13:54:29 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x4c00000000000000, 0x0, 0x0) [ 2890.544091] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2890.545975] Call Trace: [ 2890.546300] dump_stack+0x107/0x167 13:54:29 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x77be, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2890.556574] should_fail.cold+0x5/0xa [ 2890.557050] ? create_object.isra.0+0x3a/0xa20 [ 2890.557609] should_failslab+0x5/0x20 [ 2890.558073] kmem_cache_alloc+0x5b/0x310 [ 2890.558566] ? raw_notifier_call_chain+0xb3/0x110 [ 2890.559152] ? call_netdevice_notifiers_info+0xb5/0x130 [ 2890.559801] create_object.isra.0+0x3a/0xa20 [ 2890.560334] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2890.560965] kmem_cache_alloc_node+0x169/0x330 [ 2890.561527] __alloc_skb+0x6d/0x5b0 [ 2890.561974] cfg80211_del_sta_sinfo+0x15e/0x470 [ 2890.562540] ? cfg80211_new_sta+0x370/0x370 [ 2890.563098] __sta_info_destroy_part2+0x310/0x4f0 [ 2890.563687] __sta_info_flush+0x3a0/0x520 [ 2890.563808] FAULT_INJECTION: forcing a failure. [ 2890.563808] name failslab, interval 1, probability 0, space 0, times 0 [ 2890.564195] ? __sta_info_destroy+0x50/0x50 [ 2890.567710] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.568353] ? trace_hardirqs_on+0x5b/0x180 [ 2890.568902] ? cfg80211_put_bss+0x1b0/0x270 [ 2890.569440] ? __local_bh_enable_ip+0x9d/0x100 [ 2890.570018] ieee80211_ibss_disconnect+0x115/0x750 [ 2890.570633] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.571291] ieee80211_ibss_leave+0x12/0x160 [ 2890.571842] __cfg80211_leave_ibss+0x183/0x4f0 [ 2890.572415] __cfg80211_leave+0x14b/0x370 [ 2890.572948] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2890.573615] ? ipmr_device_event+0x18b/0x1f0 [ 2890.574165] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2890.574814] raw_notifier_call_chain+0xb3/0x110 [ 2890.575403] call_netdevice_notifiers_info+0xb5/0x130 [ 2890.576051] __dev_close_many+0xf3/0x2f0 [ 2890.576575] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2890.577218] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.577850] ? __local_bh_enable_ip+0x9d/0x100 [ 2890.578398] ? trace_hardirqs_on+0x5b/0x180 [ 2890.578922] __dev_change_flags+0x299/0x6e0 [ 2890.579446] ? dev_set_allmulti+0x30/0x30 [ 2890.579956] dev_change_flags+0x8a/0x160 [ 2890.580455] do_setlink+0x90c/0x3ac0 [ 2890.581013] ? mark_lock+0xf5/0x2df0 [ 2890.581531] ? vprintk_func+0x93/0x140 [ 2890.582069] ? rtnl_getlink+0xaa0/0xaa0 [ 2890.582618] ? lock_chain_count+0x20/0x20 [ 2890.583197] ? record_print_text.cold+0x16/0x16 [ 2890.583847] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2890.584554] ? trace_hardirqs_on+0x5b/0x180 [ 2890.585110] ? __nla_validate_parse+0x2d8/0x2b10 [ 2890.585710] ? mark_held_locks+0x9e/0xe0 [ 2890.586225] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.587013] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2890.587690] ? trace_hardirqs_on+0x5b/0x180 [ 2890.588231] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2890.588967] __rtnl_newlink+0xc39/0x1700 [ 2890.589527] ? rtnl_setlink+0x3b0/0x3b0 [ 2890.590072] ? __is_insn_slot_addr+0x123/0x290 [ 2890.590695] ? unwind_next_frame+0x13ef/0x1a90 [ 2890.591312] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2890.592029] ? 0xffffffffa0000000 [ 2890.592499] ? __is_insn_slot_addr+0x14c/0x290 [ 2890.593200] ? kernel_text_address+0xf2/0x120 [ 2890.593877] ? __kernel_text_address+0x9/0x40 [ 2890.594553] ? unwind_get_return_address+0x55/0xa0 [ 2890.595290] ? create_prof_cpu_mask+0x20/0x20 [ 2890.595945] ? arch_stack_walk+0x99/0xf0 [ 2890.596561] ? stack_trace_save+0x8c/0xc0 [ 2890.597171] ? mark_held_locks+0x9e/0xe0 [ 2890.597725] ? trace_hardirqs_on+0x5b/0x180 [ 2890.598312] ? kasan_unpoison_shadow+0x33/0x50 [ 2890.598930] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2890.599622] rtnl_newlink+0x64/0xa0 [ 2890.600116] ? __rtnl_newlink+0x1700/0x1700 [ 2890.600715] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2890.601248] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2890.601763] ? perf_trace_lock+0xac/0x490 [ 2890.602295] ? __lockdep_reset_lock+0x180/0x180 [ 2890.602888] netlink_rcv_skb+0x14b/0x430 [ 2890.603412] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2890.603946] ? netlink_ack+0xab0/0xab0 [ 2890.604459] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2890.609063] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2890.609629] ? is_vmalloc_addr+0x7b/0xb0 [ 2890.610128] netlink_unicast+0x549/0x7f0 [ 2890.610628] ? netlink_attachskb+0x870/0x870 [ 2890.611170] netlink_sendmsg+0x90f/0xdf0 [ 2890.611670] ? netlink_unicast+0x7f0/0x7f0 [ 2890.612196] ? netlink_unicast+0x7f0/0x7f0 [ 2890.612746] __sock_sendmsg+0x154/0x190 [ 2890.613255] ____sys_sendmsg+0x70d/0x870 [ 2890.613774] ? sock_write_iter+0x3d0/0x3d0 [ 2890.614301] ? do_recvmmsg+0x6d0/0x6d0 [ 2890.614798] ? lock_downgrade+0x6d0/0x6d0 [ 2890.615325] ? __lockdep_reset_lock+0x180/0x180 [ 2890.615916] ___sys_sendmsg+0xf3/0x170 [ 2890.616418] ? sendmsg_copy_msghdr+0x160/0x160 [ 2890.617001] ? __fget_files+0x2cf/0x520 [ 2890.617486] ? lock_downgrade+0x6d0/0x6d0 [ 2890.617992] ? find_held_lock+0x2c/0x110 [ 2890.618493] ? __fget_files+0x2f8/0x520 [ 2890.618983] ? __fget_light+0xea/0x290 [ 2890.619461] __sys_sendmsg+0xe5/0x1b0 [ 2890.619924] ? __sys_sendmsg_sock+0x40/0x40 [ 2890.620447] ? rcu_read_lock_any_held+0x75/0xa0 [ 2890.621054] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.621690] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2890.622310] ? trace_hardirqs_on+0x5b/0x180 [ 2890.622833] do_syscall_64+0x33/0x40 [ 2890.623285] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2890.623904] RIP: 0033:0x7f6e57a6eb19 [ 2890.624358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2890.626595] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2890.627514] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2890.628374] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2890.633269] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2890.634128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2890.634990] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2890.635874] CPU: 0 PID: 20616 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2890.636815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2890.637892] Call Trace: [ 2890.638242] dump_stack+0x107/0x167 [ 2890.638718] should_fail.cold+0x5/0xa [ 2890.639216] ? __alloc_skb+0x6d/0x5b0 [ 2890.639717] should_failslab+0x5/0x20 [ 2890.640238] kmem_cache_alloc_node+0x55/0x330 [ 2890.640897] __alloc_skb+0x6d/0x5b0 [ 2890.641376] netlink_sendmsg+0x998/0xdf0 [ 2890.641911] ? netlink_unicast+0x7f0/0x7f0 [ 2890.642490] ? netlink_unicast+0x7f0/0x7f0 [ 2890.643042] __sock_sendmsg+0x154/0x190 [ 2890.643561] ____sys_sendmsg+0x70d/0x870 [ 2890.644092] ? sock_write_iter+0x3d0/0x3d0 [ 2890.644968] ? do_recvmmsg+0x6d0/0x6d0 [ 2890.645929] ? lock_downgrade+0x6d0/0x6d0 [ 2890.646941] ? __lockdep_reset_lock+0x180/0x180 [ 2890.648081] ___sys_sendmsg+0xf3/0x170 [ 2890.649188] ? sendmsg_copy_msghdr+0x160/0x160 [ 2890.650023] ? __fget_files+0x2cf/0x520 [ 2890.650543] ? lock_downgrade+0x6d0/0x6d0 [ 2890.651085] ? find_held_lock+0x2c/0x110 [ 2890.651623] ? __fget_files+0x2f8/0x520 [ 2890.652148] ? __fget_light+0xea/0x290 [ 2890.652799] __sys_sendmsg+0xe5/0x1b0 [ 2890.653730] ? __sys_sendmsg_sock+0x40/0x40 [ 2890.654783] ? rcu_read_lock_any_held+0x75/0xa0 [ 2890.655931] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.657005] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2890.657706] ? trace_hardirqs_on+0x5b/0x180 [ 2890.658270] do_syscall_64+0x33/0x40 [ 2890.658757] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2890.659482] RIP: 0033:0x7ff152763b19 [ 2890.659969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2890.662422] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2890.663411] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2890.664339] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2890.665291] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2890.666218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2890.667149] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 13:54:30 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="dc0100200101010100"], 0x1c}}, 0x0) [ 2890.718832] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:54:30 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x77bf, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2890.732320] FAULT_INJECTION: forcing a failure. [ 2890.732320] name failslab, interval 1, probability 0, space 0, times 0 [ 2890.733818] CPU: 1 PID: 20561 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2890.734690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2890.735735] Call Trace: [ 2890.736079] dump_stack+0x107/0x167 [ 2890.736556] should_fail.cold+0x5/0xa [ 2890.737043] should_failslab+0x5/0x20 [ 2890.737536] __kmalloc_node_track_caller+0x74/0x3b0 [ 2890.738166] ? netlink_trim+0x1ee/0x250 [ 2890.738679] pskb_expand_head+0x15a/0x1040 [ 2890.739226] netlink_trim+0x1ee/0x250 [ 2890.739711] netlink_broadcast_filtered+0x60/0xdc0 [ 2890.740332] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2890.740944] ? rtmsg_ifinfo_build_skb+0xd1/0x1a0 [ 2890.741547] nlmsg_notify+0x94/0x290 [ 2890.742026] rtmsg_ifinfo+0xf0/0x120 [ 2890.742498] __dev_notify_flags+0x22a/0x2c0 [ 2890.743044] ? dev_change_name+0x660/0x660 [ 2890.743573] ? __dev_change_flags+0x4cf/0x6e0 [ 2890.744150] ? dev_set_allmulti+0x30/0x30 [ 2890.744695] dev_change_flags+0x100/0x160 [ 2890.745222] do_setlink+0x90c/0x3ac0 [ 2890.745702] ? vprintk_func+0x93/0x140 [ 2890.746192] ? rtnl_getlink+0xaa0/0xaa0 [ 2890.746695] ? printk+0xba/0xf1 [ 2890.747115] ? record_print_text.cold+0x16/0x16 [ 2890.747705] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2890.748344] ? trace_hardirqs_on+0x5b/0x180 [ 2890.748934] ? __nla_validate_parse+0x2d8/0x2b10 [ 2890.749539] ? perf_trace_lock+0xac/0x490 [ 2890.750055] ? nla_get_range_signed+0x520/0x520 [ 2890.750597] ? __lock_acquire+0xbb1/0x5b00 [ 2890.751104] __rtnl_newlink+0xc39/0x1700 [ 2890.751587] ? rtnl_setlink+0x3b0/0x3b0 [ 2890.752057] ? __is_insn_slot_addr+0x123/0x290 [ 2890.752634] ? unwind_next_frame+0x13ef/0x1a90 [ 2890.753218] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2890.753897] ? 0xffffffffa0000000 [ 2890.754339] ? __is_insn_slot_addr+0x14c/0x290 [ 2890.754926] ? kernel_text_address+0xf2/0x120 [ 2890.755494] ? __kernel_text_address+0x9/0x40 [ 2890.756060] ? unwind_get_return_address+0x55/0xa0 [ 2890.756690] ? create_prof_cpu_mask+0x20/0x20 [ 2890.757261] ? arch_stack_walk+0x99/0xf0 [ 2890.757791] ? stack_trace_save+0x8c/0xc0 [ 2890.758378] ? mark_held_locks+0x9e/0xe0 [ 2890.758899] ? trace_hardirqs_on+0x5b/0x180 [ 2890.759448] ? kasan_unpoison_shadow+0x33/0x50 [ 2890.760029] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2890.760686] rtnl_newlink+0x64/0xa0 [ 2890.761155] ? __rtnl_newlink+0x1700/0x1700 [ 2890.761704] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2890.762245] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2890.762762] ? perf_trace_lock+0xac/0x490 [ 2890.763295] ? __lockdep_reset_lock+0x180/0x180 [ 2890.763865] netlink_rcv_skb+0x14b/0x430 [ 2890.764357] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2890.764880] ? netlink_ack+0xab0/0xab0 [ 2890.765365] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2890.765927] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2890.766483] ? is_vmalloc_addr+0x7b/0xb0 [ 2890.766982] netlink_unicast+0x549/0x7f0 [ 2890.767482] ? netlink_attachskb+0x870/0x870 [ 2890.768025] netlink_sendmsg+0x90f/0xdf0 [ 2890.768525] ? netlink_unicast+0x7f0/0x7f0 [ 2890.769064] ? netlink_unicast+0x7f0/0x7f0 [ 2890.769581] __sock_sendmsg+0x154/0x190 [ 2890.770066] ____sys_sendmsg+0x70d/0x870 [ 2890.770562] ? sock_write_iter+0x3d0/0x3d0 [ 2890.771077] ? do_recvmmsg+0x6d0/0x6d0 [ 2890.771553] ? lock_downgrade+0x6d0/0x6d0 [ 2890.772061] ? __lockdep_reset_lock+0x180/0x180 [ 2890.772641] ___sys_sendmsg+0xf3/0x170 [ 2890.773121] ? sendmsg_copy_msghdr+0x160/0x160 [ 2890.773682] ? __fget_files+0x2cf/0x520 [ 2890.774175] ? lock_downgrade+0x6d0/0x6d0 [ 2890.774679] ? find_held_lock+0x2c/0x110 [ 2890.775183] ? __fget_files+0x2f8/0x520 [ 2890.775674] ? __fget_light+0xea/0x290 [ 2890.776161] __sys_sendmsg+0xe5/0x1b0 [ 2890.776800] ? __sys_sendmsg_sock+0x40/0x40 [ 2890.778049] ? rcu_read_lock_any_held+0x75/0xa0 [ 2890.779412] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.780917] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2890.782214] ? trace_hardirqs_on+0x5b/0x180 [ 2890.783301] do_syscall_64+0x33/0x40 [ 2890.784216] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2890.785522] RIP: 0033:0x7fb10e7f3b19 [ 2890.786449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2890.789805] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2890.790738] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2890.791610] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2890.792482] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2890.794186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2890.795884] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 13:54:30 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 13) [ 2890.812626] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2890.814892] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2890.817136] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2890.822825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2890.823736] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2890.824718] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2890.833481] FAULT_INJECTION: forcing a failure. [ 2890.833481] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2890.835354] CPU: 0 PID: 20682 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2890.836441] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2890.837689] Call Trace: [ 2890.838042] dump_stack+0x107/0x167 [ 2890.838529] should_fail.cold+0x5/0xa [ 2890.839036] __alloc_pages_nodemask+0x182/0x600 [ 2890.839658] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2890.840454] ? cap_capable+0x1cd/0x230 [ 2890.840987] alloc_pages_current+0x187/0x280 [ 2890.841571] __get_free_pages+0xc/0xa0 [ 2890.842084] io_uring_setup+0xf9a/0x2980 [ 2890.842623] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2890.843291] ? wait_for_completion_io+0x270/0x270 [ 2890.843942] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2890.844647] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2890.845328] do_syscall_64+0x33/0x40 [ 2890.845818] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2890.846492] RIP: 0033:0x7fbe2462eb19 [ 2890.846983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2890.853422] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2890.854415] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2890.855345] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2890.856274] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2890.857228] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2890.858157] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:54:30 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x6800000000000000, 0x0, 0x0) 13:54:30 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 17) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:54:30 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00f0ff7f0101010100"], 0x1c}}, 0x0) 13:54:30 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 4) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 2890.977196] FAULT_INJECTION: forcing a failure. [ 2890.977196] name failslab, interval 1, probability 0, space 0, times 0 [ 2890.978779] CPU: 0 PID: 20796 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2890.979678] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2890.980771] Call Trace: [ 2890.981121] dump_stack+0x107/0x167 [ 2890.981599] should_fail.cold+0x5/0xa [ 2890.982099] ? create_object.isra.0+0x3a/0xa20 [ 2890.982697] should_failslab+0x5/0x20 [ 2890.983200] kmem_cache_alloc+0x5b/0x310 [ 2890.983734] create_object.isra.0+0x3a/0xa20 [ 2890.984306] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2890.989015] kmem_cache_alloc_node+0x169/0x330 [ 2890.989615] __alloc_skb+0x6d/0x5b0 [ 2890.990091] netlink_sendmsg+0x998/0xdf0 [ 2890.990622] ? netlink_unicast+0x7f0/0x7f0 [ 2890.991178] ? netlink_unicast+0x7f0/0x7f0 [ 2890.991725] __sock_sendmsg+0x154/0x190 [ 2890.992242] ____sys_sendmsg+0x70d/0x870 [ 2890.992794] ? sock_write_iter+0x3d0/0x3d0 [ 2890.993342] ? do_recvmmsg+0x6d0/0x6d0 [ 2890.993851] ? lock_downgrade+0x6d0/0x6d0 [ 2890.994390] ? __lockdep_reset_lock+0x180/0x180 [ 2890.995000] ___sys_sendmsg+0xf3/0x170 [ 2890.995507] ? sendmsg_copy_msghdr+0x160/0x160 [ 2890.996103] ? __fget_files+0x2cf/0x520 [ 2890.996629] ? lock_downgrade+0x6d0/0x6d0 [ 2890.997171] ? find_held_lock+0x2c/0x110 [ 2891.004925] ? __fget_files+0x2f8/0x520 [ 2891.005449] ? __fget_light+0xea/0x290 [ 2891.005961] __sys_sendmsg+0xe5/0x1b0 [ 2891.006456] ? __sys_sendmsg_sock+0x40/0x40 [ 2891.007016] ? rcu_read_lock_any_held+0x75/0xa0 [ 2891.007631] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.008316] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2891.009480] ? trace_hardirqs_on+0x5b/0x180 [ 2891.010586] do_syscall_64+0x33/0x40 [ 2891.011535] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.012900] RIP: 0033:0x7ff152763b19 [ 2891.013860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.018757] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2891.020732] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2891.022642] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2891.024483] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2891.026648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2891.028497] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2891.067318] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2891.072964] FAULT_INJECTION: forcing a failure. [ 2891.072964] name failslab, interval 1, probability 0, space 0, times 0 [ 2891.089777] CPU: 1 PID: 20820 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2891.090628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2891.091677] Call Trace: [ 2891.092010] dump_stack+0x107/0x167 [ 2891.092457] should_fail.cold+0x5/0xa [ 2891.092997] ? io_rsrc_node_switch_start.part.0+0x43/0x250 [ 2891.093679] should_failslab+0x5/0x20 [ 2891.094158] kmem_cache_alloc_trace+0x55/0x320 [ 2891.094721] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 2891.095380] io_uring_setup+0x14f6/0x2980 [ 2891.095891] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2891.096510] ? wait_for_completion_io+0x270/0x270 [ 2891.097193] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.097831] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2891.098459] do_syscall_64+0x33/0x40 [ 2891.098914] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.099537] RIP: 0033:0x7fbe2462eb19 [ 2891.099991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.102277] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2891.103209] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2891.104078] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2891.121086] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2891.121963] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2891.122831] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:54:30 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 14) 13:54:30 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 25) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:54:30 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x6c00000000000000, 0x0, 0x0) 13:54:30 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000040001010100"], 0x1c}}, 0x0) 13:54:30 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x77c0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2891.158922] FAULT_INJECTION: forcing a failure. [ 2891.158922] name failslab, interval 1, probability 0, space 0, times 0 [ 2891.160402] CPU: 1 PID: 20799 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2891.161259] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2891.162302] Call Trace: [ 2891.162657] dump_stack+0x107/0x167 [ 2891.163135] should_fail.cold+0x5/0xa [ 2891.163642] ? create_object.isra.0+0x3a/0xa20 [ 2891.164238] should_failslab+0x5/0x20 [ 2891.164753] kmem_cache_alloc+0x5b/0x310 [ 2891.165289] create_object.isra.0+0x3a/0xa20 [ 2891.165860] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2891.166533] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2891.167199] ? cfg80211_del_sta_sinfo+0x15e/0x470 [ 2891.167817] __alloc_skb+0xb1/0x5b0 [ 2891.168298] cfg80211_del_sta_sinfo+0x15e/0x470 [ 2891.168924] ? cfg80211_new_sta+0x370/0x370 [ 2891.169534] __sta_info_destroy_part2+0x310/0x4f0 [ 2891.170171] __sta_info_flush+0x3a0/0x520 [ 2891.170721] ? __sta_info_destroy+0x50/0x50 [ 2891.171290] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.171976] ? trace_hardirqs_on+0x5b/0x180 [ 2891.172544] ? cfg80211_put_bss+0x1b0/0x270 [ 2891.173144] ? __local_bh_enable_ip+0x9d/0x100 [ 2891.173751] ieee80211_ibss_disconnect+0x115/0x750 [ 2891.174392] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.175086] ieee80211_ibss_leave+0x12/0x160 [ 2891.175662] __cfg80211_leave_ibss+0x183/0x4f0 [ 2891.176261] __cfg80211_leave+0x14b/0x370 [ 2891.176943] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2891.177597] ? ipmr_device_event+0x18b/0x1f0 [ 2891.178137] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2891.178773] raw_notifier_call_chain+0xb3/0x110 [ 2891.179352] call_netdevice_notifiers_info+0xb5/0x130 [ 2891.179984] __dev_close_many+0xf3/0x2f0 [ 2891.180480] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2891.181183] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.181870] ? __local_bh_enable_ip+0x9d/0x100 [ 2891.182466] ? trace_hardirqs_on+0x5b/0x180 [ 2891.183038] __dev_change_flags+0x299/0x6e0 [ 2891.183612] ? dev_set_allmulti+0x30/0x30 [ 2891.184173] dev_change_flags+0x8a/0x160 [ 2891.184745] do_setlink+0x90c/0x3ac0 [ 2891.185242] ? vprintk_func+0x93/0x140 [ 2891.185751] ? rtnl_getlink+0xaa0/0xaa0 [ 2891.186276] ? printk+0xba/0xf1 [ 2891.186716] ? record_print_text.cold+0x16/0x16 [ 2891.187330] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2891.187993] ? trace_hardirqs_on+0x5b/0x180 [ 2891.188592] ? __nla_validate_parse+0x2d8/0x2b10 [ 2891.189188] ? perf_trace_lock+0xac/0x490 [ 2891.189695] ? nla_get_range_signed+0x520/0x520 [ 2891.190259] ? __lock_acquire+0xbb1/0x5b00 [ 2891.190789] __rtnl_newlink+0xc39/0x1700 [ 2891.191292] ? rtnl_setlink+0x3b0/0x3b0 [ 2891.191777] ? __is_insn_slot_addr+0x123/0x290 [ 2891.192346] ? unwind_next_frame+0x13ef/0x1a90 [ 2891.192971] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.193666] ? 0xffffffffa0000000 [ 2891.194123] ? __is_insn_slot_addr+0x14c/0x290 [ 2891.194715] ? kernel_text_address+0xf2/0x120 [ 2891.195298] ? __kernel_text_address+0x9/0x40 [ 2891.195882] ? unwind_get_return_address+0x55/0xa0 [ 2891.196522] ? create_prof_cpu_mask+0x20/0x20 [ 2891.197852] ? arch_stack_walk+0x99/0xf0 [ 2891.198986] ? stack_trace_save+0x8c/0xc0 [ 2891.200176] ? mark_held_locks+0x9e/0xe0 [ 2891.200931] ? trace_hardirqs_on+0x5b/0x180 [ 2891.201463] ? kasan_unpoison_shadow+0x33/0x50 [ 2891.202018] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2891.202640] rtnl_newlink+0x64/0xa0 [ 2891.203083] ? __rtnl_newlink+0x1700/0x1700 [ 2891.203608] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2891.204128] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2891.204806] ? perf_trace_lock+0xac/0x490 [ 2891.205978] ? __lockdep_reset_lock+0x180/0x180 [ 2891.207278] netlink_rcv_skb+0x14b/0x430 [ 2891.208400] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2891.209082] ? netlink_ack+0xab0/0xab0 [ 2891.209584] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2891.210183] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2891.210793] ? is_vmalloc_addr+0x7b/0xb0 [ 2891.211334] netlink_unicast+0x549/0x7f0 [ 2891.211858] ? netlink_attachskb+0x870/0x870 [ 2891.212452] netlink_sendmsg+0x90f/0xdf0 [ 2891.213063] ? netlink_unicast+0x7f0/0x7f0 [ 2891.213626] ? netlink_unicast+0x7f0/0x7f0 [ 2891.214232] __sock_sendmsg+0x154/0x190 [ 2891.214724] ____sys_sendmsg+0x70d/0x870 [ 2891.215221] ? sock_write_iter+0x3d0/0x3d0 [ 2891.215736] ? do_recvmmsg+0x6d0/0x6d0 [ 2891.216213] ? lock_downgrade+0x6d0/0x6d0 [ 2891.217068] ? __lockdep_reset_lock+0x180/0x180 [ 2891.218368] ___sys_sendmsg+0xf3/0x170 [ 2891.219484] ? sendmsg_copy_msghdr+0x160/0x160 [ 2891.220828] ? __fget_files+0x2cf/0x520 [ 2891.222131] ? lock_downgrade+0x6d0/0x6d0 [ 2891.223497] ? find_held_lock+0x2c/0x110 [ 2891.224725] ? __fget_files+0x2f8/0x520 [ 2891.225261] ? __fget_light+0xea/0x290 [ 2891.225806] __sys_sendmsg+0xe5/0x1b0 [ 2891.226457] ? __sys_sendmsg_sock+0x40/0x40 [ 2891.227031] ? rcu_read_lock_any_held+0x75/0xa0 [ 2891.227658] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.228358] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2891.229062] ? trace_hardirqs_on+0x5b/0x180 [ 2891.229605] do_syscall_64+0x33/0x40 [ 2891.230096] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.230764] RIP: 0033:0x7f6e57a6eb19 [ 2891.231253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.233706] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2891.234703] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2891.235629] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2891.236567] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2891.237553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2891.238514] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2891.362434] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2891.374228] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2891.383490] FAULT_INJECTION: forcing a failure. [ 2891.383490] name failslab, interval 1, probability 0, space 0, times 0 [ 2891.385167] CPU: 0 PID: 20830 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2891.386127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2891.387272] Call Trace: [ 2891.387649] dump_stack+0x107/0x167 [ 2891.388160] should_fail.cold+0x5/0xa [ 2891.397083] ? create_object.isra.0+0x3a/0xa20 [ 2891.397704] should_failslab+0x5/0x20 [ 2891.398224] kmem_cache_alloc+0x5b/0x310 [ 2891.398772] create_object.isra.0+0x3a/0xa20 [ 2891.399356] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2891.400040] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2891.400749] ? netlink_trim+0x1ee/0x250 [ 2891.401279] pskb_expand_head+0x15a/0x1040 [ 2891.401842] netlink_trim+0x1ee/0x250 [ 2891.402342] netlink_broadcast_filtered+0x60/0xdc0 [ 2891.402988] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2891.403611] ? rtmsg_ifinfo_build_skb+0xd1/0x1a0 [ 2891.404230] nlmsg_notify+0x94/0x290 [ 2891.404771] rtmsg_ifinfo+0xf0/0x120 [ 2891.405276] __dev_notify_flags+0x22a/0x2c0 [ 2891.405853] ? dev_change_name+0x660/0x660 [ 2891.406417] ? __dev_change_flags+0x4cf/0x6e0 [ 2891.407017] ? dev_set_allmulti+0x30/0x30 [ 2891.407582] dev_change_flags+0x100/0x160 [ 2891.408144] do_setlink+0x90c/0x3ac0 [ 2891.408669] ? mark_lock+0xf5/0x2df0 [ 2891.409170] ? vprintk_func+0x93/0x140 [ 2891.409689] ? rtnl_getlink+0xaa0/0xaa0 [ 2891.410218] ? lock_chain_count+0x20/0x20 [ 2891.410789] ? record_print_text.cold+0x16/0x16 [ 2891.411400] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2891.412061] ? trace_hardirqs_on+0x5b/0x180 [ 2891.413809] ? __nla_validate_parse+0x2d8/0x2b10 [ 2891.414433] ? mark_held_locks+0x9e/0xe0 [ 2891.415144] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.415990] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2891.416809] ? trace_hardirqs_on+0x5b/0x180 [ 2891.417492] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2891.418376] __rtnl_newlink+0xc39/0x1700 [ 2891.418977] ? rtnl_setlink+0x3b0/0x3b0 [ 2891.433045] ? __is_insn_slot_addr+0x123/0x290 [ 2891.433674] ? unwind_next_frame+0x13ef/0x1a90 [ 2891.434289] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.435003] ? 0xffffffffa0000000 [ 2891.435474] ? __is_insn_slot_addr+0x14c/0x290 [ 2891.436099] ? kernel_text_address+0xf2/0x120 [ 2891.436723] ? __kernel_text_address+0x9/0x40 [ 2891.437326] ? unwind_get_return_address+0x55/0xa0 [ 2891.437986] ? create_prof_cpu_mask+0x20/0x20 [ 2891.438589] ? arch_stack_walk+0x99/0xf0 [ 2891.439159] ? stack_trace_save+0x8c/0xc0 [ 2891.439777] ? mark_held_locks+0x9e/0xe0 [ 2891.440333] ? trace_hardirqs_on+0x5b/0x180 [ 2891.440957] ? kasan_unpoison_shadow+0x33/0x50 [ 2891.441593] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2891.442320] rtnl_newlink+0x64/0xa0 [ 2891.442834] ? __rtnl_newlink+0x1700/0x1700 [ 2891.443449] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2891.444047] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2891.444646] ? perf_trace_lock+0xac/0x490 [ 2891.445245] ? __lockdep_reset_lock+0x180/0x180 [ 2891.445902] netlink_rcv_skb+0x14b/0x430 [ 2891.446483] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2891.447055] ? netlink_ack+0xab0/0xab0 [ 2891.447610] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2891.448253] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2891.448932] ? is_vmalloc_addr+0x7b/0xb0 [ 2891.449507] netlink_unicast+0x549/0x7f0 [ 2891.450095] ? netlink_attachskb+0x870/0x870 [ 2891.450730] netlink_sendmsg+0x90f/0xdf0 [ 2891.451283] ? netlink_unicast+0x7f0/0x7f0 [ 2891.451882] ? netlink_unicast+0x7f0/0x7f0 [ 2891.452477] __sock_sendmsg+0x154/0x190 [ 2891.453101] ____sys_sendmsg+0x70d/0x870 [ 2891.453682] ? sock_write_iter+0x3d0/0x3d0 [ 2891.454284] ? do_recvmmsg+0x6d0/0x6d0 [ 2891.454838] ? lock_downgrade+0x6d0/0x6d0 [ 2891.455433] ? __lockdep_reset_lock+0x180/0x180 [ 2891.456087] ___sys_sendmsg+0xf3/0x170 [ 2891.460700] ? sendmsg_copy_msghdr+0x160/0x160 [ 2891.461362] ? __fget_files+0x2cf/0x520 [ 2891.461934] ? lock_downgrade+0x6d0/0x6d0 [ 2891.462517] ? find_held_lock+0x2c/0x110 [ 2891.463109] ? __fget_files+0x2f8/0x520 [ 2891.463676] ? __fget_light+0xea/0x290 [ 2891.464249] __sys_sendmsg+0xe5/0x1b0 [ 2891.464824] ? __sys_sendmsg_sock+0x40/0x40 [ 2891.465545] ? rcu_read_lock_any_held+0x75/0xa0 [ 2891.466347] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.467232] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2891.468088] ? trace_hardirqs_on+0x5b/0x180 [ 2891.468892] do_syscall_64+0x33/0x40 [ 2891.469504] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.470389] RIP: 0033:0x7fb10e7f3b19 [ 2891.471015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.473918] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2891.474987] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2891.475983] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2891.477073] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2891.478272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2891.479471] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2891.492471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2891.494293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2891.495409] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2891.500793] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2891.501749] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2891.503344] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:54:30 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8941, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:54:30 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x7400000000000000, 0x0, 0x0) 13:54:30 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7a00, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:54:30 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000400001010100"], 0x1c}}, 0x0) 13:54:30 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 15) 13:54:30 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 5) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 2891.582125] FAULT_INJECTION: forcing a failure. [ 2891.582125] name failslab, interval 1, probability 0, space 0, times 0 [ 2891.583735] CPU: 0 PID: 20931 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2891.584655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2891.585734] Call Trace: [ 2891.586086] dump_stack+0x107/0x167 [ 2891.586565] should_fail.cold+0x5/0xa [ 2891.587073] should_failslab+0x5/0x20 [ 2891.587573] __kmalloc_node_track_caller+0x74/0x3b0 [ 2891.588228] ? netlink_sendmsg+0x998/0xdf0 [ 2891.588819] __alloc_skb+0xb1/0x5b0 [ 2891.589300] netlink_sendmsg+0x998/0xdf0 [ 2891.589836] ? netlink_unicast+0x7f0/0x7f0 [ 2891.590398] ? netlink_unicast+0x7f0/0x7f0 [ 2891.590953] __sock_sendmsg+0x154/0x190 [ 2891.591475] ____sys_sendmsg+0x70d/0x870 [ 2891.592008] ? sock_write_iter+0x3d0/0x3d0 [ 2891.592573] ? do_recvmmsg+0x6d0/0x6d0 [ 2891.593099] ? lock_downgrade+0x6d0/0x6d0 [ 2891.593643] ? __lockdep_reset_lock+0x180/0x180 [ 2891.594254] ___sys_sendmsg+0xf3/0x170 [ 2891.594763] ? sendmsg_copy_msghdr+0x160/0x160 [ 2891.595363] ? __fget_files+0x2cf/0x520 [ 2891.595884] ? lock_downgrade+0x6d0/0x6d0 [ 2891.596425] ? find_held_lock+0x2c/0x110 [ 2891.596980] ? __fget_files+0x2f8/0x520 [ 2891.597506] ? __fget_light+0xea/0x290 [ 2891.598019] __sys_sendmsg+0xe5/0x1b0 [ 2891.598517] ? __sys_sendmsg_sock+0x40/0x40 [ 2891.599080] ? rcu_read_lock_any_held+0x75/0xa0 [ 2891.599700] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.600387] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2891.601075] ? trace_hardirqs_on+0x5b/0x180 [ 2891.601641] do_syscall_64+0x33/0x40 [ 2891.602127] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.602797] RIP: 0033:0x7ff152763b19 [ 2891.603284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.605709] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2891.606704] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2891.607636] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2891.608579] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2891.609538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2891.610471] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2891.615658] FAULT_INJECTION: forcing a failure. [ 2891.615658] name failslab, interval 1, probability 0, space 0, times 0 [ 2891.617172] CPU: 0 PID: 20937 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2891.618077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2891.619162] Call Trace: [ 2891.619509] dump_stack+0x107/0x167 [ 2891.619986] should_fail.cold+0x5/0xa [ 2891.620489] ? create_object.isra.0+0x3a/0xa20 [ 2891.621107] should_failslab+0x5/0x20 [ 2891.621607] kmem_cache_alloc+0x5b/0x310 [ 2891.622142] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2891.622930] create_object.isra.0+0x3a/0xa20 [ 2891.623503] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2891.624174] kmem_cache_alloc_trace+0x151/0x320 [ 2891.624816] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 2891.625560] io_uring_setup+0x14f6/0x2980 [ 2891.626136] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2891.626831] ? wait_for_completion_io+0x270/0x270 [ 2891.627511] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2891.628201] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2891.629024] do_syscall_64+0x33/0x40 [ 2891.629513] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2891.630185] RIP: 0033:0x7fbe2462eb19 [ 2891.630673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2891.633138] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2891.634138] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2891.635075] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2891.636010] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2891.637485] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2891.639658] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2891.685902] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2891.687390] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2891.688419] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:54:45 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 2906.100030] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:54:45 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x894c, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:54:45 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 6) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:54:45 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0200000101010100"], 0x1c}}, 0x0) 13:54:45 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 26) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:54:45 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x7a00000000000000, 0x0, 0x0) 13:54:45 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 16) 13:54:45 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7c01, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2906.110763] FAULT_INJECTION: forcing a failure. [ 2906.110763] name failslab, interval 1, probability 0, space 0, times 0 [ 2906.112178] CPU: 1 PID: 21094 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2906.113029] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2906.123047] FAULT_INJECTION: forcing a failure. [ 2906.123047] name failslab, interval 1, probability 0, space 0, times 0 [ 2906.125330] Call Trace: [ 2906.125354] dump_stack+0x107/0x167 [ 2906.125370] should_fail.cold+0x5/0xa [ 2906.125391] ? create_object.isra.0+0x3a/0xa20 [ 2906.128622] should_failslab+0x5/0x20 [ 2906.129135] kmem_cache_alloc+0x5b/0x310 [ 2906.129639] create_object.isra.0+0x3a/0xa20 [ 2906.130184] kmemleak_alloc_percpu+0xa0/0x100 [ 2906.130734] pcpu_alloc+0x4e2/0x1240 [ 2906.131207] ? io_async_queue_proc+0x80/0x80 [ 2906.131745] percpu_ref_init+0x31/0x3d0 [ 2906.132239] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2906.132899] io_uring_setup+0x14f6/0x2980 [ 2906.137448] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2906.138064] ? wait_for_completion_io+0x270/0x270 [ 2906.138665] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.139298] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2906.139937] do_syscall_64+0x33/0x40 [ 2906.140397] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2906.141034] RIP: 0033:0x7fbe2462eb19 [ 2906.141520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2906.143799] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2906.144743] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2906.149664] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2906.150549] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2906.151438] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2906.152333] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2906.153254] CPU: 0 PID: 21097 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2906.154160] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2906.155235] Call Trace: [ 2906.155580] dump_stack+0x107/0x167 [ 2906.156055] should_fail.cold+0x5/0xa [ 2906.156551] ? create_object.isra.0+0x3a/0xa20 [ 2906.157167] should_failslab+0x5/0x20 [ 2906.157663] kmem_cache_alloc+0x5b/0x310 [ 2906.158196] create_object.isra.0+0x3a/0xa20 [ 2906.158766] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2906.159429] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2906.160094] ? netlink_sendmsg+0x998/0xdf0 [ 2906.160650] __alloc_skb+0xb1/0x5b0 [ 2906.161138] netlink_sendmsg+0x998/0xdf0 [ 2906.161675] ? netlink_unicast+0x7f0/0x7f0 [ 2906.162232] ? netlink_unicast+0x7f0/0x7f0 [ 2906.162785] __sock_sendmsg+0x154/0x190 [ 2906.163308] ____sys_sendmsg+0x70d/0x870 [ 2906.163839] ? sock_write_iter+0x3d0/0x3d0 [ 2906.164387] ? do_recvmmsg+0x6d0/0x6d0 [ 2906.164897] ? lock_downgrade+0x6d0/0x6d0 [ 2906.165468] ? __lockdep_reset_lock+0x180/0x180 [ 2906.166082] ___sys_sendmsg+0xf3/0x170 [ 2906.166597] ? sendmsg_copy_msghdr+0x160/0x160 [ 2906.167194] ? __fget_files+0x2cf/0x520 [ 2906.167711] ? lock_downgrade+0x6d0/0x6d0 [ 2906.168255] ? find_held_lock+0x2c/0x110 [ 2906.168790] ? __fget_files+0x2f8/0x520 13:54:45 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0300000101010100"], 0x1c}}, 0x0) [ 2906.169332] ? __fget_light+0xea/0x290 [ 2906.177275] __sys_sendmsg+0xe5/0x1b0 [ 2906.177772] ? __sys_sendmsg_sock+0x40/0x40 [ 2906.178331] ? rcu_read_lock_any_held+0x75/0xa0 [ 2906.178945] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.179623] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2906.180288] ? trace_hardirqs_on+0x5b/0x180 [ 2906.180847] do_syscall_64+0x33/0x40 [ 2906.181351] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2906.182019] RIP: 0033:0x7ff152763b19 [ 2906.182501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2906.184876] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2906.189896] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2906.190819] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2906.191738] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2906.192662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2906.193599] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2906.206440] FAULT_INJECTION: forcing a failure. [ 2906.206440] name failslab, interval 1, probability 0, space 0, times 0 [ 2906.208208] CPU: 1 PID: 21045 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2906.209041] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2906.210062] Call Trace: [ 2906.210406] dump_stack+0x107/0x167 [ 2906.210872] should_fail.cold+0x5/0xa [ 2906.211366] ? __alloc_skb+0x6d/0x5b0 [ 2906.211852] should_failslab+0x5/0x20 [ 2906.212336] kmem_cache_alloc_node+0x55/0x330 [ 2906.212909] __alloc_skb+0x6d/0x5b0 [ 2906.213457] inet6_rt_notify+0xed/0x2a0 [ 2906.213968] fib6_del+0xf4c/0x1540 [ 2906.214435] ? fib6_locate+0x660/0x660 [ 2906.214938] ? fib6_ifdown+0xc5/0x8f0 [ 2906.215425] fib6_clean_node+0x39e/0x570 [ 2906.215931] ? fib6_del+0x1540/0x1540 [ 2906.216411] ? fib6_clean_tree+0x14c/0x260 [ 2906.216955] fib6_walk_continue+0x35c/0x710 [ 2906.221539] ? trace_hardirqs_on+0x5b/0x180 [ 2906.222092] fib6_clean_tree+0x154/0x260 [ 2906.222607] ? fib6_ifup+0x260/0x260 [ 2906.223082] ? fib6_info_destroy_rcu+0x210/0x210 [ 2906.223687] ? fib6_del+0x1540/0x1540 [ 2906.224178] ? fib6_ifup+0x260/0x260 [ 2906.224650] ? spin_bug+0xf0/0x100 [ 2906.225116] ? lock_chain_count+0x20/0x20 [ 2906.225641] ? fib6_ifup+0x260/0x260 [ 2906.226118] __fib6_clean_all+0xf0/0x2a0 [ 2906.226634] rt6_disable_ip+0x4d5/0x5b0 [ 2906.227118] ? lock_chain_count+0x20/0x20 [ 2906.227648] ? rt6_sync_down_dev+0x150/0x150 [ 2906.228228] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 2906.228841] ? addrconf_dad_run+0x180/0x180 [ 2906.229433] addrconf_notify+0x159/0x2410 [ 2906.229965] ? tun_device_event+0x71/0x1160 [ 2906.230515] ? mark_held_locks+0x9e/0xe0 [ 2906.231037] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2906.231663] ? inet6_ifinfo_notify+0x150/0x150 [ 2906.232211] ? failover_register+0x530/0x530 [ 2906.232745] raw_notifier_call_chain+0xb3/0x110 [ 2906.233332] call_netdevice_notifiers_info+0xb5/0x130 [ 2906.233986] __dev_notify_flags+0x1de/0x2c0 [ 2906.234541] ? dev_change_name+0x660/0x660 [ 2906.235075] ? __dev_change_flags+0x4cf/0x6e0 [ 2906.235647] ? dev_set_allmulti+0x30/0x30 [ 2906.236191] dev_change_flags+0x100/0x160 [ 2906.236723] do_setlink+0x90c/0x3ac0 [ 2906.241235] ? mark_lock+0xf5/0x2df0 [ 2906.241710] ? lock_chain_count+0x20/0x20 [ 2906.242226] ? rtnl_getlink+0xaa0/0xaa0 [ 2906.242726] ? lock_chain_count+0x20/0x20 [ 2906.243251] ? record_print_text.cold+0x16/0x16 [ 2906.243838] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2906.244477] ? trace_hardirqs_on+0x5b/0x180 [ 2906.245044] ? mark_held_locks+0x9e/0xe0 [ 2906.245588] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.246260] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2906.246940] ? trace_hardirqs_on+0x5b/0x180 [ 2906.247492] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2906.248193] ? netdev_master_upper_dev_get+0x29/0x150 [ 2906.248849] ? netdev_master_upper_dev_get+0x52/0x150 [ 2906.249517] __rtnl_newlink+0xc39/0x1700 [ 2906.250025] ? rtnl_setlink+0x3b0/0x3b0 [ 2906.250512] ? __is_insn_slot_addr+0x123/0x290 [ 2906.251078] ? unwind_next_frame+0x13ef/0x1a90 [ 2906.251635] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2906.252287] ? 