] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2763.174831] kmem_cache_alloc+0x159/0x310 [ 2763.175726] xas_alloc+0x336/0x440 [ 2763.176476] xas_create+0x34a/0x10d0 [ 2763.177263] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2763.178355] ? trace_hardirqs_on+0x5b/0x180 [ 2763.179256] xas_store+0x8c/0x1c40 [ 2763.180018] ? __xa_store+0xc2/0x2d0 [ 2763.180814] __xa_store+0x164/0x2d0 [ 2763.181583] ? xa_delete_node+0x280/0x280 [ 2763.182462] ? trace_hardirqs_on+0x5b/0x180 [ 2763.183391] xa_store+0x31/0x50 [ 2763.184086] __io_uring_add_tctx_node+0x1cf/0x520 [ 2763.185098] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2763.186190] ? alloc_fd+0x2e7/0x670 [ 2763.186966] io_uring_setup+0x1fbb/0x2980 [ 2763.187857] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2763.188911] ? wait_for_completion_io+0x270/0x270 [ 2763.189944] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2763.191039] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2763.192128] do_syscall_64+0x33/0x40 [ 2763.192906] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2763.193978] RIP: 0033:0x7f7d233a8b19 [ 2763.194756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2763.198609] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2763.200227] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2763.201761] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2763.203299] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2763.204826] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2763.206328] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:52:39 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 51) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:52 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:52 executing program 7: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x300, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x0, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:52 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x3c, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:52 executing program 7: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2776.405473] FAULT_INJECTION: forcing a failure. [ 2776.405473] name failslab, interval 1, probability 0, space 0, times 0 [ 2776.408595] CPU: 0 PID: 11828 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2776.410316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2776.412415] Call Trace: [ 2776.413101] dump_stack+0x107/0x167 [ 2776.414029] should_fail.cold+0x5/0xa [ 2776.415005] ? xas_alloc+0x336/0x440 [ 2776.415965] should_failslab+0x5/0x20 [ 2776.416937] kmem_cache_alloc+0x5b/0x310 [ 2776.417986] xas_alloc+0x336/0x440 [ 2776.418898] xas_create+0x34a/0x10d0 [ 2776.419889] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2776.420751] xas_store+0x8c/0x1c40 [ 2776.421346] __xa_store+0x164/0x2d0 [ 2776.421945] ? xa_delete_node+0x280/0x280 [ 2776.422623] ? trace_hardirqs_on+0x5b/0x180 [ 2776.423328] xa_store+0x31/0x50 [ 2776.423860] __io_uring_add_tctx_node+0x1cf/0x520 [ 2776.424444] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2776.425061] ? alloc_fd+0x2e7/0x670 [ 2776.425502] io_uring_setup+0x1fbb/0x2980 [ 2776.426001] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2776.426595] ? wait_for_completion_io+0x270/0x270 [ 2776.427183] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2776.427810] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2776.428423] do_syscall_64+0x33/0x40 [ 2776.428862] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2776.429472] RIP: 0033:0x7f7d233a8b19 [ 2776.429923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2776.432095] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2776.432995] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2776.433837] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2776.434684] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2776.435530] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2776.436372] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:52:52 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x2000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 7: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:52:52 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:52 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x42, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:52:52 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x4d, 0x0, 0x0) 22:53:04 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:04 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 52) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:04 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x600, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:04 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:04 executing program 7: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:04 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:04 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r7, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2788.493143] FAULT_INJECTION: forcing a failure. [ 2788.493143] name failslab, interval 1, probability 0, space 0, times 0 [ 2788.494620] CPU: 0 PID: 11874 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2788.495372] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2788.496324] Call Trace: [ 2788.496634] dump_stack+0x107/0x167 [ 2788.497066] should_fail.cold+0x5/0xa [ 2788.497509] ? create_object.isra.0+0x3a/0xa30 [ 2788.498059] should_failslab+0x5/0x20 [ 2788.498514] kmem_cache_alloc+0x5b/0x310 [ 2788.498994] ? mark_held_locks+0x9e/0xe0 [ 2788.499462] create_object.isra.0+0x3a/0xa30 [ 2788.499976] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2788.500564] kmem_cache_alloc+0x159/0x310 [ 2788.501061] xas_alloc+0x336/0x440 [ 2788.501476] xas_create+0x34a/0x10d0 [ 2788.501914] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2788.502521] xas_store+0x8c/0x1c40 [ 2788.502939] __xa_store+0x164/0x2d0 [ 2788.503360] ? xa_delete_node+0x280/0x280 [ 2788.503855] ? trace_hardirqs_on+0x5b/0x180 [ 2788.504354] xa_store+0x31/0x50 [ 2788.504736] __io_uring_add_tctx_node+0x1cf/0x520 [ 2788.505285] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2788.505879] ? alloc_fd+0x2e7/0x670 [ 2788.506300] io_uring_setup+0x1fbb/0x2980 [ 2788.506782] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2788.507358] ? wait_for_completion_io+0x270/0x270 [ 2788.507934] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2788.508533] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2788.509123] do_syscall_64+0x33/0x40 [ 2788.509549] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2788.510135] RIP: 0033:0x7f7d233a8b19 [ 