0xffffffffa0000000 [ 2906.252719] ? __is_insn_slot_addr+0x14c/0x290 [ 2906.253317] ? kernel_text_address+0xf2/0x120 [ 2906.253889] ? __kernel_text_address+0x9/0x40 [ 2906.254459] ? unwind_get_return_address+0x55/0xa0 [ 2906.255080] ? create_prof_cpu_mask+0x20/0x20 [ 2906.255648] ? arch_stack_walk+0x99/0xf0 [ 2906.256178] ? stack_trace_save+0x8c/0xc0 [ 2906.256760] ? mark_held_locks+0x9e/0xe0 [ 2906.257302] ? trace_hardirqs_on+0x5b/0x180 [ 2906.257854] ? kasan_unpoison_shadow+0x33/0x50 [ 2906.258439] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2906.259085] rtnl_newlink+0x64/0xa0 [ 2906.259546] ? __rtnl_newlink+0x1700/0x1700 [ 2906.260089] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2906.260630] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2906.261159] ? perf_trace_lock+0xac/0x490 [ 2906.261696] ? __lockdep_reset_lock+0x180/0x180 [ 2906.262295] netlink_rcv_skb+0x14b/0x430 [ 2906.262810] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2906.263329] ? netlink_ack+0xab0/0xab0 [ 2906.263820] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2906.264406] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2906.264986] ? is_vmalloc_addr+0x7b/0xb0 [ 2906.265518] netlink_unicast+0x549/0x7f0 [ 2906.266019] ? netlink_attachskb+0x870/0x870 [ 2906.266564] netlink_sendmsg+0x90f/0xdf0 [ 2906.267063] ? netlink_unicast+0x7f0/0x7f0 [ 2906.267589] ? netlink_unicast+0x7f0/0x7f0 [ 2906.268111] __sock_sendmsg+0x154/0x190 [ 2906.268597] ____sys_sendmsg+0x70d/0x870 [ 2906.269114] ? sock_write_iter+0x3d0/0x3d0 [ 2906.269658] ? do_recvmmsg+0x6d0/0x6d0 [ 2906.270157] ? lock_downgrade+0x6d0/0x6d0 [ 2906.270687] ? __lockdep_reset_lock+0x180/0x180 [ 2906.271287] ___sys_sendmsg+0xf3/0x170 [ 2906.271785] ? sendmsg_copy_msghdr+0x160/0x160 [ 2906.272371] ? __fget_files+0x2cf/0x520 [ 2906.272876] ? lock_downgrade+0x6d0/0x6d0 [ 2906.273423] ? find_held_lock+0x2c/0x110 [ 2906.273953] ? __fget_files+0x2f8/0x520 [ 2906.274469] ? __fget_light+0xea/0x290 [ 2906.274971] __sys_sendmsg+0xe5/0x1b0 [ 2906.275459] ? __sys_sendmsg_sock+0x40/0x40 [ 2906.276005] ? rcu_read_lock_any_held+0x75/0xa0 [ 2906.276613] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.277301] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2906.277951] ? trace_hardirqs_on+0x5b/0x180 [ 2906.278503] do_syscall_64+0x33/0x40 [ 2906.278977] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2906.279619] RIP: 0033:0x7fb10e7f3b19 [ 2906.280090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2906.282408] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2906.283374] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2906.284268] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2906.285184] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2906.286052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2906.286918] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2906.288979] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2906.291100] FAULT_INJECTION: forcing a failure. [ 2906.291100] name failslab, interval 1, probability 0, space 0, times 0 [ 2906.292611] CPU: 0 PID: 21043 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2906.301587] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2906.302669] Call Trace: [ 2906.303018] dump_stack+0x107/0x167 [ 2906.303501] should_fail.cold+0x5/0xa [ 2906.304005] should_failslab+0x5/0x20 [ 2906.304505] __kmalloc_node_track_caller+0x74/0x3b0 [ 2906.305173] ? netlink_trim+0x1ee/0x250 [ 2906.305701] pskb_expand_head+0x15a/0x1040 [ 2906.306260] ? nl80211_send_station+0xee3/0x30c0 [ 2906.306879] netlink_trim+0x1ee/0x250 [ 2906.307380] netlink_broadcast_filtered+0x60/0xdc0 [ 2906.308033] netlink_broadcast+0x35/0x50 13:54:45 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 17) 13:54:45 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffffffffffff, 0x0, 0x0) [ 2906.308564] cfg80211_del_sta_sinfo+0x265/0x470 [ 2906.309189] ? cfg80211_new_sta+0x370/0x370 [ 2906.309788] __sta_info_destroy_part2+0x310/0x4f0 [ 2906.310418] __sta_info_flush+0x3a0/0x520 [ 2906.317338] ? __sta_info_destroy+0x50/0x50 [ 2906.317905] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.318588] ? trace_hardirqs_on+0x5b/0x180 [ 2906.319153] ? cfg80211_put_bss+0x1b0/0x270 [ 2906.319715] ? __local_bh_enable_ip+0x9d/0x100 [ 2906.320317] ieee80211_ibss_disconnect+0x115/0x750 [ 2906.320959] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.321668] ieee80211_ibss_leave+0x12/0x160 [ 2906.322243] __cfg80211_leave_ibss+0x183/0x4f0 [ 2906.322844] __cfg80211_leave+0x14b/0x370 [ 2906.323390] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2906.324086] ? ipmr_device_event+0x18b/0x1f0 [ 2906.324662] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2906.325377] raw_notifier_call_chain+0xb3/0x110 [ 2906.325992] call_netdevice_notifiers_info+0xb5/0x130 [ 2906.326667] __dev_close_many+0xf3/0x2f0 [ 2906.327199] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2906.327886] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.328572] ? __local_bh_enable_ip+0x9d/0x100 [ 2906.329199] ? trace_hardirqs_on+0x5b/0x180 [ 2906.329782] __dev_change_flags+0x299/0x6e0 [ 2906.330364] ? dev_set_allmulti+0x30/0x30 [ 2906.330934] dev_change_flags+0x8a/0x160 [ 2906.331492] do_setlink+0x90c/0x3ac0 [ 2906.332002] ? vprintk_func+0x93/0x140 [ 2906.332528] ? rtnl_getlink+0xaa0/0xaa0 [ 2906.333066] ? printk+0xba/0xf1 [ 2906.333528] ? record_print_text.cold+0x16/0x16 [ 2906.334162] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2906.334846] ? trace_hardirqs_on+0x5b/0x180 [ 2906.335458] ? __nla_validate_parse+0x2d8/0x2b10 [ 2906.336105] ? perf_trace_lock+0xac/0x490 [ 2906.336672] ? nla_get_range_signed+0x520/0x520 [ 2906.337432] ? __lock_acquire+0xbb1/0x5b00 [ 2906.338008] __rtnl_newlink+0xc39/0x1700 [ 2906.338551] ? rtnl_setlink+0x3b0/0x3b0 [ 2906.339073] ? __is_insn_slot_addr+0x123/0x290 [ 2906.339680] ? unwind_next_frame+0x13ef/0x1a90 [ 2906.340280] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2906.340975] ? 0xffffffffa0000000 [ 2906.341464] ? __is_insn_slot_addr+0x14c/0x290 [ 2906.342087] ? kernel_text_address+0xf2/0x120 [ 2906.342695] ? __kernel_text_address+0x9/0x40 [ 2906.343300] ? unwind_get_return_address+0x55/0xa0 [ 2906.343962] ? create_prof_cpu_mask+0x20/0x20 [ 2906.344570] ? arch_stack_walk+0x99/0xf0 [ 2906.345148] ? stack_trace_save+0x8c/0xc0 [ 2906.345738] ? mark_held_locks+0x9e/0xe0 [ 2906.346273] ? trace_hardirqs_on+0x5b/0x180 [ 2906.346839] ? kasan_unpoison_shadow+0x33/0x50 [ 2906.347439] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2906.348100] rtnl_newlink+0x64/0xa0 [ 2906.348575] ? __rtnl_newlink+0x1700/0x1700 [ 2906.349335] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2906.350656] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2906.351917] ? perf_trace_lock+0xac/0x490 [ 2906.353219] ? __lockdep_reset_lock+0x180/0x180 [ 2906.354372] netlink_rcv_skb+0x14b/0x430 [ 2906.355367] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2906.356360] ? netlink_ack+0xab0/0xab0 [ 2906.357270] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2906.357896] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2906.358516] ? is_vmalloc_addr+0x7b/0xb0 [ 2906.359074] netlink_unicast+0x549/0x7f0 [ 2906.359690] ? netlink_attachskb+0x870/0x870 [ 2906.360298] netlink_sendmsg+0x90f/0xdf0 [ 2906.360859] ? netlink_unicast+0x7f0/0x7f0 [ 2906.361452] ? netlink_unicast+0x7f0/0x7f0 [ 2906.362006] __sock_sendmsg+0x154/0x190 [ 2906.362529] ____sys_sendmsg+0x70d/0x870 [ 2906.363062] ? sock_write_iter+0x3d0/0x3d0 [ 2906.363617] ? do_recvmmsg+0x6d0/0x6d0 [ 2906.364127] ? lock_downgrade+0x6d0/0x6d0 [ 2906.364671] ? __lockdep_reset_lock+0x180/0x180 [ 2906.365610] ___sys_sendmsg+0xf3/0x170 [ 2906.366664] ? sendmsg_copy_msghdr+0x160/0x160 [ 2906.367923] ? __fget_files+0x2cf/0x520 [ 2906.368975] ? lock_downgrade+0x6d0/0x6d0 [ 2906.369623] ? find_held_lock+0x2c/0x110 [ 2906.370166] ? __fget_files+0x2f8/0x520 [ 2906.370743] ? __fget_light+0xea/0x290 [ 2906.371264] __sys_sendmsg+0xe5/0x1b0 [ 2906.371777] ? __sys_sendmsg_sock+0x40/0x40 [ 2906.372340] ? rcu_read_lock_any_held+0x75/0xa0 [ 2906.372964] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.373808] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2906.374538] ? trace_hardirqs_on+0x5b/0x180 [ 2906.375125] do_syscall_64+0x33/0x40 [ 2906.375636] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2906.376336] RIP: 0033:0x7f6e57a6eb19 [ 2906.376885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2906.381478] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2906.382557] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2906.383557] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2906.384503] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2906.385488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2906.386445] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 13:54:45 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa077, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:54:45 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0400000101010100"], 0x1c}}, 0x0) [ 2906.427937] FAULT_INJECTION: forcing a failure. [ 2906.427937] name failslab, interval 1, probability 0, space 0, times 0 [ 2906.431101] CPU: 0 PID: 21180 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2906.432857] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2906.435471] Call Trace: [ 2906.436293] dump_stack+0x107/0x167 [ 2906.438435] should_fail.cold+0x5/0xa [ 2906.439425] ? create_object.isra.0+0x3a/0xa20 [ 2906.440604] should_failslab+0x5/0x20 [ 2906.441673] kmem_cache_alloc+0x5b/0x310 [ 2906.442820] create_object.isra.0+0x3a/0xa20 [ 2906.444049] kmemleak_alloc_percpu+0xa0/0x100 [ 2906.445212] pcpu_alloc+0x4e2/0x1240 [ 2906.445743] ? io_async_queue_proc+0x80/0x80 [ 2906.446342] percpu_ref_init+0x31/0x3d0 [ 2906.446937] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2906.447702] io_uring_setup+0x14f6/0x2980 [ 2906.448273] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2906.448963] ? wait_for_completion_io+0x270/0x270 [ 2906.449642] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2906.450328] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2906.451015] do_syscall_64+0x33/0x40 [ 2906.451506] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2906.452174] RIP: 0033:0x7fbe2462eb19 [ 2906.452659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2906.455148] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2906.456179] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2906.457159] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2906.458123] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2906.459131] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2906.460125] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:54:45 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0500000101010100"], 0x1c}}, 0x0) 13:54:45 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa177, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2906.576698] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2906.588940] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2906.590023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2906.591192] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2906.593977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2906.594862] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2906.596128] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2906.599205] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2906.600095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2906.602131] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:54:45 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2) 13:54:59 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 7) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:54:59 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0600000101010100"], 0x1c}}, 0x0) 13:54:59 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 19) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:54:59 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa277, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:54:59 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 27) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:54:59 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8980, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:54:59 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 18) [ 2920.620751] FAULT_INJECTION: forcing a failure. 13:54:59 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3) [ 2920.620751] name failslab, interval 1, probability 0, space 0, times 0 [ 2920.626683] CPU: 0 PID: 21398 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2920.627618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2920.628729] Call Trace: [ 2920.629093] dump_stack+0x107/0x167 [ 2920.629600] should_fail.cold+0x5/0xa [ 2920.630126] ? percpu_ref_init+0xd8/0x3d0 [ 2920.630691] should_failslab+0x5/0x20 [ 2920.631207] kmem_cache_alloc_trace+0x55/0x320 [ 2920.631828] ? io_async_queue_proc+0x80/0x80 [ 2920.632419] percpu_ref_init+0xd8/0x3d0 [ 2920.632960] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2920.633724] io_uring_setup+0x14f6/0x2980 [ 2920.634290] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2920.634975] ? wait_for_completion_io+0x270/0x270 [ 2920.635667] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.636387] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2920.636678] FAULT_INJECTION: forcing a failure. [ 2920.636678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2920.637114] do_syscall_64+0x33/0x40 [ 2920.637136] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2920.647740] RIP: 0033:0x7fbe2462eb19 [ 2920.648247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2920.650692] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2920.651689] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2920.652622] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2920.653552] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2920.654498] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2920.655431] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2920.656386] CPU: 1 PID: 21403 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2920.657243] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2920.658265] Call Trace: [ 2920.658601] dump_stack+0x107/0x167 [ 2920.659047] should_fail.cold+0x5/0xa [ 2920.659519] _copy_from_iter_full+0x201/0xa60 [ 2920.660069] ? __virt_addr_valid+0x170/0x5d0 [ 2920.660610] ? __check_object_size+0x319/0x440 [ 2920.661172] netlink_sendmsg+0x879/0xdf0 [ 2920.661698] ? netlink_unicast+0x7f0/0x7f0 [ 2920.662225] ? netlink_unicast+0x7f0/0x7f0 [ 2920.662776] __sock_sendmsg+0x154/0x190 [ 2920.663260] ____sys_sendmsg+0x70d/0x870 [ 2920.663758] ? sock_write_iter+0x3d0/0x3d0 [ 2920.664271] ? do_recvmmsg+0x6d0/0x6d0 [ 2920.664756] ? lock_downgrade+0x6d0/0x6d0 [ 2920.665263] ? __lockdep_reset_lock+0x180/0x180 [ 2920.665849] ___sys_sendmsg+0xf3/0x170 [ 2920.666327] ? sendmsg_copy_msghdr+0x160/0x160 [ 2920.666890] ? __fget_files+0x2cf/0x520 [ 2920.667374] ? lock_downgrade+0x6d0/0x6d0 [ 2920.667884] ? find_held_lock+0x2c/0x110 [ 2920.668385] ? __fget_files+0x2f8/0x520 [ 2920.668875] ? __fget_light+0xea/0x290 [ 2920.669354] __sys_sendmsg+0xe5/0x1b0 [ 2920.669830] ? __sys_sendmsg_sock+0x40/0x40 [ 2920.670355] ? rcu_read_lock_any_held+0x75/0xa0 [ 2920.670933] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.671575] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2920.672203] ? trace_hardirqs_on+0x5b/0x180 [ 2920.672731] do_syscall_64+0x33/0x40 [ 2920.673188] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2920.673833] RIP: 0033:0x7ff152763b19 [ 2920.674293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2920.676422] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2920.676551] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2920.676566] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2920.676573] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2920.676581] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2920.676588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2920.676595] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2920.699108] FAULT_INJECTION: forcing a failure. [ 2920.699108] name failslab, interval 1, probability 0, space 0, times 0 [ 2920.700726] CPU: 1 PID: 21410 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2920.701584] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2920.702596] Call Trace: [ 2920.702930] dump_stack+0x107/0x167 [ 2920.703376] should_fail.cold+0x5/0xa [ 2920.703844] ? ___slab_alloc+0x360/0x700 [ 2920.704341] ? create_object.isra.0+0x3a/0xa20 [ 2920.704904] should_failslab+0x5/0x20 [ 2920.705367] kmem_cache_alloc+0x5b/0x310 [ 2920.705891] create_object.isra.0+0x3a/0xa20 [ 2920.706425] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2920.707052] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2920.707670] ? netlink_trim+0x1ee/0x250 [ 2920.708163] pskb_expand_head+0x15a/0x1040 [ 2920.708688] ? nl80211_send_station+0xee3/0x30c0 [ 2920.709271] netlink_trim+0x1ee/0x250 [ 2920.709754] netlink_broadcast_filtered+0x60/0xdc0 [ 2920.710366] netlink_broadcast+0x35/0x50 [ 2920.710863] cfg80211_del_sta_sinfo+0x265/0x470 [ 2920.711432] ? cfg80211_new_sta+0x370/0x370 [ 2920.711999] __sta_info_destroy_part2+0x310/0x4f0 [ 2920.712594] __sta_info_flush+0x3a0/0x520 [ 2920.713108] ? __sta_info_destroy+0x50/0x50 [ 2920.713650] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.714292] ? trace_hardirqs_on+0x5b/0x180 [ 2920.714822] ? cfg80211_put_bss+0x1b0/0x270 [ 2920.715350] ? __local_bh_enable_ip+0x9d/0x100 [ 2920.715914] ieee80211_ibss_disconnect+0x115/0x750 [ 2920.716513] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.717159] ieee80211_ibss_leave+0x12/0x160 [ 2920.717712] __cfg80211_leave_ibss+0x183/0x4f0 [ 2920.718275] __cfg80211_leave+0x14b/0x370 [ 2920.718792] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2920.719444] ? ipmr_device_event+0x18b/0x1f0 [ 2920.719984] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2920.720617] raw_notifier_call_chain+0xb3/0x110 [ 2920.721191] call_netdevice_notifiers_info+0xb5/0x130 [ 2920.721839] __dev_close_many+0xf3/0x2f0 [ 2920.722337] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2920.722990] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.723628] ? __local_bh_enable_ip+0x9d/0x100 [ 2920.724191] ? trace_hardirqs_on+0x5b/0x180 [ 2920.724724] __dev_change_flags+0x299/0x6e0 [ 2920.725252] ? dev_set_allmulti+0x30/0x30 [ 2920.725785] dev_change_flags+0x8a/0x160 [ 2920.726286] do_setlink+0x90c/0x3ac0 [ 2920.726749] ? lock_chain_count+0x20/0x20 [ 2920.727255] ? rtnl_getlink+0xaa0/0xaa0 [ 2920.727740] ? printk+0xba/0xf1 [ 2920.728145] ? record_print_text.cold+0x16/0x16 [ 2920.728718] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2920.729332] ? trace_hardirqs_on+0x5b/0x180 [ 2920.729890] ? mark_held_locks+0x9e/0xe0 [ 2920.730391] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.731034] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2920.731693] ? trace_hardirqs_on+0x5b/0x180 [ 2920.732221] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2920.732890] ? rtnl_ensure_unique_netns+0xa8/0x250 [ 2920.733495] __rtnl_newlink+0xc39/0x1700 [ 2920.734028] ? rtnl_setlink+0x3b0/0x3b0 [ 2920.734517] ? __is_insn_slot_addr+0x123/0x290 [ 2920.735084] ? unwind_next_frame+0x13ef/0x1a90 [ 2920.735643] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2920.736294] ? 0xffffffffa0000000 [ 2920.736723] ? __is_insn_slot_addr+0x14c/0x290 [ 2920.737287] ? kernel_text_address+0xf2/0x120 [ 2920.737855] ? __kernel_text_address+0x9/0x40 [ 2920.738405] ? unwind_get_return_address+0x55/0xa0 [ 2920.739005] ? create_prof_cpu_mask+0x20/0x20 [ 2920.739553] ? arch_stack_walk+0x99/0xf0 [ 2920.740061] ? stack_trace_save+0x8c/0xc0 [ 2920.740619] ? mark_held_locks+0x9e/0xe0 [ 2920.741121] ? trace_hardirqs_on+0x5b/0x180 [ 2920.741680] ? kasan_unpoison_shadow+0x33/0x50 [ 2920.742240] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2920.742863] rtnl_newlink+0x64/0xa0 [ 2920.743308] ? __rtnl_newlink+0x1700/0x1700 [ 2920.743849] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2920.744369] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2920.744869] ? perf_trace_lock+0xac/0x490 [ 2920.745383] ? __lockdep_reset_lock+0x180/0x180 [ 2920.746380] netlink_rcv_skb+0x14b/0x430 [ 2920.747371] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2920.748361] ? netlink_ack+0xab0/0xab0 [ 2920.749348] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2920.750454] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2920.751542] ? is_vmalloc_addr+0x7b/0xb0 [ 2920.752510] netlink_unicast+0x549/0x7f0 [ 2920.753477] ? netlink_attachskb+0x870/0x870 [ 2920.754738] netlink_sendmsg+0x90f/0xdf0 [ 2920.755735] ? netlink_unicast+0x7f0/0x7f0 [ 2920.756778] ? netlink_unicast+0x7f0/0x7f0 [ 2920.757728] __sock_sendmsg+0x154/0x190 [ 2920.758216] ____sys_sendmsg+0x70d/0x870 [ 2920.758718] ? sock_write_iter+0x3d0/0x3d0 [ 2920.759235] ? do_recvmmsg+0x6d0/0x6d0 [ 2920.759717] ? lock_downgrade+0x6d0/0x6d0 [ 2920.760227] ? __lockdep_reset_lock+0x180/0x180 [ 2920.760801] ___sys_sendmsg+0xf3/0x170 [ 2920.761280] ? sendmsg_copy_msghdr+0x160/0x160 [ 2920.762206] ? __fget_files+0x2cf/0x520 [ 2920.763172] ? lock_downgrade+0x6d0/0x6d0 [ 2920.764179] ? find_held_lock+0x2c/0x110 [ 2920.765172] ? __fget_files+0x2f8/0x520 [ 2920.766272] ? __fget_light+0xea/0x290 [ 2920.767203] __sys_sendmsg+0xe5/0x1b0 [ 2920.768104] ? __sys_sendmsg_sock+0x40/0x40 [ 2920.769133] ? rcu_read_lock_any_held+0x75/0xa0 [ 2920.770400] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.771681] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2920.772935] ? trace_hardirqs_on+0x5b/0x180 [ 2920.774073] do_syscall_64+0x33/0x40 [ 2920.774975] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2920.776205] RIP: 0033:0x7f6e57a6eb19 [ 2920.777085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2920.782521] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2920.784387] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2920.786257] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2920.787966] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2920.789713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2920.791468] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 13:55:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0700000101010100"], 0x1c}}, 0x0) 13:55:00 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4) 13:55:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0800000101010100"], 0x1c}}, 0x0) 13:55:00 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa377, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:00 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 19) 13:55:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0900000101010100"], 0x1c}}, 0x0) [ 2920.938554] FAULT_INJECTION: forcing a failure. [ 2920.938554] name failslab, interval 1, probability 0, space 0, times 0 [ 2920.940115] CPU: 0 PID: 21571 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2920.941024] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2920.942147] Call Trace: [ 2920.942500] dump_stack+0x107/0x167 [ 2920.942981] should_fail.cold+0x5/0xa [ 2920.943485] ? create_object.isra.0+0x3a/0xa20 [ 2920.944090] should_failslab+0x5/0x20 [ 2920.944592] kmem_cache_alloc+0x5b/0x310 [ 2920.945130] create_object.isra.0+0x3a/0xa20 [ 2920.947142] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2920.947809] kmem_cache_alloc_trace+0x151/0x320 [ 2920.948421] ? io_async_queue_proc+0x80/0x80 [ 2920.948999] percpu_ref_init+0xd8/0x3d0 [ 2920.949525] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 2920.950255] io_uring_setup+0x14f6/0x2980 [ 2920.950804] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2920.951470] ? wait_for_completion_io+0x270/0x270 [ 2920.952121] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2920.952809] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2920.953485] do_syscall_64+0x33/0x40 [ 2920.953989] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2920.954666] RIP: 0033:0x7fbe2462eb19 [ 2920.955155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2920.957571] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2920.958590] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2920.959530] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2920.960467] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2920.961405] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2920.962364] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:55:00 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa477, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:00 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0a00000101010100"], 0x1c}}, 0x0) [ 2921.126864] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2921.135756] FAULT_INJECTION: forcing a failure. [ 2921.135756] name failslab, interval 1, probability 0, space 0, times 0 [ 2921.137188] CPU: 1 PID: 21409 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2921.138053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2921.139057] Call Trace: [ 2921.139385] dump_stack+0x107/0x167 [ 2921.139836] should_fail.cold+0x5/0xa [ 2921.140302] ? create_object.isra.0+0x3a/0xa20 [ 2921.140862] should_failslab+0x5/0x20 [ 2921.141327] kmem_cache_alloc+0x5b/0x310 [ 2921.141848] create_object.isra.0+0x3a/0xa20 [ 2921.142381] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2921.143005] kmem_cache_alloc_node+0x169/0x330 [ 2921.143569] __alloc_skb+0x6d/0x5b0 [ 2921.144017] inet6_rt_notify+0xed/0x2a0 [ 2921.144507] fib6_del+0xf4c/0x1540 [ 2921.144950] ? fib6_locate+0x660/0x660 [ 2921.145429] ? fib6_ifdown+0xc5/0x8f0 [ 2921.145927] fib6_clean_node+0x39e/0x570 [ 2921.146425] ? fib6_del+0x1540/0x1540 [ 2921.146893] ? fib6_clean_tree+0x14c/0x260 [ 2921.147415] fib6_walk_continue+0x35c/0x710 [ 2921.147942] ? trace_hardirqs_on+0x5b/0x180 [ 2921.148469] fib6_clean_tree+0x154/0x260 [ 2921.148963] ? fib6_ifup+0x260/0x260 [ 2921.149417] ? fib6_info_destroy_rcu+0x210/0x210 [ 2921.150025] ? fib6_del+0x1540/0x1540 [ 2921.150489] ? fib6_ifup+0x260/0x260 [ 2921.150942] ? spin_bug+0xf0/0x100 [ 2921.151375] ? lock_chain_count+0x20/0x20 [ 2921.151888] ? fib6_ifup+0x260/0x260 [ 2921.152340] __fib6_clean_all+0xf0/0x2a0 [ 2921.152839] rt6_disable_ip+0x4d5/0x5b0 [ 2921.153322] ? lock_chain_count+0x20/0x20 [ 2921.153881] ? rt6_sync_down_dev+0x150/0x150 [ 2921.154429] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 2921.155016] ? addrconf_dad_run+0x180/0x180 [ 2921.155555] addrconf_notify+0x159/0x2410 [ 2921.156063] ? tun_device_event+0x71/0x1160 [ 2921.156587] ? mark_held_locks+0x9e/0xe0 [ 2921.157082] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2921.157733] ? inet6_ifinfo_notify+0x150/0x150 [ 2921.158289] ? failover_register+0x530/0x530 [ 2921.158836] raw_notifier_call_chain+0xb3/0x110 [ 2921.159408] call_netdevice_notifiers_info+0xb5/0x130 [ 2921.160037] __dev_notify_flags+0x1de/0x2c0 [ 2921.160562] ? dev_change_name+0x660/0x660 [ 2921.161074] ? __dev_change_flags+0x4cf/0x6e0 [ 2921.161632] ? dev_set_allmulti+0x30/0x30 [ 2921.162152] dev_change_flags+0x100/0x160 [ 2921.162660] do_setlink+0x90c/0x3ac0 [ 2921.163120] ? vprintk_func+0x93/0x140 [ 2921.163593] ? rtnl_getlink+0xaa0/0xaa0 [ 2921.164075] ? printk+0xba/0xf1 [ 2921.164477] ? record_print_text.cold+0x16/0x16 [ 2921.165045] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2921.165673] ? trace_hardirqs_on+0x5b/0x180 [ 2921.166213] ? __nla_validate_parse+0x2d8/0x2b10 [ 2921.166795] ? perf_trace_lock+0xac/0x490 [ 2921.167302] ? nla_get_range_signed+0x520/0x520 [ 2921.167867] ? __lock_acquire+0xbb1/0x5b00 [ 2921.168400] __rtnl_newlink+0xc39/0x1700 [ 2921.168906] ? rtnl_setlink+0x3b0/0x3b0 [ 2921.169393] ? __is_insn_slot_addr+0x123/0x290 [ 2921.169981] ? unwind_next_frame+0x13ef/0x1a90 [ 2921.170536] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2921.171179] ? 0xffffffffa0000000 [ 2921.171603] ? __is_insn_slot_addr+0x14c/0x290 [ 2921.172162] ? kernel_text_address+0xf2/0x120 [ 2921.172707] ? __kernel_text_address+0x9/0x40 [ 2921.173252] ? unwind_get_return_address+0x55/0xa0 [ 2921.173873] ? create_prof_cpu_mask+0x20/0x20 [ 2921.174416] ? arch_stack_walk+0x99/0xf0 [ 2921.174924] ? stack_trace_save+0x8c/0xc0 [ 2921.175476] ? mark_held_locks+0x9e/0xe0 [ 2921.175974] ? trace_hardirqs_on+0x5b/0x180 [ 2921.176499] ? kasan_unpoison_shadow+0x33/0x50 [ 2921.177054] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2921.177686] rtnl_newlink+0x64/0xa0 [ 2921.178132] ? __rtnl_newlink+0x1700/0x1700 [ 2921.178657] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2921.179172] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2921.179667] ? perf_trace_lock+0xac/0x490 [ 2921.180176] ? __lockdep_reset_lock+0x180/0x180 [ 2921.180748] netlink_rcv_skb+0x14b/0x430 [ 2921.181242] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2921.181753] ? netlink_ack+0xab0/0xab0 [ 2921.182224] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2921.182783] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2921.183339] ? is_vmalloc_addr+0x7b/0xb0 [ 2921.183839] netlink_unicast+0x549/0x7f0 [ 2921.184337] ? netlink_attachskb+0x870/0x870 [ 2921.184882] netlink_sendmsg+0x90f/0xdf0 [ 2921.185383] ? netlink_unicast+0x7f0/0x7f0 [ 2921.185936] ? netlink_unicast+0x7f0/0x7f0 [ 2921.186453] __sock_sendmsg+0x154/0x190 [ 2921.186943] ____sys_sendmsg+0x70d/0x870 [ 2921.187441] ? sock_write_iter+0x3d0/0x3d0 [ 2921.187953] ? do_recvmmsg+0x6d0/0x6d0 [ 2921.188430] ? lock_downgrade+0x6d0/0x6d0 [ 2921.188935] ? __lockdep_reset_lock+0x180/0x180 [ 2921.189504] ___sys_sendmsg+0xf3/0x170 [ 2921.190004] ? sendmsg_copy_msghdr+0x160/0x160 [ 2921.190564] ? __fget_files+0x2cf/0x520 [ 2921.191047] ? lock_downgrade+0x6d0/0x6d0 [ 2921.191552] ? find_held_lock+0x2c/0x110 [ 2921.192054] ? __fget_files+0x2f8/0x520 [ 2921.192545] ? __fget_light+0xea/0x290 [ 2921.193027] __sys_sendmsg+0xe5/0x1b0 [ 2921.193492] ? __sys_sendmsg_sock+0x40/0x40 [ 2921.194036] ? rcu_read_lock_any_held+0x75/0xa0 [ 2921.194617] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2921.195255] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2921.195881] ? trace_hardirqs_on+0x5b/0x180 [ 2921.196407] do_syscall_64+0x33/0x40 [ 2921.196862] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2921.197487] RIP: 0033:0x7fb10e7f3b19 [ 2921.197975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2921.200195] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2921.201118] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2921.201999] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2921.202862] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2921.203726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2921.204594] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2921.220486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2921.220732] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2921.221398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2921.222410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2921.223454] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2921.225955] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:00 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 8) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:00 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 20) [ 2921.252347] FAULT_INJECTION: forcing a failure. [ 2921.252347] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2921.253812] CPU: 1 PID: 21750 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2921.254655] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2921.255663] Call Trace: [ 2921.255995] dump_stack+0x107/0x167 [ 2921.256441] should_fail.cold+0x5/0xa [ 2921.256914] _copy_to_user+0x2e/0x180 [ 2921.257382] io_uring_setup+0x11b5/0x2980 [ 2921.257910] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2921.258531] ? wait_for_completion_io+0x270/0x270 [ 2921.259137] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2921.259776] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2921.260405] do_syscall_64+0x33/0x40 [ 2921.260861] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2921.261485] RIP: 0033:0x7fbe2462eb19 [ 2921.261970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2921.264197] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2921.265121] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2921.266006] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2921.266873] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2921.267739] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2921.268603] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2921.305028] FAULT_INJECTION: forcing a failure. [ 2921.305028] name failslab, interval 1, probability 0, space 0, times 0 [ 2921.306620] CPU: 0 PID: 21752 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2921.307484] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2921.308526] Call Trace: [ 2921.308870] dump_stack+0x107/0x167 [ 2921.309328] should_fail.cold+0x5/0xa [ 2921.309855] ? rtnl_newlink+0x46/0xa0 [ 2921.310370] should_failslab+0x5/0x20 [ 2921.310887] kmem_cache_alloc_trace+0x55/0x320 [ 2921.311509] rtnl_newlink+0x46/0xa0 [ 2921.311996] ? __rtnl_newlink+0x1700/0x1700 [ 2921.312573] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2921.313142] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2921.313714] ? perf_trace_lock+0xac/0x490 [ 2921.314282] ? __lockdep_reset_lock+0x180/0x180 [ 2921.314918] netlink_rcv_skb+0x14b/0x430 [ 2921.315445] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2921.315995] ? netlink_ack+0xab0/0xab0 [ 2921.316498] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2921.317097] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2921.317730] ? is_vmalloc_addr+0x7b/0xb0 [ 2921.318266] netlink_unicast+0x549/0x7f0 [ 2921.318806] ? netlink_attachskb+0x870/0x870 [ 2921.319391] netlink_sendmsg+0x90f/0xdf0 [ 2921.319927] ? netlink_unicast+0x7f0/0x7f0 [ 2921.320489] ? netlink_unicast+0x7f0/0x7f0 [ 2921.321044] __sock_sendmsg+0x154/0x190 [ 2921.321570] ____sys_sendmsg+0x70d/0x870 [ 2921.322143] ? sock_write_iter+0x3d0/0x3d0 [ 2921.322705] ? do_recvmmsg+0x6d0/0x6d0 [ 2921.323227] ? lock_downgrade+0x6d0/0x6d0 [ 2921.323788] ? __lockdep_reset_lock+0x180/0x180 [ 2921.324411] ___sys_sendmsg+0xf3/0x170 [ 2921.324935] ? sendmsg_copy_msghdr+0x160/0x160 [ 2921.325549] ? __fget_files+0x2cf/0x520 [ 2921.326107] ? lock_downgrade+0x6d0/0x6d0 [ 2921.326661] ? find_held_lock+0x2c/0x110 [ 2921.327214] ? __fget_files+0x2f8/0x520 [ 2921.327755] ? __fget_light+0xea/0x290 [ 2921.328283] __sys_sendmsg+0xe5/0x1b0 [ 2921.328796] ? __sys_sendmsg_sock+0x40/0x40 [ 2921.329375] ? rcu_read_lock_any_held+0x75/0xa0 [ 2921.330034] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2921.330726] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2921.331404] ? trace_hardirqs_on+0x5b/0x180 [ 2921.331970] do_syscall_64+0x33/0x40 [ 2921.332459] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2921.333131] RIP: 0033:0x7ff152763b19 [ 2921.333642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2921.336091] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2921.337101] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2921.338072] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2921.339025] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2921.339976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2921.340927] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 13:55:14 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 20) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:14 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x5) 13:55:14 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c4800000101010100"], 0x1c}}, 0x0) 13:55:14 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 28) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:14 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 9) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:14 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8981, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:55:14 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 21) 13:55:14 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa577, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2934.750982] FAULT_INJECTION: forcing a failure. [ 2934.750982] name failslab, interval 1, probability 0, space 0, times 0 [ 2934.752594] CPU: 1 PID: 21761 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2934.753431] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2934.754459] Call Trace: [ 2934.754789] dump_stack+0x107/0x167 [ 2934.755237] should_fail.cold+0x5/0xa [ 2934.755707] ? create_object.isra.0+0x3a/0xa20 [ 2934.756270] should_failslab+0x5/0x20 [ 2934.756741] kmem_cache_alloc+0x5b/0x310 [ 2934.757241] ? mutex_lock_io_nested+0xf30/0xf30 [ 2934.757811] create_object.isra.0+0x3a/0xa20 [ 2934.758369] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2934.758993] kmem_cache_alloc_trace+0x151/0x320 [ 2934.759567] rtnl_newlink+0x46/0xa0 [ 2934.760011] ? __rtnl_newlink+0x1700/0x1700 [ 2934.760536] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2934.761053] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2934.761554] ? perf_trace_lock+0xac/0x490 [ 2934.762077] ? __lockdep_reset_lock+0x180/0x180 [ 2934.762664] netlink_rcv_skb+0x14b/0x430 [ 2934.763161] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2934.763659] ? netlink_ack+0xab0/0xab0 [ 2934.764131] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2934.764700] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2934.765272] ? is_vmalloc_addr+0x7b/0xb0 [ 2934.765778] netlink_unicast+0x549/0x7f0 [ 2934.766288] ? netlink_attachskb+0x870/0x870 [ 2934.766835] netlink_sendmsg+0x90f/0xdf0 [ 2934.767522] ? netlink_unicast+0x7f0/0x7f0 [ 2934.768133] ? netlink_unicast+0x7f0/0x7f0 [ 2934.768852] __sock_sendmsg+0x154/0x190 [ 2934.769340] ____sys_sendmsg+0x70d/0x870 [ 2934.769840] ? sock_write_iter+0x3d0/0x3d0 [ 2934.770382] ? do_recvmmsg+0x6d0/0x6d0 [ 2934.770862] ? lock_downgrade+0x6d0/0x6d0 [ 2934.771440] ? __lockdep_reset_lock+0x180/0x180 [ 2934.772014] ___sys_sendmsg+0xf3/0x170 [ 2934.772491] ? sendmsg_copy_msghdr+0x160/0x160 [ 2934.773051] ? __fget_files+0x2cf/0x520 [ 2934.773536] ? lock_downgrade+0x6d0/0x6d0 [ 2934.774041] ? find_held_lock+0x2c/0x110 [ 2934.774584] ? __fget_files+0x2f8/0x520 [ 2934.775077] ? __fget_light+0xea/0x290 [ 2934.775556] __sys_sendmsg+0xe5/0x1b0 [ 2934.776021] ? __sys_sendmsg_sock+0x40/0x40 [ 2934.776544] ? rcu_read_lock_any_held+0x75/0xa0 [ 2934.777122] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2934.777762] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2934.778485] ? trace_hardirqs_on+0x5b/0x180 [ 2934.779022] do_syscall_64+0x33/0x40 [ 2934.779474] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2934.780097] RIP: 0033:0x7ff152763b19 [ 2934.780548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2934.782797] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2934.783721] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2934.784585] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2934.785448] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2934.786373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2934.787243] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2934.788300] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2934.794206] FAULT_INJECTION: forcing a failure. [ 2934.794206] name failslab, interval 1, probability 0, space 0, times 0 [ 2934.795675] CPU: 1 PID: 21758 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2934.796520] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2934.797537] Call Trace: [ 2934.797862] dump_stack+0x107/0x167 [ 2934.798325] should_fail.cold+0x5/0xa [ 2934.798799] ? __d_alloc+0x2a/0x990 [ 2934.799252] should_failslab+0x5/0x20 [ 2934.799727] kmem_cache_alloc+0x5b/0x310 [ 2934.800230] __d_alloc+0x2a/0x990 [ 2934.800654] ? find_held_lock+0x2c/0x110 [ 2934.801153] d_alloc_pseudo+0x19/0x70 [ 2934.801621] alloc_file_pseudo+0xce/0x250 [ 2934.802140] ? trace_hardirqs_on+0x5b/0x180 [ 2934.802673] ? alloc_file+0x5a0/0x5a0 [ 2934.803149] anon_inode_getfile+0xc8/0x1f0 [ 2934.803670] io_uring_setup+0x138b/0x2980 [ 2934.804181] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2934.804799] ? wait_for_completion_io+0x270/0x270 [ 2934.805404] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2934.806052] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2934.806714] do_syscall_64+0x33/0x40 [ 2934.807172] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2934.807799] RIP: 0033:0x7fbe2462eb19 [ 2934.808256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2934.810520] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2934.811455] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2934.812331] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2934.813202] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 13:55:14 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c4c00000101010100"], 0x1c}}, 0x0) [ 2934.814079] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2934.814965] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2934.825592] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2934.835103] FAULT_INJECTION: forcing a failure. [ 2934.835103] name failslab, interval 1, probability 0, space 0, times 0 [ 2934.836753] CPU: 0 PID: 21755 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2934.837744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2934.838922] Call Trace: [ 2934.839327] dump_stack+0x107/0x167 [ 2934.839809] should_fail.cold+0x5/0xa [ 2934.840362] ? __alloc_skb+0x6d/0x5b0 [ 2934.840863] should_failslab+0x5/0x20 [ 2934.841441] kmem_cache_alloc_node+0x55/0x330 [ 2934.842032] __alloc_skb+0x6d/0x5b0 [ 2934.842606] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2934.843253] rtmsg_ifinfo+0x83/0x120 [ 2934.843755] __dev_notify_flags+0x22a/0x2c0 [ 2934.844369] ? dev_change_name+0x660/0x660 [ 2934.844923] ? __dev_change_flags+0x4cf/0x6e0 [ 2934.845590] ? dev_set_allmulti+0x30/0x30 [ 2934.846163] dev_change_flags+0x100/0x160 [ 2934.846763] do_setlink+0x90c/0x3ac0 [ 2934.847376] ? mark_held_locks+0x9e/0xe0 [ 2934.847912] ? rtnl_getlink+0xaa0/0xaa0 [ 2934.848549] ? trace_hardirqs_on+0x5b/0x180 [ 2934.849116] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2934.849936] ? __nla_validate_parse+0x2d8/0x2b10 [ 2934.850630] ? __nla_validate_parse+0x2fb/0x2b10 [ 2934.851304] ? __nla_validate_parse+0x2d8/0x2b10 [ 2934.851926] ? perf_trace_lock+0xac/0x490 [ 2934.852554] ? nla_get_range_signed+0x520/0x520 [ 2934.853166] ? __lock_acquire+0xbb1/0x5b00 [ 2934.853789] __rtnl_newlink+0xc39/0x1700 [ 2934.854417] ? rtnl_setlink+0x3b0/0x3b0 [ 2934.854963] ? __is_insn_slot_addr+0x123/0x290 [ 2934.855624] ? unwind_next_frame+0x13ef/0x1a90 [ 2934.856300] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2934.856998] ? 0xffffffffa0000000 [ 2934.857505] ? __is_insn_slot_addr+0x14c/0x290 [ 2934.858129] ? kernel_text_address+0xf2/0x120 [ 2934.858782] ? __kernel_text_address+0x9/0x40 [ 2934.859422] ? unwind_get_return_address+0x55/0xa0 [ 2934.860067] ? create_prof_cpu_mask+0x20/0x20 [ 2934.860738] ? arch_stack_walk+0x99/0xf0 [ 2934.861332] ? stack_trace_save+0x8c/0xc0 [ 2934.861921] ? mark_held_locks+0x9e/0xe0 [ 2934.862545] ? trace_hardirqs_on+0x5b/0x180 [ 2934.863111] ? kasan_unpoison_shadow+0x33/0x50 [ 2934.863759] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2934.864503] rtnl_newlink+0x64/0xa0 [ 2934.864980] ? __rtnl_newlink+0x1700/0x1700 [ 2934.865612] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2934.866247] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2934.866794] ? perf_trace_lock+0xac/0x490 [ 2934.867394] ? __lockdep_reset_lock+0x180/0x180 [ 2934.868021] netlink_rcv_skb+0x14b/0x430 [ 2934.868667] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2934.869321] ? netlink_ack+0xab0/0xab0 [ 2934.869865] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2934.870541] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2934.871250] ? is_vmalloc_addr+0x7b/0xb0 [ 2934.871858] netlink_unicast+0x549/0x7f0 [ 2934.872528] ? netlink_attachskb+0x870/0x870 [ 2934.873110] netlink_sendmsg+0x90f/0xdf0 [ 2934.873715] ? netlink_unicast+0x7f0/0x7f0 [ 2934.874387] ? netlink_unicast+0x7f0/0x7f0 [ 2934.874947] __sock_sendmsg+0x154/0x190 [ 2934.875523] ____sys_sendmsg+0x70d/0x870 [ 2934.876057] ? sock_write_iter+0x3d0/0x3d0 [ 2934.876695] ? do_recvmmsg+0x6d0/0x6d0 [ 2934.877538] ? lock_downgrade+0x6d0/0x6d0 [ 2934.878655] ? __lockdep_reset_lock+0x180/0x180 [ 2934.879896] ___sys_sendmsg+0xf3/0x170 [ 2934.880987] ? sendmsg_copy_msghdr+0x160/0x160 [ 2934.883494] ? __fget_files+0x2cf/0x520 [ 2934.884558] ? lock_downgrade+0x6d0/0x6d0 [ 2934.885684] ? find_held_lock+0x2c/0x110 [ 2934.886482] ? __fget_files+0x2f8/0x520 [ 2934.887013] ? __fget_light+0xea/0x290 [ 2934.887582] __sys_sendmsg+0xe5/0x1b0 [ 2934.888087] ? __sys_sendmsg_sock+0x40/0x40 [ 2934.888706] ? rcu_read_lock_any_held+0x75/0xa0 [ 2934.889403] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2934.890120] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2934.890849] ? trace_hardirqs_on+0x5b/0x180 [ 2934.891477] do_syscall_64+0x33/0x40 [ 2934.891964] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2934.892700] RIP: 0033:0x7f6e57a6eb19 [ 2934.893189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2934.895776] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2934.896826] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2934.897831] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2934.898833] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2934.899816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2934.900808] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2934.903776] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2934.918774] FAULT_INJECTION: forcing a failure. [ 2934.918774] name failslab, interval 1, probability 0, space 0, times 0 [ 2934.920433] CPU: 0 PID: 21767 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2934.921409] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2934.922597] Call Trace: [ 2934.922947] dump_stack+0x107/0x167 [ 2934.923478] should_fail.cold+0x5/0xa [ 2934.923983] should_failslab+0x5/0x20 [ 2934.924537] __kmalloc_node_track_caller+0x74/0x3b0 [ 2934.925189] ? inet6_rt_notify+0xed/0x2a0 [ 2934.925785] __alloc_skb+0xb1/0x5b0 [ 2934.926367] inet6_rt_notify+0xed/0x2a0 [ 2934.926894] fib6_del+0xf4c/0x1540 [ 2934.927423] ? fib6_locate+0x660/0x660 [ 2934.927945] ? fib6_ifdown+0xc5/0x8f0 [ 2934.928500] fib6_clean_node+0x39e/0x570 [ 2934.929033] ? fib6_del+0x1540/0x1540 [ 2934.929584] ? fib6_clean_tree+0x14c/0x260 [ 2934.930164] fib6_walk_continue+0x35c/0x710 [ 2934.930820] ? trace_hardirqs_on+0x5b/0x180 [ 2934.931372] FAULT_INJECTION: forcing a failure. [ 2934.931372] name failslab, interval 1, probability 0, space 0, times 0 [ 2934.931439] fib6_clean_tree+0x154/0x260 [ 2934.933405] ? fib6_ifup+0x260/0x260 [ 2934.933897] ? fib6_info_destroy_rcu+0x210/0x210 [ 2934.934609] ? fib6_del+0x1540/0x1540 [ 2934.935106] ? fib6_ifup+0x260/0x260 [ 2934.935669] ? spin_bug+0xf0/0x100 [ 2934.936133] ? lock_chain_count+0x20/0x20 [ 2934.936734] ? fib6_ifup+0x260/0x260 [ 2934.937270] __fib6_clean_all+0xf0/0x2a0 [ 2934.937807] rt6_disable_ip+0x4d5/0x5b0 [ 2934.938415] ? lock_chain_count+0x20/0x20 [ 2934.938961] ? rt6_sync_down_dev+0x150/0x150 [ 2934.939598] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 2934.940296] ? addrconf_dad_run+0x180/0x180 [ 2934.940879] addrconf_notify+0x159/0x2410 [ 2934.941478] ? tun_device_event+0x71/0x1160 [ 2934.942041] ? mark_held_locks+0x9e/0xe0 [ 2934.942649] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2934.943382] ? inet6_ifinfo_notify+0x150/0x150 [ 2934.943979] ? failover_register+0x530/0x530 [ 2934.944615] raw_notifier_call_chain+0xb3/0x110 [ 2934.945300] call_netdevice_notifiers_info+0xb5/0x130 [ 2934.945977] __dev_notify_flags+0x1de/0x2c0 [ 2934.946612] ? dev_change_name+0x660/0x660 [ 2934.947165] ? __dev_change_flags+0x4cf/0x6e0 [ 2934.947808] ? dev_set_allmulti+0x30/0x30 [ 2934.948410] dev_change_flags+0x100/0x160 [ 2934.948957] do_setlink+0x90c/0x3ac0 [ 2934.949499] ? vprintk_func+0x93/0x140 [ 2934.950006] ? rtnl_getlink+0xaa0/0xaa0 [ 2934.950627] ? printk+0xba/0xf1 [ 2934.951060] ? record_print_text.cold+0x16/0x16 [ 2934.951788] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2934.952771] ? trace_hardirqs_on+0x5b/0x180 [ 2934.953402] ? __nla_validate_parse+0x2d8/0x2b10 [ 2934.954030] ? perf_trace_lock+0xac/0x490 [ 2934.954648] ? nla_get_range_signed+0x520/0x520 [ 2934.955334] ? __lock_acquire+0xbb1/0x5b00 [ 2934.955912] __rtnl_newlink+0xc39/0x1700 [ 2934.956505] ? rtnl_setlink+0x3b0/0x3b0 [ 2934.957026] ? __is_insn_slot_addr+0x123/0x290 [ 2934.957682] ? unwind_next_frame+0x13ef/0x1a90 [ 2934.958357] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2934.959052] ? 0xffffffffa0000000 [ 2934.959587] ? __is_insn_slot_addr+0x14c/0x290 [ 2934.960191] ? kernel_text_address+0xf2/0x120 [ 2934.960827] ? __kernel_text_address+0x9/0x40 [ 2934.961466] ? unwind_get_return_address+0x55/0xa0 [ 2934.962125] ? create_prof_cpu_mask+0x20/0x20 [ 2934.962765] ? arch_stack_walk+0x99/0xf0 [ 2934.963389] ? stack_trace_save+0x8c/0xc0 [ 2934.963978] ? mark_held_locks+0x9e/0xe0 [ 2934.964565] ? trace_hardirqs_on+0x5b/0x180 [ 2934.965130] ? kasan_unpoison_shadow+0x33/0x50 [ 2934.965774] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2934.966520] rtnl_newlink+0x64/0xa0 [ 2934.966993] ? __rtnl_newlink+0x1700/0x1700 [ 2934.967607] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2934.968163] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2934.968775] ? perf_trace_lock+0xac/0x490 [ 2934.969385] ? __lockdep_reset_lock+0x180/0x180 [ 2934.969998] netlink_rcv_skb+0x14b/0x430 [ 2934.970586] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2934.971117] ? netlink_ack+0xab0/0xab0 [ 2934.971675] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2934.972359] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2934.972955] ? is_vmalloc_addr+0x7b/0xb0 [ 2934.973541] netlink_unicast+0x549/0x7f0 [ 2934.974087] ? netlink_attachskb+0x870/0x870 [ 2934.974740] netlink_sendmsg+0x90f/0xdf0 [ 2934.975330] ? netlink_unicast+0x7f0/0x7f0 [ 2934.975893] ? netlink_unicast+0x7f0/0x7f0 [ 2934.976503] __sock_sendmsg+0x154/0x190 [ 2934.977023] ____sys_sendmsg+0x70d/0x870 [ 2934.977631] ? sock_write_iter+0x3d0/0x3d0 [ 2934.978249] ? do_recvmmsg+0x6d0/0x6d0 [ 2934.978772] ? lock_downgrade+0x6d0/0x6d0 [ 2934.979368] ? __lockdep_reset_lock+0x180/0x180 [ 2934.979982] ___sys_sendmsg+0xf3/0x170 [ 2934.980545] ? sendmsg_copy_msghdr+0x160/0x160 [ 2934.981146] ? __fget_files+0x2cf/0x520 [ 2934.981724] ? lock_downgrade+0x6d0/0x6d0 [ 2934.982359] ? find_held_lock+0x2c/0x110 [ 2934.982900] ? __fget_files+0x2f8/0x520 [ 2934.983477] ? __fget_light+0xea/0x290 [ 2934.983994] __sys_sendmsg+0xe5/0x1b0 [ 2934.985432] ? __sys_sendmsg_sock+0x40/0x40 [ 2934.987817] ? rcu_read_lock_any_held+0x75/0xa0 [ 2934.988504] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2934.989189] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2934.989905] ? trace_hardirqs_on+0x5b/0x180 [ 2934.990574] do_syscall_64+0x33/0x40 [ 2934.991061] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2934.991777] RIP: 0033:0x7fb10e7f3b19 [ 2934.992318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2934.994827] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2934.995901] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2934.996884] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2934.997873] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2934.998884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2934.999866] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2935.000892] CPU: 1 PID: 21883 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2935.001791] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2935.002831] Call Trace: [ 2935.003170] dump_stack+0x107/0x167 [ 2935.003613] should_fail.cold+0x5/0xa [ 2935.004079] ? create_object.isra.0+0x3a/0xa20 [ 2935.004640] should_failslab+0x5/0x20 [ 2935.005103] kmem_cache_alloc+0x5b/0x310 [ 2935.005601] create_object.isra.0+0x3a/0xa20 [ 2935.006152] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2935.006773] kmem_cache_alloc+0x159/0x310 [ 2935.007282] __d_alloc+0x2a/0x990 [ 2935.007706] ? find_held_lock+0x2c/0x110 [ 2935.008205] d_alloc_pseudo+0x19/0x70 [ 2935.008669] alloc_file_pseudo+0xce/0x250 [ 2935.009169] ? trace_hardirqs_on+0x5b/0x180 [ 2935.009690] ? alloc_file+0x5a0/0x5a0 [ 2935.010178] anon_inode_getfile+0xc8/0x1f0 [ 2935.010700] io_uring_setup+0x138b/0x2980 [ 2935.011214] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2935.011831] ? wait_for_completion_io+0x270/0x270 [ 2935.012431] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2935.013066] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2935.013691] do_syscall_64+0x33/0x40 [ 2935.014164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2935.014788] RIP: 0033:0x7fbe2462eb19 [ 2935.015241] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2935.017458] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2935.018393] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2935.019254] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2935.020116] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2935.020284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2935.020984] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2935.020993] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2935.024710] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2935.027786] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2935.028699] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2935.029676] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2935.030582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2935.031432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2935.032916] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:14 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 22) 13:55:14 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c6800000101010100"], 0x1c}}, 0x0) 13:55:14 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa677, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2935.039466] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:14 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 10) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:14 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c6c00000101010100"], 0x1c}}, 0x0) 13:55:14 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6) [ 2935.150023] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2935.162055] FAULT_INJECTION: forcing a failure. [ 2935.162055] name failslab, interval 1, probability 0, space 0, times 0 [ 2935.163633] CPU: 0 PID: 21965 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2935.164542] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2935.165630] Call Trace: [ 2935.165991] dump_stack+0x107/0x167 [ 2935.166498] should_fail.cold+0x5/0xa [ 2935.167004] ? __sta_info_destroy_part2+0x2b1/0x4f0 [ 2935.167665] should_failslab+0x5/0x20 [ 2935.168167] kmem_cache_alloc_trace+0x55/0x320 [ 2935.168776] __sta_info_destroy_part2+0x2b1/0x4f0 [ 2935.169412] __sta_info_flush+0x3a0/0x520 [ 2935.169962] ? __sta_info_destroy+0x50/0x50 [ 2935.170549] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2935.171238] ? trace_hardirqs_on+0x5b/0x180 [ 2935.171806] ? cfg80211_put_bss+0x1b0/0x270 [ 2935.172370] ? __local_bh_enable_ip+0x9d/0x100 [ 2935.172977] ieee80211_ibss_disconnect+0x115/0x750 [ 2935.173620] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2935.174342] ieee80211_ibss_leave+0x12/0x160 [ 2935.174919] __cfg80211_leave_ibss+0x183/0x4f0 [ 2935.175521] __cfg80211_leave+0x14b/0x370 [ 2935.176069] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2935.176774] ? ipmr_device_event+0x18b/0x1f0 [ 2935.177351] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2935.178035] raw_notifier_call_chain+0xb3/0x110 [ 2935.178691] call_netdevice_notifiers_info+0xb5/0x130 [ 2935.179371] __dev_close_many+0xf3/0x2f0 [ 2935.179906] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2935.180595] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2935.181278] ? __local_bh_enable_ip+0x9d/0x100 [ 2935.181880] ? trace_hardirqs_on+0x5b/0x180 [ 2935.182470] __dev_change_flags+0x299/0x6e0 [ 2935.183039] ? dev_set_allmulti+0x30/0x30 [ 2935.183591] dev_change_flags+0x8a/0x160 [ 2935.184130] do_setlink+0x90c/0x3ac0 [ 2935.184625] ? lock_chain_count+0x20/0x20 [ 2935.185167] ? rtnl_getlink+0xaa0/0xaa0 [ 2935.185688] ? printk+0xba/0xf1 [ 2935.186134] ? record_print_text.cold+0x16/0x16 [ 2935.186753] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2935.187414] ? trace_hardirqs_on+0x5b/0x180 [ 2935.187997] ? mark_held_locks+0x9e/0xe0 [ 2935.188533] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2935.189220] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2935.189928] ? trace_hardirqs_on+0x5b/0x180 [ 2935.190520] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2935.191238] ? netdev_master_upper_dev_get+0x29/0x150 [ 2935.191919] ? netdev_master_upper_dev_get+0x52/0x150 [ 2935.192599] __rtnl_newlink+0xc39/0x1700 [ 2935.193144] ? rtnl_setlink+0x3b0/0x3b0 [ 2935.193670] ? __is_insn_slot_addr+0x123/0x290 [ 2935.194303] ? unwind_next_frame+0x13ef/0x1a90 [ 2935.194905] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2935.195603] ? 0xffffffffa0000000 [ 2935.196062] ? __is_insn_slot_addr+0x14c/0x290 [ 2935.196668] ? kernel_text_address+0xf2/0x120 [ 2935.197257] ? __kernel_text_address+0x9/0x40 [ 2935.197851] ? unwind_get_return_address+0x55/0xa0 [ 2935.198517] ? create_prof_cpu_mask+0x20/0x20 [ 2935.199104] ? arch_stack_walk+0x99/0xf0 [ 2935.199652] ? stack_trace_save+0x8c/0xc0 [ 2935.200243] ? mark_held_locks+0x9e/0xe0 [ 2935.200787] ? trace_hardirqs_on+0x5b/0x180 [ 2935.201354] ? kasan_unpoison_shadow+0x33/0x50 [ 2935.201954] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2935.202645] rtnl_newlink+0x64/0xa0 [ 2935.203123] ? __rtnl_newlink+0x1700/0x1700 [ 2935.203693] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2935.204249] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2935.204785] ? perf_trace_lock+0xac/0x490 [ 2935.205334] ? __lockdep_reset_lock+0x180/0x180 [ 2935.205952] netlink_rcv_skb+0x14b/0x430 [ 2935.206507] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2935.207042] ? netlink_ack+0xab0/0xab0 [ 2935.207555] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2935.208158] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2935.208757] ? is_vmalloc_addr+0x7b/0xb0 [ 2935.209295] netlink_unicast+0x549/0x7f0 [ 2935.209830] ? netlink_attachskb+0x870/0x870 [ 2935.210436] netlink_sendmsg+0x90f/0xdf0 [ 2935.210977] ? netlink_unicast+0x7f0/0x7f0 [ 2935.211542] ? netlink_unicast+0x7f0/0x7f0 [ 2935.212098] __sock_sendmsg+0x154/0x190 [ 2935.212624] ____sys_sendmsg+0x70d/0x870 [ 2935.213157] ? sock_write_iter+0x3d0/0x3d0 [ 2935.213712] ? do_recvmmsg+0x6d0/0x6d0 [ 2935.214254] ? lock_downgrade+0x6d0/0x6d0 [ 2935.214805] ? __lockdep_reset_lock+0x180/0x180 [ 2935.215419] ___sys_sendmsg+0xf3/0x170 [ 2935.215932] ? sendmsg_copy_msghdr+0x160/0x160 [ 2935.216537] ? __fget_files+0x2cf/0x520 [ 2935.217058] ? lock_downgrade+0x6d0/0x6d0 [ 2935.217603] ? find_held_lock+0x2c/0x110 [ 2935.218156] ? __fget_files+0x2f8/0x520 [ 2935.218685] ? __fget_light+0xea/0x290 [ 2935.219203] __sys_sendmsg+0xe5/0x1b0 [ 2935.219703] ? __sys_sendmsg_sock+0x40/0x40 [ 2935.220269] ? rcu_read_lock_any_held+0x75/0xa0 [ 2935.220893] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2935.221581] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2935.222266] ? trace_hardirqs_on+0x5b/0x180 [ 2935.222839] do_syscall_64+0x33/0x40 [ 2935.223327] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2935.223997] RIP: 0033:0x7ff152763b19 [ 2935.224487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2935.226915] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2935.227915] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2935.228855] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2935.229790] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2935.230740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2935.231678] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2935.313209] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2935.314654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2935.315669] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:28 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 21) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:28 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 11) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:28 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8982, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:55:28 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c7400000101010100"], 0x1c}}, 0x0) 13:55:28 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 29) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:28 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa777, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:28 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x7) [ 2948.790330] FAULT_INJECTION: forcing a failure. [ 2948.790330] name failslab, interval 1, probability 0, space 0, times 0 [ 2948.792544] CPU: 0 PID: 22012 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2948.794591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2948.797060] Call Trace: [ 2948.797702] dump_stack+0x107/0x167 [ 2948.798611] should_fail.cold+0x5/0xa [ 2948.799119] ? __alloc_file+0x21/0x320 [ 2948.799632] should_failslab+0x5/0x20 [ 2948.800134] kmem_cache_alloc+0x5b/0x310 [ 2948.800674] __alloc_file+0x21/0x320 [ 2948.801164] alloc_empty_file+0x6d/0x170 [ 2948.801336] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2948.801698] alloc_file+0x5e/0x5a0 [ 2948.801714] alloc_file_pseudo+0x16a/0x250 [ 2948.801730] ? alloc_file+0x5a0/0x5a0 [ 2948.804311] anon_inode_getfile+0xc8/0x1f0 [ 2948.804871] io_uring_setup+0x138b/0x2980 [ 2948.805420] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2948.806089] ? wait_for_completion_io+0x270/0x270 [ 2948.806763] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2948.807453] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2948.808136] do_syscall_64+0x33/0x40 [ 2948.808628] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2948.809302] RIP: 0033:0x7fbe2462eb19 [ 2948.809792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2948.812234] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2948.813240] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2948.814180] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2948.815143] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2948.816079] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2948.817016] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:55:28 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 23) [ 2948.828083] FAULT_INJECTION: forcing a failure. [ 2948.828083] name failslab, interval 1, probability 0, space 0, times 0 [ 2948.829544] CPU: 1 PID: 22019 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2948.830388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2948.831429] Call Trace: [ 2948.831759] dump_stack+0x107/0x167 [ 2948.832204] should_fail.cold+0x5/0xa [ 2948.832671] ? ___slab_alloc+0x155/0x700 [ 2948.833165] ? create_object.isra.0+0x3a/0xa20 [ 2948.833722] should_failslab+0x5/0x20 [ 2948.834182] kmem_cache_alloc+0x5b/0x310 [ 2948.834715] create_object.isra.0+0x3a/0xa20 [ 2948.835248] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2948.835868] kmem_cache_alloc_node+0x169/0x330 [ 2948.836432] __alloc_skb+0x6d/0x5b0 [ 2948.836884] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2948.837443] rtmsg_ifinfo+0x83/0x120 [ 2948.837901] __dev_notify_flags+0x22a/0x2c0 [ 2948.838424] ? dev_change_name+0x660/0x660 [ 2948.838969] ? __dev_change_flags+0x4cf/0x6e0 [ 2948.839516] ? dev_set_allmulti+0x30/0x30 [ 2948.840029] dev_change_flags+0x100/0x160 [ 2948.840536] do_setlink+0x90c/0x3ac0 [ 2948.840997] ? vprintk_func+0x93/0x140 [ 2948.841472] ? rtnl_getlink+0xaa0/0xaa0 [ 2948.841955] ? printk+0xba/0xf1 [ 2948.842357] ? record_print_text.cold+0x16/0x16 [ 2948.842960] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2948.843574] ? trace_hardirqs_on+0x5b/0x180 [ 2948.844109] ? __nla_validate_parse+0x2d8/0x2b10 [ 2948.844689] ? perf_trace_lock+0xac/0x490 [ 2948.845195] ? nla_get_range_signed+0x520/0x520 [ 2948.845759] ? __lock_acquire+0xbb1/0x5b00 [ 2948.846289] __rtnl_newlink+0xc39/0x1700 [ 2948.846829] ? rtnl_setlink+0x3b0/0x3b0 [ 2948.847315] ? __is_insn_slot_addr+0x123/0x290 [ 2948.847875] ? unwind_next_frame+0x13ef/0x1a90 [ 2948.848429] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2948.849072] ? 0xffffffffa0000000 [ 2948.849495] ? __is_insn_slot_addr+0x14c/0x290 [ 2948.850053] ? kernel_text_address+0xf2/0x120 [ 2948.850627] ? __kernel_text_address+0x9/0x40 [ 2948.851176] ? unwind_get_return_address+0x55/0xa0 [ 2948.851772] ? create_prof_cpu_mask+0x20/0x20 [ 2948.852314] ? arch_stack_walk+0x99/0xf0 [ 2948.852820] ? stack_trace_save+0x8c/0xc0 [ 2948.853368] ? mark_held_locks+0x9e/0xe0 [ 2948.853868] ? trace_hardirqs_on+0x5b/0x180 [ 2948.854391] ? kasan_unpoison_shadow+0x33/0x50 [ 2948.854980] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2948.855599] rtnl_newlink+0x64/0xa0 [ 2948.856040] ? __rtnl_newlink+0x1700/0x1700 [ 2948.856564] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2948.857078] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2948.857572] ? perf_trace_lock+0xac/0x490 [ 2948.858079] ? __lockdep_reset_lock+0x180/0x180 [ 2948.858686] netlink_rcv_skb+0x14b/0x430 [ 2948.859180] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2948.859678] ? netlink_ack+0xab0/0xab0 [ 2948.860148] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2948.860706] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2948.861261] ? is_vmalloc_addr+0x7b/0xb0 [ 2948.861758] netlink_unicast+0x549/0x7f0 [ 2948.862255] ? netlink_attachskb+0x870/0x870 [ 2948.862834] netlink_sendmsg+0x90f/0xdf0 [ 2948.863333] ? netlink_unicast+0x7f0/0x7f0 [ 2948.863854] ? netlink_unicast+0x7f0/0x7f0 [ 2948.864370] __sock_sendmsg+0x154/0x190 [ 2948.864855] ____sys_sendmsg+0x70d/0x870 [ 2948.865352] ? sock_write_iter+0x3d0/0x3d0 [ 2948.865865] ? do_recvmmsg+0x6d0/0x6d0 [ 2948.866342] ? lock_downgrade+0x6d0/0x6d0 [ 2948.866882] ? __lockdep_reset_lock+0x180/0x180 [ 2948.867449] ___sys_sendmsg+0xf3/0x170 [ 2948.867925] ? sendmsg_copy_msghdr+0x160/0x160 [ 2948.868483] ? __fget_files+0x2cf/0x520 [ 2948.868965] ? lock_downgrade+0x6d0/0x6d0 [ 2948.869470] ? find_held_lock+0x2c/0x110 [ 2948.869969] ? __fget_files+0x2f8/0x520 [ 2948.870463] ? __fget_light+0xea/0x290 [ 2948.870975] __sys_sendmsg+0xe5/0x1b0 [ 2948.871439] ? __sys_sendmsg_sock+0x40/0x40 [ 2948.871961] ? rcu_read_lock_any_held+0x75/0xa0 [ 2948.872543] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2948.873178] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2948.873800] ? trace_hardirqs_on+0x5b/0x180 [ 2948.874323] do_syscall_64+0x33/0x40 [ 2948.874813] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2948.875440] RIP: 0033:0x7f6e57a6eb19 [ 2948.875894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2948.878119] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2948.879080] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2948.879945] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2948.880808] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2948.881671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2948.882531] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2948.889973] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:55:28 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c7a00000101010100"], 0x1c}}, 0x0) [ 2948.900410] FAULT_INJECTION: forcing a failure. [ 2948.900410] name failslab, interval 1, probability 0, space 0, times 0 [ 2948.901883] CPU: 1 PID: 22020 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2948.902754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2948.903765] Call Trace: [ 2948.904094] dump_stack+0x107/0x167 [ 2948.904549] should_fail.cold+0x5/0xa [ 2948.905021] ? create_object.isra.0+0x3a/0xa20 [ 2948.905584] should_failslab+0x5/0x20 [ 2948.906051] kmem_cache_alloc+0x5b/0x310 [ 2948.906569] create_object.isra.0+0x3a/0xa20 [ 2948.907112] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2948.907738] kmem_cache_alloc_trace+0x151/0x320 [ 2948.908316] __sta_info_destroy_part2+0x2b1/0x4f0 [ 2948.908909] __sta_info_flush+0x3a0/0x520 [ 2948.909423] ? __sta_info_destroy+0x50/0x50 [ 2948.909955] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2948.910608] ? trace_hardirqs_on+0x5b/0x180 [ 2948.911140] ? cfg80211_put_bss+0x1b0/0x270 [ 2948.911672] ? __local_bh_enable_ip+0x9d/0x100 [ 2948.912236] ieee80211_ibss_disconnect+0x115/0x750 [ 2948.912838] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2948.913480] ieee80211_ibss_leave+0x12/0x160 [ 2948.914019] __cfg80211_leave_ibss+0x183/0x4f0 [ 2948.914594] __cfg80211_leave+0x14b/0x370 [ 2948.915108] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2948.915760] ? ipmr_device_event+0x18b/0x1f0 [ 2948.916298] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2948.916939] raw_notifier_call_chain+0xb3/0x110 [ 2948.917516] call_netdevice_notifiers_info+0xb5/0x130 [ 2948.918148] __dev_close_many+0xf3/0x2f0 [ 2948.918677] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2948.919322] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2948.919966] ? __local_bh_enable_ip+0x9d/0x100 [ 2948.920523] ? trace_hardirqs_on+0x5b/0x180 [ 2948.921054] __dev_change_flags+0x299/0x6e0 [ 2948.921583] ? dev_set_allmulti+0x30/0x30 [ 2948.922099] dev_change_flags+0x8a/0x160 [ 2948.922615] do_setlink+0x90c/0x3ac0 [ 2948.923082] ? vprintk_func+0x93/0x140 [ 2948.923557] ? rtnl_getlink+0xaa0/0xaa0 [ 2948.924041] ? printk+0xba/0xf1 [ 2948.924444] ? record_print_text.cold+0x16/0x16 [ 2948.925012] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2948.925627] ? trace_hardirqs_on+0x5b/0x180 [ 2948.926162] ? __nla_validate_parse+0x2d8/0x2b10 [ 2948.926759] ? perf_trace_lock+0xac/0x490 [ 2948.927266] ? nla_get_range_signed+0x520/0x520 [ 2948.927838] ? __lock_acquire+0xbb1/0x5b00 [ 2948.928369] __rtnl_newlink+0xc39/0x1700 [ 2948.928876] ? rtnl_setlink+0x3b0/0x3b0 [ 2948.929360] ? __is_insn_slot_addr+0x123/0x290 [ 2948.929930] ? unwind_next_frame+0x13ef/0x1a90 [ 2948.930484] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2948.931152] ? 