2788.510564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2788.512678] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2788.513548] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2788.514366] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2788.515194] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2788.516026] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2788.516838] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:53:17 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:17 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0xc00, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:17 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:17 executing program 7: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:17 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:17 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 53) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2801.857435] FAULT_INJECTION: forcing a failure. [ 2801.857435] name failslab, interval 1, probability 0, space 0, times 0 [ 2801.860164] CPU: 1 PID: 11894 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2801.861498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2801.863081] Call Trace: [ 2801.863594] dump_stack+0x107/0x167 [ 2801.864311] should_fail.cold+0x5/0xa [ 2801.865052] ? xas_alloc+0x336/0x440 [ 2801.865765] should_failslab+0x5/0x20 [ 2801.866503] kmem_cache_alloc+0x5b/0x310 [ 2801.867295] xas_alloc+0x336/0x440 [ 2801.867996] xas_create+0x34a/0x10d0 [ 2801.868720] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2801.869722] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2801.870761] xas_store+0x8c/0x1c40 [ 2801.871443] ? lock_acquire+0x1b9/0x470 [ 2801.872210] __xa_store+0x164/0x2d0 [ 2801.872907] ? xa_delete_node+0x280/0x280 [ 2801.873689] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2801.874740] xa_store+0x31/0x50 [ 2801.875369] __io_uring_add_tctx_node+0x1cf/0x520 [ 2801.876292] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2801.877282] ? alloc_fd+0x2e7/0x670 [ 2801.877982] io_uring_setup+0x1fbb/0x2980 [ 2801.878776] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2801.879752] ? wait_for_completion_io+0x270/0x270 [ 2801.880704] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2801.881716] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2801.882711] do_syscall_64+0x33/0x40 [ 2801.883425] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2801.884407] RIP: 0033:0x7f7d233a8b19 [ 2801.885116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2801.888623] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2801.890073] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2801.891429] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2801.892799] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2801.894139] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2801.895473] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:53:17 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x36, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:17 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:17 executing program 7: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:17 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x10, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:17 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:18 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, 0x0, &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:18 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:18 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:31 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:31 executing program 1: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:31 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, 0x0, &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:31 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x1200, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:31 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:31 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:31 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 54) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:31 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:31 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2816.016240] FAULT_INJECTION: forcing a failure. [ 2816.016240] name failslab, interval 1, probability 0, space 0, times 0 [ 2816.018267] CPU: 1 PID: 11948 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2816.019425] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2816.020845] Call Trace: [ 2816.021296] dump_stack+0x107/0x167 [ 2816.021911] should_fail.cold+0x5/0xa [ 2816.022555] ? create_object.isra.0+0x3a/0xa30 [ 2816.023314] should_failslab+0x5/0x20 [ 2816.023963] kmem_cache_alloc+0x5b/0x310 [ 2816.024654] ? mark_held_locks+0x9e/0xe0 [ 2816.025343] create_object.isra.0+0x3a/0xa30 [ 2816.026087] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2816.026965] kmem_cache_alloc+0x159/0x310 [ 2816.027671] xas_alloc+0x336/0x440 [ 2816.028281] xas_create+0x34a/0x10d0 [ 2816.028937] ? queued_spin_lock_slowpath+0xcc/0x8c0 [ 2816.029781] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2816.030683] xas_store+0x8c/0x1c40 [ 2816.031305] __xa_store+0x164/0x2d0 [ 2816.031945] ? xa_delete_node+0x280/0x280 [ 2816.032662] ? trace_hardirqs_on+0x5b/0x180 [ 2816.033399] xa_store+0x31/0x50 [ 2816.033963] __io_uring_add_tctx_node+0x1cf/0x520 [ 2816.034780] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2816.035675] ? alloc_fd+0x2e7/0x670 [ 2816.036319] io_uring_setup+0x1fbb/0x2980 [ 2816.037039] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2816.037896] ? wait_for_completion_io+0x270/0x270 [ 2816.038726] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2816.039628] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2816.040514] do_syscall_64+0x33/0x40 [ 2816.041149] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2816.042010] RIP: 0033:0x7f7d233a8b19 [ 2816.042637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2816.045778] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2816.047076] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2816.048293] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2816.049505] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2816.050735] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2816.051945] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:53:31 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:31 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, 0x0, &(0x7f00000001c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:32 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 55) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:44 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x300, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:44 