0xffffffffa0000000 [ 2948.931579] ? __is_insn_slot_addr+0x14c/0x290 [ 2948.932138] ? kernel_text_address+0xf2/0x120 [ 2948.932683] ? __kernel_text_address+0x9/0x40 [ 2948.933229] ? unwind_get_return_address+0x55/0xa0 [ 2948.933826] ? create_prof_cpu_mask+0x20/0x20 [ 2948.934370] ? arch_stack_walk+0x99/0xf0 [ 2948.934895] ? stack_trace_save+0x8c/0xc0 [ 2948.935448] ? mark_held_locks+0x9e/0xe0 [ 2948.935947] ? trace_hardirqs_on+0x5b/0x180 [ 2948.936472] ? kasan_unpoison_shadow+0x33/0x50 [ 2948.937026] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2948.937647] rtnl_newlink+0x64/0xa0 [ 2948.938088] ? __rtnl_newlink+0x1700/0x1700 [ 2948.938669] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2948.939187] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2948.939682] ? perf_trace_lock+0xac/0x490 [ 2948.940192] ? __lockdep_reset_lock+0x180/0x180 [ 2948.940767] netlink_rcv_skb+0x14b/0x430 [ 2948.941265] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2948.941762] ? netlink_ack+0xab0/0xab0 [ 2948.942236] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2948.942824] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2948.943387] ? is_vmalloc_addr+0x7b/0xb0 [ 2948.943889] netlink_unicast+0x549/0x7f0 [ 2948.944393] ? netlink_attachskb+0x870/0x870 [ 2948.944942] netlink_sendmsg+0x90f/0xdf0 [ 2948.945444] ? netlink_unicast+0x7f0/0x7f0 [ 2948.945970] ? netlink_unicast+0x7f0/0x7f0 [ 2948.946490] __sock_sendmsg+0x154/0x190 [ 2948.946992] ____sys_sendmsg+0x70d/0x870 [ 2948.947492] ? sock_write_iter+0x3d0/0x3d0 [ 2948.948008] ? do_recvmmsg+0x6d0/0x6d0 [ 2948.948487] ? lock_downgrade+0x6d0/0x6d0 [ 2948.948994] ? __lockdep_reset_lock+0x180/0x180 [ 2948.949565] ___sys_sendmsg+0xf3/0x170 [ 2948.950043] ? sendmsg_copy_msghdr+0x160/0x160 [ 2948.950614] ? __fget_files+0x2cf/0x520 [ 2948.951107] ? lock_downgrade+0x6d0/0x6d0 [ 2948.951613] ? find_held_lock+0x2c/0x110 [ 2948.952117] ? __fget_files+0x2f8/0x520 [ 2948.952612] ? __fget_light+0xea/0x290 [ 2948.953094] __sys_sendmsg+0xe5/0x1b0 [ 2948.953559] ? __sys_sendmsg_sock+0x40/0x40 [ 2948.954084] ? rcu_read_lock_any_held+0x75/0xa0 [ 2948.954681] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2948.955326] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2948.955953] ? trace_hardirqs_on+0x5b/0x180 [ 2948.956480] do_syscall_64+0x33/0x40 [ 2948.956941] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2948.957567] RIP: 0033:0x7ff152763b19 [ 2948.958025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2948.960285] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2948.961217] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2948.962084] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2948.962968] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2948.963842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2948.964709] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 13:55:28 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa877, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:28 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1cf000000101010100"], 0x1c}}, 0x0) 13:55:28 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 24) 13:55:28 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x8) [ 2949.039215] FAULT_INJECTION: forcing a failure. [ 2949.039215] name failslab, interval 1, probability 0, space 0, times 0 [ 2949.040707] CPU: 1 PID: 22178 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2949.041552] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2949.042580] Call Trace: [ 2949.042928] dump_stack+0x107/0x167 [ 2949.043377] should_fail.cold+0x5/0xa [ 2949.043844] ? create_object.isra.0+0x3a/0xa20 [ 2949.044402] should_failslab+0x5/0x20 [ 2949.044867] kmem_cache_alloc+0x5b/0x310 [ 2949.045363] create_object.isra.0+0x3a/0xa20 [ 2949.045896] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2949.046515] kmem_cache_alloc+0x159/0x310 [ 2949.047042] __alloc_file+0x21/0x320 [ 2949.047495] alloc_empty_file+0x6d/0x170 [ 2949.047990] alloc_file+0x5e/0x5a0 [ 2949.048425] alloc_file_pseudo+0x16a/0x250 [ 2949.048939] ? alloc_file+0x5a0/0x5a0 [ 2949.049413] anon_inode_getfile+0xc8/0x1f0 [ 2949.049932] io_uring_setup+0x138b/0x2980 [ 2949.050443] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2949.051081] ? wait_for_completion_io+0x270/0x270 [ 2949.051685] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2949.052321] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2949.052956] do_syscall_64+0x33/0x40 [ 2949.053411] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2949.054034] RIP: 0033:0x7fbe2462eb19 [ 2949.054491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2949.056742] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2949.057669] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2949.058535] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2949.059428] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2949.060293] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2949.061157] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:55:28 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1cd702000101010100"], 0x1c}}, 0x0) 13:55:28 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa977, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:28 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1cf102000101010100"], 0x1c}}, 0x0) [ 2949.160236] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2949.168714] FAULT_INJECTION: forcing a failure. [ 2949.168714] name failslab, interval 1, probability 0, space 0, times 0 [ 2949.170153] CPU: 1 PID: 22018 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2949.171021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2949.172031] Call Trace: [ 2949.172365] dump_stack+0x107/0x167 [ 2949.172816] should_fail.cold+0x5/0xa [ 2949.173287] ? ___slab_alloc+0x155/0x700 [ 2949.173786] ? create_object.isra.0+0x3a/0xa20 [ 2949.174353] should_failslab+0x5/0x20 [ 2949.174847] kmem_cache_alloc+0x5b/0x310 [ 2949.175351] create_object.isra.0+0x3a/0xa20 [ 2949.175890] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2949.176520] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2949.177142] ? inet6_rt_notify+0xed/0x2a0 [ 2949.177659] __alloc_skb+0xb1/0x5b0 [ 2949.178111] inet6_rt_notify+0xed/0x2a0 [ 2949.178624] fib6_del+0xf4c/0x1540 [ 2949.179074] ? fib6_locate+0x660/0x660 [ 2949.179554] ? fib6_ifdown+0xc5/0x8f0 [ 2949.180025] fib6_clean_node+0x39e/0x570 [ 2949.180523] ? fib6_del+0x1540/0x1540 [ 2949.180990] ? fib6_clean_tree+0x14c/0x260 [ 2949.181512] fib6_walk_continue+0x35c/0x710 [ 2949.182040] ? trace_hardirqs_on+0x5b/0x180 [ 2949.182586] fib6_clean_tree+0x154/0x260 [ 2949.183089] ? fib6_ifup+0x260/0x260 [ 2949.183544] ? fib6_info_destroy_rcu+0x210/0x210 [ 2949.184126] ? fib6_del+0x1540/0x1540 [ 2949.184592] ? fib6_ifup+0x260/0x260 [ 2949.185045] ? spin_bug+0xf0/0x100 [ 2949.185480] ? lock_chain_count+0x20/0x20 [ 2949.185991] ? fib6_ifup+0x260/0x260 [ 2949.186444] __fib6_clean_all+0xf0/0x2a0 [ 2949.186963] rt6_disable_ip+0x4d5/0x5b0 [ 2949.187451] ? lock_chain_count+0x20/0x20 [ 2949.187961] ? rt6_sync_down_dev+0x150/0x150 [ 2949.188509] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 2949.189096] ? addrconf_dad_run+0x180/0x180 [ 2949.189636] addrconf_notify+0x159/0x2410 [ 2949.190147] ? tun_device_event+0x71/0x1160 [ 2949.190696] ? mark_held_locks+0x9e/0xe0 [ 2949.191199] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2949.191832] ? inet6_ifinfo_notify+0x150/0x150 [ 2949.192389] ? failover_register+0x530/0x530 [ 2949.192937] raw_notifier_call_chain+0xb3/0x110 [ 2949.193510] call_netdevice_notifiers_info+0xb5/0x130 [ 2949.194146] __dev_notify_flags+0x1de/0x2c0 [ 2949.194704] ? dev_change_name+0x660/0x660 [ 2949.195220] ? __dev_change_flags+0x4cf/0x6e0 [ 2949.195771] ? dev_set_allmulti+0x30/0x30 [ 2949.196284] dev_change_flags+0x100/0x160 [ 2949.196796] do_setlink+0x90c/0x3ac0 [ 2949.197257] ? vprintk_func+0x93/0x140 [ 2949.197731] ? rtnl_getlink+0xaa0/0xaa0 [ 2949.198216] ? printk+0xba/0xf1 [ 2949.198636] ? record_print_text.cold+0x16/0x16 [ 2949.199212] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2949.199831] ? trace_hardirqs_on+0x5b/0x180 [ 2949.200370] ? __nla_validate_parse+0x2d8/0x2b10 [ 2949.200954] ? perf_trace_lock+0xac/0x490 [ 2949.201463] ? nla_get_range_signed+0x520/0x520 [ 2949.202029] ? __lock_acquire+0xbb1/0x5b00 [ 2949.202575] __rtnl_newlink+0xc39/0x1700 [ 2949.203096] ? rtnl_setlink+0x3b0/0x3b0 [ 2949.203586] ? __is_insn_slot_addr+0x123/0x290 [ 2949.204152] ? unwind_next_frame+0x13ef/0x1a90 [ 2949.204711] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2949.205360] ? 0xffffffffa0000000 [ 2949.205787] ? __is_insn_slot_addr+0x14c/0x290 [ 2949.206349] ? kernel_text_address+0xf2/0x120 [ 2949.206913] ? __kernel_text_address+0x9/0x40 [ 2949.207464] ? unwind_get_return_address+0x55/0xa0 [ 2949.208071] ? create_prof_cpu_mask+0x20/0x20 [ 2949.208620] ? arch_stack_walk+0x99/0xf0 [ 2949.209131] ? stack_trace_save+0x8c/0xc0 [ 2949.209688] ? mark_held_locks+0x9e/0xe0 [ 2949.210193] ? trace_hardirqs_on+0x5b/0x180 [ 2949.210754] ? kasan_unpoison_shadow+0x33/0x50 [ 2949.211313] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2949.211935] rtnl_newlink+0x64/0xa0 [ 2949.212381] ? __rtnl_newlink+0x1700/0x1700 [ 2949.212908] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2949.213431] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2949.213928] ? perf_trace_lock+0xac/0x490 [ 2949.214450] ? __lockdep_reset_lock+0x180/0x180 [ 2949.215037] netlink_rcv_skb+0x14b/0x430 [ 2949.215536] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2949.216039] ? netlink_ack+0xab0/0xab0 [ 2949.216512] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2949.217079] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2949.217638] ? is_vmalloc_addr+0x7b/0xb0 [ 2949.218146] netlink_unicast+0x549/0x7f0 [ 2949.218664] ? netlink_attachskb+0x870/0x870 [ 2949.219209] netlink_sendmsg+0x90f/0xdf0 [ 2949.219712] ? netlink_unicast+0x7f0/0x7f0 [ 2949.220240] ? netlink_unicast+0x7f0/0x7f0 [ 2949.220759] __sock_sendmsg+0x154/0x190 [ 2949.221244] ____sys_sendmsg+0x70d/0x870 [ 2949.221744] ? sock_write_iter+0x3d0/0x3d0 [ 2949.222257] ? do_recvmmsg+0x6d0/0x6d0 [ 2949.222759] ? lock_downgrade+0x6d0/0x6d0 [ 2949.223267] ? __lockdep_reset_lock+0x180/0x180 [ 2949.223838] ___sys_sendmsg+0xf3/0x170 [ 2949.224315] ? sendmsg_copy_msghdr+0x160/0x160 [ 2949.224877] ? __fget_files+0x2cf/0x520 [ 2949.225362] ? lock_downgrade+0x6d0/0x6d0 [ 2949.225869] ? find_held_lock+0x2c/0x110 [ 2949.226373] ? __fget_files+0x2f8/0x520 [ 2949.226897] ? __fget_light+0xea/0x290 [ 2949.227380] __sys_sendmsg+0xe5/0x1b0 [ 2949.227845] ? __sys_sendmsg_sock+0x40/0x40 [ 2949.228369] ? rcu_read_lock_any_held+0x75/0xa0 [ 2949.228948] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2949.229583] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2949.230206] ? trace_hardirqs_on+0x5b/0x180 [ 2949.230759] do_syscall_64+0x33/0x40 [ 2949.231212] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2949.231844] RIP: 0033:0x7fb10e7f3b19 [ 2949.232300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2949.234532] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2949.235480] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2949.236353] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2949.237223] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2949.238090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2949.238977] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2949.242946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2949.243864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2949.244906] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2949.246322] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2949.247372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2949.248403] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2949.253248] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2949.254148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2949.256376] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:28 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 22) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 2949.316350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2949.328979] FAULT_INJECTION: forcing a failure. [ 2949.328979] name failslab, interval 1, probability 0, space 0, times 0 [ 2949.330654] CPU: 0 PID: 22362 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2949.331562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2949.332644] Call Trace: [ 2949.332994] dump_stack+0x107/0x167 [ 2949.334081] should_fail.cold+0x5/0xa [ 2949.334606] should_failslab+0x5/0x20 [ 2949.335107] __kmalloc_node_track_caller+0x74/0x3b0 [ 2949.335761] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2949.336385] __alloc_skb+0xb1/0x5b0 [ 2949.336866] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2949.337465] rtmsg_ifinfo+0x83/0x120 [ 2949.337956] __dev_notify_flags+0x22a/0x2c0 [ 2949.338863] ? dev_change_name+0x660/0x660 [ 2949.339904] ? __dev_change_flags+0x4cf/0x6e0 [ 2949.341014] ? dev_set_allmulti+0x30/0x30 [ 2949.342041] dev_change_flags+0x100/0x160 [ 2949.343190] do_setlink+0x90c/0x3ac0 [ 2949.344108] ? vprintk_func+0x93/0x140 [ 2949.345062] ? rtnl_getlink+0xaa0/0xaa0 [ 2949.346042] ? printk+0xba/0xf1 [ 2949.346918] ? record_print_text.cold+0x16/0x16 [ 2949.348065] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2949.349312] ? trace_hardirqs_on+0x5b/0x180 [ 2949.350381] ? __nla_validate_parse+0x2d8/0x2b10 [ 2949.351770] ? perf_trace_lock+0xac/0x490 [ 2949.352791] ? nla_get_range_signed+0x520/0x520 [ 2949.353933] ? __lock_acquire+0xbb1/0x5b00 [ 2949.355081] __rtnl_newlink+0xc39/0x1700 [ 2949.356095] ? rtnl_setlink+0x3b0/0x3b0 [ 2949.357073] ? __is_insn_slot_addr+0x123/0x290 [ 2949.358202] ? unwind_next_frame+0x13ef/0x1a90 [ 2949.359496] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2949.360805] ? 0xffffffffa0000000 [ 2949.361657] ? __is_insn_slot_addr+0x14c/0x290 [ 2949.362839] ? kernel_text_address+0xf2/0x120 [ 2949.363946] ? __kernel_text_address+0x9/0x40 [ 2949.365045] ? unwind_get_return_address+0x55/0xa0 [ 2949.366249] ? create_prof_cpu_mask+0x20/0x20 [ 2949.367529] ? arch_stack_walk+0x99/0xf0 [ 2949.368537] ? stack_trace_save+0x8c/0xc0 [ 2949.369599] ? mark_held_locks+0x9e/0xe0 [ 2949.370627] ? trace_hardirqs_on+0x5b/0x180 [ 2949.371895] ? kasan_unpoison_shadow+0x33/0x50 [ 2949.373019] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2949.374267] rtnl_newlink+0x64/0xa0 [ 2949.375291] ? __rtnl_newlink+0x1700/0x1700 [ 2949.376349] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2949.377388] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2949.378382] ? perf_trace_lock+0xac/0x490 [ 2949.379594] ? __lockdep_reset_lock+0x180/0x180 [ 2949.380751] netlink_rcv_skb+0x14b/0x430 [ 2949.381751] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2949.382786] ? netlink_ack+0xab0/0xab0 [ 2949.383737] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2949.384862] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2949.385982] ? is_vmalloc_addr+0x7b/0xb0 [ 2949.387074] netlink_unicast+0x549/0x7f0 [ 2949.388075] ? netlink_attachskb+0x870/0x870 [ 2949.389170] netlink_sendmsg+0x90f/0xdf0 [ 2949.390170] ? netlink_unicast+0x7f0/0x7f0 [ 2949.391369] ? netlink_unicast+0x7f0/0x7f0 [ 2949.392415] __sock_sendmsg+0x154/0x190 [ 2949.393391] ____sys_sendmsg+0x70d/0x870 [ 2949.394401] ? sock_write_iter+0x3d0/0x3d0 [ 2949.395654] ? do_recvmmsg+0x6d0/0x6d0 [ 2949.396610] ? lock_downgrade+0x6d0/0x6d0 [ 2949.397634] ? __lockdep_reset_lock+0x180/0x180 [ 2949.398705] ___sys_sendmsg+0xf3/0x170 [ 2949.399218] ? sendmsg_copy_msghdr+0x160/0x160 [ 2949.399819] ? __fget_files+0x2cf/0x520 [ 2949.400339] ? lock_downgrade+0x6d0/0x6d0 [ 2949.400889] ? find_held_lock+0x2c/0x110 [ 2949.401428] ? __fget_files+0x2f8/0x520 [ 2949.401954] ? __fget_light+0xea/0x290 [ 2949.402469] __sys_sendmsg+0xe5/0x1b0 [ 2949.402996] ? __sys_sendmsg_sock+0x40/0x40 [ 2949.403561] ? rcu_read_lock_any_held+0x75/0xa0 [ 2949.404182] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2949.404868] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2949.405546] ? trace_hardirqs_on+0x5b/0x180 [ 2949.406111] do_syscall_64+0x33/0x40 [ 2949.406619] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2949.407291] RIP: 0033:0x7f6e57a6eb19 [ 2949.407781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2949.410173] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2949.411182] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2949.412113] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2949.413043] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2949.413972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2949.414919] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2949.430781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2949.431727] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2949.432755] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:42 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 12) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:42 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xaa77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:42 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xc) 13:55:42 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 25) 13:55:42 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 23) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:42 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 30) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:42 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8983, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:55:42 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0003000101010100"], 0x1c}}, 0x0) [ 2963.294765] FAULT_INJECTION: forcing a failure. [ 2963.294765] name failslab, interval 1, probability 0, space 0, times 0 [ 2963.296947] CPU: 1 PID: 22378 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2963.297862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2963.298953] Call Trace: [ 2963.299390] dump_stack+0x107/0x167 [ 2963.299880] should_fail.cold+0x5/0xa [ 2963.300393] ? security_file_alloc+0x34/0x170 [ 2963.300995] should_failslab+0x5/0x20 [ 2963.301502] kmem_cache_alloc+0x5b/0x310 [ 2963.302048] security_file_alloc+0x34/0x170 [ 2963.302623] __alloc_file+0xb7/0x320 [ 2963.303157] alloc_empty_file+0x6d/0x170 [ 2963.303703] alloc_file+0x5e/0x5a0 [ 2963.304181] alloc_file_pseudo+0x16a/0x250 [ 2963.304743] ? alloc_file+0x5a0/0x5a0 [ 2963.305268] anon_inode_getfile+0xc8/0x1f0 [ 2963.305837] io_uring_setup+0x138b/0x2980 [ 2963.306399] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2963.307102] ? wait_for_completion_io+0x270/0x270 [ 2963.307779] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.308475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2963.309163] do_syscall_64+0x33/0x40 [ 2963.309666] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.310211] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2963.310348] RIP: 0033:0x7fbe2462eb19 [ 2963.310369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2963.314385] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2963.315427] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2963.316368] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2963.317308] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2963.318247] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2963.319224] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2963.322962] FAULT_INJECTION: forcing a failure. [ 2963.322962] name failslab, interval 1, probability 0, space 0, times 0 [ 2963.324677] CPU: 0 PID: 22381 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2963.325591] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2963.326691] Call Trace: [ 2963.327056] dump_stack+0x107/0x167 [ 2963.327547] should_fail.cold+0x5/0xa [ 2963.328056] ? cfg80211_sinfo_alloc_tid_stats+0x8f/0x110 [ 2963.328774] should_failslab+0x5/0x20 [ 2963.329281] kmem_cache_alloc_trace+0x55/0x320 [ 2963.329888] cfg80211_sinfo_alloc_tid_stats+0x8f/0x110 [ 2963.330580] sta_set_sinfo+0x2040/0x35c0 [ 2963.331133] ? kasan_unpoison_shadow+0x33/0x50 [ 2963.331738] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2963.332408] __sta_info_destroy_part2+0x2ce/0x4f0 [ 2963.333044] __sta_info_flush+0x3a0/0x520 [ 2963.333595] ? __sta_info_destroy+0x50/0x50 [ 2963.334162] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.334850] ? trace_hardirqs_on+0x5b/0x180 [ 2963.335505] ? cfg80211_put_bss+0x1b0/0x270 [ 2963.336167] ? __local_bh_enable_ip+0x9d/0x100 [ 2963.336881] ieee80211_ibss_disconnect+0x115/0x750 [ 2963.337641] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.338470] ieee80211_ibss_leave+0x12/0x160 [ 2963.339178] __cfg80211_leave_ibss+0x183/0x4f0 [ 2963.339905] __cfg80211_leave+0x14b/0x370 [ 2963.340565] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2963.341412] ? ipmr_device_event+0x18b/0x1f0 [ 2963.342111] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2963.342935] raw_notifier_call_chain+0xb3/0x110 [ 2963.343659] call_netdevice_notifiers_info+0xb5/0x130 [ 2963.344442] __dev_close_many+0xf3/0x2f0 [ 2963.345071] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2963.345869] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.346666] ? __local_bh_enable_ip+0x9d/0x100 [ 2963.348102] ? trace_hardirqs_on+0x5b/0x180 [ 2963.348794] __dev_change_flags+0x299/0x6e0 [ 2963.349476] ? dev_set_allmulti+0x30/0x30 [ 2963.350139] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.350959] dev_change_flags+0x8a/0x160 [ 2963.351624] do_setlink+0x90c/0x3ac0 [ 2963.352215] ? vprintk_func+0x8b/0x140 [ 2963.352839] ? rtnl_getlink+0xaa0/0xaa0 [ 2963.353467] ? printk+0xba/0xf1 [ 2963.353997] ? record_print_text.cold+0x16/0x16 [ 2963.354735] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2963.355599] ? trace_hardirqs_on+0x5b/0x180 [ 2963.356292] ? __nla_validate_parse+0x2d8/0x2b10 [ 2963.357044] ? mark_held_locks+0x9e/0xe0 [ 2963.357667] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.358481] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2963.359309] ? trace_hardirqs_on+0x5b/0x180 [ 2963.360003] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2963.360837] __rtnl_newlink+0xc39/0x1700 [ 2963.361471] ? rtnl_setlink+0x3b0/0x3b0 [ 2963.362074] ? __is_insn_slot_addr+0x123/0x290 [ 2963.362778] ? unwind_next_frame+0x13ef/0x1a90 [ 2963.363935] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.364738] ? 0xffffffffa0000000 [ 2963.365265] ? __is_insn_slot_addr+0x14c/0x290 [ 2963.365958] ? kernel_text_address+0xf2/0x120 [ 2963.366633] ? __kernel_text_address+0x9/0x40 [ 2963.367316] ? unwind_get_return_address+0x55/0xa0 [ 2963.368043] ? create_prof_cpu_mask+0x20/0x20 [ 2963.368683] ? arch_stack_walk+0x99/0xf0 [ 2963.369316] ? stack_trace_save+0x8c/0xc0 [ 2963.370012] ? mark_held_locks+0x9e/0xe0 [ 2963.370642] ? trace_hardirqs_on+0x5b/0x180 [ 2963.371323] ? kasan_unpoison_shadow+0x33/0x50 [ 2963.372000] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2963.372769] rtnl_newlink+0x64/0xa0 [ 2963.373314] ? __rtnl_newlink+0x1700/0x1700 [ 2963.373972] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2963.374621] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2963.383297] ? perf_trace_lock+0xac/0x490 [ 2963.383935] ? __lockdep_reset_lock+0x180/0x180 [ 2963.384648] netlink_rcv_skb+0x14b/0x430 [ 2963.385260] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2963.385880] ? netlink_ack+0xab0/0xab0 [ 2963.386467] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2963.387169] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2963.387830] ? is_vmalloc_addr+0x7b/0xb0 [ 2963.388425] netlink_unicast+0x549/0x7f0 [ 2963.389006] ? netlink_attachskb+0x870/0x870 [ 2963.389638] netlink_sendmsg+0x90f/0xdf0 [ 2963.390237] ? netlink_unicast+0x7f0/0x7f0 [ 2963.390897] ? netlink_unicast+0x7f0/0x7f0 [ 2963.391565] __sock_sendmsg+0x154/0x190 [ 2963.392160] ____sys_sendmsg+0x70d/0x870 [ 2963.392787] ? sock_write_iter+0x3d0/0x3d0 [ 2963.393437] ? do_recvmmsg+0x6d0/0x6d0 [ 2963.394044] ? lock_downgrade+0x6d0/0x6d0 [ 2963.394673] ? __lockdep_reset_lock+0x180/0x180 [ 2963.399437] ___sys_sendmsg+0xf3/0x170 [ 2963.400032] ? sendmsg_copy_msghdr+0x160/0x160 [ 2963.400729] ? __fget_files+0x2cf/0x520 [ 2963.401329] ? lock_downgrade+0x6d0/0x6d0 [ 2963.401967] ? find_held_lock+0x2c/0x110 [ 2963.402591] ? __fget_files+0x2f8/0x520 [ 2963.403206] ? __fget_light+0xea/0x290 [ 2963.403800] __sys_sendmsg+0xe5/0x1b0 [ 2963.404366] ? __sys_sendmsg_sock+0x40/0x40 [ 2963.405020] ? rcu_read_lock_any_held+0x75/0xa0 [ 2963.405743] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.406536] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2963.411342] ? trace_hardirqs_on+0x5b/0x180 [ 2963.412001] do_syscall_64+0x33/0x40 [ 2963.412565] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.413344] RIP: 0033:0x7ff152763b19 [ 2963.413917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2963.416753] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2963.417935] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2963.419018] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2963.420003] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2963.420961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2963.421918] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 13:55:42 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 26) 13:55:42 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c9203000101010100"], 0x1c}}, 0x0) [ 2963.452453] FAULT_INJECTION: forcing a failure. [ 2963.452453] name failslab, interval 1, probability 0, space 0, times 0 [ 2963.454035] CPU: 0 PID: 22490 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2963.454928] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2963.456059] Call Trace: [ 2963.456422] dump_stack+0x107/0x167 [ 2963.456915] should_fail.cold+0x5/0xa [ 2963.457430] ? create_object.isra.0+0x3a/0xa20 [ 2963.458049] should_failslab+0x5/0x20 [ 2963.458562] kmem_cache_alloc+0x5b/0x310 [ 2963.459123] ? percpu_ref_put_many.constprop.0+0x4e/0x110 [ 2963.459862] create_object.isra.0+0x3a/0xa20 [ 2963.460449] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2963.461136] kmem_cache_alloc+0x159/0x310 [ 2963.461700] security_file_alloc+0x34/0x170 [ 2963.462282] __alloc_file+0xb7/0x320 [ 2963.462783] alloc_empty_file+0x6d/0x170 [ 2963.463375] alloc_file+0x5e/0x5a0 [ 2963.463918] alloc_file_pseudo+0x16a/0x250 [ 2963.464557] ? alloc_file+0x5a0/0x5a0 [ 2963.465141] anon_inode_getfile+0xc8/0x1f0 [ 2963.465794] io_uring_setup+0x138b/0x2980 [ 2963.466429] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2963.467210] ? wait_for_completion_io+0x270/0x270 [ 2963.467962] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.468757] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2963.469541] do_syscall_64+0x33/0x40 [ 2963.470111] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.470889] RIP: 0033:0x7fbe2462eb19 [ 2963.471470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2963.474251] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2963.475431] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2963.476511] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2963.477594] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2963.478675] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2963.479771] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:55:42 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xab77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2963.540216] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:55:42 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 27) 13:55:42 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x10) [ 2963.561169] FAULT_INJECTION: forcing a failure. [ 2963.561169] name failslab, interval 1, probability 0, space 0, times 0 [ 2963.562758] CPU: 1 PID: 22385 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2963.563686] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2963.564776] Call Trace: [ 2963.565138] dump_stack+0x107/0x167 [ 2963.565627] should_fail.cold+0x5/0xa [ 2963.566138] ? create_object.isra.0+0x3a/0xa20 [ 2963.566745] should_failslab+0x5/0x20 [ 2963.567270] kmem_cache_alloc+0x5b/0x310 [ 2963.567815] create_object.isra.0+0x3a/0xa20 [ 2963.568395] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2963.569072] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2963.569742] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2963.570377] __alloc_skb+0xb1/0x5b0 [ 2963.570868] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2963.571492] rtmsg_ifinfo+0x83/0x120 [ 2963.571994] __dev_notify_flags+0x22a/0x2c0 [ 2963.572564] ? dev_change_name+0x660/0x660 [ 2963.573119] ? __dev_change_flags+0x4cf/0x6e0 [ 2963.573715] ? dev_set_allmulti+0x30/0x30 [ 2963.574275] dev_change_flags+0x100/0x160 [ 2963.574829] do_setlink+0x90c/0x3ac0 [ 2963.575354] ? rtnl_getlink+0xaa0/0xaa0 [ 2963.575880] ? printk+0xba/0xf1 [ 2963.576321] ? record_print_text.cold+0x16/0x16 [ 2963.576938] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2963.577606] ? trace_hardirqs_on+0x5b/0x180 [ 2963.578194] ? __nla_validate_parse+0x2d8/0x2b10 [ 2963.578829] ? mark_held_locks+0x9e/0xe0 [ 2963.579391] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.580083] ? asm_sysvec_call_function_single+0x12/0x20 [ 2963.580792] ? trace_hardirqs_on+0x5b/0x180 [ 2963.581367] ? asm_sysvec_call_function_single+0x12/0x20 [ 2963.582098] __rtnl_newlink+0xc39/0x1700 [ 2963.582653] ? rtnl_setlink+0x3b0/0x3b0 [ 2963.583202] ? __is_insn_slot_addr+0x123/0x290 [ 2963.583817] ? unwind_next_frame+0x13ef/0x1a90 [ 2963.584421] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.585121] ? 0xffffffffa0000000 [ 2963.585585] ? __is_insn_slot_addr+0x14c/0x290 [ 2963.586192] ? kernel_text_address+0xf2/0x120 [ 2963.586787] ? __kernel_text_address+0x9/0x40 [ 2963.587396] ? unwind_get_return_address+0x55/0xa0 [ 2963.588046] ? create_prof_cpu_mask+0x20/0x20 [ 2963.588639] ? arch_stack_walk+0x99/0xf0 [ 2963.589194] ? stack_trace_save+0x8c/0xc0 [ 2963.589812] ? mark_held_locks+0x9e/0xe0 [ 2963.590356] ? trace_hardirqs_on+0x5b/0x180 [ 2963.590930] ? kasan_unpoison_shadow+0x33/0x50 [ 2963.591551] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2963.592220] rtnl_newlink+0x64/0xa0 [ 2963.592704] ? __rtnl_newlink+0x1700/0x1700 [ 2963.593276] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2963.593841] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2963.594380] ? perf_trace_lock+0xac/0x490 [ 2963.594937] ? __lockdep_reset_lock+0x180/0x180 [ 2963.595579] netlink_rcv_skb+0x14b/0x430 [ 2963.596117] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2963.596659] ? netlink_ack+0xab0/0xab0 [ 2963.597173] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2963.597784] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2963.598389] ? is_vmalloc_addr+0x7b/0xb0 [ 2963.598936] netlink_unicast+0x549/0x7f0 [ 2963.599502] ? netlink_attachskb+0x870/0x870 [ 2963.600098] netlink_sendmsg+0x90f/0xdf0 [ 2963.600646] ? netlink_unicast+0x7f0/0x7f0 [ 2963.601218] ? netlink_unicast+0x7f0/0x7f0 [ 2963.601782] __sock_sendmsg+0x154/0x190 [ 2963.602313] ____sys_sendmsg+0x70d/0x870 [ 2963.602856] ? sock_write_iter+0x3d0/0x3d0 [ 2963.603433] ? do_recvmmsg+0x6d0/0x6d0 [ 2963.603955] ? lock_downgrade+0x6d0/0x6d0 [ 2963.604510] ? __lockdep_reset_lock+0x180/0x180 [ 2963.605131] ___sys_sendmsg+0xf3/0x170 [ 2963.605652] ? sendmsg_copy_msghdr+0x160/0x160 [ 2963.606265] ? __fget_files+0x2cf/0x520 [ 2963.606794] ? lock_downgrade+0x6d0/0x6d0 [ 2963.607364] ? find_held_lock+0x2c/0x110 [ 2963.607916] ? __fget_files+0x2f8/0x520 [ 2963.608453] ? __fget_light+0xea/0x290 [ 2963.608978] __sys_sendmsg+0xe5/0x1b0 [ 2963.609485] ? __sys_sendmsg_sock+0x40/0x40 [ 2963.610056] ? rcu_read_lock_any_held+0x75/0xa0 [ 2963.610691] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.611399] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2963.612079] ? trace_hardirqs_on+0x5b/0x180 [ 2963.612653] do_syscall_64+0x33/0x40 [ 2963.613148] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.613823] RIP: 0033:0x7f6e57a6eb19 [ 2963.614320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2963.616746] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2963.617749] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2963.618687] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2963.619643] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2963.620580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2963.621519] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2963.625609] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2963.632266] FAULT_INJECTION: forcing a failure. [ 2963.632266] name failslab, interval 1, probability 0, space 0, times 0 [ 2963.633773] CPU: 1 PID: 22375 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2963.634680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2963.635787] Call Trace: [ 2963.636142] dump_stack+0x107/0x167 [ 2963.636631] should_fail.cold+0x5/0xa [ 2963.637140] ? __alloc_skb+0x6d/0x5b0 [ 2963.637652] should_failslab+0x5/0x20 [ 2963.638159] kmem_cache_alloc_node+0x55/0x330 [ 2963.638765] __alloc_skb+0x6d/0x5b0 [ 2963.639274] inet6_rt_notify+0xed/0x2a0 [ 2963.639809] fib6_del+0xf4c/0x1540 [ 2963.640308] ? fib6_locate+0x660/0x660 [ 2963.640827] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2963.641512] ? fib6_ifdown+0xc5/0x8f0 [ 2963.642030] fib6_clean_node+0x39e/0x570 [ 2963.642574] ? fib6_del+0x1540/0x1540 [ 2963.643091] ? fib6_clean_tree+0x14c/0x260 [ 2963.643665] fib6_walk_continue+0x35c/0x710 [ 2963.644237] ? trace_hardirqs_on+0x5b/0x180 [ 2963.644816] fib6_clean_tree+0x154/0x260 [ 2963.645359] ? fib6_ifup+0x260/0x260 [ 2963.645860] ? fib6_info_destroy_rcu+0x210/0x210 [ 2963.646618] ? fib6_del+0x1540/0x1540 [ 2963.647191] ? fib6_ifup+0x260/0x260 [ 2963.647756] ? spin_bug+0xf0/0x100 [ 2963.648277] ? lock_chain_count+0x20/0x20 [ 2963.648911] ? fib6_ifup+0x260/0x260 [ 2963.649461] __fib6_clean_all+0xf0/0x2a0 [ 2963.650064] rt6_disable_ip+0x4d5/0x5b0 [ 2963.650656] ? lock_chain_count+0x20/0x20 [ 2963.651291] ? rt6_sync_down_dev+0x150/0x150 [ 2963.651956] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 2963.652670] ? addrconf_dad_run+0x180/0x180 [ 2963.653327] addrconf_notify+0x159/0x2410 [ 2963.653943] ? tun_device_event+0x71/0x1160 [ 2963.654580] ? mark_held_locks+0x9e/0xe0 [ 2963.655189] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2963.655965] ? inet6_ifinfo_notify+0x150/0x150 [ 2963.656648] ? failover_register+0x530/0x530 [ 2963.657300] raw_notifier_call_chain+0xb3/0x110 [ 2963.658007] call_netdevice_notifiers_info+0xb5/0x130 [ 2963.658788] __dev_notify_flags+0x1de/0x2c0 [ 2963.659408] ? dev_change_name+0x660/0x660 [ 2963.659980] ? __dev_change_flags+0x4cf/0x6e0 [ 2963.660588] ? dev_set_allmulti+0x30/0x30 [ 2963.661158] dev_change_flags+0x100/0x160 [ 2963.661722] do_setlink+0x90c/0x3ac0 [ 2963.662230] ? lock_chain_count+0x20/0x20 [ 2963.662788] ? lock_chain_count+0x20/0x20 [ 2963.663367] ? vprintk_func+0x93/0x140 [ 2963.663891] ? rtnl_getlink+0xaa0/0xaa0 [ 2963.664428] ? printk+0xba/0xf1 [ 2963.664882] ? record_print_text.cold+0x16/0x16 [ 2963.665512] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2963.666183] ? trace_hardirqs_on+0x5b/0x180 [ 2963.666777] ? mark_held_locks+0x9e/0xe0 [ 2963.667355] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.668063] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2963.668783] ? trace_hardirqs_on+0x5b/0x180 [ 2963.669366] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2963.670091] ? mutex_is_locked+0xe/0x50 [ 2963.670629] ? check_memory_region+0xec/0x1f0 [ 2963.671263] __rtnl_newlink+0xc39/0x1700 [ 2963.671828] ? rtnl_setlink+0x3b0/0x3b0 [ 2963.672370] ? __is_insn_slot_addr+0x123/0x290 [ 2963.672998] ? unwind_next_frame+0x13ef/0x1a90 [ 2963.673614] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.674323] ? 