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x1800, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2828.659509] FAULT_INJECTION: forcing a failure. [ 2828.659509] name failslab, interval 1, probability 0, space 0, times 0 [ 2828.662154] CPU: 1 PID: 11984 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2828.663596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2828.665344] Call Trace: [ 2828.665905] dump_stack+0x107/0x167 [ 2828.666674] should_fail.cold+0x5/0xa [ 2828.667477] ? xas_alloc+0x336/0x440 [ 2828.668265] should_failslab+0x5/0x20 [ 2828.669063] kmem_cache_alloc+0x5b/0x310 [ 2828.669922] xas_alloc+0x336/0x440 [ 2828.670682] xas_create+0x34a/0x10d0 [ 2828.671487] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2828.672598] xas_store+0x8c/0x1c40 [ 2828.673365] __xa_store+0x164/0x2d0 [ 2828.674132] ? xa_delete_node+0x280/0x280 [ 2828.675019] ? trace_hardirqs_on+0x5b/0x180 [ 2828.675935] xa_store+0x31/0x50 [ 2828.676648] __io_uring_add_tctx_node+0x1cf/0x520 [ 2828.677665] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2828.678771] ? alloc_fd+0x2e7/0x670 [ 2828.679551] io_uring_setup+0x1fbb/0x2980 [ 2828.680436] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2828.681501] ? wait_for_completion_io+0x270/0x270 [ 2828.682554] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2828.683671] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2828.684775] do_syscall_64+0x33/0x40 [ 2828.685552] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2828.686628] RIP: 0033:0x7f7d233a8b19 [ 2828.687412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2828.691295] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2828.692915] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2828.694444] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2828.695982] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2828.697518] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 22:53:44 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2828.699047] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:53:44 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x2000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:44 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x1e00, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:58 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 56) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2842.520542] FAULT_INJECTION: forcing a failure. [ 2842.520542] name failslab, interval 1, probability 0, space 0, times 0 22:53:58 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:58 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2842.523991] CPU: 1 PID: 12015 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2842.525868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2842.527989] Call Trace: [ 2842.528680] dump_stack+0x107/0x167 [ 2842.529618] should_fail.cold+0x5/0xa [ 2842.530597] ? create_object.isra.0+0x3a/0xa30 [ 2842.531768] should_failslab+0x5/0x20 [ 2842.532754] kmem_cache_alloc+0x5b/0x310 [ 2842.533794] ? mark_held_locks+0x9e/0xe0 [ 2842.534842] create_object.isra.0+0x3a/0xa30 [ 2842.535965] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2842.537282] kmem_cache_alloc+0x159/0x310 [ 2842.538353] xas_alloc+0x336/0x440 [ 2842.539271] xas_create+0x34a/0x10d0 [ 2842.540247] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 22:53:58 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r2 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)) syz_io_uring_submit(r2, r1, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:58 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2842.541672] xas_store+0x8c/0x1c40 [ 2842.542607] __xa_store+0x164/0x2d0 [ 2842.543548] ? xa_delete_node+0x280/0x280 [ 2842.544639] ? trace_hardirqs_on+0x5b/0x180 [ 2842.545762] xa_store+0x31/0x50 [ 2842.546618] __io_uring_add_tctx_node+0x1cf/0x520 [ 2842.547854] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2842.549212] ? alloc_fd+0x2e7/0x670 [ 2842.550164] io_uring_setup+0x1fbb/0x2980 [ 2842.551239] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2842.552538] ? wait_for_completion_io+0x270/0x270 [ 2842.553801] ? io_is_uring_fops+0x40/0x40 [ 2842.554876] do_syscall_64+0x33/0x40 [ 2842.555826] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2842.557140] RIP: 0033:0x7f7d233a8b19 [ 2842.558094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2842.562808] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2842.564770] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2842.566597] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2842.568433] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2842.570251] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2842.572070] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:53:58 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:58 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:53:58 executing program 3: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r6}}, 0x4) syz_io_uring_submit(r3, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r6}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r8 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xd, 0x4000010, r8, 0x0) syz_io_uring_submit(0x0, r7, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:53:58 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 57) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:15 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r3, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x2000, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:15 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2859.147704] FAULT_INJECTION: forcing a failure. [ 2859.147704] name failslab, interval 1, probability 0, space 0, times 0 [ 2859.150522] CPU: 1 PID: 12070 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2859.151982] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2859.153750] Call Trace: [ 2859.154318] dump_stack+0x107/0x167 [ 2859.155096] should_fail.cold+0x5/0xa [ 2859.155920] ? xas_alloc+0x336/0x440 [ 2859.156722] should_failslab+0x5/0x20 [ 2859.157532] kmem_cache_alloc+0x5b/0x310 [ 2859.158406] xas_alloc+0x336/0x440 [ 2859.159168] xas_create+0x34a/0x10d0 [ 2859.159989] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2859.161122] xas_store+0x8c/0x1c40 [ 2859.161898] __xa_store+0x164/0x2d0 [ 2859.162680] ? xa_delete_node+0x280/0x280 [ 2859.163573] ? trace_hardirqs_on+0x5b/0x180 [ 2859.164491] xa_store+0x31/0x50 [ 2859.165192] __io_uring_add_tctx_node+0x1cf/0x520 [ 2859.166209] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2859.167317] ? alloc_fd+0x2e7/0x670 [ 2859.168101] io_uring_setup+0x1fbb/0x2980 [ 2859.168999] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2859.170071] ? wait_for_completion_io+0x270/0x270 [ 