0xffffffffa0000000 [ 2963.674793] ? __is_insn_slot_addr+0x14c/0x290 [ 2963.675432] ? kernel_text_address+0xf2/0x120 [ 2963.676035] ? __kernel_text_address+0x9/0x40 [ 2963.676636] ? unwind_get_return_address+0x55/0xa0 [ 2963.677292] ? create_prof_cpu_mask+0x20/0x20 [ 2963.677891] ? arch_stack_walk+0x99/0xf0 [ 2963.678453] ? stack_trace_save+0x8c/0xc0 [ 2963.679092] ? mark_held_locks+0x9e/0xe0 [ 2963.679649] ? trace_hardirqs_on+0x5b/0x180 [ 2963.680228] ? kasan_unpoison_shadow+0x33/0x50 [ 2963.680842] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2963.681526] rtnl_newlink+0x64/0xa0 [ 2963.682014] ? __rtnl_newlink+0x1700/0x1700 [ 2963.682598] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2963.683182] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2963.683728] ? perf_trace_lock+0xac/0x490 [ 2963.684290] ? __lockdep_reset_lock+0x180/0x180 [ 2963.684921] netlink_rcv_skb+0x14b/0x430 [ 2963.685466] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2963.686009] ? netlink_ack+0xab0/0xab0 [ 2963.686527] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2963.687157] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2963.687776] ? is_vmalloc_addr+0x7b/0xb0 [ 2963.688330] netlink_unicast+0x549/0x7f0 [ 2963.688886] ? netlink_attachskb+0x870/0x870 [ 2963.689489] netlink_sendmsg+0x90f/0xdf0 [ 2963.690041] ? netlink_unicast+0x7f0/0x7f0 [ 2963.690624] ? netlink_unicast+0x7f0/0x7f0 [ 2963.691211] __sock_sendmsg+0x154/0x190 [ 2963.691749] ____sys_sendmsg+0x70d/0x870 [ 2963.692296] ? sock_write_iter+0x3d0/0x3d0 [ 2963.692863] ? do_recvmmsg+0x6d0/0x6d0 [ 2963.693392] ? lock_downgrade+0x6d0/0x6d0 [ 2963.693953] ? __lockdep_reset_lock+0x180/0x180 [ 2963.694581] ___sys_sendmsg+0xf3/0x170 [ 2963.695120] ? sendmsg_copy_msghdr+0x160/0x160 [ 2963.695744] ? __fget_files+0x2cf/0x520 [ 2963.696281] ? lock_downgrade+0x6d0/0x6d0 [ 2963.696837] ? find_held_lock+0x2c/0x110 [ 2963.697396] ? __fget_files+0x2f8/0x520 [ 2963.697943] ? __fget_light+0xea/0x290 [ 2963.698480] __sys_sendmsg+0xe5/0x1b0 [ 2963.698993] ? __sys_sendmsg_sock+0x40/0x40 [ 2963.699590] ? rcu_read_lock_any_held+0x75/0xa0 [ 2963.700228] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.700934] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2963.701616] ? trace_hardirqs_on+0x5b/0x180 [ 2963.702195] do_syscall_64+0x33/0x40 [ 2963.702693] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.703388] RIP: 0033:0x7fb10e7f3b19 [ 2963.703888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2963.706308] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2963.707340] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2963.708282] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2963.709226] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2963.710176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2963.711142] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2963.717205] FAULT_INJECTION: forcing a failure. [ 2963.717205] name failslab, interval 1, probability 0, space 0, times 0 [ 2963.718710] CPU: 1 PID: 22507 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2963.719635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2963.720739] Call Trace: [ 2963.721099] dump_stack+0x107/0x167 [ 2963.721587] should_fail.cold+0x5/0xa [ 2963.722099] ? io_uring_alloc_task_context+0x99/0x6a0 [ 2963.722786] should_failslab+0x5/0x20 [ 2963.723314] kmem_cache_alloc_trace+0x55/0x320 [ 2963.723929] io_uring_alloc_task_context+0x99/0x6a0 [ 2963.724598] ? io_import_iovec+0x1120/0x1120 [ 2963.725186] ? lock_downgrade+0x6d0/0x6d0 [ 2963.725740] ? do_raw_spin_lock+0x121/0x260 [ 2963.726316] ? rwlock_bug.part.0+0x90/0x90 [ 2963.726887] __io_uring_add_tctx_node+0x2c6/0x520 [ 2963.727548] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2963.728245] ? alloc_fd+0x2e7/0x670 [ 2963.728745] io_uring_setup+0x1fbb/0x2980 [ 2963.729308] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2963.729985] ? wait_for_completion_io+0x270/0x270 [ 2963.730652] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2963.731367] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2963.732057] do_syscall_64+0x33/0x40 [ 2963.732556] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2963.733240] RIP: 0033:0x7fbe2462eb19 [ 2963.733741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2963.736188] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2963.737207] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2963.738154] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2963.739110] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2963.741050] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2963.742891] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2963.745801] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 13:55:43 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xac77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 2963.747617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:55:43 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x12) 13:55:43 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0005000101010100"], 0x1c}}, 0x0) [ 2963.757525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2963.758593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2963.759638] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2963.761947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2963.762906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2963.763919] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2963.776702] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:56 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 13) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:56 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 31) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:55:56 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0006000101010100"], 0x1c}}, 0x0) 13:55:56 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 28) 13:55:56 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x18) 13:55:56 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x89a0, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) [ 2977.468829] FAULT_INJECTION: forcing a failure. [ 2977.468829] name failslab, interval 1, probability 0, space 0, times 0 [ 2977.470405] CPU: 0 PID: 22730 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2977.471334] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2977.488502] Call Trace: [ 2977.488869] dump_stack+0x107/0x167 [ 2977.489360] should_fail.cold+0x5/0xa [ 2977.489877] ? create_object.isra.0+0x3a/0xa20 [ 2977.490499] should_failslab+0x5/0x20 [ 2977.491020] kmem_cache_alloc+0x5b/0x310 [ 2977.491748] create_object.isra.0+0x3a/0xa20 [ 2977.492341] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.493028] kmem_cache_alloc_trace+0x151/0x320 [ 2977.493665] io_uring_alloc_task_context+0x99/0x6a0 [ 2977.494336] ? io_import_iovec+0x1120/0x1120 [ 2977.494932] ? lock_downgrade+0x6d0/0x6d0 13:55:56 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xad77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:56 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 24) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 2977.495491] ? do_raw_spin_lock+0x121/0x260 [ 2977.496197] ? rwlock_bug.part.0+0x90/0x90 [ 2977.496792] __io_uring_add_tctx_node+0x2c6/0x520 [ 2977.497458] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2977.498185] ? alloc_fd+0x2e7/0x670 [ 2977.498701] io_uring_setup+0x1fbb/0x2980 [ 2977.499282] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2977.500033] ? wait_for_completion_io+0x270/0x270 [ 2977.500722] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.501456] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2977.502170] do_syscall_64+0x33/0x40 [ 2977.502688] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.503394] RIP: 0033:0x7fbe2462eb19 [ 2977.503959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2977.506460] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2977.507494] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2977.508546] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2977.509518] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2977.510487] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2977.511452] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2977.515263] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2977.526406] FAULT_INJECTION: forcing a failure. [ 2977.526406] name failslab, interval 1, probability 0, space 0, times 0 [ 2977.528140] CPU: 0 PID: 22734 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2977.529083] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2977.530213] Call Trace: [ 2977.530580] dump_stack+0x107/0x167 [ 2977.531082] should_fail.cold+0x5/0xa [ 2977.531628] ? create_object.isra.0+0x3a/0xa20 [ 2977.532257] should_failslab+0x5/0x20 [ 2977.532778] kmem_cache_alloc+0x5b/0x310 [ 2977.533340] create_object.isra.0+0x3a/0xa20 [ 2977.533936] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.534640] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2977.535332] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2977.536027] __alloc_skb+0xb1/0x5b0 [ 2977.536534] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2977.537163] rtmsg_ifinfo+0x83/0x120 [ 2977.537676] __dev_notify_flags+0x22a/0x2c0 [ 2977.538263] ? dev_change_name+0x660/0x660 [ 2977.538839] ? __dev_change_flags+0x4cf/0x6e0 [ 2977.539456] ? dev_set_allmulti+0x30/0x30 [ 2977.540057] dev_change_flags+0x100/0x160 [ 2977.540626] do_setlink+0x90c/0x3ac0 [ 2977.541145] ? vprintk_func+0x93/0x140 [ 2977.541678] ? rtnl_getlink+0xaa0/0xaa0 [ 2977.542221] ? printk+0xba/0xf1 [ 2977.542674] ? record_print_text.cold+0x16/0x16 [ 2977.543314] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2977.544061] ? trace_hardirqs_on+0x5b/0x180 [ 2977.544639] ? __nla_validate_parse+0x2d8/0x2b10 [ 2977.545260] ? perf_trace_lock+0xac/0x490 [ 2977.545804] ? nla_get_range_signed+0x520/0x520 [ 2977.546448] ? __lock_acquire+0xbb1/0x5b00 [ 2977.547018] __rtnl_newlink+0xc39/0x1700 [ 2977.547573] ? rtnl_setlink+0x3b0/0x3b0 [ 2977.548102] ? __is_insn_slot_addr+0x123/0x290 [ 2977.548709] ? unwind_next_frame+0x13ef/0x1a90 [ 2977.549313] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.550052] ? 0xffffffffa0000000 [ 2977.550515] ? __is_insn_slot_addr+0x14c/0x290 [ 2977.551117] ? kernel_text_address+0xf2/0x120 [ 2977.551727] ? __kernel_text_address+0x9/0x40 [ 2977.552312] ? unwind_get_return_address+0x55/0xa0 [ 2977.552953] ? create_prof_cpu_mask+0x20/0x20 [ 2977.553541] ? arch_stack_walk+0x99/0xf0 [ 2977.554083] ? stack_trace_save+0x8c/0xc0 [ 2977.554671] ? mark_held_locks+0x9e/0xe0 [ 2977.555206] ? trace_hardirqs_on+0x5b/0x180 [ 2977.555817] ? kasan_unpoison_shadow+0x33/0x50 [ 2977.556419] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.557084] rtnl_newlink+0x64/0xa0 [ 2977.557561] ? __rtnl_newlink+0x1700/0x1700 [ 2977.558130] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2977.558687] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2977.559227] ? perf_trace_lock+0xac/0x490 [ 2977.559815] ? __lockdep_reset_lock+0x180/0x180 [ 2977.560430] netlink_rcv_skb+0x14b/0x430 [ 2977.560962] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2977.561495] ? netlink_ack+0xab0/0xab0 [ 2977.562000] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2977.562606] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2977.563203] ? is_vmalloc_addr+0x7b/0xb0 [ 2977.563776] netlink_unicast+0x549/0x7f0 [ 2977.564312] ? netlink_attachskb+0x870/0x870 [ 2977.564899] netlink_sendmsg+0x90f/0xdf0 [ 2977.565446] ? netlink_unicast+0x7f0/0x7f0 [ 2977.566008] ? netlink_unicast+0x7f0/0x7f0 [ 2977.566562] __sock_sendmsg+0x154/0x190 [ 2977.567084] ____sys_sendmsg+0x70d/0x870 [ 2977.567653] ? sock_write_iter+0x3d0/0x3d0 [ 2977.568210] ? do_recvmmsg+0x6d0/0x6d0 [ 2977.568725] ? lock_downgrade+0x6d0/0x6d0 [ 2977.569273] ? __lockdep_reset_lock+0x180/0x180 [ 2977.569887] ___sys_sendmsg+0xf3/0x170 [ 2977.570400] ? sendmsg_copy_msghdr+0x160/0x160 [ 2977.571003] ? __fget_files+0x2cf/0x520 [ 2977.571526] ? lock_downgrade+0x6d0/0x6d0 [ 2977.572106] ? find_held_lock+0x2c/0x110 [ 2977.572649] ? __fget_files+0x2f8/0x520 [ 2977.573177] ? __fget_light+0xea/0x290 [ 2977.573695] __sys_sendmsg+0xe5/0x1b0 [ 2977.574196] ? __sys_sendmsg_sock+0x40/0x40 [ 2977.574762] ? rcu_read_lock_any_held+0x75/0xa0 [ 2977.575386] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.576115] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2977.576790] ? trace_hardirqs_on+0x5b/0x180 [ 2977.577357] do_syscall_64+0x33/0x40 [ 2977.577848] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.578523] RIP: 0033:0x7f6e57a6eb19 [ 2977.579017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2977.581471] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2977.582470] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2977.583415] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2977.584386] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2977.585319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2977.586253] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2977.589374] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 2977.594244] FAULT_INJECTION: forcing a failure. [ 2977.594244] name failslab, interval 1, probability 0, space 0, times 0 [ 2977.596010] CPU: 0 PID: 22773 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2977.596924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2977.598018] Call Trace: [ 2977.598366] dump_stack+0x107/0x167 [ 2977.598848] should_fail.cold+0x5/0xa [ 2977.599351] ? create_object.isra.0+0x3a/0xa20 [ 2977.599992] should_failslab+0x5/0x20 [ 2977.600496] kmem_cache_alloc+0x5b/0x310 [ 2977.601035] create_object.isra.0+0x3a/0xa20 [ 2977.601611] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.602285] kmem_cache_alloc_trace+0x151/0x320 [ 2977.602907] cfg80211_sinfo_alloc_tid_stats+0x8f/0x110 [ 2977.603637] sta_set_sinfo+0x2040/0x35c0 [ 2977.604181] ? kasan_unpoison_shadow+0x33/0x50 [ 2977.604786] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.605455] __sta_info_destroy_part2+0x2ce/0x4f0 [ 2977.606095] __sta_info_flush+0x3a0/0x520 [ 2977.606653] ? __sta_info_destroy+0x50/0x50 [ 2977.607224] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.607956] ? trace_hardirqs_on+0x5b/0x180 [ 2977.608529] ? cfg80211_put_bss+0x1b0/0x270 [ 2977.609104] ? __local_bh_enable_ip+0x9d/0x100 [ 2977.609713] ieee80211_ibss_disconnect+0x115/0x750 [ 2977.610362] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.611057] ieee80211_ibss_leave+0x12/0x160 [ 2977.611666] __cfg80211_leave_ibss+0x183/0x4f0 [ 2977.612271] __cfg80211_leave+0x14b/0x370 [ 2977.612821] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2977.613532] ? ipmr_device_event+0x18b/0x1f0 [ 2977.614112] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2977.614795] raw_notifier_call_chain+0xb3/0x110 [ 2977.615412] call_netdevice_notifiers_info+0xb5/0x130 [ 2977.616146] __dev_close_many+0xf3/0x2f0 [ 2977.616689] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2977.617380] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.618075] ? __local_bh_enable_ip+0x9d/0x100 [ 2977.618675] ? trace_hardirqs_on+0x5b/0x180 [ 2977.619249] __dev_change_flags+0x299/0x6e0 [ 2977.619862] ? dev_set_allmulti+0x30/0x30 [ 2977.620420] dev_change_flags+0x8a/0x160 [ 2977.620972] do_setlink+0x90c/0x3ac0 [ 2977.621470] ? lock_chain_count+0x20/0x20 [ 2977.622018] ? vprintk_func+0x93/0x140 [ 2977.622531] ? rtnl_getlink+0xaa0/0xaa0 [ 2977.623055] ? printk+0xba/0xf1 [ 2977.623494] ? record_print_text.cold+0x16/0x16 [ 2977.624145] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2977.624809] ? trace_hardirqs_on+0x5b/0x180 [ 2977.625390] ? mark_held_locks+0x9e/0xe0 [ 2977.625928] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.626626] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2977.627335] ? trace_hardirqs_on+0x5b/0x180 [ 2977.627947] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2977.628669] ? validate_linkmsg+0x18d/0x8b0 [ 2977.629235] ? validate_linkmsg+0x490/0x8b0 [ 2977.629814] __rtnl_newlink+0xc39/0x1700 [ 2977.630359] ? rtnl_setlink+0x3b0/0x3b0 [ 2977.630888] ? __is_insn_slot_addr+0x123/0x290 [ 2977.631496] ? unwind_next_frame+0x13ef/0x1a90 [ 2977.632131] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.632833] ? 0xffffffffa0000000 [ 2977.633294] ? __is_insn_slot_addr+0x14c/0x290 [ 2977.633901] ? kernel_text_address+0xf2/0x120 [ 2977.634495] ? __kernel_text_address+0x9/0x40 [ 2977.635091] ? unwind_get_return_address+0x55/0xa0 [ 2977.635795] ? create_prof_cpu_mask+0x20/0x20 [ 2977.636461] ? arch_stack_walk+0x99/0xf0 [ 2977.637098] ? stack_trace_save+0x8c/0xc0 [ 2977.637782] ? mark_held_locks+0x9e/0xe0 [ 2977.638406] ? trace_hardirqs_on+0x5b/0x180 [ 2977.639058] ? kasan_unpoison_shadow+0x33/0x50 [ 2977.639742] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.640438] rtnl_newlink+0x64/0xa0 [ 2977.640928] ? __rtnl_newlink+0x1700/0x1700 [ 2977.641501] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2977.642067] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2977.642614] ? perf_trace_lock+0xac/0x490 [ 2977.643169] ? __lockdep_reset_lock+0x180/0x180 [ 2977.643801] netlink_rcv_skb+0x14b/0x430 [ 2977.644338] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2977.644890] ? netlink_ack+0xab0/0xab0 [ 2977.645402] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2977.646012] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2977.646615] ? is_vmalloc_addr+0x7b/0xb0 [ 2977.647159] netlink_unicast+0x549/0x7f0 [ 2977.647721] ? netlink_attachskb+0x870/0x870 [ 2977.648313] netlink_sendmsg+0x90f/0xdf0 [ 2977.648856] ? netlink_unicast+0x7f0/0x7f0 [ 2977.649425] ? netlink_unicast+0x7f0/0x7f0 [ 2977.649985] __sock_sendmsg+0x154/0x190 [ 2977.650525] ____sys_sendmsg+0x70d/0x870 [ 2977.651063] ? sock_write_iter+0x3d0/0x3d0 [ 2977.651635] ? do_recvmmsg+0x6d0/0x6d0 [ 2977.652157] ? lock_downgrade+0x6d0/0x6d0 [ 2977.652713] ? __lockdep_reset_lock+0x180/0x180 [ 2977.653330] ___sys_sendmsg+0xf3/0x170 [ 2977.653849] ? sendmsg_copy_msghdr+0x160/0x160 [ 2977.654460] ? __fget_files+0x2cf/0x520 [ 2977.654989] ? lock_downgrade+0x6d0/0x6d0 [ 2977.655547] ? find_held_lock+0x2c/0x110 [ 2977.656100] ? __fget_files+0x2f8/0x520 [ 2977.656637] ? __fget_light+0xea/0x290 [ 2977.657162] __sys_sendmsg+0xe5/0x1b0 [ 2977.657667] ? __sys_sendmsg_sock+0x40/0x40 [ 2977.658241] ? rcu_read_lock_any_held+0x75/0xa0 [ 2977.658873] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.659576] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2977.660275] ? trace_hardirqs_on+0x5b/0x180 [ 2977.660850] do_syscall_64+0x33/0x40 [ 2977.661347] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.662029] RIP: 0033:0x7ff152763b19 [ 2977.662527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2977.664976] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2977.665985] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2977.666938] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2977.667895] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2977.668841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2977.669789] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2977.702993] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2977.721332] FAULT_INJECTION: forcing a failure. [ 2977.721332] name failslab, interval 1, probability 0, space 0, times 0 [ 2977.723546] CPU: 0 PID: 22948 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2977.724498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2977.725593] Call Trace: [ 2977.725946] dump_stack+0x107/0x167 [ 2977.726432] should_fail.cold+0x5/0xa [ 2977.726938] ? create_object.isra.0+0x3a/0xa20 [ 2977.727562] should_failslab+0x5/0x20 [ 2977.728079] kmem_cache_alloc+0x5b/0x310 [ 2977.728619] create_object.isra.0+0x3a/0xa20 [ 2977.729205] kmemleak_alloc_percpu+0xa0/0x100 [ 2977.729801] pcpu_alloc+0x4e2/0x1240 [ 2977.730304] __percpu_counter_init+0x10d/0x2d0 [ 2977.730911] io_uring_alloc_task_context+0xcc/0x6a0 [ 2977.731589] ? io_import_iovec+0x1120/0x1120 [ 2977.732181] ? lock_downgrade+0x6d0/0x6d0 [ 2977.732731] ? do_raw_spin_lock+0x121/0x260 [ 2977.733303] ? rwlock_bug.part.0+0x90/0x90 [ 2977.733870] __io_uring_add_tctx_node+0x2c6/0x520 [ 2977.734505] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2977.735200] ? alloc_fd+0x2e7/0x670 [ 2977.735703] io_uring_setup+0x1fbb/0x2980 [ 2977.736254] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2977.736927] ? wait_for_completion_io+0x270/0x270 [ 2977.737584] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.738280] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2977.738963] do_syscall_64+0x33/0x40 [ 2977.739455] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.740147] RIP: 0033:0x7fbe2462eb19 [ 2977.740644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2977.743068] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2977.744089] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2977.745033] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2977.745975] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2977.746918] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2977.747872] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2977.756691] FAULT_INJECTION: forcing a failure. [ 2977.756691] name failslab, interval 1, probability 0, space 0, times 0 [ 2977.758147] CPU: 1 PID: 22910 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2977.758993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2977.760037] Call Trace: [ 2977.760370] dump_stack+0x107/0x167 [ 2977.760819] should_fail.cold+0x5/0xa [ 2977.761290] ? create_object.isra.0+0x3a/0xa20 [ 2977.761860] should_failslab+0x5/0x20 [ 2977.762327] kmem_cache_alloc+0x5b/0x310 [ 2977.762830] create_object.isra.0+0x3a/0xa20 [ 2977.763365] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.764008] kmem_cache_alloc_node+0x169/0x330 [ 2977.764582] __alloc_skb+0x6d/0x5b0 [ 2977.765032] inet6_rt_notify+0xed/0x2a0 [ 2977.765524] fib6_del+0xf4c/0x1540 [ 2977.765969] ? fib6_locate+0x660/0x660 [ 2977.766450] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2977.767082] ? fib6_ifdown+0xc5/0x8f0 13:55:56 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0007000101010100"], 0x1c}}, 0x0) 13:55:56 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xae77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:57 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0009000101010100"], 0x1c}}, 0x0) 13:55:57 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1e) 13:55:57 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 29) 13:55:57 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 30) [ 2977.767579] fib6_clean_node+0x39e/0x570 [ 2977.783995] ? fib6_del+0x1540/0x1540 [ 2977.784470] ? fib6_walk_continue+0x2a8/0x710 [ 2977.785019] fib6_walk_continue+0x35c/0x710 [ 2977.785548] ? trace_hardirqs_on+0x5b/0x180 [ 2977.786077] fib6_clean_tree+0x154/0x260 [ 2977.786573] ? fib6_ifup+0x260/0x260 [ 2977.787029] ? fib6_info_destroy_rcu+0x210/0x210 [ 2977.787625] ? fib6_del+0x1540/0x1540 [ 2977.788095] ? fib6_ifup+0x260/0x260 [ 2977.788547] ? spin_bug+0xf0/0x100 [ 2977.788979] ? lock_chain_count+0x20/0x20 [ 2977.789492] ? fib6_ifup+0x260/0x260 [ 2977.789945] __fib6_clean_all+0xf0/0x2a0 [ 2977.790444] rt6_disable_ip+0x4d5/0x5b0 [ 2977.790931] ? lock_chain_count+0x20/0x20 [ 2977.791439] ? rt6_sync_down_dev+0x150/0x150 [ 2977.792003] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 2977.792591] ? addrconf_dad_run+0x180/0x180 [ 2977.793130] addrconf_notify+0x159/0x2410 [ 2977.793640] ? tun_device_event+0x71/0x1160 [ 2977.794168] ? mark_held_locks+0x9e/0xe0 [ 2977.794666] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2977.795296] ? inet6_ifinfo_notify+0x150/0x150 [ 2977.795872] ? failover_register+0x530/0x530 [ 2977.796418] raw_notifier_call_chain+0xb3/0x110 [ 2977.796998] call_netdevice_notifiers_info+0xb5/0x130 [ 2977.797627] __dev_notify_flags+0x1de/0x2c0 [ 2977.798152] ? dev_change_name+0x660/0x660 [ 2977.798666] ? __dev_change_flags+0x4cf/0x6e0 [ 2977.799215] ? dev_set_allmulti+0x30/0x30 [ 2977.802679] FAULT_INJECTION: forcing a failure. [ 2977.802679] name failslab, interval 1, probability 0, space 0, times 0 [ 2977.815760] dev_change_flags+0x100/0x160 [ 2977.815778] do_setlink+0x90c/0x3ac0 [ 2977.815798] ? vprintk_func+0x93/0x140 [ 2977.815809] ? rtnl_getlink+0xaa0/0xaa0 [ 2977.815822] ? printk+0xba/0xf1 [ 2977.815835] ? record_print_text.cold+0x16/0x16 [ 2977.815850] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2977.815860] ? trace_hardirqs_on+0x5b/0x180 [ 2977.815886] ? __nla_validate_parse+0x2d8/0x2b10 [ 2977.815902] ? perf_trace_lock+0xac/0x490 [ 2977.815918] ? nla_get_range_signed+0x520/0x520 [ 2977.815929] ? __lock_acquire+0xbb1/0x5b00 [ 2977.815960] __rtnl_newlink+0xc39/0x1700 [ 2977.815984] ? rtnl_setlink+0x3b0/0x3b0 [ 2977.815999] ? __is_insn_slot_addr+0x123/0x290 [ 2977.816019] ? unwind_next_frame+0x13ef/0x1a90 [ 2977.816032] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.816044] ? 0xffffffffa0000000 [ 2977.816059] ? __is_insn_slot_addr+0x14c/0x290 [ 2977.816075] ? kernel_text_address+0xf2/0x120 [ 2977.816088] ? __kernel_text_address+0x9/0x40 [ 2977.816101] ? unwind_get_return_address+0x55/0xa0 [ 2977.816114] ? create_prof_cpu_mask+0x20/0x20 [ 2977.816126] ? arch_stack_walk+0x99/0xf0 [ 2977.816153] ? stack_trace_save+0x8c/0xc0 [ 2977.816213] ? mark_held_locks+0x9e/0xe0 [ 2977.816229] ? trace_hardirqs_on+0x5b/0x180 [ 2977.816244] ? kasan_unpoison_shadow+0x33/0x50 [ 2977.816256] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2977.816271] rtnl_newlink+0x64/0xa0 [ 2977.816283] ? __rtnl_newlink+0x1700/0x1700 [ 2977.816294] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2977.816309] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2977.816322] ? perf_trace_lock+0xac/0x490 [ 2977.816340] ? __lockdep_reset_lock+0x180/0x180 [ 2977.816358] netlink_rcv_skb+0x14b/0x430 [ 2977.816371] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2977.816384] ? netlink_ack+0xab0/0xab0 [ 2977.816394] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2977.816411] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2977.816425] ? is_vmalloc_addr+0x7b/0xb0 [ 2977.816442] netlink_unicast+0x549/0x7f0 [ 2977.816460] ? netlink_attachskb+0x870/0x870 [ 2977.816481] netlink_sendmsg+0x90f/0xdf0 [ 2977.816499] ? netlink_unicast+0x7f0/0x7f0 [ 2977.816521] ? netlink_unicast+0x7f0/0x7f0 [ 2977.816535] __sock_sendmsg+0x154/0x190 [ 2977.816549] ____sys_sendmsg+0x70d/0x870 [ 2977.816565] ? sock_write_iter+0x3d0/0x3d0 [ 2977.816576] ? do_recvmmsg+0x6d0/0x6d0 [ 2977.816592] ? lock_downgrade+0x6d0/0x6d0 [ 2977.816607] ? __lockdep_reset_lock+0x180/0x180 [ 2977.816624] ___sys_sendmsg+0xf3/0x170 [ 2977.816639] ? sendmsg_copy_msghdr+0x160/0x160 [ 2977.816657] ? __fget_files+0x2cf/0x520 [ 2977.816669] ? lock_downgrade+0x6d0/0x6d0 [ 2977.816682] ? find_held_lock+0x2c/0x110 [ 2977.816704] ? __fget_files+0x2f8/0x520 [ 2977.816723] ? __fget_light+0xea/0x290 [ 2977.816743] __sys_sendmsg+0xe5/0x1b0 [ 2977.816756] ? __sys_sendmsg_sock+0x40/0x40 [ 2977.816768] ? rcu_read_lock_any_held+0x75/0xa0 [ 2977.816795] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.816808] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2977.816818] ? trace_hardirqs_on+0x5b/0x180 [ 2977.816832] do_syscall_64+0x33/0x40 [ 2977.816844] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.816852] RIP: 0033:0x7fb10e7f3b19 [ 2977.816866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2977.816873] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2977.816887] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2977.816895] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2977.816903] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2977.816910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2977.816918] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2977.825828] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2977.825838] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2977.825980] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2977.884198] CPU: 0 PID: 22962 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2977.885150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2977.886288] Call Trace: [ 2977.886662] dump_stack+0x107/0x167 [ 2977.887173] should_fail.cold+0x5/0xa [ 2977.887728] ? create_object.isra.0+0x3a/0xa20 [ 2977.888374] should_failslab+0x5/0x20 [ 2977.888907] kmem_cache_alloc+0x5b/0x310 [ 2977.889479] create_object.isra.0+0x3a/0xa20 [ 2977.890060] kmemleak_alloc_percpu+0xa0/0x100 [ 2977.890652] pcpu_alloc+0x4e2/0x1240 [ 2977.891190] __percpu_counter_init+0x10d/0x2d0 [ 2977.891830] io_uring_alloc_task_context+0xcc/0x6a0 [ 2977.892519] ? io_import_iovec+0x1120/0x1120 [ 2977.893130] ? lock_downgrade+0x6d0/0x6d0 [ 2977.893704] ? do_raw_spin_lock+0x121/0x260 [ 2977.894296] ? rwlock_bug.part.0+0x90/0x90 [ 2977.894884] __io_uring_add_tctx_node+0x2c6/0x520 [ 2977.895563] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2977.896287] ? alloc_fd+0x2e7/0x670 [ 2977.896800] io_uring_setup+0x1fbb/0x2980 [ 2977.897377] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2977.898072] ? wait_for_completion_io+0x270/0x270 [ 2977.898756] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2977.899474] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2977.900199] do_syscall_64+0x33/0x40 [ 2977.900530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2977.900704] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2977.901561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2977.902196] RIP: 0033:0x7fbe2462eb19 [ 2977.903129] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2977.903447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2977.910724] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2977.911792] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2977.912782] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2977.913760] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2977.914741] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2977.915750] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 2977.947563] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2977.948489] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2977.949607] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:55:57 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xaf77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:55:57 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000a000101010100"], 0x1c}}, 0x0) 13:56:11 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x89a1, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:56:11 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 25) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:11 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb077, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:11 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x24) [ 2992.227298] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:56:11 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 32) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:11 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 14) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:11 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 31) 13:56:11 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1cc00e000101010100"], 0x1c}}, 0x0) [ 2992.245172] FAULT_INJECTION: forcing a failure. [ 2992.245172] name failslab, interval 1, probability 0, space 0, times 0 [ 2992.246590] CPU: 1 PID: 23092 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2992.247447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2992.248505] Call Trace: [ 2992.248840] dump_stack+0x107/0x167 [ 2992.249293] should_fail.cold+0x5/0xa [ 2992.249768] ? io_uring_alloc_task_context+0x4a3/0x6a0 [ 2992.250419] should_failslab+0x5/0x20 [ 2992.250891] kmem_cache_alloc_trace+0x55/0x320 [ 2992.251457] io_uring_alloc_task_context+0x4a3/0x6a0 [ 2992.252098] ? io_import_iovec+0x1120/0x1120 [ 2992.252653] ? lock_downgrade+0x6d0/0x6d0 [ 2992.253161] ? do_raw_spin_lock+0x121/0x260 [ 2992.253689] ? rwlock_bug.part.0+0x90/0x90 [ 2992.254212] __io_uring_add_tctx_node+0x2c6/0x520 [ 2992.254803] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2992.255450] ? alloc_fd+0x2e7/0x670 [ 2992.255906] io_uring_setup+0x1fbb/0x2980 [ 2992.256437] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2992.257061] ? wait_for_completion_io+0x270/0x270 [ 2992.257672] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.258319] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2992.258953] do_syscall_64+0x33/0x40 [ 2992.259410] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.260045] RIP: 0033:0x7fbe2462eb19 [ 2992.260512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2992.262768] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2992.263706] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2992.264598] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2992.265471] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2992.266342] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2992.267217] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:56:11 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1cc818000101010100"], 0x1c}}, 0x0) [ 2992.286321] FAULT_INJECTION: forcing a failure. [ 2992.286321] name failslab, interval 1, probability 0, space 0, times 0 13:56:11 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2a) [ 2992.287771] CPU: 1 PID: 23085 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 2992.288661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2992.289683] Call Trace: [ 2992.290017] dump_stack+0x107/0x167 [ 2992.290470] should_fail.cold+0x5/0xa [ 2992.290946] should_failslab+0x5/0x20 [ 2992.291417] __kmalloc_node_track_caller+0x74/0x3b0 [ 2992.292031] ? inet6_rt_notify+0xed/0x2a0 [ 2992.292572] __alloc_skb+0xb1/0x5b0 [ 2992.293025] inet6_rt_notify+0xed/0x2a0 [ 2992.293526] fib6_del+0xf4c/0x1540 [ 2992.293975] ? fib6_locate+0x660/0x660 [ 2992.294457] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2992.295094] ? fib6_ifdown+0xc5/0x8f0 [ 2992.295569] fib6_clean_node+0x39e/0x570 [ 2992.296082] ? fib6_del+0x1540/0x1540 [ 2992.296556] ? fib6_clean_tree+0x14c/0x260 [ 2992.297087] fib6_walk_continue+0x35c/0x710 [ 2992.297619] ? trace_hardirqs_on+0x5b/0x180 [ 2992.298154] fib6_clean_tree+0x154/0x260 [ 2992.298652] ? fib6_ifup+0x260/0x260 [ 2992.299111] ? fib6_info_destroy_rcu+0x210/0x210 [ 2992.299697] ? fib6_del+0x1540/0x1540 [ 2992.300183] ? fib6_ifup+0x260/0x260 [ 2992.300640] ? spin_bug+0xf0/0x100 [ 2992.301078] ? lock_chain_count+0x20/0x20 [ 2992.301606] ? fib6_ifup+0x260/0x260 [ 2992.302060] __fib6_clean_all+0xf0/0x2a0 [ 2992.302560] rt6_disable_ip+0x4d5/0x5b0 [ 2992.303049] ? lock_chain_count+0x20/0x20 [ 2992.303558] ? rt6_sync_down_dev+0x150/0x150 [ 2992.304118] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 2992.304708] ? addrconf_dad_run+0x180/0x180 [ 2992.305250] addrconf_notify+0x159/0x2410 [ 2992.305765] ? tun_device_event+0x71/0x1160 [ 2992.306293] ? mark_held_locks+0x9e/0xe0 [ 2992.306791] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2992.307427] ? inet6_ifinfo_notify+0x150/0x150 [ 2992.307986] ? failover_register+0x530/0x530 [ 2992.308556] raw_notifier_call_chain+0xb3/0x110 [ 2992.309129] call_netdevice_notifiers_info+0xb5/0x130 [ 2992.309761] __dev_notify_flags+0x1de/0x2c0 [ 2992.310285] ? dev_change_name+0x660/0x660 [ 2992.310798] ? __dev_change_flags+0x4cf/0x6e0 [ 2992.311350] ? dev_set_allmulti+0x30/0x30 [ 2992.311866] dev_change_flags+0x100/0x160 [ 2992.312388] do_setlink+0x90c/0x3ac0 [ 2992.312851] ? lock_chain_count+0x20/0x20 [ 2992.313355] ? rtnl_getlink+0xaa0/0xaa0 [ 2992.313840] ? printk+0xba/0xf1 [ 2992.314245] ? record_print_text.cold+0x16/0x16 [ 2992.314814] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2992.315433] ? trace_hardirqs_on+0x5b/0x180 [ 2992.315975] ? mark_held_locks+0x9e/0xe0 [ 2992.316491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.317128] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2992.317784] ? trace_hardirqs_on+0x5b/0x180 [ 2992.318316] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2992.318983] ? rtnl_ensure_unique_netns+0xa8/0x250 [ 2992.319585] __rtnl_newlink+0xc39/0x1700 [ 2992.320108] ? rtnl_setlink+0x3b0/0x3b0 [ 2992.320598] ? __is_insn_slot_addr+0x123/0x290 [ 2992.321164] ? unwind_next_frame+0x13ef/0x1a90 [ 2992.321724] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.322370] ? 0xffffffffa0000000 [ 2992.322796] ? __is_insn_slot_addr+0x14c/0x290 [ 2992.323356] ? kernel_text_address+0xf2/0x120 [ 2992.323906] ? __kernel_text_address+0x9/0x40 [ 2992.324468] ? unwind_get_return_address+0x55/0xa0 [ 2992.325067] ? create_prof_cpu_mask+0x20/0x20 [ 2992.325614] ? arch_stack_walk+0x99/0xf0 [ 2992.326121] ? stack_trace_save+0x8c/0xc0 [ 2992.326679] ? mark_held_locks+0x9e/0xe0 [ 2992.327183] ? trace_hardirqs_on+0x5b/0x180 13:56:11 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0040000101010100"], 0x1c}}, 0x0) [ 2992.327713] ? kasan_unpoison_shadow+0x33/0x50 [ 2992.328284] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2992.336715] rtnl_newlink+0x64/0xa0 [ 2992.337162] ? __rtnl_newlink+0x1700/0x1700 [ 2992.337691] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2992.338211] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2992.338708] ? perf_trace_lock+0xac/0x490 [ 2992.339220] ? __lockdep_reset_lock+0x180/0x180 [ 2992.339793] netlink_rcv_skb+0x14b/0x430 [ 2992.340306] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2992.340803] ? netlink_ack+0xab0/0xab0 [ 2992.341277] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2992.341839] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2992.342400] ? is_vmalloc_addr+0x7b/0xb0 [ 2992.342900] netlink_unicast+0x549/0x7f0 [ 2992.343407] ? netlink_attachskb+0x870/0x870 [ 2992.343953] netlink_sendmsg+0x90f/0xdf0 [ 2992.344466] ? netlink_unicast+0x7f0/0x7f0 [ 2992.344993] ? netlink_unicast+0x7f0/0x7f0 [ 2992.345514] __sock_sendmsg+0x154/0x190 [ 2992.346001] ____sys_sendmsg+0x70d/0x870 [ 2992.346500] ? sock_write_iter+0x3d0/0x3d0 [ 2992.347016] ? do_recvmmsg+0x6d0/0x6d0 [ 2992.347496] ? lock_downgrade+0x6d0/0x6d0 [ 2992.348004] ? __lockdep_reset_lock+0x180/0x180 [ 2992.352611] ___sys_sendmsg+0xf3/0x170 [ 2992.353094] ? sendmsg_copy_msghdr+0x160/0x160 [ 2992.353665] ? __fget_files+0x2cf/0x520 [ 2992.354155] ? lock_downgrade+0x6d0/0x6d0 [ 2992.354666] ? find_held_lock+0x2c/0x110 [ 2992.355172] ? __fget_files+0x2f8/0x520 [ 2992.355668] ? __fget_light+0xea/0x290 [ 2992.356174] __sys_sendmsg+0xe5/0x1b0 [ 2992.356649] ? __sys_sendmsg_sock+0x40/0x40 [ 2992.357180] ? rcu_read_lock_any_held+0x75/0xa0 [ 2992.357765] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.358406] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2992.359037] ? trace_hardirqs_on+0x5b/0x180 [ 2992.359572] do_syscall_64+0x33/0x40 [ 2992.360030] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.364687] RIP: 0033:0x7fb10e7f3b19 [ 2992.365148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2992.367406] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2992.368360] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 2992.369240] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2992.370122] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 2992.370998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2992.371869] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 2992.379209] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 2992.389598] FAULT_INJECTION: forcing a failure. [ 2992.389598] name failslab, interval 1, probability 0, space 0, times 0 [ 2992.391167] CPU: 0 PID: 23079 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 2992.392105] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2992.393192] Call Trace: [ 2992.393545] dump_stack+0x107/0x167 [ 2992.394023] should_fail.cold+0x5/0xa [ 2992.394526] ? create_object.isra.0+0x3a/0xa20 [ 2992.395128] should_failslab+0x5/0x20 [ 2992.395628] kmem_cache_alloc+0x5b/0x310 [ 2992.396184] create_object.isra.0+0x3a/0xa20 [ 2992.396758] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2992.397427] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2992.398089] ? netlink_trim+0x1ee/0x250 [ 2992.398618] pskb_expand_head+0x15a/0x1040 [ 2992.399179] netlink_trim+0x1ee/0x250 [ 2992.399682] netlink_broadcast_filtered+0x60/0xdc0 [ 2992.400342] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 2992.400970] ? rtmsg_ifinfo_build_skb+0xd1/0x1a0 [ 2992.401598] nlmsg_notify+0x94/0x290 [ 2992.402091] rtmsg_ifinfo+0xf0/0x120 [ 2992.402582] __dev_notify_flags+0x22a/0x2c0 [ 2992.403147] ? dev_change_name+0x660/0x660 [ 2992.403701] ? __dev_change_flags+0x4cf/0x6e0 [ 2992.404304] ? dev_set_allmulti+0x30/0x30 [ 2992.404862] dev_change_flags+0x100/0x160 [ 2992.405408] do_setlink+0x90c/0x3ac0 [ 2992.405908] ? vprintk_func+0x93/0x140 [ 2992.406417] ? rtnl_getlink+0xaa0/0xaa0 [ 2992.406938] ? printk+0xba/0xf1 [ 2992.407375] ? record_print_text.cold+0x16/0x16 [ 2992.407985] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2992.408684] ? trace_hardirqs_on+0x5b/0x180 [ 2992.409260] ? __nla_validate_parse+0x2d8/0x2b10 [ 2992.409883] ? perf_trace_lock+0xac/0x490 [ 2992.410429] ? nla_get_range_signed+0x520/0x520 [ 2992.411054] ? __lock_acquire+0xbb1/0x5b00 [ 2992.411635] __rtnl_newlink+0xc39/0x1700 [ 2992.412195] ? rtnl_setlink+0x3b0/0x3b0 [ 2992.412717] ? __is_insn_slot_addr+0x123/0x290 [ 2992.413322] ? unwind_next_frame+0x13ef/0x1a90 [ 2992.413920] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.414613] ? 