2859.171111] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2859.172224] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2859.173316] do_syscall_64+0x33/0x40 [ 2859.174114] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2859.175195] RIP: 0033:0x7f7d233a8b19 [ 2859.175981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2859.179882] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2859.181508] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2859.183032] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2859.184546] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2859.186062] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2859.187560] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:54:15 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x300, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:15 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:30 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, 0x0, 0x0) 22:54:30 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 58) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:30 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, 0x0, 0x0) 22:54:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x2000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x2400, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2874.188705] FAULT_INJECTION: forcing a failure. [ 2874.188705] name failslab, interval 1, probability 0, space 0, times 0 [ 2874.190361] CPU: 0 PID: 12119 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2874.191295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2874.192425] Call Trace: [ 2874.192813] dump_stack+0x107/0x167 [ 2874.193317] should_fail.cold+0x5/0xa [ 2874.193843] ? create_object.isra.0+0x3a/0xa30 [ 2874.194460] should_failslab+0x5/0x20 [ 2874.194974] kmem_cache_alloc+0x5b/0x310 [ 2874.195523] ? mark_held_locks+0x9e/0xe0 [ 2874.196076] create_object.isra.0+0x3a/0xa30 [ 2874.196677] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2874.197364] kmem_cache_alloc+0x159/0x310 [ 2874.197934] xas_alloc+0x336/0x440 [ 2874.198429] xas_create+0x34a/0x10d0 [ 2874.198944] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2874.199657] xas_store+0x8c/0x1c40 [ 2874.200154] __xa_store+0x164/0x2d0 [ 2874.200667] ? xa_delete_node+0x280/0x280 [ 2874.201240] ? trace_hardirqs_on+0x5b/0x180 [ 2874.201829] xa_store+0x31/0x50 [ 2874.202280] __io_uring_add_tctx_node+0x1cf/0x520 [ 2874.202926] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2874.203643] ? alloc_fd+0x2e7/0x670 [ 2874.204147] io_uring_setup+0x1fbb/0x2980 [ 2874.204720] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2874.205400] ? wait_for_completion_io+0x270/0x270 [ 2874.206069] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2874.206777] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2874.207488] do_syscall_64+0x33/0x40 [ 2874.208005] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2874.208749] RIP: 0033:0x7f7d233a8b19 [ 2874.209250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2874.211731] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2874.212762] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2874.213724] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2874.214678] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2874.215634] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2874.216601] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:54:30 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, 0x0, 0x0) 22:54:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, 0x0, 0x0) 22:54:30 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:30 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, 0x0, 0x0) 22:54:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 1: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 59) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:30 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 1: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:30 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2874.474168] FAULT_INJECTION: forcing a failure. [ 2874.474168] name failslab, interval 1, probability 0, space 0, times 0 [ 2874.477151] CPU: 1 PID: 12156 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2874.478784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2874.480768] Call Trace: [ 2874.481393] dump_stack+0x107/0x167 [ 2874.482259] should_fail.cold+0x5/0xa [ 2874.483160] ? xas_alloc+0x336/0x440 [ 2874.484042] should_failslab+0x5/0x20 [ 2874.484949] kmem_cache_alloc+0x5b/0x310 [ 2874.485921] xas_alloc+0x336/0x440 [ 2874.486767] xas_create+0x34a/0x10d0 [ 2874.487663] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2874.488920] xas_store+0x8c/0x1c40 [ 2874.489780] __xa_store+0x164/0x2d0 [ 2874.490646] ? xa_delete_node+0x280/0x280 [ 2874.491636] ? trace_hardirqs_on+0x5b/0x180 [ 2874.492677] xa_store+0x31/0x50 [ 2874.493465] __io_uring_add_tctx_node+0x1cf/0x520 [ 2874.494607] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2874.495845] ? alloc_fd+0x2e7/0x670 [ 2874.496734] io_uring_setup+0x1fbb/0x2980 [ 2874.497732] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2874.498927] ? wait_for_completion_io+0x270/0x270 [ 2874.500098] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2874.501339] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2874.502547] do_syscall_64+0x33/0x40 [ 2874.503418] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2874.504624] RIP: 0033:0x7f7d233a8b19 [ 2874.505488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2874.509784] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2874.511553] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2874.513228] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2874.514880] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2874.516537] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2874.518189] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:54:44 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, 0x0, 0x0) 22:54:44 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 60) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:44 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:44 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x2a00, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:44 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:44 executing program 1: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:44 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2888.434582] FAULT_INJECTION: forcing a failure. [ 2888.434582] name failslab, interval 1, probability 0, space 0, times 0 [ 2888.438065] CPU: 1 PID: 12180 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2888.439809] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2888.441935] Call Trace: [ 2888.442624] dump_stack+0x107/0x167 [ 2888.443559] should_fail.cold+0x5/0xa [ 2888.444537] ? create_object.isra.0+0x3a/0xa30 [ 2888.445777] should_failslab+0x5/0x20 [ 2888.446742] kmem_cache_alloc+0x5b/0x310 [ 2888.447781] ? mark_held_locks+0x9e/0xe0 [ 2888.448817] create_object.isra.0+0x3a/0xa30 [ 2888.449944] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2888.451246] kmem_cache_alloc+0x159/0x310 [ 2888.452317] xas_alloc+0x336/0x440 [ 2888.453128] xas_create+0x34a/0x10d0 [ 2888.454094] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2888.455426] xas_store+0x8c/0x1c40 [ 2888.456353] __xa_store+0x164/0x2d0 [ 2888.457309] ? xa_delete_node+0x280/0x280 [ 2888.458390] ? trace_hardirqs_on+0x5b/0x180 [ 2888.459502] xa_store+0x31/0x50 [ 2888.460350] __io_uring_add_tctx_node+0x1cf/0x520 [ 2888.461585] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2888.462917] ? alloc_fd+0x2e7/0x670 [ 2888.463863] io_uring_setup+0x1fbb/0x2980 [ 2888.464943] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2888.466233] ? wait_for_completion_io+0x270/0x270 [ 2888.467362] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2888.468700] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2888.470016] do_syscall_64+0x33/0x40 [ 2888.470967] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2888.472269] RIP: 0033:0x7f7d233a8b19 [ 2888.473220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2888.477871] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2888.479786] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2888.481613] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2888.483425] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2888.485247] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2888.487052] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:54:44 executing program 1: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@broadcast}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 61) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:57 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x3000, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:57 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, 0x0, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:57 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, 0x0, 0x0) [ 2901.548531] FAULT_INJECTION: forcing a failure. [ 2901.548531] name failslab, interval 1, probability 0, space 0, times 0 [ 2901.549974] CPU: 0 PID: 12208 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2901.550762] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2901.551694] Call Trace: [ 2901.551985] dump_stack+0x107/0x167 [ 2901.552395] should_fail.cold+0x5/0xa [ 2901.552824] ? create_object.isra.0+0x3a/0xa30 [ 2901.553317] should_failslab+0x5/0x20 [ 2901.553726] kmem_cache_alloc+0x5b/0x310 [ 2901.554161] ? mark_held_locks+0x9e/0xe0 [ 2901.554625] create_object.isra.0+0x3a/0xa30 [ 2901.555126] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2901.555718] kmem_cache_alloc+0x159/0x310 [ 2901.556212] xas_alloc+0x336/0x440 [ 2901.556621] xas_create+0x34a/0x10d0 [ 2901.557064] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2901.557673] xas_store+0x8c/0x1c40 [ 2901.558176] __xa_store+0x164/0x2d0 [ 2901.558683] ? xa_delete_node+0x280/0x280 [ 2901.559271] ? trace_hardirqs_on+0x5b/0x180 [ 2901.559774] xa_store+0x31/0x50 [ 2901.560229] __io_uring_add_tctx_node+0x1cf/0x520 [ 2901.560903] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2901.561629] ? alloc_fd+0x2e7/0x670 [ 2901.562148] io_uring_setup+0x1fbb/0x2980 [ 2901.562658] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2901.563304] ? wait_for_completion_io+0x270/0x270 [ 2901.563995] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2901.564733] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2901.565475] do_syscall_64+0x33/0x40 [ 2901.566000] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2901.566711] RIP: 0033:0x7f7d233a8b19 [ 2901.567115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2901.569093] RSP: 002b:00007f7d2091e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2901.569960] RAX: ffffffffffffffda RBX: 00007f7d234bbf60 RCX: 00007f7d233a8b19 [ 2901.570943] RDX: 0000000020ffc000 RSI: 0000000020000180 RDI: 000000000000620e [ 2901.571866] RBP: 0000000020000180 R08: 0000000020000140 R09: 0000000020000140 [ 2901.572864] R10: 0000000020000100 R11: 0000000000000202 R12: 0000000020000140 [ 2901.573861] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:54:57 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x300, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:54:57 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:57 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, 0x0, 0x0) 22:54:57 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 62) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:54:57 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x2000, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2901.693151] FAULT_INJECTION: forcing a failure. [ 2901.693151] name failslab, interval 1, probability 0, space 0, times 0 [ 2901.694922] CPU: 1 PID: 12232 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2901.695740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2901.696706] Call Trace: [ 2901.697022] dump_stack+0x107/0x167 [ 2901.697444] should_fail.cold+0x5/0xa [ 2901.697897] ? create_object.isra.0+0x3a/0xa30 [ 2901.698432] should_failslab+0x5/0x20 [ 2901.698885] kmem_cache_alloc+0x5b/0x310 [ 2901.699367] create_object.isra.0+0x3a/0xa30 [ 2901.699866] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2901.700465] kmem_cache_alloc+0x159/0x310 [ 2901.700971] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2901.701597] vm_area_dup+0x78/0x290 [ 2901.702039] ? mark_lock+0xf5/0x2df0 [ 2901.702468] ? lock_chain_count+0x20/0x20 [ 2901.702953] ? mark_lock+0xf5/0x2df0 [ 2901.703403] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2901.704011] ? lock_chain_count+0x20/0x20 [ 2901.704497] ? _raw_spin_unlock_irq+0x27/0x30 [ 2901.705042] ? mark_lock+0xf5/0x2df0 [ 2901.705484] ? vm_area_alloc+0x110/0x110 [ 2901.705969] ? lock_chain_count+0x20/0x20 [ 2901.706478] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2901.707076] ? SOFTIRQ_verbose+0x10/0x10 [ 2901.707552] ? vmacache_find+0x55/0x2a0 [ 2901.708027] __split_vma+0xa8/0x4e0 [ 2901.708457] __do_munmap+0x365/0x1260 [ 2901.708913] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2901.709534] ? trace_hardirqs_on+0x5b/0x180 [ 2901.710049] mmap_region+0x7cc/0x1500 [ 2901.710504] ? path_noexec+0x2/0x100 [ 2901.710948] do_mmap+0x868/0x1370 [ 2901.711348] vm_mmap_pgoff+0x198/0x1f0 [ 2901.711809] ? randomize_page+0xb0/0xb0 [ 2901.712284] ksys_mmap_pgoff+0x41c/0x560 [ 2901.712762] ? find_mergeable_anon_vma+0x250/0x250 [ 