0xffffffffa0000000 [ 2992.415068] ? __is_insn_slot_addr+0x14c/0x290 [ 2992.415668] ? kernel_text_address+0xf2/0x120 [ 2992.416273] ? __kernel_text_address+0x9/0x40 [ 2992.416859] ? unwind_get_return_address+0x55/0xa0 [ 2992.417500] ? create_prof_cpu_mask+0x20/0x20 [ 2992.418084] ? arch_stack_walk+0x99/0xf0 [ 2992.418625] ? stack_trace_save+0x8c/0xc0 [ 2992.419209] ? mark_held_locks+0x9e/0xe0 [ 2992.419743] ? trace_hardirqs_on+0x5b/0x180 [ 2992.420328] ? kasan_unpoison_shadow+0x33/0x50 [ 2992.420929] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2992.421599] rtnl_newlink+0x64/0xa0 [ 2992.422073] ? __rtnl_newlink+0x1700/0x1700 [ 2992.422636] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2992.423192] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2992.423725] ? perf_trace_lock+0xac/0x490 [ 2992.424303] ? __lockdep_reset_lock+0x180/0x180 [ 2992.424920] netlink_rcv_skb+0x14b/0x430 [ 2992.425450] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2992.425981] ? netlink_ack+0xab0/0xab0 [ 2992.426492] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2992.427094] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2992.427693] ? is_vmalloc_addr+0x7b/0xb0 [ 2992.428245] netlink_unicast+0x549/0x7f0 [ 2992.428784] ? netlink_attachskb+0x870/0x870 [ 2992.429366] netlink_sendmsg+0x90f/0xdf0 [ 2992.429902] ? netlink_unicast+0x7f0/0x7f0 [ 2992.430464] ? netlink_unicast+0x7f0/0x7f0 [ 2992.431025] __sock_sendmsg+0x154/0x190 [ 2992.431546] ____sys_sendmsg+0x70d/0x870 [ 2992.432086] ? sock_write_iter+0x3d0/0x3d0 [ 2992.432711] ? do_recvmmsg+0x6d0/0x6d0 [ 2992.433291] ? lock_downgrade+0x6d0/0x6d0 [ 2992.433908] ? __lockdep_reset_lock+0x180/0x180 [ 2992.434597] ___sys_sendmsg+0xf3/0x170 [ 2992.435172] ? sendmsg_copy_msghdr+0x160/0x160 [ 2992.435849] ? __fget_files+0x2cf/0x520 [ 2992.436445] ? lock_downgrade+0x6d0/0x6d0 [ 2992.437731] ? find_held_lock+0x2c/0x110 [ 2992.438740] ? __fget_files+0x2f8/0x520 [ 2992.439727] ? __fget_light+0xea/0x290 [ 2992.440725] __sys_sendmsg+0xe5/0x1b0 [ 2992.441666] ? __sys_sendmsg_sock+0x40/0x40 [ 2992.442738] ? rcu_read_lock_any_held+0x75/0xa0 [ 2992.443901] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.445470] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2992.447007] ? trace_hardirqs_on+0x5b/0x180 [ 2992.448310] do_syscall_64+0x33/0x40 [ 2992.449423] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.450962] RIP: 0033:0x7f6e57a6eb19 [ 2992.452065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2992.456479] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2992.458770] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 2992.460933] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2992.463077] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 2992.465238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2992.467386] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 2992.493173] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:56:11 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb177, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:11 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 32) [ 2992.501045] FAULT_INJECTION: forcing a failure. [ 2992.501045] name failslab, interval 1, probability 0, space 0, times 0 [ 2992.504630] CPU: 0 PID: 23087 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 2992.506722] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2992.509295] Call Trace: [ 2992.510085] dump_stack+0x107/0x167 [ 2992.511173] should_fail.cold+0x5/0xa [ 2992.511920] ? create_object.isra.0+0x3a/0xa20 [ 2992.514156] should_failslab+0x5/0x20 [ 2992.515849] kmem_cache_alloc+0x5b/0x310 [ 2992.517100] create_object.isra.0+0x3a/0xa20 [ 2992.518408] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2992.519930] kmem_cache_alloc_trace+0x151/0x320 [ 2992.521338] cfg80211_sinfo_alloc_tid_stats+0x8f/0x110 [ 2992.522909] sta_set_sinfo+0x2040/0x35c0 [ 2992.524136] ? kasan_unpoison_shadow+0x33/0x50 [ 2992.525493] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2992.527008] __sta_info_destroy_part2+0x2ce/0x4f0 [ 2992.528484] __sta_info_flush+0x3a0/0x520 [ 2992.529723] ? __sta_info_destroy+0x50/0x50 [ 2992.531009] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.532598] ? trace_hardirqs_on+0x5b/0x180 [ 2992.533880] ? cfg80211_put_bss+0x1b0/0x270 [ 2992.535168] ? __local_bh_enable_ip+0x9d/0x100 [ 2992.536552] ieee80211_ibss_disconnect+0x115/0x750 [ 2992.538015] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.539567] ieee80211_ibss_leave+0x12/0x160 [ 2992.540822] __cfg80211_leave_ibss+0x183/0x4f0 [ 2992.542186] __cfg80211_leave+0x14b/0x370 [ 2992.543425] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 2992.545069] ? ipmr_device_event+0x18b/0x1f0 [ 2992.546402] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 2992.547954] raw_notifier_call_chain+0xb3/0x110 [ 2992.549362] call_netdevice_notifiers_info+0xb5/0x130 [ 2992.550929] __dev_close_many+0xf3/0x2f0 [ 2992.552153] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 2992.553719] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.555280] ? __local_bh_enable_ip+0x9d/0x100 [ 2992.556649] ? trace_hardirqs_on+0x5b/0x180 [ 2992.557939] __dev_change_flags+0x299/0x6e0 [ 2992.559226] ? dev_set_allmulti+0x30/0x30 [ 2992.560507] dev_change_flags+0x8a/0x160 [ 2992.561725] do_setlink+0x90c/0x3ac0 [ 2992.562838] ? vprintk_func+0x93/0x140 [ 2992.564027] ? rtnl_getlink+0xaa0/0xaa0 [ 2992.565220] ? printk+0xba/0xf1 [ 2992.566205] ? record_print_text.cold+0x16/0x16 [ 2992.567590] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2992.569119] ? trace_hardirqs_on+0x5b/0x180 [ 2992.570417] ? __nla_validate_parse+0x2d8/0x2b10 [ 2992.571829] ? perf_trace_lock+0xac/0x490 [ 2992.573079] ? nla_get_range_signed+0x520/0x520 [ 2992.574467] ? __lock_acquire+0xbb1/0x5b00 [ 2992.575744] __rtnl_newlink+0xc39/0x1700 [ 2992.576999] ? rtnl_setlink+0x3b0/0x3b0 [ 2992.578183] ? __is_insn_slot_addr+0x123/0x290 [ 2992.579548] ? unwind_next_frame+0x13ef/0x1a90 [ 2992.580926] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.582520] ? 0xffffffffa0000000 [ 2992.583560] ? __is_insn_slot_addr+0x14c/0x290 [ 2992.584940] ? kernel_text_address+0xf2/0x120 [ 2992.586275] ? __kernel_text_address+0x9/0x40 [ 2992.587611] ? unwind_get_return_address+0x55/0xa0 [ 2992.589087] ? create_prof_cpu_mask+0x20/0x20 [ 2992.590426] ? arch_stack_walk+0x99/0xf0 [ 2992.591650] ? stack_trace_save+0x8c/0xc0 [ 2992.592966] ? mark_held_locks+0x9e/0xe0 [ 2992.594177] ? trace_hardirqs_on+0x5b/0x180 [ 2992.595464] ? kasan_unpoison_shadow+0x33/0x50 [ 2992.596860] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2992.598438] rtnl_newlink+0x64/0xa0 [ 2992.599527] ? __rtnl_newlink+0x1700/0x1700 [ 2992.600871] rtnetlink_rcv_msg+0x41e/0xbb0 [ 2992.602146] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2992.603354] ? perf_trace_lock+0xac/0x490 [ 2992.604617] ? __lockdep_reset_lock+0x180/0x180 [ 2992.606007] netlink_rcv_skb+0x14b/0x430 [ 2992.607219] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 2992.608444] ? netlink_ack+0xab0/0xab0 [ 2992.609599] ? netlink_deliver_tap+0x1ae/0xcc0 [ 2992.610971] ? netlink_deliver_tap+0x1c4/0xcc0 [ 2992.612349] ? is_vmalloc_addr+0x7b/0xb0 [ 2992.613560] netlink_unicast+0x549/0x7f0 [ 2992.614775] ? netlink_attachskb+0x870/0x870 [ 2992.616106] netlink_sendmsg+0x90f/0xdf0 [ 2992.617342] ? netlink_unicast+0x7f0/0x7f0 [ 2992.618611] ? netlink_unicast+0x7f0/0x7f0 [ 2992.619870] __sock_sendmsg+0x154/0x190 [ 2992.621071] ____sys_sendmsg+0x70d/0x870 [ 2992.622282] ? sock_write_iter+0x3d0/0x3d0 [ 2992.623543] ? do_recvmmsg+0x6d0/0x6d0 [ 2992.624728] ? lock_downgrade+0x6d0/0x6d0 [ 2992.625964] ? __lockdep_reset_lock+0x180/0x180 [ 2992.627358] ___sys_sendmsg+0xf3/0x170 [ 2992.628530] ? sendmsg_copy_msghdr+0x160/0x160 [ 2992.629894] ? __fget_files+0x2cf/0x520 [ 2992.631075] ? lock_downgrade+0x6d0/0x6d0 [ 2992.632344] ? find_held_lock+0x2c/0x110 [ 2992.633567] ? __fget_files+0x2f8/0x520 [ 2992.634754] ? __fget_light+0xea/0x290 [ 2992.635927] __sys_sendmsg+0xe5/0x1b0 [ 2992.637069] ? __sys_sendmsg_sock+0x40/0x40 [ 2992.638351] ? rcu_read_lock_any_held+0x75/0xa0 [ 2992.639753] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.641345] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2992.642885] ? trace_hardirqs_on+0x5b/0x180 [ 2992.644198] do_syscall_64+0x33/0x40 [ 2992.645311] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.646889] RIP: 0033:0x7ff152763b19 [ 2992.647997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2992.653583] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2992.655855] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 2992.658018] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 2992.660177] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 2992.662319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2992.664491] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 2992.673679] FAULT_INJECTION: forcing a failure. [ 2992.673679] name failslab, interval 1, probability 0, space 0, times 0 13:56:11 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x30) [ 2992.677162] CPU: 0 PID: 23213 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 2992.680282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2992.681500] Call Trace: [ 2992.681886] dump_stack+0x107/0x167 [ 2992.682422] should_fail.cold+0x5/0xa [ 2992.682990] ? create_object.isra.0+0x3a/0xa20 [ 2992.683657] should_failslab+0x5/0x20 [ 2992.684225] kmem_cache_alloc+0x5b/0x310 [ 2992.684827] create_object.isra.0+0x3a/0xa20 [ 2992.685475] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2992.686222] kmem_cache_alloc_trace+0x151/0x320 [ 2992.686911] io_uring_alloc_task_context+0x4a3/0x6a0 [ 2992.688612] ? io_import_iovec+0x1120/0x1120 [ 2992.689987] ? lock_downgrade+0x6d0/0x6d0 [ 2992.691357] ? do_raw_spin_lock+0x121/0x260 [ 2992.696802] ? rwlock_bug.part.0+0x90/0x90 [ 2992.698135] __io_uring_add_tctx_node+0x2c6/0x520 [ 2992.699717] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2992.701407] ? alloc_fd+0x2e7/0x670 [ 2992.702561] io_uring_setup+0x1fbb/0x2980 [ 2992.704917] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2992.706557] ? wait_for_completion_io+0x270/0x270 [ 2992.708086] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2992.709788] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2992.711433] do_syscall_64+0x33/0x40 [ 2992.712634] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2992.714289] RIP: 0033:0x7fbe2462eb19 [ 2992.715475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2992.721419] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2992.723792] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 2992.726085] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 2992.728423] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 2992.730688] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 2992.732946] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:56:12 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0048000101010100"], 0x1c}}, 0x0) 13:56:12 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c004c000101010100"], 0x1c}}, 0x0) [ 2992.761144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2992.763412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2992.764429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2992.765448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2992.765457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2992.765664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2992.767593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2992.773422] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 2992.788758] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3006.411377] FAULT_INJECTION: forcing a failure. [ 3006.411377] name failslab, interval 1, probability 0, space 0, times 0 [ 3006.412851] CPU: 1 PID: 23332 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3006.413765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3006.414843] Call Trace: [ 3006.415215] dump_stack+0x107/0x167 [ 3006.415695] should_fail.cold+0x5/0xa [ 3006.416212] ? io_wq_create+0xeb/0xc00 [ 3006.424790] should_failslab+0x5/0x20 [ 3006.425303] __kmalloc+0x72/0x390 [ 3006.425765] io_wq_create+0xeb/0xc00 [ 3006.426277] io_uring_alloc_task_context+0x1f1/0x6a0 [ 3006.426941] ? io_import_iovec+0x1120/0x1120 [ 3006.427529] ? io_apoll_task_func+0x2d0/0x2d0 [ 3006.428081] ? __io_req_find_next+0x300/0x300 [ 3006.432700] ? do_raw_spin_lock+0x121/0x260 [ 3006.433234] ? rwlock_bug.part.0+0x90/0x90 [ 3006.433769] __io_uring_add_tctx_node+0x2c6/0x520 [ 3006.434343] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3006.434991] ? alloc_fd+0x2e7/0x670 [ 3006.435472] io_uring_setup+0x1fbb/0x2980 [ 3006.436010] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3006.437164] ? wait_for_completion_io+0x270/0x270 [ 3006.437805] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.438476] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3006.439144] do_syscall_64+0x33/0x40 [ 3006.439620] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.440279] RIP: 0033:0x7fbe2462eb19 [ 3006.442106] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3006.444266] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3006.445210] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3006.446131] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3006.447066] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3006.447998] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3006.448992] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3006.455327] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:56:25 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb277, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:25 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 26) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:25 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 33) 13:56:25 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 33) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:25 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0068000101010100"], 0x1c}}, 0x0) 13:56:25 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x36) 13:56:25 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 15) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:25 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x40049409, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) [ 3006.468935] FAULT_INJECTION: forcing a failure. [ 3006.468935] name failslab, interval 1, probability 0, space 0, times 0 [ 3006.477966] CPU: 1 PID: 23337 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3006.478860] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3006.479944] Call Trace: [ 3006.480305] dump_stack+0x107/0x167 [ 3006.484818] should_fail.cold+0x5/0xa [ 3006.485316] ? __alloc_skb+0x6d/0x5b0 [ 3006.485809] should_failslab+0x5/0x20 [ 3006.486306] kmem_cache_alloc_node+0x55/0x330 [ 3006.486893] __alloc_skb+0x6d/0x5b0 [ 3006.487377] cfg80211_del_sta_sinfo+0x15e/0x470 [ 3006.487980] ? cfg80211_new_sta+0x370/0x370 [ 3006.488611] __sta_info_destroy_part2+0x310/0x4f0 [ 3006.489255] __sta_info_flush+0x3a0/0x520 [ 3006.489815] ? __sta_info_destroy+0x50/0x50 [ 3006.490386] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.491074] ? trace_hardirqs_on+0x5b/0x180 [ 3006.491641] ? cfg80211_put_bss+0x1b0/0x270 [ 3006.492208] ? __local_bh_enable_ip+0x9d/0x100 [ 3006.492836] ieee80211_ibss_disconnect+0x115/0x750 [ 3006.493483] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.494179] ieee80211_ibss_leave+0x12/0x160 [ 3006.494761] __cfg80211_leave_ibss+0x183/0x4f0 [ 3006.495370] __cfg80211_leave+0x14b/0x370 [ 3006.495926] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 3006.496652] ? ipmr_device_event+0x18b/0x1f0 [ 3006.497233] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3006.497919] raw_notifier_call_chain+0xb3/0x110 [ 3006.498546] call_netdevice_notifiers_info+0xb5/0x130 [ 3006.499228] __dev_close_many+0xf3/0x2f0 [ 3006.499768] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 3006.500461] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.505184] ? __local_bh_enable_ip+0x9d/0x100 [ 3006.505783] ? trace_hardirqs_on+0x5b/0x180 [ 3006.506359] __dev_change_flags+0x299/0x6e0 [ 3006.506932] ? dev_set_allmulti+0x30/0x30 [ 3006.507491] dev_change_flags+0x8a/0x160 [ 3006.508029] do_setlink+0x90c/0x3ac0 [ 3006.508522] ? mark_lock+0xf5/0x2df0 [ 3006.509029] ? lock_chain_count+0x20/0x20 [ 3006.509570] ? vprintk_func+0x93/0x140 [ 3006.510080] ? rtnl_getlink+0xaa0/0xaa0 [ 3006.510602] ? lock_chain_count+0x20/0x20 [ 3006.511154] ? record_print_text.cold+0x16/0x16 [ 3006.511776] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3006.512439] ? trace_hardirqs_on+0x5b/0x180 [ 3006.513046] ? mark_held_locks+0x9e/0xe0 [ 3006.513590] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.514285] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3006.514987] ? trace_hardirqs_on+0x5b/0x180 [ 3006.515553] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3006.516278] ? netdev_master_upper_dev_get+0xc/0x150 [ 3006.520972] ? kcov_remote_stop+0x310/0x310 [ 3006.521546] __rtnl_newlink+0xc39/0x1700 [ 3006.522091] ? rtnl_setlink+0x3b0/0x3b0 [ 3006.522609] ? __is_insn_slot_addr+0x123/0x290 [ 3006.523211] ? unwind_next_frame+0x13ef/0x1a90 [ 3006.523811] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.524509] ? 0xffffffffa0000000 [ 3006.524988] ? __is_insn_slot_addr+0x14c/0x290 [ 3006.525596] ? kernel_text_address+0xf2/0x120 [ 3006.526187] ? __kernel_text_address+0x9/0x40 [ 3006.526778] ? unwind_get_return_address+0x55/0xa0 [ 3006.527423] ? create_prof_cpu_mask+0x20/0x20 [ 3006.528014] ? arch_stack_walk+0x99/0xf0 [ 3006.528589] ? stack_trace_save+0x8c/0xc0 [ 3006.529237] ? mark_held_locks+0x9e/0xe0 [ 3006.529783] ? trace_hardirqs_on+0x5b/0x180 [ 3006.530360] ? kasan_unpoison_shadow+0x33/0x50 [ 3006.530967] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3006.531641] rtnl_newlink+0x64/0xa0 [ 3006.532123] ? __rtnl_newlink+0x1700/0x1700 [ 3006.532708] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3006.533272] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3006.533810] ? perf_trace_lock+0xac/0x490 [ 3006.534365] ? __lockdep_reset_lock+0x180/0x180 [ 3006.534987] netlink_rcv_skb+0x14b/0x430 [ 3006.535527] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3006.536066] ? netlink_ack+0xab0/0xab0 [ 3006.536595] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3006.537210] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3006.537812] ? is_vmalloc_addr+0x7b/0xb0 [ 3006.538359] netlink_unicast+0x549/0x7f0 [ 3006.538901] ? netlink_attachskb+0x870/0x870 [ 3006.539500] netlink_sendmsg+0x90f/0xdf0 [ 3006.540047] ? netlink_unicast+0x7f0/0x7f0 [ 3006.540640] ? netlink_unicast+0x7f0/0x7f0 [ 3006.541201] __sock_sendmsg+0x154/0x190 [ 3006.541732] ____sys_sendmsg+0x70d/0x870 [ 3006.542268] ? sock_write_iter+0x3d0/0x3d0 [ 3006.542817] ? do_recvmmsg+0x6d0/0x6d0 [ 3006.543332] ? lock_downgrade+0x6d0/0x6d0 [ 3006.543877] ? __lockdep_reset_lock+0x180/0x180 [ 3006.544496] ___sys_sendmsg+0xf3/0x170 [ 3006.545031] ? sendmsg_copy_msghdr+0x160/0x160 [ 3006.545644] ? __fget_files+0x2cf/0x520 [ 3006.546170] ? lock_downgrade+0x6d0/0x6d0 [ 3006.546719] ? find_held_lock+0x2c/0x110 [ 3006.547268] ? __fget_files+0x2f8/0x520 [ 3006.547809] ? __fget_light+0xea/0x290 [ 3006.548334] __sys_sendmsg+0xe5/0x1b0 [ 3006.548860] ? __sys_sendmsg_sock+0x40/0x40 [ 3006.549428] ? rcu_read_lock_any_held+0x75/0xa0 [ 3006.550063] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.550753] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3006.551428] ? trace_hardirqs_on+0x5b/0x180 [ 3006.551998] do_syscall_64+0x33/0x40 [ 3006.552498] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.553184] RIP: 0033:0x7ff152763b19 [ 3006.553684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3006.556067] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3006.557074] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3006.558000] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3006.558936] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3006.559866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3006.560812] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 13:56:25 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c006c000101010100"], 0x1c}}, 0x0) 13:56:25 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0074000101010100"], 0x1c}}, 0x0) [ 3006.599350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3006.609879] FAULT_INJECTION: forcing a failure. [ 3006.609879] name failslab, interval 1, probability 0, space 0, times 0 [ 3006.611396] CPU: 1 PID: 23344 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 3006.612301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3006.613399] Call Trace: [ 3006.613757] dump_stack+0x107/0x167 [ 3006.614245] should_fail.cold+0x5/0xa [ 3006.614752] ? ___slab_alloc+0x360/0x700 [ 3006.615290] ? create_object.isra.0+0x3a/0xa20 [ 3006.615896] should_failslab+0x5/0x20 [ 3006.616399] kmem_cache_alloc+0x5b/0x310 [ 3006.616969] create_object.isra.0+0x3a/0xa20 [ 3006.617548] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3006.618223] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3006.618886] ? inet6_rt_notify+0xed/0x2a0 [ 3006.619444] __alloc_skb+0xb1/0x5b0 [ 3006.619931] inet6_rt_notify+0xed/0x2a0 [ 3006.620465] fib6_del+0xf4c/0x1540 [ 3006.620984] ? fib6_locate+0x660/0x660 [ 3006.621503] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3006.622188] ? fib6_ifdown+0xc5/0x8f0 [ 3006.622702] fib6_clean_node+0x39e/0x570 [ 3006.623241] ? fib6_del+0x1540/0x1540 [ 3006.623749] ? fib6_clean_tree+0x14c/0x260 [ 3006.624321] fib6_walk_continue+0x35c/0x710 [ 3006.624909] ? trace_hardirqs_on+0x5b/0x180 [ 3006.625483] fib6_clean_tree+0x154/0x260 [ 3006.626022] ? fib6_ifup+0x260/0x260 [ 3006.626515] ? fib6_info_destroy_rcu+0x210/0x210 [ 3006.627146] ? fib6_del+0x1540/0x1540 [ 3006.627649] ? fib6_ifup+0x260/0x260 [ 3006.628141] ? spin_bug+0xf0/0x100 [ 3006.628626] ? lock_chain_count+0x20/0x20 [ 3006.629189] ? fib6_ifup+0x260/0x260 [ 3006.629687] __fib6_clean_all+0xf0/0x2a0 [ 3006.630231] rt6_disable_ip+0x4d5/0x5b0 [ 3006.630758] ? lock_chain_count+0x20/0x20 [ 3006.631314] ? rt6_sync_down_dev+0x150/0x150 [ 3006.631920] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3006.632558] ? addrconf_dad_run+0x180/0x180 [ 3006.633147] addrconf_notify+0x159/0x2410 [ 3006.633696] ? tun_device_event+0x71/0x1160 [ 3006.634267] ? mark_held_locks+0x9e/0xe0 [ 3006.634806] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3006.635488] ? inet6_ifinfo_notify+0x150/0x150 [ 3006.636087] ? failover_register+0x530/0x530 [ 3006.636703] raw_notifier_call_chain+0xb3/0x110 [ 3006.637326] call_netdevice_notifiers_info+0xb5/0x130 [ 3006.638006] __dev_notify_flags+0x1de/0x2c0 [ 3006.638575] ? dev_change_name+0x660/0x660 [ 3006.639135] ? __dev_change_flags+0x4cf/0x6e0 [ 3006.639730] ? dev_set_allmulti+0x30/0x30 [ 3006.640295] dev_change_flags+0x100/0x160 [ 3006.640875] do_setlink+0x90c/0x3ac0 [ 3006.641380] ? vprintk_func+0x93/0x140 [ 3006.641892] ? rtnl_getlink+0xaa0/0xaa0 [ 3006.642414] ? printk+0xba/0xf1 [ 3006.642854] ? record_print_text.cold+0x16/0x16 [ 3006.643469] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3006.644133] ? trace_hardirqs_on+0x5b/0x180 [ 3006.644731] ? __nla_validate_parse+0x2d8/0x2b10 [ 3006.645356] ? perf_trace_lock+0xac/0x490 [ 3006.645903] ? nla_get_range_signed+0x520/0x520 [ 3006.646499] ? __lock_acquire+0xbb1/0x5b00 [ 3006.647074] __rtnl_newlink+0xc39/0x1700 [ 3006.647615] ? rtnl_setlink+0x3b0/0x3b0 [ 3006.648131] ? __is_insn_slot_addr+0x123/0x290 [ 3006.648743] ? unwind_next_frame+0x13ef/0x1a90 [ 3006.649334] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.650017] ? 0xffffffffa0000000 [ 3006.650470] ? __is_insn_slot_addr+0x14c/0x290 [ 3006.651069] ? kernel_text_address+0xf2/0x120 [ 3006.651648] ? __kernel_text_address+0x9/0x40 [ 3006.652231] ? unwind_get_return_address+0x55/0xa0 [ 3006.652876] ? create_prof_cpu_mask+0x20/0x20 [ 3006.653453] ? arch_stack_walk+0x99/0xf0 [ 3006.654000] ? stack_trace_save+0x8c/0xc0 [ 3006.654610] ? mark_held_locks+0x9e/0xe0 [ 3006.655142] ? trace_hardirqs_on+0x5b/0x180 [ 3006.655702] ? kasan_unpoison_shadow+0x33/0x50 [ 3006.656290] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3006.656968] rtnl_newlink+0x64/0xa0 [ 3006.657440] ? __rtnl_newlink+0x1700/0x1700 [ 3006.657997] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3006.658546] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3006.659072] ? perf_trace_lock+0xac/0x490 [ 3006.659615] ? __lockdep_reset_lock+0x180/0x180 [ 3006.660234] netlink_rcv_skb+0x14b/0x430 [ 3006.660768] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3006.661299] ? netlink_ack+0xab0/0xab0 [ 3006.661798] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3006.662395] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3006.662989] ? is_vmalloc_addr+0x7b/0xb0 [ 3006.663521] netlink_unicast+0x549/0x7f0 [ 3006.664054] ? netlink_attachskb+0x870/0x870 [ 3006.664649] netlink_sendmsg+0x90f/0xdf0 [ 3006.664909] FAULT_INJECTION: forcing a failure. [ 3006.664909] name failslab, interval 1, probability 0, space 0, times 0 [ 3006.665187] ? netlink_unicast+0x7f0/0x7f0 [ 3006.667212] ? netlink_unicast+0x7f0/0x7f0 [ 3006.667770] __sock_sendmsg+0x154/0x190 [ 3006.668289] ____sys_sendmsg+0x70d/0x870 [ 3006.668841] ? sock_write_iter+0x3d0/0x3d0 [ 3006.669388] ? do_recvmmsg+0x6d0/0x6d0 [ 3006.669904] ? lock_downgrade+0x6d0/0x6d0 [ 3006.670443] ? __lockdep_reset_lock+0x180/0x180 [ 3006.671049] ___sys_sendmsg+0xf3/0x170 [ 3006.671561] ? sendmsg_copy_msghdr+0x160/0x160 [ 3006.672164] ? __fget_files+0x2cf/0x520 [ 3006.672693] ? lock_downgrade+0x6d0/0x6d0 [ 3006.673232] ? find_held_lock+0x2c/0x110 [ 3006.673773] ? __fget_files+0x2f8/0x520 [ 3006.674300] ? __fget_light+0xea/0x290 [ 3006.674813] __sys_sendmsg+0xe5/0x1b0 [ 3006.675309] ? __sys_sendmsg_sock+0x40/0x40 [ 3006.675863] ? rcu_read_lock_any_held+0x75/0xa0 [ 3006.676484] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.677179] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3006.677840] ? trace_hardirqs_on+0x5b/0x180 [ 3006.678402] do_syscall_64+0x33/0x40 [ 3006.678884] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.679544] RIP: 0033:0x7fb10e7f3b19 [ 3006.680025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3006.682379] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3006.683350] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 3006.684250] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3006.685170] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 3006.686072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3006.686974] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 13:56:25 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 34) [ 3006.687905] CPU: 0 PID: 23428 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3006.688858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3006.700671] Call Trace: [ 3006.701047] dump_stack+0x107/0x167 [ 3006.701520] should_fail.cold+0x5/0xa [ 3006.702033] ? create_object.isra.0+0x3a/0xa20 [ 3006.702651] should_failslab+0x5/0x20 [ 3006.703167] kmem_cache_alloc+0x5b/0x310 [ 3006.703714] create_object.isra.0+0x3a/0xa20 [ 3006.704302] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3006.705002] __kmalloc+0x16e/0x390 [ 3006.705500] io_wq_create+0xeb/0xc00 [ 3006.706013] io_uring_alloc_task_context+0x1f1/0x6a0 [ 3006.706691] ? io_import_iovec+0x1120/0x1120 [ 3006.707285] ? io_apoll_task_func+0x2d0/0x2d0 [ 3006.707881] ? __io_req_find_next+0x300/0x300 [ 3006.708477] ? do_raw_spin_lock+0x121/0x260 [ 3006.709071] ? rwlock_bug.part.0+0x90/0x90 [ 3006.709642] __io_uring_add_tctx_node+0x2c6/0x520 [ 3006.710285] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3006.710982] ? alloc_fd+0x2e7/0x670 [ 3006.711478] io_uring_setup+0x1fbb/0x2980 [ 3006.712038] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3006.713406] ? wait_for_completion_io+0x270/0x270 [ 3006.714077] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.714781] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3006.715467] do_syscall_64+0x33/0x40 [ 3006.715968] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.716666] RIP: 0033:0x7fbe2462eb19 [ 3006.717166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3006.719612] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3006.720955] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3006.721911] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3006.722859] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3006.723805] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3006.728762] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3006.731386] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3006.741338] FAULT_INJECTION: forcing a failure. [ 3006.741338] name failslab, interval 1, probability 0, space 0, times 0 [ 3006.742877] CPU: 0 PID: 23341 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 3006.743781] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3006.744892] Call Trace: [ 3006.745246] dump_stack+0x107/0x167 [ 3006.745726] should_fail.cold+0x5/0xa [ 3006.746230] ? __alloc_skb+0x6d/0x5b0 [ 3006.746735] should_failslab+0x5/0x20 [ 3006.747240] kmem_cache_alloc_node+0x55/0x330 [ 3006.747832] __alloc_skb+0x6d/0x5b0 [ 3006.748317] inet6_rt_notify+0xed/0x2a0 [ 3006.748869] fib6_del+0xf4c/0x1540 [ 3006.749346] ? fib6_locate+0x660/0x660 [ 3006.749862] ? fib6_ifdown+0xc5/0x8f0 [ 3006.750369] fib6_clean_node+0x39e/0x570 [ 3006.750904] ? fib6_del+0x1540/0x1540 [ 3006.751406] ? fib6_clean_tree+0x14c/0x260 [ 3006.751967] fib6_walk_continue+0x35c/0x710 [ 3006.752533] ? trace_hardirqs_on+0x5b/0x180 [ 3006.753136] fib6_clean_tree+0x154/0x260 [ 3006.753668] ? fib6_ifup+0x260/0x260 [ 3006.754157] ? fib6_info_destroy_rcu+0x210/0x210 [ 3006.754779] ? fib6_del+0x1540/0x1540 [ 3006.755280] ? fib6_ifup+0x260/0x260 [ 3006.755766] ? spin_bug+0xf0/0x100 [ 3006.756232] ? lock_chain_count+0x20/0x20 [ 3006.756798] ? fib6_ifup+0x260/0x260 [ 3006.757285] __fib6_clean_all+0xf0/0x2a0 [ 3006.757819] rt6_disable_ip+0x4d5/0x5b0 [ 3006.758343] ? lock_chain_count+0x20/0x20 [ 3006.758887] ? rt6_sync_down_dev+0x150/0x150 [ 3006.759472] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3006.760099] ? addrconf_dad_run+0x180/0x180 [ 3006.760693] addrconf_notify+0x159/0x2410 [ 3006.761251] ? tun_device_event+0x71/0x1160 [ 3006.761813] ? mark_held_locks+0x9e/0xe0 [ 3006.762345] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3006.763021] ? inet6_ifinfo_notify+0x150/0x150 [ 3006.763618] ? failover_register+0x530/0x530 [ 3006.764207] raw_notifier_call_chain+0xb3/0x110 [ 3006.764842] call_netdevice_notifiers_info+0xb5/0x130 [ 3006.765523] __dev_notify_flags+0x1de/0x2c0 [ 3006.766087] ? dev_change_name+0x660/0x660 [ 3006.766637] ? __dev_change_flags+0x4cf/0x6e0 [ 3006.767224] ? dev_set_allmulti+0x30/0x30 [ 3006.767774] dev_change_flags+0x100/0x160 [ 3006.768326] do_setlink+0x90c/0x3ac0 [ 3006.768845] ? lock_chain_count+0x20/0x20 [ 3006.769385] ? rtnl_getlink+0xaa0/0xaa0 [ 3006.769903] ? printk+0xba/0xf1 [ 3006.770334] ? record_print_text.cold+0x16/0x16 [ 3006.770944] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3006.771603] ? trace_hardirqs_on+0x5b/0x180 [ 3006.772182] ? mark_held_locks+0x9e/0xe0 [ 3006.772739] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.773423] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3006.774130] ? trace_hardirqs_on+0x5b/0x180 [ 3006.774694] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3006.775408] ? __dev_get_by_index+0x10/0x150 [ 3006.775986] __rtnl_newlink+0xc39/0x1700 [ 3006.776530] ? rtnl_setlink+0x3b0/0x3b0 [ 3006.777073] ? __is_insn_slot_addr+0x123/0x290 [ 3006.777676] ? unwind_next_frame+0x13ef/0x1a90 [ 3006.778272] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.778965] ? 0xffffffffa0000000 [ 3006.779421] ? __is_insn_slot_addr+0x14c/0x290 [ 3006.780022] ? kernel_text_address+0xf2/0x120 [ 3006.780623] ? __kernel_text_address+0x9/0x40 [ 3006.781210] ? unwind_get_return_address+0x55/0xa0 [ 3006.781854] ? create_prof_cpu_mask+0x20/0x20 [ 3006.782439] ? arch_stack_walk+0x99/0xf0 [ 3006.782990] ? stack_trace_save+0x8c/0xc0 [ 3006.783580] ? mark_held_locks+0x9e/0xe0 [ 3006.784116] ? trace_hardirqs_on+0x5b/0x180 [ 3006.784698] ? kasan_unpoison_shadow+0x33/0x50 [ 3006.785295] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3006.785961] rtnl_newlink+0x64/0xa0 [ 3006.786438] ? __rtnl_newlink+0x1700/0x1700 [ 3006.787001] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3006.787556] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3006.788088] ? perf_trace_lock+0xac/0x490 [ 3006.788654] ? __lockdep_reset_lock+0x180/0x180 [ 3006.789268] netlink_rcv_skb+0x14b/0x430 [ 3006.789800] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3006.790336] ? netlink_ack+0xab0/0xab0 [ 3006.790842] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3006.791441] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3006.792038] ? is_vmalloc_addr+0x7b/0xb0 [ 3006.792583] netlink_unicast+0x549/0x7f0 [ 3006.793124] ? netlink_attachskb+0x870/0x870 [ 3006.793708] netlink_sendmsg+0x90f/0xdf0 [ 3006.794245] ? netlink_unicast+0x7f0/0x7f0 [ 3006.794806] ? netlink_unicast+0x7f0/0x7f0 [ 3006.795359] __sock_sendmsg+0x154/0x190 [ 3006.795879] ____sys_sendmsg+0x70d/0x870 [ 3006.796419] ? sock_write_iter+0x3d0/0x3d0 [ 3006.796989] ? do_recvmmsg+0x6d0/0x6d0 [ 3006.797504] ? lock_downgrade+0x6d0/0x6d0 [ 3006.798048] ? __lockdep_reset_lock+0x180/0x180 [ 3006.798659] ___sys_sendmsg+0xf3/0x170 [ 3006.799175] ? sendmsg_copy_msghdr+0x160/0x160 [ 3006.799777] ? __fget_files+0x2cf/0x520 [ 3006.800296] ? lock_downgrade+0x6d0/0x6d0 [ 3006.800857] ? find_held_lock+0x2c/0x110 [ 3006.801396] ? __fget_files+0x2f8/0x520 [ 3006.801924] ? __fget_light+0xea/0x290 [ 3006.802442] __sys_sendmsg+0xe5/0x1b0 [ 3006.802945] ? __sys_sendmsg_sock+0x40/0x40 [ 3006.803509] ? rcu_read_lock_any_held+0x75/0xa0 [ 3006.804130] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3006.804834] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3006.805510] ? trace_hardirqs_on+0x5b/0x180 [ 3006.806073] do_syscall_64+0x33/0x40 [ 3006.806561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3006.807237] RIP: 0033:0x7f6e57a6eb19 [ 3006.807727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3006.810141] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3006.811136] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 3006.812065] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3006.813017] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 3006.813946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3006.814877] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 3006.830546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3006.831492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3006.832434] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3006.833360] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3006.836758] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3006.838853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3006.839737] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3006.840720] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3006.849761] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:56:40 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb377, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:40 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c007a000101010100"], 0x1c}}, 0x0) 13:56:40 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x40086602, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:56:40 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 27) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:40 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 16) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:40 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 35) [ 3020.777302] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3020.778260] FAULT_INJECTION: forcing a failure. 13:56:40 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 34) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:40 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3c) [ 3020.778260] name failslab, interval 1, probability 0, space 0, times 0 [ 3020.793854] CPU: 1 PID: 23476 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3020.794697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3020.795703] Call Trace: [ 3020.796033] dump_stack+0x107/0x167 [ 3020.796480] should_fail.cold+0x5/0xa [ 3020.796949] ? io_wq_create+0x6ef/0xc00 [ 3020.797468] should_failslab+0x5/0x20 [ 3020.797935] kmem_cache_alloc_node_trace+0x59/0x340 [ 3020.798549] io_wq_create+0x6ef/0xc00 [ 3020.799023] io_uring_alloc_task_context+0x1f1/0x6a0 [ 3020.799643] ? io_import_iovec+0x1120/0x1120 [ 3020.800179] ? io_apoll_task_func+0x2d0/0x2d0 [ 3020.800726] ? __io_req_find_next+0x300/0x300 [ 3020.801291] ? do_raw_spin_lock+0x121/0x260 [ 3020.801817] ? rwlock_bug.part.0+0x90/0x90 [ 3020.802337] __io_uring_add_tctx_node+0x2c6/0x520 [ 3020.802925] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3020.803564] ? alloc_fd+0x2e7/0x670 [ 3020.804016] io_uring_setup+0x1fbb/0x2980 [ 3020.804527] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3020.805166] ? wait_for_completion_io+0x270/0x270 [ 3020.809155] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3020.809827] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3020.810476] do_syscall_64+0x33/0x40 [ 3020.810959] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3020.811583] RIP: 0033:0x7fbe2462eb19 [ 3020.812042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3020.814355] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3020.815326] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3020.816229] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3020.817191] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3020.818093] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3020.818960] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3020.821792] FAULT_INJECTION: forcing a failure. [ 3020.821792] name failslab, interval 1, probability 0, space 0, times 0 [ 3020.823344] CPU: 0 PID: 23475 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3020.824258] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3020.825367] Call Trace: [ 3020.825728] dump_stack+0x107/0x167 [ 3020.826253] should_fail.cold+0x5/0xa [ 3020.826795] should_failslab+0x5/0x20 [ 3020.827300] __kmalloc_node_track_caller+0x74/0x3b0 [ 3020.827955] ? cfg80211_del_sta_sinfo+0x15e/0x470 [ 3020.828596] __alloc_skb+0xb1/0x5b0 [ 3020.829145] cfg80211_del_sta_sinfo+0x15e/0x470 [ 3020.829793] ? cfg80211_new_sta+0x370/0x370 [ 3020.830395] __sta_info_destroy_part2+0x310/0x4f0 [ 3020.831032] __sta_info_flush+0x3a0/0x520 [ 3020.831584] ? __sta_info_destroy+0x50/0x50 [ 3020.832198] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3020.832919] ? trace_hardirqs_on+0x5b/0x180 [ 3020.833512] ? cfg80211_put_bss+0x1b0/0x270 [ 3020.834080] ? __local_bh_enable_ip+0x9d/0x100 [ 3020.834681] ieee80211_ibss_disconnect+0x115/0x750 [ 3020.835370] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3020.836090] ieee80211_ibss_leave+0x12/0x160 [ 3020.836663] __cfg80211_leave_ibss+0x183/0x4f0 [ 3020.837286] __cfg80211_leave+0x14b/0x370 [ 3020.837860] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 3020.838581] ? ipmr_device_event+0x18b/0x1f0 [ 3020.839183] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3020.839864] raw_notifier_call_chain+0xb3/0x110 [ 3020.840476] call_netdevice_notifiers_info+0xb5/0x130 [ 3020.841216] __dev_close_many+0xf3/0x2f0 [ 3020.841777] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 3020.842469] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3020.843152] ? __local_bh_enable_ip+0x9d/0x100 [ 3020.843752] ? trace_hardirqs_on+0x5b/0x180 [ 3020.844371] __dev_change_flags+0x299/0x6e0 [ 3020.844969] ? dev_set_allmulti+0x30/0x30 [ 3020.845538] dev_change_flags+0x8a/0x160 [ 3020.846072] do_setlink+0x90c/0x3ac0 [ 3020.846567] ? vprintk_func+0x93/0x140 [ 3020.847121] ? rtnl_getlink+0xaa0/0xaa0 [ 3020.847643] ? printk+0xba/0xf1 [ 3020.848105] ? record_print_text.cold+0x16/0x16 [ 3020.848716] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3020.849400] ? trace_hardirqs_on+0x5b/0x180 [ 3020.850025] ? __nla_validate_parse+0x2d8/0x2b10 [ 3020.850651] ? perf_trace_lock+0xac/0x490 [ 3020.851231] ? nla_get_range_signed+0x520/0x520 [ 3020.851836] ? __lock_acquire+0xbb1/0x5b00 [ 3020.852408] __rtnl_newlink+0xc39/0x1700 [ 3020.852994] ? rtnl_setlink+0x3b0/0x3b0 [ 3020.853542] ? __is_insn_slot_addr+0x123/0x290 [ 3020.854176] ? unwind_next_frame+0x13ef/0x1a90 [ 3020.854773] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3020.855466] ? 0xffffffffa0000000 [ 3020.855963] ? __is_insn_slot_addr+0x14c/0x290 [ 3020.856571] ? kernel_text_address+0xf2/0x120 [ 3020.857209] ? __kernel_text_address+0x9/0x40 [ 3020.857796] ? unwind_get_return_address+0x55/0xa0 [ 3020.858437] ? create_prof_cpu_mask+0x20/0x20 [ 3020.859024] ? arch_stack_walk+0x99/0xf0 [ 3020.859568] ? stack_trace_save+0x8c/0xc0 [ 3020.860204] ? mark_held_locks+0x9e/0xe0 [ 3020.860757] ? trace_hardirqs_on+0x5b/0x180 [ 3020.861360] ? kasan_unpoison_shadow+0x33/0x50 [ 3020.861955] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3020.862621] rtnl_newlink+0x64/0xa0 [ 3020.863142] ? __rtnl_newlink+0x1700/0x1700 [ 3020.863712] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3020.864294] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3020.864825] ? perf_trace_lock+0xac/0x490 [ 3020.865405] ? __lockdep_reset_lock+0x180/0x180 [ 3020.866031] netlink_rcv_skb+0x14b/0x430 [ 3020.866566] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3020.867101] ? netlink_ack+0xab0/0xab0 [ 3020.867628] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3020.868259] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3020.869121] ? is_vmalloc_addr+0x7b/0xb0 [ 3020.869710] netlink_unicast+0x549/0x7f0 [ 3020.870275] ? netlink_attachskb+0x870/0x870 [ 3020.870858] netlink_sendmsg+0x90f/0xdf0 [ 3020.871395] ? netlink_unicast+0x7f0/0x7f0 [ 3020.872001] ? netlink_unicast+0x7f0/0x7f0 [ 3020.872562] __sock_sendmsg+0x154/0x190 [ 3020.873395] ____sys_sendmsg+0x70d/0x870 [ 3020.873932] ? sock_write_iter+0x3d0/0x3d0 [ 3020.874490] ? do_recvmmsg+0x6d0/0x6d0 [ 3020.875004] ? lock_downgrade+0x6d0/0x6d0 [ 3020.875552] ? __lockdep_reset_lock+0x180/0x180 [ 3020.876177] ___sys_sendmsg+0xf3/0x170 [ 3020.876693] ? sendmsg_copy_msghdr+0x160/0x160 [ 3020.877352] ? __fget_files+0x2cf/0x520 [ 3020.877878] ? lock_downgrade+0x6d0/0x6d0 [ 3020.878426] ? find_held_lock+0x2c/0x110 [ 3020.878968] ? __fget_files+0x2f8/0x520 [ 3020.879498] ? __fget_light+0xea/0x290 [ 3020.880017] __sys_sendmsg+0xe5/0x1b0 [ 3020.880520] ? __sys_sendmsg_sock+0x40/0x40 [ 3020.881102] ? rcu_read_lock_any_held+0x75/0xa0 [ 3020.881734] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3020.882424] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3020.883098] ? trace_hardirqs_on+0x5b/0x180 [ 3020.883666] do_syscall_64+0x33/0x40 [ 3020.884156] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3020.884835] RIP: 0033:0x7ff152763b19 [ 3020.885427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3020.887866] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3020.888862] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3020.889816] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3020.890766] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3020.891725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3020.892657] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 13:56:40 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x48) [ 3020.925890] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3020.930481] FAULT_INJECTION: forcing a failure. [ 3020.930481] name failslab, interval 1, probability 0, space 0, times 0 [ 3020.932075] CPU: 0 PID: 23471 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 3020.932991] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3020.934149] Call Trace: [ 3020.934502] dump_stack+0x107/0x167 [ 3020.935018] should_fail.cold+0x5/0xa [ 3020.935522] ? create_object.isra.0+0x3a/0xa20 [ 3020.936125] should_failslab+0x5/0x20 [ 3020.936626] kmem_cache_alloc+0x5b/0x310 [ 3020.937183] ? lock_acquire+0x197/0x470 [ 3020.937712] create_object.isra.0+0x3a/0xa20 [ 3020.938337] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3020.939043] kmem_cache_alloc_node+0x169/0x330 [ 3020.939653] __alloc_skb+0x6d/0x5b0 [ 3020.940139] inet6_rt_notify+0xed/0x2a0 [ 3020.940669] fib6_del+0xf4c/0x1540 [ 3020.941169] ? fib6_locate+0x660/0x660 [ 3020.941688] ? fib6_ifdown+0xc5/0x8f0 [ 3020.942239] fib6_clean_node+0x39e/0x570 [ 3020.942781] ? fib6_del+0x1540/0x1540 [ 3020.943290] ? fib6_clean_tree+0x14c/0x260 [ 3020.943857] fib6_walk_continue+0x35c/0x710 [ 3020.944425] ? trace_hardirqs_on+0x5b/0x180 [ 3020.944995] fib6_clean_tree+0x154/0x260 [ 3020.945556] ? fib6_ifup+0x260/0x260 [ 3020.946077] ? fib6_info_destroy_rcu+0x210/0x210 [ 3020.946728] ? fib6_del+0x1540/0x1540 [ 3020.947261] ? fib6_ifup+0x260/0x260 [ 3020.947753] ? spin_bug+0xf0/0x100 [ 3020.948221] ? lock_chain_count+0x20/0x20 [ 3020.948775] ? fib6_ifup+0x260/0x260 [ 3020.949285] __fib6_clean_all+0xf0/0x2a0 [ 3020.949823] rt6_disable_ip+0x4d5/0x5b0 [ 3020.950390] ? lock_chain_count+0x20/0x20 [ 3020.950965] ? rt6_sync_down_dev+0x150/0x150 [ 3020.951565] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3020.952202] ? addrconf_dad_run+0x180/0x180 [ 3020.952795] addrconf_notify+0x159/0x2410 [ 3020.953461] ? tun_device_event+0x71/0x1160 [ 3020.954062] ? mark_held_locks+0x9e/0xe0 [ 3020.954598] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3020.955280] ? inet6_ifinfo_notify+0x150/0x150 [ 3020.955882] ? failover_register+0x530/0x530 [ 3020.956471] raw_notifier_call_chain+0xb3/0x110 [ 3020.957101] call_netdevice_notifiers_info+0xb5/0x130 [ 3020.957786] __dev_notify_flags+0x1de/0x2c0 [ 3020.958406] ? dev_change_name+0x660/0x660 [ 3020.958984] ? __dev_change_flags+0x4cf/0x6e0 [ 3020.959587] ? dev_set_allmulti+0x30/0x30 [ 3020.960142] dev_change_flags+0x100/0x160 [ 3020.960694] do_setlink+0x90c/0x3ac0 [ 3020.961210] ? vprintk_func+0x93/0x140 [ 3020.961724] ? rtnl_getlink+0xaa0/0xaa0 [ 3020.962297] ? printk+0xba/0xf1 [ 3020.962738] ? record_print_text.cold+0x16/0x16 [ 3020.963381] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3020.964047] ? trace_hardirqs_on+0x5b/0x180 [ 3020.964627] ? __nla_validate_parse+0x2d8/0x2b10 [ 3020.965273] ? perf_trace_lock+0xac/0x490 [ 3020.965824] ? nla_get_range_signed+0x520/0x520 [ 3020.966449] ? __lock_acquire+0xbb1/0x5b00 [ 3020.967059] __rtnl_newlink+0xc39/0x1700 [ 3020.967606] ? rtnl_setlink+0x3b0/0x3b0 [ 3020.968136] ? __is_insn_slot_addr+0x123/0x290 [ 3020.968747] ? unwind_next_frame+0x13ef/0x1a90 [ 3020.973373] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3020.974075] ? 0xffffffffa0000000 [ 3020.974533] ? __is_insn_slot_addr+0x14c/0x290 [ 3020.975169] ? kernel_text_address+0xf2/0x120 [ 3020.975765] ? __kernel_text_address+0x9/0x40 [ 3020.976384] ? unwind_get_return_address+0x55/0xa0 [ 3020.977025] ? create_prof_cpu_mask+0x20/0x20 [ 3020.977635] ? arch_stack_walk+0x99/0xf0 [ 3020.978229] ? stack_trace_save+0x8c/0xc0 [ 3020.978824] ? mark_held_locks+0x9e/0xe0 [ 3020.979391] ? trace_hardirqs_on+0x5b/0x180 [ 3020.979956] ? kasan_unpoison_shadow+0x33/0x50 [ 3020.980553] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3020.981257] rtnl_newlink+0x64/0xa0 [ 3020.981740] ? __rtnl_newlink+0x1700/0x1700 [ 3020.982312] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3020.982873] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3020.983458] ? perf_trace_lock+0xac/0x490 [ 3020.984032] ? __lockdep_reset_lock+0x180/0x180 [ 3020.984658] netlink_rcv_skb+0x14b/0x430 [ 3020.985205] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3020.985742] ? netlink_ack+0xab0/0xab0 [ 3020.986297] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3020.986905] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3020.987533] ? is_vmalloc_addr+0x7b/0xb0 [ 3020.988070] netlink_unicast+0x549/0x7f0 [ 3020.988608] ? netlink_attachskb+0x870/0x870 [ 3020.989213] netlink_sendmsg+0x90f/0xdf0 [ 3020.989750] ? netlink_unicast+0x7f0/0x7f0 [ 3020.990313] ? netlink_unicast+0x7f0/0x7f0 [ 3020.990867] __sock_sendmsg+0x154/0x190 [ 3020.991430] ____sys_sendmsg+0x70d/0x870 [ 3020.991979] ? sock_write_iter+0x3d0/0x3d0 [ 3020.992555] ? do_recvmmsg+0x6d0/0x6d0 [ 3020.993088] ? lock_downgrade+0x6d0/0x6d0 [ 3020.993640] ? __lockdep_reset_lock+0x180/0x180 [ 3020.994293] ___sys_sendmsg+0xf3/0x170 [ 3020.994809] ? sendmsg_copy_msghdr+0x160/0x160 [ 3020.995443] ? __fget_files+0x2cf/0x520 [ 3020.995964] ? lock_downgrade+0x6d0/0x6d0 [ 3020.996510] ? find_held_lock+0x2c/0x110 [ 3021.001075] ? __fget_files+0x2f8/0x520 [ 3021.001651] ? __fget_light+0xea/0x290 [ 3021.002244] __sys_sendmsg+0xe5/0x1b0 [ 3021.002819] ? __sys_sendmsg_sock+0x40/0x40 [ 3021.003861] ? rcu_read_lock_any_held+0x75/0xa0 [ 3021.005358] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3021.006847] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3021.008309] ? trace_hardirqs_on+0x5b/0x180 [ 3021.009618] do_syscall_64+0x33/0x40 [ 3021.010727] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3021.012313] RIP: 0033:0x7f6e57a6eb19 [ 3021.013487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3021.019449] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3021.021627] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 3021.023918] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3021.026266] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 3021.028611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3021.030959] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 3021.037210] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3021.069051] FAULT_INJECTION: forcing a failure. [ 3021.069051] name failslab, interval 1, probability 0, space 0, times 0 [ 3021.070764] CPU: 1 PID: 23572 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 3021.071659] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3021.072707] Call Trace: [ 3021.073049] dump_stack+0x107/0x167 [ 3021.073547] should_fail.cold+0x5/0xa [ 3021.074026] ? create_object.isra.0+0x3a/0xa20 [ 3021.074620] should_failslab+0x5/0x20 [ 3021.075091] kmem_cache_alloc+0x5b/0x310 [ 3021.075595] create_object.isra.0+0x3a/0xa20 [ 3021.076134] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3021.076807] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3021.077486] ? inet6_rt_notify+0xed/0x2a0 [ 3021.078004] __alloc_skb+0xb1/0x5b0 [ 3021.078459] inet6_rt_notify+0xed/0x2a0 [ 3021.078952] fib6_del+0xf4c/0x1540 [ 3021.079398] ? fib6_locate+0x660/0x660 [ 3021.079880] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3021.080516] ? fib6_ifdown+0xc5/0x8f0 [ 3021.080988] fib6_clean_node+0x39e/0x570 [ 3021.081507] ? fib6_del+0x1540/0x1540 [ 3021.081976] ? fib6_clean_tree+0x14c/0x260 [ 3021.082509] fib6_walk_continue+0x35c/0x710 [ 3021.083039] ? trace_hardirqs_on+0x5b/0x180 [ 3021.083571] fib6_clean_tree+0x154/0x260 [ 3021.084067] ? fib6_ifup+0x260/0x260 [ 3021.084525] ? fib6_info_destroy_rcu+0x210/0x210 [ 3021.085229] ? fib6_del+0x1540/0x1540 [ 3021.086141] ? fib6_ifup+0x260/0x260 [ 3021.087021] ? spin_bug+0xf0/0x100 [ 3021.087863] ? lock_chain_count+0x20/0x20 [ 3021.088854] ? fib6_ifup+0x260/0x260 [ 3021.089922] __fib6_clean_all+0xf0/0x2a0 [ 3021.090913] rt6_disable_ip+0x4d5/0x5b0 [ 3021.091933] ? lock_chain_count+0x20/0x20 [ 3021.092979] ? rt6_sync_down_dev+0x150/0x150 [ 3021.094270] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3021.095471] ? addrconf_dad_run+0x180/0x180 [ 3021.096516] addrconf_notify+0x159/0x2410 [ 3021.097621] ? tun_device_event+0x71/0x1160 [ 3021.098674] ? mark_held_locks+0x9e/0xe0 [ 3021.099659] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3021.100921] ? inet6_ifinfo_notify+0x150/0x150 [ 3021.102228] ? failover_register+0x530/0x530 [ 3021.103281] raw_notifier_call_chain+0xb3/0x110 [ 3021.104398] call_netdevice_notifiers_info+0xb5/0x130 [ 3021.105774] __dev_notify_flags+0x1de/0x2c0 [ 3021.106824] ? dev_change_name+0x660/0x660 [ 3021.107854] ? __dev_change_flags+0x4cf/0x6e0 [ 3021.108947] ? dev_set_allmulti+0x30/0x30 [ 3021.109525] ? validate_linkmsg+0x495/0x8b0 [ 3021.110056] dev_change_flags+0x100/0x160 [ 3021.110579] do_setlink+0x90c/0x3ac0 [ 3021.111045] ? vprintk_func+0x93/0x140 [ 3021.111551] ? rtnl_getlink+0xaa0/0xaa0 [ 3021.112038] ? printk+0xba/0xf1 [ 3021.112443] ? record_print_text.cold+0x16/0x16 [ 3021.113040] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3021.114578] ? trace_hardirqs_on+0x5b/0x180 [ 3021.115642] ? __nla_validate_parse+0x2d8/0x2b10 [ 3021.116846] ? perf_trace_lock+0xac/0x490 [ 3021.117509] ? nla_get_range_signed+0x520/0x520 [ 3021.118077] ? __lock_acquire+0xbb1/0x5b00 [ 3021.118616] __rtnl_newlink+0xc39/0x1700 [ 3021.119130] ? rtnl_setlink+0x3b0/0x3b0 [ 3021.119667] ? __is_insn_slot_addr+0x123/0x290 [ 3021.120253] ? unwind_next_frame+0x13ef/0x1a90 [ 3021.120833] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3021.121544] ? 0xffffffffa0000000 [ 3021.121973] ? __is_insn_slot_addr+0x14c/0x290 [ 3021.122582] ? kernel_text_address+0xf2/0x120 [ 3021.123137] ? __kernel_text_address+0x9/0x40 [ 3021.123718] ? unwind_get_return_address+0x55/0xa0 [ 3021.124320] ? create_prof_cpu_mask+0x20/0x20 [ 3021.124870] ? arch_stack_walk+0x99/0xf0 [ 3021.125872] ? stack_trace_save+0x8c/0xc0 [ 3021.126989] ? mark_held_locks+0x9e/0xe0 [ 3021.128013] ? trace_hardirqs_on+0x5b/0x180 [ 3021.129074] ? kasan_unpoison_shadow+0x33/0x50 [ 3021.129657] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3021.130297] rtnl_newlink+0x64/0xa0 [ 3021.130758] ? __rtnl_newlink+0x1700/0x1700 [ 3021.131286] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3021.131808] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3021.132307] ? perf_trace_lock+0xac/0x490 [ 3021.132823] ? __lockdep_reset_lock+0x180/0x180 [ 3021.133452] netlink_rcv_skb+0x14b/0x430 [ 3021.133971] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3021.134506] ? netlink_ack+0xab0/0xab0 [ 3021.134983] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3021.135550] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3021.136112] ? is_vmalloc_addr+0x7b/0xb0 [ 3021.136616] netlink_unicast+0x549/0x7f0 [ 3021.137136] ? netlink_attachskb+0x870/0x870 [ 3021.137738] netlink_sendmsg+0x90f/0xdf0 [ 3021.138255] ? netlink_unicast+0x7f0/0x7f0 [ 3021.138809] ? netlink_unicast+0x7f0/0x7f0 [ 3021.139329] __sock_sendmsg+0x154/0x190 [ 3021.139822] ____sys_sendmsg+0x70d/0x870 [ 3021.140322] ? sock_write_iter+0x3d0/0x3d0 [ 3021.140848] ? do_recvmmsg+0x6d0/0x6d0 [ 3021.141341] ? lock_downgrade+0x6d0/0x6d0 [ 3021.141868] ? __lockdep_reset_lock+0x180/0x180 [ 3021.142479] ___sys_sendmsg+0xf3/0x170 [ 3021.142959] ? sendmsg_copy_msghdr+0x160/0x160 [ 3021.143523] ? __fget_files+0x2cf/0x520 [ 3021.144013] ? lock_downgrade+0x6d0/0x6d0 [ 3021.144561] ? find_held_lock+0x2c/0x110 [ 3021.145082] ? __fget_files+0x2f8/0x520 [ 3021.145587] ? __fget_light+0xea/0x290 [ 3021.146071] __sys_sendmsg+0xe5/0x1b0 [ 3021.146540] ? __sys_sendmsg_sock+0x40/0x40 [ 3021.147069] ? rcu_read_lock_any_held+0x75/0xa0 [ 3021.147656] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3021.148300] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3021.148980] ? trace_hardirqs_on+0x5b/0x180 [ 3021.149543] do_syscall_64+0x33/0x40 [ 3021.150003] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3021.150631] RIP: 0033:0x7fb10e7f3b19 [ 3021.151090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3021.153406] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3021.154348] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 3021.155223] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3021.156096] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 3021.157016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3021.157944] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 3021.161318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3021.162344] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3021.162964] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3021.163409] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3021.164070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3021.168640] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3021.213569] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3021.214774] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3021.215822] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3034.887950] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:56:54 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 36) 13:56:54 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 35) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:54 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x40087602, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:56:54 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 17) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3034.912474] FAULT_INJECTION: forcing a failure. [ 3034.912474] name failslab, interval 1, probability 0, space 0, times 0 [ 3034.914241] CPU: 1 PID: 23608 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3034.915274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3034.916458] Call Trace: [ 3034.916826] dump_stack+0x107/0x167 [ 3034.917426] should_fail.cold+0x5/0xa [ 3034.917977] ? create_object.isra.0+0x3a/0xa20 [ 3034.918670] should_failslab+0x5/0x20 [ 3034.919263] kmem_cache_alloc+0x5b/0x310 [ 3034.919835] ? io_wq_create+0x114/0xc00 [ 3034.920449] create_object.isra.0+0x3a/0xa20 [ 3034.921066] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3034.921890] kmem_cache_alloc_node_trace+0x16d/0x340 [ 3034.923533] io_wq_create+0x6ef/0xc00 [ 3034.924103] io_uring_alloc_task_context+0x1f1/0x6a0 [ 3034.924886] ? io_import_iovec+0x1120/0x1120 [ 3034.925637] ? io_apoll_task_func+0x2d0/0x2d0 [ 3034.926352] ? __io_req_find_next+0x300/0x300 [ 3034.928087] ? do_raw_spin_lock+0x121/0x260 [ 3034.928780] ? rwlock_bug.part.0+0x90/0x90 [ 3034.929478] __io_uring_add_tctx_node+0x2c6/0x520 [ 3034.930244] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3034.931011] ? alloc_fd+0x2e7/0x670 [ 3034.931607] io_uring_setup+0x1fbb/0x2980 [ 3034.932266] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3034.933015] ? wait_for_completion_io+0x270/0x270 [ 3034.933820] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3034.934652] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3034.935450] do_syscall_64+0x33/0x40 [ 3034.935998] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3034.936800] RIP: 0033:0x7fbe2462eb19 [ 3034.937424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3034.941128] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3034.942989] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3034.944036] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3034.945089] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3034.946168] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3034.947284] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:56:54 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb477, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:54 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0392000101010100"], 0x1c}}, 0x0) 13:56:54 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 28) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:56:54 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4c) [ 3034.957821] FAULT_INJECTION: forcing a failure. [ 3034.957821] name failslab, interval 1, probability 0, space 0, times 0 [ 3034.961656] CPU: 0 PID: 23597 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 3034.963751] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3034.966318] Call Trace: [ 3034.967158] dump_stack+0x107/0x167 [ 3034.968287] should_fail.cold+0x5/0xa [ 3034.969457] ? create_object.isra.0+0x3a/0xa20 [ 3034.970857] should_failslab+0x5/0x20 [ 3034.972010] kmem_cache_alloc+0x5b/0x310 [ 3034.978590] create_object.isra.0+0x3a/0xa20 [ 3034.979913] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3034.981452] kmem_cache_alloc_node+0x169/0x330 [ 3034.982858] __alloc_skb+0x6d/0x5b0 [ 3034.983951] inet6_rt_notify+0xed/0x2a0 [ 3034.985162] fib6_del+0xf4c/0x1540 [ 3034.986263] ? fib6_locate+0x660/0x660 [ 3034.987432] ? fib6_ifdown+0x18d/0x8f0 [ 3034.988619] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3034.990211] ? fib6_ifdown+0xc5/0x8f0 [ 3034.991376] fib6_clean_node+0x39e/0x570 [ 3034.992606] ? fib6_del+0x1540/0x1540 [ 3034.993778] ? fib6_walk_continue+0x100/0x710 [ 3034.995144] fib6_walk_continue+0x35c/0x710 [ 3034.996449] ? trace_hardirqs_on+0x5b/0x180 [ 3034.997778] fib6_clean_tree+0x154/0x260 [ 3034.999006] ? fib6_ifup+0x260/0x260 [ 3035.000137] ? fib6_info_destroy_rcu+0x210/0x210 [ 3035.001596] ? fib6_del+0x1540/0x1540 [ 3035.002752] ? fib6_ifup+0x260/0x260 [ 3035.003877] ? spin_bug+0xf0/0x100 [ 3035.004957] ? lock_chain_count+0x20/0x20 [ 3035.006245] ? fib6_ifup+0x260/0x260 [ 3035.007374] __fib6_clean_all+0xf0/0x2a0 [ 3035.008611] rt6_disable_ip+0x4d5/0x5b0 [ 3035.009833] ? lock_chain_count+0x20/0x20 [ 3035.011099] ? rt6_sync_down_dev+0x150/0x150 [ 3035.012448] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3035.013916] ? addrconf_dad_run+0x180/0x180 [ 3035.015247] addrconf_notify+0x159/0x2410 [ 3035.016510] ? tun_device_event+0x71/0x1160 [ 3035.017828] ? mark_held_locks+0x9e/0xe0 [ 3035.019061] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3035.020622] ? inet6_ifinfo_notify+0x150/0x150 [ 3035.022015] ? failover_register+0x530/0x530 [ 3035.023364] raw_notifier_call_chain+0xb3/0x110 [ 3035.024780] call_netdevice_notifiers_info+0xb5/0x130 [ 3035.026371] __dev_notify_flags+0x1de/0x2c0 [ 3035.027671] ? dev_change_name+0x660/0x660 [ 3035.028947] ? __dev_change_flags+0x4cf/0x6e0 [ 3035.030322] ? dev_set_allmulti+0x30/0x30 [ 3035.031593] dev_change_flags+0x100/0x160 [ 3035.032855] do_setlink+0x90c/0x3ac0 [ 3035.034004] ? vprintk_func+0x93/0x140 [ 3035.035166] ? rtnl_getlink+0xaa0/0xaa0 [ 3035.036436] ? printk+0xba/0xf1 [ 3035.037427] ? record_print_text.cold+0x16/0x16 [ 3035.042119] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3035.042779] ? trace_hardirqs_on+0x5b/0x180 [ 3035.043353] ? __nla_validate_parse+0x2d8/0x2b10 [ 3035.043973] ? perf_trace_lock+0xac/0x490 [ 3035.044517] ? nla_get_range_signed+0x520/0x520 [ 3035.045119] ? __lock_acquire+0xbb1/0x5b00 [ 3035.045706] __rtnl_newlink+0xc39/0x1700 [ 3035.046247] ? rtnl_setlink+0x3b0/0x3b0 [ 3035.046765] ? __is_insn_slot_addr+0x123/0x290 [ 3035.047365] ? unwind_next_frame+0x13ef/0x1a90 [ 3035.047957] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.048645] ? 0xffffffffa0000000 [ 3035.049098] ? __is_insn_slot_addr+0x14c/0x290 [ 3035.049733] ? kernel_text_address+0xf2/0x120 [ 3035.050315] ? __kernel_text_address+0x9/0x40 [ 3035.050898] ? unwind_get_return_address+0x55/0xa0 [ 3035.051533] ? create_prof_cpu_mask+0x20/0x20 [ 3035.052113] ? arch_stack_walk+0x99/0xf0 [ 3035.052653] ? stack_trace_save+0x8c/0xc0 [ 3035.053237] ? mark_held_locks+0x9e/0xe0 [ 3035.053782] ? trace_hardirqs_on+0x5b/0x180 [ 3035.054442] ? kasan_unpoison_shadow+0x33/0x50 [ 3035.055641] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3035.056305] rtnl_newlink+0x64/0xa0 [ 3035.056778] ? __rtnl_newlink+0x1700/0x1700 [ 3035.057338] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3035.057926] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.058457] ? perf_trace_lock+0xac/0x490 [ 3035.058999] ? __lockdep_reset_lock+0x180/0x180 [ 3035.059609] netlink_rcv_skb+0x14b/0x430 [ 3035.060136] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.060664] ? netlink_ack+0xab0/0xab0 [ 3035.061166] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3035.065270] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3035.065901] ? is_vmalloc_addr+0x7b/0xb0 [ 3035.066445] netlink_unicast+0x549/0x7f0 [ 3035.066978] ? netlink_attachskb+0x870/0x870 [ 3035.067558] netlink_sendmsg+0x90f/0xdf0 [ 3035.068090] ? netlink_unicast+0x7f0/0x7f0 [ 3035.068648] ? netlink_unicast+0x7f0/0x7f0 [ 3035.069197] __sock_sendmsg+0x154/0x190 [ 3035.069732] ____sys_sendmsg+0x70d/0x870 [ 3035.070263] ? sock_write_iter+0x3d0/0x3d0 [ 3035.070810] ? do_recvmmsg+0x6d0/0x6d0 [ 3035.071320] ? lock_downgrade+0x6d0/0x6d0 [ 3035.071861] ? __lockdep_reset_lock+0x180/0x180 [ 3035.072470] ___sys_sendmsg+0xf3/0x170 [ 3035.072978] ? sendmsg_copy_msghdr+0x160/0x160 [ 3035.077614] ? __fget_files+0x2cf/0x520 [ 3035.078149] ? lock_downgrade+0x6d0/0x6d0 [ 3035.078691] ? find_held_lock+0x2c/0x110 [ 3035.079233] ? __fget_files+0x2f8/0x520 [ 3035.079757] ? __fget_light+0xea/0x290 [ 3035.080270] __sys_sendmsg+0xe5/0x1b0 [ 3035.080766] ? __sys_sendmsg_sock+0x40/0x40 [ 3035.081325] ? rcu_read_lock_any_held+0x75/0xa0 [ 3035.081968] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.082650] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3035.083322] ? trace_hardirqs_on+0x5b/0x180 [ 3035.083888] do_syscall_64+0x33/0x40 [ 3035.084372] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.085038] RIP: 0033:0x7fb10e7f3b19 [ 3035.085531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3035.087923] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3035.088910] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 3035.089877] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3035.090815] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 3035.091741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3035.092672] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 3035.099185] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:56:54 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 37) 13:56:54 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb577, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:54 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0ec0000101010100"], 0x1c}}, 0x0) [ 3035.102732] FAULT_INJECTION: forcing a failure. [ 3035.102732] name failslab, interval 1, probability 0, space 0, times 0 [ 3035.104446] CPU: 0 PID: 23601 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3035.105588] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3035.106666] Call Trace: [ 3035.107012] dump_stack+0x107/0x167 [ 3035.107488] should_fail.cold+0x5/0xa [ 3035.107985] ? create_object.isra.0+0x3a/0xa20 [ 3035.108580] should_failslab+0x5/0x20 [ 3035.109075] kmem_cache_alloc+0x5b/0x310 [ 3035.109653] create_object.isra.0+0x3a/0xa20 [ 3035.110229] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3035.110891] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3035.111547] ? cfg80211_del_sta_sinfo+0x15e/0x470 [ 3035.112178] __alloc_skb+0xb1/0x5b0 [ 3035.112654] cfg80211_del_sta_sinfo+0x15e/0x470 [ 3035.113263] ? cfg80211_new_sta+0x370/0x370 [ 3035.113894] __sta_info_destroy_part2+0x310/0x4f0 [ 3035.114524] __sta_info_flush+0x3a0/0x520 [ 3035.115067] ? __sta_info_destroy+0x50/0x50 [ 3035.115628] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.116309] ? trace_hardirqs_on+0x5b/0x180 [ 3035.116866] ? cfg80211_put_bss+0x1b0/0x270 [ 3035.117423] ? __local_bh_enable_ip+0x9d/0x100 [ 3035.118165] ieee80211_ibss_disconnect+0x115/0x750 [ 3035.118867] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.119615] ieee80211_ibss_leave+0x12/0x160 [ 3035.120241] __cfg80211_leave_ibss+0x183/0x4f0 [ 3035.120893] __cfg80211_leave+0x14b/0x370 [ 3035.121441] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 3035.122160] ? ipmr_device_event+0x18b/0x1f0 [ 3035.122732] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3035.123404] raw_notifier_call_chain+0xb3/0x110 [ 3035.124011] call_netdevice_notifiers_info+0xb5/0x130 [ 3035.124682] __dev_close_many+0xf3/0x2f0 [ 3035.125211] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 3035.125922] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.126603] ? __local_bh_enable_ip+0x9d/0x100 [ 3035.127192] ? trace_hardirqs_on+0x5b/0x180 [ 3035.127754] __dev_change_flags+0x299/0x6e0 [ 3035.128324] ? dev_set_allmulti+0x30/0x30 [ 3035.128871] dev_change_flags+0x8a/0x160 [ 3035.129403] do_setlink+0x90c/0x3ac0 [ 3035.129927] ? vprintk_func+0x93/0x140 [ 3035.130434] ? rtnl_getlink+0xaa0/0xaa0 [ 3035.130949] ? printk+0xba/0xf1 [ 3035.131380] ? record_print_text.cold+0x16/0x16 [ 3035.131985] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3035.132639] ? trace_hardirqs_on+0x5b/0x180 [ 3035.133209] ? __nla_validate_parse+0x2d8/0x2b10 [ 3035.133866] ? perf_trace_lock+0xac/0x490 [ 3035.134410] ? nla_get_range_signed+0x520/0x520 [ 3035.135013] ? __lock_acquire+0xbb1/0x5b00 [ 3035.135580] __rtnl_newlink+0xc39/0x1700 [ 3035.136247] ? rtnl_setlink+0x3b0/0x3b0 [ 3035.136767] ? __is_insn_slot_addr+0x123/0x290 [ 3035.137368] ? unwind_next_frame+0x13ef/0x1a90 [ 3035.137988] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.138678] ? 0xffffffffa0000000 [ 3035.139133] ? __is_insn_slot_addr+0x14c/0x290 [ 3035.139733] ? kernel_text_address+0xf2/0x120 [ 3035.140317] ? __kernel_text_address+0x9/0x40 [ 3035.140902] ? unwind_get_return_address+0x55/0xa0 [ 3035.141552] ? create_prof_cpu_mask+0x20/0x20 [ 3035.142140] ? arch_stack_walk+0x99/0xf0 [ 3035.142685] ? stack_trace_save+0x8c/0xc0 [ 3035.143274] ? mark_held_locks+0x9e/0xe0 [ 3035.143808] ? trace_hardirqs_on+0x5b/0x180 [ 3035.144372] ? kasan_unpoison_shadow+0x33/0x50 [ 3035.144968] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3035.145649] rtnl_newlink+0x64/0xa0 [ 3035.146124] ? __rtnl_newlink+0x1700/0x1700 [ 3035.146687] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3035.147241] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.147772] ? perf_trace_lock+0xac/0x490 [ 3035.148318] ? __lockdep_reset_lock+0x180/0x180 [ 3035.149144] netlink_rcv_skb+0x14b/0x430 [ 3035.149694] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.150226] ? netlink_ack+0xab0/0xab0 [ 3035.150732] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3035.151335] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3035.151932] ? is_vmalloc_addr+0x7b/0xb0 [ 3035.152467] netlink_unicast+0x549/0x7f0 [ 3035.153002] ? netlink_attachskb+0x870/0x870 [ 3035.153613] netlink_sendmsg+0x90f/0xdf0 [ 3035.154170] ? netlink_unicast+0x7f0/0x7f0 [ 3035.154734] ? netlink_unicast+0x7f0/0x7f0 [ 3035.155288] __sock_sendmsg+0x154/0x190 [ 3035.155808] ____sys_sendmsg+0x70d/0x870 [ 3035.156342] ? sock_write_iter+0x3d0/0x3d0 [ 3035.156895] ? do_recvmmsg+0x6d0/0x6d0 [ 3035.157407] ? lock_downgrade+0x6d0/0x6d0 [ 3035.157988] ? __lockdep_reset_lock+0x180/0x180 [ 3035.158601] ___sys_sendmsg+0xf3/0x170 [ 3035.159112] ? sendmsg_copy_msghdr+0x160/0x160 [ 3035.159711] ? __fget_files+0x2cf/0x520 [ 3035.160231] ? lock_downgrade+0x6d0/0x6d0 [ 3035.160872] ? find_held_lock+0x2c/0x110 [ 3035.161476] ? __fget_files+0x2f8/0x520 [ 3035.162177] ? __fget_light+0xea/0x290 [ 3035.162692] __sys_sendmsg+0xe5/0x1b0 [ 3035.163189] ? __sys_sendmsg_sock+0x40/0x40 [ 3035.163752] ? rcu_read_lock_any_held+0x75/0xa0 [ 3035.164372] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.165056] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3035.165759] ? trace_hardirqs_on+0x5b/0x180 [ 3035.166325] do_syscall_64+0x33/0x40 [ 3035.166821] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.167494] RIP: 0033:0x7ff152763b19 [ 3035.167986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3035.170471] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3035.171524] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3035.172456] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3035.173385] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3035.174356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3035.175287] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3035.185862] FAULT_INJECTION: forcing a failure. [ 3035.185862] name failslab, interval 1, probability 0, space 0, times 0 [ 3035.187407] CPU: 0 PID: 23825 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3035.188313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3035.189398] Call Trace: [ 3035.189764] dump_stack+0x107/0x167 [ 3035.190245] should_fail.cold+0x5/0xa [ 3035.190750] ? __io_uring_add_tctx_node+0x15c/0x520 [ 3035.191406] should_failslab+0x5/0x20 [ 3035.192160] kmem_cache_alloc_trace+0x55/0x320 [ 3035.192762] __io_uring_add_tctx_node+0x15c/0x520 [ 3035.193389] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3035.194089] ? alloc_fd+0x2e7/0x670 [ 3035.194571] io_uring_setup+0x1fbb/0x2980 [ 3035.195118] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3035.195779] ? wait_for_completion_io+0x270/0x270 [ 3035.196422] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.197106] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3035.197809] do_syscall_64+0x33/0x40 [ 3035.198296] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.198965] RIP: 0033:0x7fbe2462eb19 [ 3035.199449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3035.201877] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3035.202869] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3035.203799] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3035.204725] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3035.205686] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3035.206617] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:56:54 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb677, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:54 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c18c8000101010100"], 0x1c}}, 0x0) 13:56:54 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 38) [ 3035.254808] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3035.259282] FAULT_INJECTION: forcing a failure. [ 3035.259282] name failslab, interval 1, probability 0, space 0, times 0 [ 3035.260734] CPU: 1 PID: 23606 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 3035.261598] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3035.262656] Call Trace: [ 3035.262988] dump_stack+0x107/0x167 [ 3035.263438] should_fail.cold+0x5/0xa [ 3035.263916] should_failslab+0x5/0x20 [ 3035.264387] __kmalloc_node_track_caller+0x74/0x3b0 [ 3035.264999] ? inet6_rt_notify+0xed/0x2a0 [ 3035.265538] __alloc_skb+0xb1/0x5b0 [ 3035.266002] inet6_rt_notify+0xed/0x2a0 [ 3035.266496] fib6_del+0xf4c/0x1540 [ 3035.266944] ? fib6_locate+0x660/0x660 [ 3035.267429] ? fib6_ifdown+0xc5/0x8f0 [ 3035.267903] fib6_clean_node+0x39e/0x570 [ 3035.268404] ? fib6_del+0x1540/0x1540 [ 3035.268873] ? fib6_clean_tree+0x14c/0x260 [ 3035.269400] fib6_walk_continue+0x35c/0x710 [ 3035.269944] ? trace_hardirqs_on+0x5b/0x180 [ 3035.270474] fib6_clean_tree+0x154/0x260 [ 3035.270972] ? fib6_ifup+0x260/0x260 [ 3035.271427] ? fib6_info_destroy_rcu+0x210/0x210 [ 3035.272013] ? fib6_del+0x1540/0x1540 [ 3035.272479] ? fib6_ifup+0x260/0x260 [ 3035.272936] ? spin_bug+0xf0/0x100 [ 3035.273374] ? lock_chain_count+0x20/0x20 [ 3035.273906] ? fib6_ifup+0x260/0x260 [ 3035.274362] __fib6_clean_all+0xf0/0x2a0 [ 3035.274862] rt6_disable_ip+0x4d5/0x5b0 [ 3035.275350] ? lock_chain_count+0x20/0x20 [ 3035.275862] ? rt6_sync_down_dev+0x150/0x150 [ 3035.276412] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3035.277001] ? addrconf_dad_run+0x180/0x180 [ 3035.277552] addrconf_notify+0x159/0x2410 [ 3035.278069] ? tun_device_event+0x71/0x1160 [ 3035.278597] ? mark_held_locks+0x9e/0xe0 [ 3035.279096] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3035.279735] ? inet6_ifinfo_notify+0x150/0x150 [ 3035.280294] ? failover_register+0x530/0x530 [ 3035.280843] raw_notifier_call_chain+0xb3/0x110 [ 3035.281420] call_netdevice_notifiers_info+0xb5/0x130 [ 3035.282066] __dev_notify_flags+0x1de/0x2c0 [ 3035.282600] ? dev_change_name+0x660/0x660 [ 3035.283124] ? __dev_change_flags+0x4cf/0x6e0 [ 3035.283676] ? dev_set_allmulti+0x30/0x30 [ 3035.284194] dev_change_flags+0x100/0x160 [ 3035.284707] do_setlink+0x90c/0x3ac0 [ 3035.285169] ? vprintk_func+0x93/0x140 [ 3035.285659] ? rtnl_getlink+0xaa0/0xaa0 [ 3035.286147] ? printk+0xba/0xf1 [ 3035.286556] ? record_print_text.cold+0x16/0x16 [ 3035.287127] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3035.287746] ? trace_hardirqs_on+0x5b/0x180 [ 3035.288291] ? __nla_validate_parse+0x2d8/0x2b10 [ 3035.288877] ? perf_trace_lock+0xac/0x490 [ 3035.289389] ? nla_get_range_signed+0x520/0x520 [ 3035.289975] ? __lock_acquire+0xbb1/0x5b00 [ 3035.290511] __rtnl_newlink+0xc39/0x1700 [ 3035.291020] ? rtnl_setlink+0x3b0/0x3b0 [ 3035.291510] ? __is_insn_slot_addr+0x123/0x290 [ 3035.292077] ? unwind_next_frame+0x13ef/0x1a90 [ 3035.292640] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.293292] ? 