2901.713344] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2901.713971] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2901.714584] do_syscall_64+0x33/0x40 [ 2901.715023] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2901.715629] RIP: 0033:0x7f7d233a8b62 [ 2901.716065] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2901.718214] RSP: 002b:00007f7d2091e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2901.719091] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7d233a8b62 [ 2901.719894] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2901.720693] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2901.721528] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140 [ 2901.722369] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:55:10 executing program 3: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:10 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 63) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, 0x0, 0x0) 22:55:10 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x42, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@broadcast}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:10 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x3600, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2914.844072] FAULT_INJECTION: forcing a failure. [ 2914.844072] name failslab, interval 1, probability 0, space 0, times 0 [ 2914.846988] CPU: 1 PID: 12245 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2914.848432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2914.850178] Call Trace: [ 2914.850732] dump_stack+0x107/0x167 [ 2914.851499] should_fail.cold+0x5/0xa [ 2914.852293] ? anon_vma_clone+0xdc/0x590 [ 2914.853153] should_failslab+0x5/0x20 [ 2914.853948] kmem_cache_alloc+0x5b/0x310 [ 2914.854801] anon_vma_clone+0xdc/0x590 [ 2914.855621] __split_vma+0x17c/0x4e0 [ 2914.856405] __do_munmap+0x365/0x1260 [ 2914.857215] ? arch_get_unmapped_area+0x450/0x450 [ 2914.858227] ? lock_release+0x680/0x680 [ 2914.859055] mmap_region+0x7cc/0x1500 [ 2914.859864] do_mmap+0x868/0x1370 [ 2914.860601] vm_mmap_pgoff+0x198/0x1f0 [ 2914.861427] ? randomize_page+0xb0/0xb0 [ 2914.862273] ksys_mmap_pgoff+0x41c/0x560 [ 2914.863119] ? find_mergeable_anon_vma+0x250/0x250 [ 2914.864149] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2914.865240] do_syscall_64+0x33/0x40 [ 2914.866014] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2914.867093] RIP: 0033:0x7f7d233a8b62 [ 2914.867868] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2914.871720] RSP: 002b:00007f7d2091e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2914.873310] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7d233a8b62 [ 2914.874798] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2914.876286] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2914.877802] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140 [ 2914.879295] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:55:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) 22:55:10 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:10 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:10 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, 0x0, 0x0) 22:55:10 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:10 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) 22:55:10 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, 0x0, 0x0) 22:55:24 executing program 6: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) 22:55:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2928.200598] FAULT_INJECTION: forcing a failure. [ 2928.200598] name failslab, interval 1, probability 0, space 0, times 0 [ 2928.202077] CPU: 0 PID: 12291 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2928.202850] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2928.203951] Call Trace: [ 2928.204257] dump_stack+0x107/0x167 [ 2928.204670] should_fail.cold+0x5/0xa [ 2928.205105] ? create_object.isra.0+0x3a/0xa30 [ 2928.205630] should_failslab+0x5/0x20 [ 2928.206060] kmem_cache_alloc+0x5b/0x310 [ 2928.206519] create_object.isra.0+0x3a/0xa30 [ 2928.207008] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2928.207582] kmem_cache_alloc+0x159/0x310 [ 2928.208052] anon_vma_clone+0xdc/0x590 [ 2928.208496] __split_vma+0x17c/0x4e0 [ 2928.208915] __do_munmap+0x365/0x1260 [ 2928.209353] ? arch_get_unmapped_area+0x450/0x450 [ 2928.209899] ? lock_release+0x680/0x680 [ 2928.210346] mmap_region+0x7cc/0x1500 [ 2928.210784] do_mmap+0x868/0x1370 [ 2928.211182] vm_mmap_pgoff+0x198/0x1f0 [ 2928.211622] ? randomize_page+0xb0/0xb0 [ 2928.212075] ksys_mmap_pgoff+0x41c/0x560 [ 2928.212536] ? find_mergeable_anon_vma+0x250/0x250 [ 2928.213090] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2928.213687] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2928.214268] do_syscall_64+0x33/0x40 [ 2928.214688] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2928.215262] RIP: 0033:0x7f7d233a8b62 [ 2928.215680] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2928.217760] RSP: 002b:00007f7d2091e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2928.218622] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7d233a8b62 [ 2928.219419] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2928.220224] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2928.221024] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140 [ 2928.221830] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:55:24 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:24 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:24 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x3c00, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:24 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 64) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:24 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:24 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x43, 0x0, 0x0) 22:55:24 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:24 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 65) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:24 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, 0x0, 0x0) 22:55:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2928.342917] FAULT_INJECTION: forcing a failure. [ 2928.342917] name failslab, interval 1, probability 0, space 0, times 0 [ 2928.344255] CPU: 0 PID: 12309 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2928.345034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2928.345970] Call Trace: [ 2928.346275] dump_stack+0x107/0x167 [ 2928.346687] should_fail.cold+0x5/0xa [ 2928.347115] ? vm_area_alloc+0x1c/0x110 [ 2928.347562] should_failslab+0x5/0x20 [ 2928.347992] kmem_cache_alloc+0x5b/0x310 [ 2928.348458] vm_area_alloc+0x1c/0x110 [ 2928.348884] mmap_region+0x982/0x1500 [ 2928.349335] do_mmap+0x868/0x1370 [ 2928.349736] vm_mmap_pgoff+0x198/0x1f0 22:55:24 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2928.350316] ? randomize_page+0xb0/0xb0 [ 2928.350793] ksys_mmap_pgoff+0x41c/0x560 [ 2928.351253] ? find_mergeable_anon_vma+0x250/0x250 [ 2928.351812] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2928.352404] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2928.352985] do_syscall_64+0x33/0x40 [ 2928.353418] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2928.353990] RIP: 0033:0x7f7d233a8b62 [ 2928.354410] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2928.356476] RSP: 002b:00007f7d2091e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2928.357344] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7d233a8b62 [ 2928.358143] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2928.358944] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2928.359743] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140 [ 2928.360546] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:55:24 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x42, 0x0, 0x0) 22:55:24 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, 0x0, 0x0) 22:55:24 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:24 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:24 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x0) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:24 executing program 7: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x43, 0x0, 0x0) 22:55:38 executing program 7: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, 0x0, 0x0) 22:55:38 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 66) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:38 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:38 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(0xffffffffffffffff, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:38 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x42, 0x0, 0x0) 22:55:38 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:38 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x4000, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) [ 2943.014124] FAULT_INJECTION: forcing a failure. [ 2943.014124] name failslab, interval 1, probability 0, space 0, times 0 [ 2943.016830] CPU: 1 PID: 12347 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2943.018301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2943.020044] Call Trace: [ 2943.020604] dump_stack+0x107/0x167 [ 2943.021385] should_fail.cold+0x5/0xa [ 2943.022198] ? create_object.isra.0+0x3a/0xa30 [ 2943.023166] should_failslab+0x5/0x20 [ 2943.023975] kmem_cache_alloc+0x5b/0x310 [ 2943.024839] create_object.isra.0+0x3a/0xa30 [ 2943.025979] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2943.027370] kmem_cache_alloc+0x159/0x310 [ 2943.028513] vm_area_alloc+0x1c/0x110 [ 2943.029567] mmap_region+0x982/0x1500 [ 2943.030605] do_mmap+0x868/0x1370 [ 2943.031581] vm_mmap_pgoff+0x198/0x1f0 [ 2943.032649] ? randomize_page+0xb0/0xb0 [ 2943.033509] ksys_mmap_pgoff+0x41c/0x560 [ 2943.034394] ? find_mergeable_anon_vma+0x250/0x250 [ 2943.035432] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2943.036559] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2943.037645] do_syscall_64+0x33/0x40 [ 2943.038562] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2943.039642] RIP: 0033:0x7f7d233a8b62 [ 2943.040433] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2943.044219] RSP: 002b:00007f7d2091e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2943.045859] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7d233a8b62 [ 2943.047353] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2943.048859] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2943.050382] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140 [ 2943.051885] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:55:39 executing program 7: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, 0x0, 0x0) 22:55:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:39 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r0) r1 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:51 executing program 6: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x42, 0x0, 0x0) 22:55:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:51 executing program 2: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x4200, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:51 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(0xffffffffffffffff, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r4, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:51 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:51 executing program 7: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup(0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, 0x0, 0x0) 22:55:51 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) (fail_nth: 67) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x2}, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r5}}, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000240)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1, 0x0, {0x0, r5}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000340)=@IORING_OP_RECVMSG={0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0}, 0x80000001) io_uring_enter(r0, 0x58a7, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x5879, &(0x7f0000000000)={0x0, 0x70e, 0x4, 0x3, 0x1db, 0x0, r0}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000080), &(0x7f00000000c0)=0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) syz_io_uring_submit(0x0, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x2bff3346) 22:55:51 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x1d, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) 22:55:51 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = dup(r0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x42, 0x0, 0x0) [ 2955.805613] FAULT_INJECTION: forcing a failure. [ 2955.805613] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2955.807112] CPU: 0 PID: 12391 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2955.807949] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2955.808952] Call Trace: [ 2955.809280] dump_stack+0x107/0x167 [ 2955.809734] should_fail.cold+0x5/0xa [ 2955.810203] __alloc_pages_nodemask+0x182/0x600 [ 2955.810777] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2955.811521] ? walk_mem_res+0x170/0x170 [ 2955.812015] alloc_pages_current+0x187/0x280 [ 2955.812555] pte_alloc_one+0x16/0x1a0 [ 2955.813018] __pte_alloc+0x1d/0x330 [ 2955.813461] remap_pfn_range_internal+0x9a3/0xf60 [ 2955.814066] ? lookup_memtype+0x5b/0x200 [ 2955.814570] ? apply_to_existing_page_range+0x40/0x40 [ 2955.815206] remap_pfn_range+0xcd/0x160 [ 2955.815687] ? remap_pfn_range_notrack+0x70/0x70 [ 2955.816264] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 2955.816895] io_uring_mmap+0x398/0x530 [ 2955.817376] mmap_file+0x5e/0xe0 [ 2955.817795] mmap_region+0xc4d/0x1500 [ 2955.818269] do_mmap+0x868/0x1370 [ 2955.818692] vm_mmap_pgoff+0x198/0x1f0 [ 2955.819166] ? randomize_page+0xb0/0xb0 [ 2955.819657] ksys_mmap_pgoff+0x41c/0x560 [ 2955.820148] ? find_mergeable_anon_vma+0x250/0x250 [ 2955.820749] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2955.821379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2955.822023] do_syscall_64+0x33/0x40 [ 2955.822472] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2955.823085] RIP: 0033:0x7f7d233a8b62 [ 2955.823537] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2955.825758] RSP: 002b:00007f7d2091e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2955.826671] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7d233a8b62 [ 2955.827522] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2955.828388] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2955.829253] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140 [ 2955.830153] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 22:55:51 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, 0xffffffffffffffff) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x18, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2955.854384] ------------[ cut here ]------------ [ 2955.855638] WARNING: CPU: 1 PID: 12391 at arch/x86/mm/pat/memtype.c:1019 get_pat_info+0x216/0x270 22:55:51 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = dup(r1) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001f00)={{{@in6=@ipv4={'\x00', '\xff\xff', @dev}, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x2}, {{@in=@broadcast, 0x0, 0x6c}, 0x0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, 0xe8) [ 2955.857923] Modules linked in: [ 2955.858641] CPU: 1 PID: 12391 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 2955.860212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2955.862135] RIP: 0010:get_pat_info+0x216/0x270 [ 2955.863317] Code: c1 ea 03 80 3c 02 00 75 71 49 89 1e eb 8e e8 81 8b 2e 00 0f 0b e9 97 fe ff ff 41 bc ea ff ff ff e9 77 ff ff ff e8 6a 8b 2e 00 <0f> 0b 41 bc ea ff ff ff e9 65 ff ff ff 4c 89 ff e8 75 a8 5a 00 e9 [ 2955.867471] RSP: 0018:ffff88800b86f890 EFLAGS: 00010212 [ 2955.871238] RAX: 0000000000012cba RBX: ffff8880418c0300 RCX: ffffc90009037000 [ 2955.876371] RDX: 0000000000040000 RSI: ffffffff81125466 RDI: 0000000000000007 [ 2955.878089] RBP: ffff88800b86f948 R08: 0000000000000000 R09: ffff88800b86f818 [ 2955.879940] R10: 0000000000000020 R11: 0000000000000001 R12: 0000000000000028 [ 2955.881619] R13: 1ffff1100170df12 R14: 0000000000000000 R15: ffff8880418c0350 [ 2955.883507] FS: 00007f7d2091e700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 2955.885494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2955.890588] CR2: 00007fd9f16323a4 CR3: 000000004059a000 CR4: 0000000000350ee0 [ 2955.892791] Call Trace: [ 2955.893543] ? pgprot_writethrough+0xc0/0xc0 [ 2955.894616] ? finish_task_switch+0x126/0x5d0 [ 2955.895837] ? finish_task_switch+0xef/0x5d0 [ 2955.897084] untrack_pfn+0xdc/0x240 [ 2955.898148] ? track_pfn_insert+0x150/0x150 [ 2955.899335] ? lock_downgrade+0x6d0/0x6d0 [ 2955.900286] ? uprobe_munmap+0x1c/0x560 [ 2955.901421] unmap_single_vma+0x1bc/0x300 [ 2955.902574] zap_page_range_single+0x2ce/0x450 [ 2955.903943] ? unmap_single_vma+0x300/0x300 [ 2955.905061] ? remap_pfn_range_internal+0xc56/0xf60 [ 2955.906451] ? lookup_memtype+0x5b/0x200 [ 2955.907595] ? apply_to_existing_page_range+0x40/0x40 [ 2955.908979] remap_pfn_range+0x139/0x160 [ 2955.910127] ? remap_pfn_range_notrack+0x70/0x70 [ 2955.911425] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 2955.912947] io_uring_mmap+0x398/0x530 [ 2955.914049] mmap_file+0x5e/0xe0 [ 2955.914880] mmap_region+0xc4d/0x1500 [ 2955.916056] do_mmap+0x868/0x1370 [ 2955.917073] vm_mmap_pgoff+0x198/0x1f0 [ 2955.918189] ? randomize_page+0xb0/0xb0 [ 2955.919353] ksys_mmap_pgoff+0x41c/0x560 [ 2955.920481] ? find_mergeable_anon_vma+0x250/0x250 [ 2955.921945] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2955.923184] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2955.924557] do_syscall_64+0x33/0x40 [ 2955.925553] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2955.926780] RIP: 0033:0x7f7d233a8b62 [ 2955.927917] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2955.931930] RSP: 002b:00007f7d2091e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2955.933831] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f7d233a8b62 [ 2955.935527] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2955.937141] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2955.938791] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000140 [ 2955.940388] R13: 0000000020ffc000 R14: 0000000020000100 R15: 0000000020ffb000 [ 2955.942209] irq event stamp: 3045 [ 2955.943108] hardirqs last enabled at (3063): [] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2955.945267] hardirqs last disabled at (3076): [] console_unlock+0x839/0xb40 [ 2955.947303] softirqs last enabled at (1954): [] asm_call_irq_on_stack+0x12/0x20 [ 2955.949385] softirqs last disabled at (1733): [] asm_call_irq_on_stack+0x12/0x20 [ 2955.951442] ---[ end trace c5bb0b9ed0306df3 ]--- VM DIAGNOSIS: 22:55:51 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000001 RCX=0000000000000001 RDX=0000000000000000 RSI=00000000ffffffff RDI=ffff88801ab271b8 RBP=ffff888044537cc8 RSP=ffff888044537b88 R8 =0000000000000001 R9 =ffffea000071ec47 R10=0000000000000000 R11=0000000000000001 R12=ffff888041840000 R13=00000000000000ac R14=ffff88801d8dbc80 R15=dffffc0000000000 RIP=ffffffff83e87302 RFL=00000296 [--S-AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 00000000 00000000 DS =0000 0000000000000000 00000000 00000000 FS =0000 0000555586132400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f5736ab1b90 CR3=0000000041456000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=6966696e752f70756f7267637a79732f XMM01=7a79732f64656966696e752f70756f72 XMM02=00000000000000000000000000000000 XMM03=0000000000000000000000ff00000000 XMM04=000000000000000000ff000000000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000033 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822e8001 RDI=ffffffff879fa240 RBP=ffffffff879fa200 RSP=ffff88800b86f2a8 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001 R12=0000000000000033 R13=0000000000000033 R14=ffffffff879fa200 R15=dffffc0000000000 RIP=ffffffff822e8058 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f7d2091e700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fd9f16323a4 CR3=000000004059a000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000