0xffffffffa0000000 [ 3035.293734] ? __is_insn_slot_addr+0x14c/0x290 [ 3035.294299] ? kernel_text_address+0xf2/0x120 [ 3035.294846] ? __kernel_text_address+0x9/0x40 [ 3035.295398] ? unwind_get_return_address+0x55/0xa0 [ 3035.296002] ? create_prof_cpu_mask+0x20/0x20 [ 3035.296554] ? arch_stack_walk+0x99/0xf0 [ 3035.297063] ? stack_trace_save+0x8c/0xc0 [ 3035.297631] ? mark_held_locks+0x9e/0xe0 [ 3035.298135] ? trace_hardirqs_on+0x5b/0x180 [ 3035.298674] ? kasan_unpoison_shadow+0x33/0x50 [ 3035.299231] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3035.299856] rtnl_newlink+0x64/0xa0 [ 3035.300301] ? __rtnl_newlink+0x1700/0x1700 [ 3035.300831] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3035.301357] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.301868] ? perf_trace_lock+0xac/0x490 [ 3035.302383] ? __lockdep_reset_lock+0x180/0x180 [ 3035.302960] netlink_rcv_skb+0x14b/0x430 [ 3035.303456] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.303956] ? netlink_ack+0xab0/0xab0 [ 3035.304445] ? rtnetlink_net_exit+0x80/0x80 [ 3035.304973] ? netlink_unicast+0x51f/0x7f0 [ 3035.305497] netlink_unicast+0x549/0x7f0 [ 3035.306016] ? netlink_attachskb+0x870/0x870 [ 3035.306563] netlink_sendmsg+0x90f/0xdf0 [ 3035.307067] ? netlink_unicast+0x7f0/0x7f0 [ 3035.307600] ? netlink_unicast+0x7f0/0x7f0 [ 3035.308119] __sock_sendmsg+0x154/0x190 [ 3035.308609] ____sys_sendmsg+0x70d/0x870 [ 3035.309110] ? sock_write_iter+0x3d0/0x3d0 [ 3035.309644] ? do_recvmmsg+0x6d0/0x6d0 [ 3035.310125] ? lock_downgrade+0x6d0/0x6d0 [ 3035.310635] ? __lockdep_reset_lock+0x180/0x180 [ 3035.311209] ___sys_sendmsg+0xf3/0x170 [ 3035.311688] ? sendmsg_copy_msghdr+0x160/0x160 [ 3035.312250] ? __fget_files+0x2cf/0x520 [ 3035.312739] ? lock_downgrade+0x6d0/0x6d0 [ 3035.313248] ? find_held_lock+0x2c/0x110 [ 3035.313772] ? __fget_files+0x2f8/0x520 [ 3035.314266] ? __fget_light+0xea/0x290 [ 3035.314751] __sys_sendmsg+0xe5/0x1b0 [ 3035.315220] ? __sys_sendmsg_sock+0x40/0x40 [ 3035.315750] ? rcu_read_lock_any_held+0x75/0xa0 [ 3035.316334] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.316975] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3035.317616] ? trace_hardirqs_on+0x5b/0x180 [ 3035.318146] do_syscall_64+0x33/0x40 [ 3035.318603] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.319228] RIP: 0033:0x7f6e57a6eb19 [ 3035.319685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3035.321946] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3035.322878] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 3035.323753] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3035.324625] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 3035.325498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3035.326388] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 13:56:54 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb777, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:56:54 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x68) [ 3035.333666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3035.334690] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3035.335679] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3035.362216] FAULT_INJECTION: forcing a failure. [ 3035.362216] name failslab, interval 1, probability 0, space 0, times 0 [ 3035.363671] CPU: 1 PID: 23983 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3035.364517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3035.365541] Call Trace: [ 3035.365873] dump_stack+0x107/0x167 [ 3035.366322] should_fail.cold+0x5/0xa [ 3035.366794] ? create_object.isra.0+0x3a/0xa20 [ 3035.367355] should_failslab+0x5/0x20 [ 3035.367824] kmem_cache_alloc+0x5b/0x310 [ 3035.368327] create_object.isra.0+0x3a/0xa20 [ 3035.368865] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3035.369490] kmem_cache_alloc_trace+0x151/0x320 [ 3035.370075] __io_uring_add_tctx_node+0x15c/0x520 [ 3035.370667] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3035.371311] ? io_uring_setup+0x1fb3/0x2980 [ 3035.371848] io_uring_setup+0x1fbb/0x2980 [ 3035.372363] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3035.372983] ? wait_for_completion_io+0x270/0x270 [ 3035.373601] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.374247] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3035.374885] do_syscall_64+0x33/0x40 [ 3035.375342] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.375973] RIP: 0033:0x7fbe2462eb19 [ 3035.376433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3035.378702] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3035.379631] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3035.380505] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3035.381380] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3035.382272] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3035.383144] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:56:54 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 36) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3035.435985] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3035.448328] FAULT_INJECTION: forcing a failure. [ 3035.448328] name failslab, interval 1, probability 0, space 0, times 0 [ 3035.450071] CPU: 1 PID: 24046 Comm: syz-executor.2 Not tainted 5.10.233 #1 [ 3035.450915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3035.451924] Call Trace: [ 3035.452262] dump_stack+0x107/0x167 [ 3035.452735] should_fail.cold+0x5/0xa [ 3035.453228] should_failslab+0x5/0x20 [ 3035.453721] __kmalloc_node_track_caller+0x74/0x3b0 [ 3035.454329] ? __neigh_notify+0x84/0x160 [ 3035.454833] __alloc_skb+0xb1/0x5b0 [ 3035.455282] __neigh_notify+0x84/0x160 [ 3035.455763] neigh_cleanup_and_release+0x78/0x220 [ 3035.456353] neigh_flush_dev+0x4ad/0x8b0 [ 3035.456868] __neigh_ifdown.isra.0+0x54/0x380 [ 3035.457422] neigh_ifdown+0x1b/0x30 [ 3035.457883] rt6_disable_ip+0x478/0x5b0 [ 3035.458369] ? lock_chain_count+0x20/0x20 [ 3035.458878] ? rt6_sync_down_dev+0x150/0x150 [ 3035.459427] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3035.460012] ? addrconf_dad_run+0x180/0x180 [ 3035.460552] addrconf_notify+0x159/0x2410 [ 3035.461061] ? tun_device_event+0x71/0x1160 [ 3035.461600] ? mark_held_locks+0x9e/0xe0 [ 3035.462099] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3035.462731] ? inet6_ifinfo_notify+0x150/0x150 [ 3035.463288] ? failover_register+0x530/0x530 [ 3035.463836] raw_notifier_call_chain+0xb3/0x110 [ 3035.464407] call_netdevice_notifiers_info+0xb5/0x130 [ 3035.465036] __dev_notify_flags+0x1de/0x2c0 [ 3035.465570] ? dev_change_name+0x660/0x660 [ 3035.466093] ? __dev_change_flags+0x4cf/0x6e0 [ 3035.466642] ? dev_set_allmulti+0x30/0x30 [ 3035.467157] dev_change_flags+0x100/0x160 [ 3035.467666] do_setlink+0x90c/0x3ac0 [ 3035.468124] ? mark_lock+0xf5/0x2df0 [ 3035.468581] ? vprintk_func+0x93/0x140 [ 3035.469055] ? rtnl_getlink+0xaa0/0xaa0 [ 3035.469547] ? lock_chain_count+0x20/0x20 [ 3035.470062] ? record_print_text.cold+0x16/0x16 [ 3035.470630] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3035.471247] ? trace_hardirqs_on+0x5b/0x180 [ 3035.471786] ? __nla_validate_parse+0x2d8/0x2b10 [ 3035.472368] ? mark_held_locks+0x9e/0xe0 [ 3035.472869] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.473509] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3035.474185] ? trace_hardirqs_on+0x5b/0x180 [ 3035.474713] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3035.475386] __rtnl_newlink+0xc39/0x1700 [ 3035.475894] ? rtnl_setlink+0x3b0/0x3b0 [ 3035.476380] ? __is_insn_slot_addr+0x123/0x290 [ 3035.476948] ? unwind_next_frame+0x13ef/0x1a90 [ 3035.477507] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.478165] ? 0xffffffffa0000000 [ 3035.478591] ? __is_insn_slot_addr+0x14c/0x290 [ 3035.479150] ? kernel_text_address+0xf2/0x120 [ 3035.479699] ? __kernel_text_address+0x9/0x40 [ 3035.480246] ? unwind_get_return_address+0x55/0xa0 [ 3035.480844] ? create_prof_cpu_mask+0x20/0x20 [ 3035.481391] ? arch_stack_walk+0x99/0xf0 [ 3035.481919] ? stack_trace_save+0x8c/0xc0 [ 3035.482472] ? mark_held_locks+0x9e/0xe0 [ 3035.482973] ? trace_hardirqs_on+0x5b/0x180 [ 3035.483502] ? kasan_unpoison_shadow+0x33/0x50 [ 3035.484059] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3035.484681] rtnl_newlink+0x64/0xa0 [ 3035.485124] ? __rtnl_newlink+0x1700/0x1700 [ 3035.485670] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3035.486190] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.486688] ? perf_trace_lock+0xac/0x490 [ 3035.487198] ? __lockdep_reset_lock+0x180/0x180 [ 3035.487773] netlink_rcv_skb+0x14b/0x430 [ 3035.488268] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3035.488766] ? netlink_ack+0xab0/0xab0 [ 3035.489240] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3035.489818] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3035.490379] ? is_vmalloc_addr+0x7b/0xb0 [ 3035.490884] netlink_unicast+0x549/0x7f0 [ 3035.491386] ? netlink_attachskb+0x870/0x870 [ 3035.491931] netlink_sendmsg+0x90f/0xdf0 [ 3035.492432] ? netlink_unicast+0x7f0/0x7f0 [ 3035.492960] ? netlink_unicast+0x7f0/0x7f0 [ 3035.493479] __sock_sendmsg+0x154/0x190 [ 3035.493982] ____sys_sendmsg+0x70d/0x870 [ 3035.494484] ? sock_write_iter+0x3d0/0x3d0 [ 3035.494999] ? do_recvmmsg+0x6d0/0x6d0 [ 3035.495481] ? lock_downgrade+0x6d0/0x6d0 [ 3035.495990] ? __lockdep_reset_lock+0x180/0x180 [ 3035.496565] ___sys_sendmsg+0xf3/0x170 [ 3035.497044] ? sendmsg_copy_msghdr+0x160/0x160 [ 3035.497621] ? __fget_files+0x2cf/0x520 [ 3035.498112] ? lock_downgrade+0x6d0/0x6d0 [ 3035.498620] ? find_held_lock+0x2c/0x110 [ 3035.499125] ? __fget_files+0x2f8/0x520 [ 3035.499620] ? __fget_light+0xea/0x290 [ 3035.500103] __sys_sendmsg+0xe5/0x1b0 [ 3035.500569] ? __sys_sendmsg_sock+0x40/0x40 [ 3035.501103] ? rcu_read_lock_any_held+0x75/0xa0 [ 3035.501705] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3035.502347] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3035.502976] ? trace_hardirqs_on+0x5b/0x180 [ 3035.503504] do_syscall_64+0x33/0x40 [ 3035.503960] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3035.504586] RIP: 0033:0x7fb10e7f3b19 [ 3035.505040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3035.507288] RSP: 002b:00007fb10bd69188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3035.508214] RAX: ffffffffffffffda RBX: 00007fb10e906f60 RCX: 00007fb10e7f3b19 [ 3035.509084] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3035.509969] RBP: 00007fb10bd691d0 R08: 0000000000000000 R09: 0000000000000000 [ 3035.510838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3035.511706] R13: 00007ffcab828ccf R14: 00007fb10bd69300 R15: 0000000000022000 [ 3035.522922] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3035.523955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3035.524996] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3035.525981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3035.526911] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3035.530546] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3035.531442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3035.533339] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3035.537675] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:57:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c02d7000101010100"], 0x1c}}, 0x0) [ 3050.342471] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:57:09 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6c) 13:57:09 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:09 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 37) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:09 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 39) 13:57:09 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb877, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:57:09 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x4020940d, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:57:09 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 29) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3050.354329] FAULT_INJECTION: forcing a failure. [ 3050.354329] name failslab, interval 1, probability 0, space 0, times 0 [ 3050.356063] CPU: 1 PID: 24064 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3050.356915] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3050.357931] Call Trace: [ 3050.362887] dump_stack+0x107/0x167 [ 3050.363460] should_fail.cold+0x5/0xa [ 3050.363941] ? xas_alloc+0x336/0x440 [ 3050.364551] should_failslab+0x5/0x20 [ 3050.365019] kmem_cache_alloc+0x5b/0x310 [ 3050.365666] ? stack_trace_consume_entry+0x160/0x160 [ 3050.366309] xas_alloc+0x336/0x440 [ 3050.366981] xas_create+0x34a/0x10d0 [ 3050.367451] ? kernel_text_address+0xf2/0x120 [ 3050.368003] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3050.368645] xas_store+0x8c/0x1c40 [ 3050.369091] __xa_store+0x164/0x2d0 [ 3050.369540] ? xa_delete_node+0x280/0x280 [ 3050.370065] ? trace_hardirqs_on+0x5b/0x180 [ 3050.370608] xa_store+0x31/0x50 [ 3050.371014] __io_uring_add_tctx_node+0x1cf/0x520 [ 3050.371606] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3050.372245] ? alloc_fd+0x2e7/0x670 [ 3050.372700] io_uring_setup+0x1fbb/0x2980 [ 3050.373211] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3050.373833] ? wait_for_completion_io+0x270/0x270 [ 3050.374456] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.375095] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3050.375727] do_syscall_64+0x33/0x40 [ 3050.376182] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3050.376811] RIP: 0033:0x7fbe2462eb19 [ 3050.377268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3050.379529] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3050.380461] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3050.381332] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3050.386663] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3050.387692] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3050.388688] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:57:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00f0000101010100"], 0x1c}}, 0x0) [ 3050.403711] FAULT_INJECTION: forcing a failure. [ 3050.403711] name failslab, interval 1, probability 0, space 0, times 0 [ 3050.405344] CPU: 0 PID: 24063 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 3050.406299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3050.407388] Call Trace: [ 3050.407743] dump_stack+0x107/0x167 [ 3050.408223] should_fail.cold+0x5/0xa [ 3050.408727] ? ___slab_alloc+0x155/0x700 [ 3050.409260] ? create_object.isra.0+0x3a/0xa20 [ 3050.409857] should_failslab+0x5/0x20 [ 3050.410389] kmem_cache_alloc+0x5b/0x310 [ 3050.410925] create_object.isra.0+0x3a/0xa20 [ 3050.411497] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3050.412162] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3050.412822] ? inet6_rt_notify+0xed/0x2a0 [ 3050.413369] __alloc_skb+0xb1/0x5b0 [ 3050.413847] inet6_rt_notify+0xed/0x2a0 [ 3050.414389] fib6_del+0xf4c/0x1540 [ 3050.414864] ? fib6_locate+0x660/0x660 [ 3050.415374] ? fib6_ifdown+0xc5/0x8f0 [ 3050.415878] fib6_clean_node+0x39e/0x570 [ 3050.416409] ? fib6_del+0x1540/0x1540 [ 3050.416908] ? fib6_clean_tree+0x14c/0x260 [ 3050.417466] fib6_walk_continue+0x35c/0x710 [ 3050.418029] ? trace_hardirqs_on+0x5b/0x180 [ 3050.418608] fib6_clean_tree+0x154/0x260 [ 3050.419137] ? fib6_ifup+0x260/0x260 [ 3050.419622] ? fib6_info_destroy_rcu+0x210/0x210 [ 3050.420242] ? fib6_del+0x1540/0x1540 [ 3050.420739] ? fib6_ifup+0x260/0x260 [ 3050.421223] ? spin_bug+0xf0/0x100 [ 3050.421687] ? lock_chain_count+0x20/0x20 [ 3050.422268] ? fib6_ifup+0x260/0x260 [ 3050.422755] __fib6_clean_all+0xf0/0x2a0 [ 3050.423286] rt6_disable_ip+0x4d5/0x5b0 [ 3050.423805] ? lock_chain_count+0x20/0x20 [ 3050.424348] ? rt6_sync_down_dev+0x150/0x150 [ 3050.424931] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3050.425555] ? addrconf_dad_run+0x180/0x180 [ 3050.426143] addrconf_notify+0x159/0x2410 [ 3050.426687] ? tun_device_event+0x71/0x1160 [ 3050.427248] ? mark_held_locks+0x9e/0xe0 [ 3050.427779] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3050.428451] ? inet6_ifinfo_notify+0x150/0x150 [ 3050.429045] ? failover_register+0x530/0x530 [ 3050.429629] raw_notifier_call_chain+0xb3/0x110 [ 3050.430252] call_netdevice_notifiers_info+0xb5/0x130 [ 3050.430926] __dev_notify_flags+0x1de/0x2c0 [ 3050.431487] ? dev_change_name+0x660/0x660 [ 3050.432037] ? __dev_change_flags+0x4cf/0x6e0 [ 3050.432623] ? dev_set_allmulti+0x30/0x30 [ 3050.433173] dev_change_flags+0x100/0x160 [ 3050.433716] do_setlink+0x90c/0x3ac0 [ 3050.434215] ? lock_chain_count+0x20/0x20 [ 3050.434756] ? lock_chain_count+0x20/0x20 [ 3050.435295] ? rtnl_getlink+0xaa0/0xaa0 [ 3050.435811] ? printk+0xba/0xf1 [ 3050.436242] ? record_print_text.cold+0x16/0x16 [ 3050.436850] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3050.437508] ? trace_hardirqs_on+0x5b/0x180 [ 3050.438098] ? mark_held_locks+0x9e/0xe0 [ 3050.438643] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.439325] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3050.440025] ? trace_hardirqs_on+0x5b/0x180 [ 3050.440587] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3050.441297] ? validate_linkmsg+0x27/0x8b0 [ 3050.441846] ? validate_linkmsg+0x35/0x8b0 [ 3050.442419] __rtnl_newlink+0xc39/0x1700 [ 3050.442959] ? rtnl_setlink+0x3b0/0x3b0 [ 3050.443480] ? __is_insn_slot_addr+0x123/0x290 [ 3050.444080] ? unwind_next_frame+0x13ef/0x1a90 [ 3050.444674] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3050.445364] ? 0xffffffffa0000000 [ 3050.445818] ? __is_insn_slot_addr+0x14c/0x290 [ 3050.446428] ? kernel_text_address+0xf2/0x120 [ 3050.447012] ? __kernel_text_address+0x9/0x40 [ 3050.447596] ? unwind_get_return_address+0x55/0xa0 [ 3050.448235] ? create_prof_cpu_mask+0x20/0x20 [ 3050.448818] ? arch_stack_walk+0x99/0xf0 [ 3050.449357] ? stack_trace_save+0x8c/0xc0 [ 3050.449942] ? mark_held_locks+0x9e/0xe0 [ 3050.450480] ? trace_hardirqs_on+0x5b/0x180 [ 3050.451041] ? kasan_unpoison_shadow+0x33/0x50 [ 3050.451632] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3050.452291] rtnl_newlink+0x64/0xa0 [ 3050.452762] ? __rtnl_newlink+0x1700/0x1700 [ 3050.453321] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3050.453873] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3050.454420] ? perf_trace_lock+0xac/0x490 [ 3050.454964] ? __lockdep_reset_lock+0x180/0x180 [ 3050.455572] netlink_rcv_skb+0x14b/0x430 [ 3050.456098] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3050.456626] ? netlink_ack+0xab0/0xab0 [ 3050.457129] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3050.457724] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3050.458342] ? is_vmalloc_addr+0x7b/0xb0 [ 3050.458891] netlink_unicast+0x549/0x7f0 [ 3050.459440] ? netlink_attachskb+0x870/0x870 [ 3050.460043] netlink_sendmsg+0x90f/0xdf0 [ 3050.460596] ? netlink_unicast+0x7f0/0x7f0 [ 3050.461176] ? netlink_unicast+0x7f0/0x7f0 [ 3050.461745] __sock_sendmsg+0x154/0x190 [ 3050.462290] ____sys_sendmsg+0x70d/0x870 [ 3050.462823] ? sock_write_iter+0x3d0/0x3d0 [ 3050.463370] ? do_recvmmsg+0x6d0/0x6d0 [ 3050.463879] ? lock_downgrade+0x6d0/0x6d0 [ 3050.464419] ? __lockdep_reset_lock+0x180/0x180 [ 3050.465027] ___sys_sendmsg+0xf3/0x170 [ 3050.465534] ? sendmsg_copy_msghdr+0x160/0x160 [ 3050.466153] ? __fget_files+0x2cf/0x520 [ 3050.466687] ? lock_downgrade+0x6d0/0x6d0 [ 3050.467245] ? find_held_lock+0x2c/0x110 [ 3050.467798] ? __fget_files+0x2f8/0x520 [ 3050.468342] ? __fget_light+0xea/0x290 [ 3050.468874] __sys_sendmsg+0xe5/0x1b0 [ 3050.469386] ? __sys_sendmsg_sock+0x40/0x40 [ 3050.469964] ? rcu_read_lock_any_held+0x75/0xa0 [ 3050.470607] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.471288] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3050.471954] ? trace_hardirqs_on+0x5b/0x180 [ 3050.472516] do_syscall_64+0x33/0x40 [ 3050.472999] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3050.473665] RIP: 0033:0x7f6e57a6eb19 [ 3050.474175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3050.476589] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3050.477576] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 3050.478512] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3050.479435] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 3050.480359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3050.481282] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 3050.487690] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3050.489985] FAULT_INJECTION: forcing a failure. [ 3050.489985] name failslab, interval 1, probability 0, space 0, times 0 [ 3050.491491] CPU: 0 PID: 24059 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3050.492391] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3050.493467] Call Trace: [ 3050.493812] dump_stack+0x107/0x167 [ 3050.494322] should_fail.cold+0x5/0xa [ 3050.494849] should_failslab+0x5/0x20 [ 3050.495371] __kmalloc_node_track_caller+0x74/0x3b0 [ 3050.496040] ? netlink_trim+0x1ee/0x250 [ 3050.496591] pskb_expand_head+0x15a/0x1040 [ 3050.497147] ? nl80211_send_station+0xee3/0x30c0 [ 3050.497763] netlink_trim+0x1ee/0x250 [ 3050.498275] netlink_broadcast_filtered+0x60/0xdc0 [ 3050.498925] netlink_broadcast+0x35/0x50 [ 3050.499455] cfg80211_del_sta_sinfo+0x265/0x470 [ 3050.500060] ? cfg80211_new_sta+0x370/0x370 [ 3050.500653] __sta_info_destroy_part2+0x310/0x4f0 [ 3050.501282] __sta_info_flush+0x3a0/0x520 [ 3050.501827] ? __sta_info_destroy+0x50/0x50 [ 3050.502421] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.503129] ? trace_hardirqs_on+0x5b/0x180 [ 3050.503716] ? cfg80211_put_bss+0x1b0/0x270 [ 3050.504301] ? __local_bh_enable_ip+0x9d/0x100 [ 3050.504921] ieee80211_ibss_disconnect+0x115/0x750 [ 3050.505577] ? ieee80211_sched_scan_start+0xd0/0xd0 [ 3050.506266] ieee80211_ibss_leave+0x12/0x160 [ 3050.506857] __cfg80211_leave_ibss+0x183/0x4f0 [ 3050.507482] __cfg80211_leave+0x14b/0x370 [ 3050.508058] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 3050.508779] ? ipmr_device_event+0x18b/0x1f0 [ 3050.509378] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3050.510166] raw_notifier_call_chain+0xb3/0x110 [ 3050.510778] call_netdevice_notifiers_info+0xb5/0x130 [ 3050.511449] __dev_close_many+0xf3/0x2f0 [ 3050.511979] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 3050.512662] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.513340] ? __local_bh_enable_ip+0x9d/0x100 13:57:09 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 40) 13:57:09 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb977, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3050.513930] ? trace_hardirqs_on+0x5b/0x180 [ 3050.514511] __dev_change_flags+0x299/0x6e0 [ 3050.518515] ? dev_set_allmulti+0x30/0x30 [ 3050.519087] dev_change_flags+0x8a/0x160 [ 3050.519639] do_setlink+0x90c/0x3ac0 [ 3050.520149] ? vprintk_func+0x93/0x140 [ 3050.520671] ? rtnl_getlink+0xaa0/0xaa0 [ 3050.521202] ? printk+0xba/0xf1 [ 3050.521650] ? record_print_text.cold+0x16/0x16 [ 3050.522301] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3050.522964] ? trace_hardirqs_on+0x5b/0x180 [ 3050.523542] ? __nla_validate_parse+0x2d8/0x2b10 [ 3050.524165] ? perf_trace_lock+0xac/0x490 [ 3050.524711] ? nla_get_range_signed+0x520/0x520 [ 3050.525318] ? __lock_acquire+0xbb1/0x5b00 [ 3050.525888] __rtnl_newlink+0xc39/0x1700 [ 3050.526471] ? rtnl_setlink+0x3b0/0x3b0 [ 3050.527011] ? __is_insn_slot_addr+0x123/0x290 [ 3050.527636] ? unwind_next_frame+0x13ef/0x1a90 [ 3050.528254] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3050.528974] ? 0xffffffffa0000000 [ 3050.529447] ? __is_insn_slot_addr+0x14c/0x290 [ 3050.530081] ? kernel_text_address+0xf2/0x120 [ 3050.530678] ? __kernel_text_address+0x9/0x40 [ 3050.531265] ? unwind_get_return_address+0x55/0xa0 [ 3050.531907] ? create_prof_cpu_mask+0x20/0x20 [ 3050.532492] ? arch_stack_walk+0x99/0xf0 [ 3050.533037] ? stack_trace_save+0x8c/0xc0 [ 3050.533628] ? mark_held_locks+0x9e/0xe0 [ 3050.534199] ? trace_hardirqs_on+0x5b/0x180 [ 3050.534779] ? kasan_unpoison_shadow+0x33/0x50 [ 3050.535390] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3050.536078] rtnl_newlink+0x64/0xa0 [ 3050.536569] ? __rtnl_newlink+0x1700/0x1700 [ 3050.537153] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3050.537726] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3050.538292] ? perf_trace_lock+0xac/0x490 [ 3050.538857] ? __lockdep_reset_lock+0x180/0x180 [ 3050.539499] netlink_rcv_skb+0x14b/0x430 [ 3050.540046] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3050.540598] ? netlink_ack+0xab0/0xab0 [ 3050.541118] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3050.541740] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3050.542372] ? is_vmalloc_addr+0x7b/0xb0 [ 3050.542912] netlink_unicast+0x549/0x7f0 [ 3050.543446] ? netlink_attachskb+0x870/0x870 [ 3050.544035] netlink_sendmsg+0x90f/0xdf0 [ 3050.544575] ? netlink_unicast+0x7f0/0x7f0 [ 3050.545137] ? netlink_unicast+0x7f0/0x7f0 [ 3050.545690] __sock_sendmsg+0x154/0x190 [ 3050.546232] ____sys_sendmsg+0x70d/0x870 [ 3050.546766] ? sock_write_iter+0x3d0/0x3d0 [ 3050.547318] ? do_recvmmsg+0x6d0/0x6d0 [ 3050.547833] ? lock_downgrade+0x6d0/0x6d0 [ 3050.548379] ? __lockdep_reset_lock+0x180/0x180 [ 3050.549001] ___sys_sendmsg+0xf3/0x170 [ 3050.549513] ? sendmsg_copy_msghdr+0x160/0x160 [ 3050.550146] ? __fget_files+0x2cf/0x520 [ 3050.550678] ? lock_downgrade+0x6d0/0x6d0 [ 3050.551222] ? find_held_lock+0x2c/0x110 [ 3050.551762] ? __fget_files+0x2f8/0x520 [ 3050.552288] ? __fget_light+0xea/0x290 [ 3050.552804] __sys_sendmsg+0xe5/0x1b0 [ 3050.553304] ? __sys_sendmsg_sock+0x40/0x40 [ 3050.553866] ? rcu_read_lock_any_held+0x75/0xa0 [ 3050.554509] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.555194] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3050.555864] ? trace_hardirqs_on+0x5b/0x180 [ 3050.556429] do_syscall_64+0x33/0x40 [ 3050.556919] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3050.557587] RIP: 0033:0x7ff152763b19 [ 3050.558082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3050.560489] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3050.561485] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3050.562432] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3050.563366] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3050.564299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3050.565233] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3050.570796] FAULT_INJECTION: forcing a failure. [ 3050.570796] name failslab, interval 1, probability 0, space 0, times 0 [ 3050.572273] CPU: 0 PID: 24213 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3050.573182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3050.574288] Call Trace: [ 3050.574630] dump_stack+0x107/0x167 [ 3050.575096] should_fail.cold+0x5/0xa [ 3050.575574] ? create_object.isra.0+0x3a/0xa20 [ 3050.576163] should_failslab+0x5/0x20 [ 3050.576648] kmem_cache_alloc+0x5b/0x310 [ 3050.577172] create_object.isra.0+0x3a/0xa20 [ 3050.577730] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3050.578411] kmem_cache_alloc+0x159/0x310 [ 3050.578952] xas_alloc+0x336/0x440 [ 3050.579409] xas_create+0x34a/0x10d0 [ 3050.579879] ? kernel_text_address+0xf2/0x120 [ 3050.580444] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3050.581116] xas_store+0x8c/0x1c40 [ 3050.581584] __xa_store+0x164/0x2d0 [ 3050.582064] ? xa_delete_node+0x280/0x280 [ 3050.582632] ? trace_hardirqs_on+0x5b/0x180 [ 3050.583203] xa_store+0x31/0x50 [ 3050.583638] __io_uring_add_tctx_node+0x1cf/0x520 [ 3050.584269] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3050.584952] ? alloc_fd+0x2e7/0x670 [ 3050.585438] io_uring_setup+0x1fbb/0x2980 [ 3050.585987] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3050.586657] ? wait_for_completion_io+0x270/0x270 [ 3050.587278] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.587936] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3050.588591] do_syscall_64+0x33/0x40 [ 3050.589062] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3050.589712] RIP: 0033:0x7fbe2462eb19 [ 3050.590217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3050.592616] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3050.593610] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3050.594553] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3050.595450] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3050.596360] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 13:57:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c02f1000101010100"], 0x1c}}, 0x0) [ 3050.597258] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:57:09 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x74) 13:57:10 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 41) 13:57:10 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x7a) [ 3050.741354] FAULT_INJECTION: forcing a failure. [ 3050.741354] name failslab, interval 1, probability 0, space 0, times 0 [ 3050.743002] CPU: 1 PID: 24295 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3050.743904] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3050.744974] Call Trace: [ 3050.745322] dump_stack+0x107/0x167 [ 3050.745811] should_fail.cold+0x5/0xa [ 3050.746330] ? xas_alloc+0x336/0x440 [ 3050.746833] should_failslab+0x5/0x20 [ 3050.747330] kmem_cache_alloc+0x5b/0x310 [ 3050.747874] xas_alloc+0x336/0x440 [ 3050.748338] xas_create+0x34a/0x10d0 [ 3050.748847] ? kernel_text_address+0xf2/0x120 [ 3050.749454] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3050.750152] xas_store+0x8c/0x1c40 [ 3050.750647] __xa_store+0x164/0x2d0 [ 3050.751121] ? xa_delete_node+0x280/0x280 [ 3050.751681] ? trace_hardirqs_on+0x5b/0x180 [ 3050.752243] xa_store+0x31/0x50 [ 3050.752699] __io_uring_add_tctx_node+0x1cf/0x520 [ 3050.753319] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3050.754005] ? alloc_fd+0x2e7/0x670 [ 3050.754513] io_uring_setup+0x1fbb/0x2980 [ 3050.755056] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3050.755724] ? wait_for_completion_io+0x270/0x270 [ 3050.756373] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3050.757055] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3050.757702] do_syscall_64+0x33/0x40 [ 3050.758175] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3050.758793] RIP: 0033:0x7fbe2462eb19 [ 3050.759246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3050.761443] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3050.762386] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3050.763242] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3050.764096] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3050.764954] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3050.765805] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3050.780703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3050.780735] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3050.781698] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3050.782697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3050.782853] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3050.786673] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3064.860184] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3064.864255] FAULT_INJECTION: forcing a failure. [ 3064.864255] name failslab, interval 1, probability 0, space 0, times 0 [ 3064.867059] CPU: 1 PID: 24314 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3064.874984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3064.876177] Call Trace: [ 3064.876580] dump_stack+0x107/0x167 [ 3064.877123] should_fail.cold+0x5/0xa [ 3064.877692] ? ___slab_alloc+0x155/0x700 13:57:24 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000801010100"], 0x1c}}, 0x0) 13:57:24 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x80086601, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:57:24 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 19) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:24 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:24 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xba77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:57:24 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x300) 13:57:24 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 42) 13:57:24 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 30) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3064.878288] ? create_object.isra.0+0x3a/0xa20 [ 3064.880763] should_failslab+0x5/0x20 [ 3064.881305] kmem_cache_alloc+0x5b/0x310 [ 3064.881885] create_object.isra.0+0x3a/0xa20 [ 3064.882534] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3064.886901] kmem_cache_alloc+0x159/0x310 [ 3064.887497] xas_alloc+0x336/0x440 [ 3064.888000] xas_create+0x34a/0x10d0 [ 3064.888534] ? kernel_text_address+0xf2/0x120 [ 3064.889159] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3064.889885] xas_store+0x8c/0x1c40 [ 3064.890395] __xa_store+0x164/0x2d0 [ 3064.890920] ? xa_delete_node+0x280/0x280 [ 3064.891511] ? trace_hardirqs_on+0x5b/0x180 [ 3064.892127] xa_store+0x31/0x50 [ 3064.892596] __io_uring_add_tctx_node+0x1cf/0x520 [ 3064.893267] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3064.893988] ? alloc_fd+0x2e7/0x670 [ 3064.894501] io_uring_setup+0x1fbb/0x2980 [ 3064.895098] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3064.895814] ? wait_for_completion_io+0x270/0x270 [ 3064.896510] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.897247] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3064.897976] do_syscall_64+0x33/0x40 [ 3064.898485] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3064.899205] RIP: 0033:0x7fbe2462eb19 [ 3064.899719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3064.902244] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3064.903315] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3064.904316] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3064.905313] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3064.906299] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3064.907218] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3064.909370] FAULT_INJECTION: forcing a failure. [ 3064.909370] name failslab, interval 1, probability 0, space 0, times 0 [ 3064.910990] CPU: 0 PID: 24300 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3064.911900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3064.912989] Call Trace: [ 3064.913337] dump_stack+0x107/0x167 [ 3064.913816] should_fail.cold+0x5/0xa [ 3064.914323] should_failslab+0x5/0x20 [ 3064.914838] __kmalloc_node_track_caller+0x74/0x3b0 [ 3064.915494] ? netlink_trim+0x1ee/0x250 [ 3064.916024] pskb_expand_head+0x15a/0x1040 [ 3064.916601] ? nl80211_send_station+0xee3/0x30c0 [ 3064.917231] netlink_trim+0x1ee/0x250 [ 3064.917739] netlink_broadcast_filtered+0x60/0xdc0 [ 3064.918398] netlink_broadcast+0x35/0x50 [ 3064.918947] cfg80211_del_sta_sinfo+0x265/0x470 [ 3064.919560] ? cfg80211_new_sta+0x370/0x370 [ 3064.920167] __sta_info_destroy_part2+0x310/0x4f0 [ 3064.920810] __sta_info_flush+0x3a0/0x520 [ 3064.921362] ? __sta_info_destroy+0x50/0x50 [ 3064.921930] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.922627] ? trace_hardirqs_on+0x5b/0x180 [ 3064.923205] ? cfg80211_put_bss+0x1b0/0x270 [ 3064.923776] ? __local_bh_enable_ip+0x9d/0x100 [ 3064.924386] ieee80211_ibss_disconnect+0x115/0x750 [ 3064.925041] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.925740] ieee80211_ibss_leave+0x12/0x160 [ 3064.926322] __cfg80211_leave_ibss+0x183/0x4f0 [ 3064.926943] __cfg80211_leave+0x14b/0x370 [ 3064.927494] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 3064.928197] ? ipmr_device_event+0x18b/0x1f0 [ 3064.928774] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3064.929459] raw_notifier_call_chain+0xb3/0x110 [ 3064.930074] call_netdevice_notifiers_info+0xb5/0x130 [ 3064.930760] __dev_close_many+0xf3/0x2f0 [ 3064.931293] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 3064.931987] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.932673] ? __local_bh_enable_ip+0x9d/0x100 [ 3064.933268] ? trace_hardirqs_on+0x5b/0x180 [ 3064.933837] __dev_change_flags+0x299/0x6e0 [ 3064.934405] ? dev_set_allmulti+0x30/0x30 [ 3064.934977] dev_change_flags+0x8a/0x160 [ 3064.935514] do_setlink+0x90c/0x3ac0 [ 3064.936015] ? vprintk_func+0x93/0x140 [ 3064.936524] ? rtnl_getlink+0xaa0/0xaa0 [ 3064.937045] ? printk+0xba/0xf1 [ 3064.937481] ? record_print_text.cold+0x16/0x16 [ 3064.938093] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3064.938773] ? trace_hardirqs_on+0x5b/0x180 [ 3064.939349] ? __nla_validate_parse+0x2d8/0x2b10 [ 3064.939973] ? perf_trace_lock+0xac/0x490 [ 3064.940520] ? nla_get_range_signed+0x520/0x520 [ 3064.941129] ? __lock_acquire+0xbb1/0x5b00 [ 3064.941701] __rtnl_newlink+0xc39/0x1700 [ 3064.942244] ? rtnl_setlink+0x3b0/0x3b0 [ 3064.942785] ? __is_insn_slot_addr+0x123/0x290 [ 3064.943391] ? unwind_next_frame+0x13ef/0x1a90 [ 3064.943998] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3064.944692] ? 0xffffffffa0000000 [ 3064.945149] ? __is_insn_slot_addr+0x14c/0x290 [ 3064.945750] ? kernel_text_address+0xf2/0x120 [ 3064.946336] ? __kernel_text_address+0x9/0x40 [ 3064.946945] ? unwind_get_return_address+0x55/0xa0 [ 3064.947588] ? create_prof_cpu_mask+0x20/0x20 [ 3064.948178] ? arch_stack_walk+0x99/0xf0 [ 3064.948723] ? stack_trace_save+0x8c/0xc0 [ 3064.949314] ? mark_held_locks+0x9e/0xe0 [ 3064.949850] ? trace_hardirqs_on+0x5b/0x180 [ 3064.950417] ? kasan_unpoison_shadow+0x33/0x50 [ 3064.951033] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3064.951702] rtnl_newlink+0x64/0xa0 [ 3064.952180] ? __rtnl_newlink+0x1700/0x1700 [ 3064.952744] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3064.953302] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3064.953834] ? perf_trace_lock+0xac/0x490 [ 3064.954381] ? __lockdep_reset_lock+0x180/0x180 [ 3064.955015] netlink_rcv_skb+0x14b/0x430 [ 3064.955547] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3064.956081] ? netlink_ack+0xab0/0xab0 [ 3064.956589] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3064.957196] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3064.957795] ? is_vmalloc_addr+0x7b/0xb0 [ 3064.958331] netlink_unicast+0x549/0x7f0 [ 3064.958882] ? netlink_attachskb+0x870/0x870 [ 3064.959466] netlink_sendmsg+0x90f/0xdf0 [ 3064.960003] ? netlink_unicast+0x7f0/0x7f0 [ 3064.960566] ? netlink_unicast+0x7f0/0x7f0 [ 3064.961129] __sock_sendmsg+0x154/0x190 [ 3064.961649] ____sys_sendmsg+0x70d/0x870 [ 3064.962193] ? sock_write_iter+0x3d0/0x3d0 [ 3064.962770] ? do_recvmmsg+0x6d0/0x6d0 [ 3064.963286] ? lock_downgrade+0x6d0/0x6d0 [ 3064.963830] ? __lockdep_reset_lock+0x180/0x180 [ 3064.964443] ___sys_sendmsg+0xf3/0x170 [ 3064.964960] ? sendmsg_copy_msghdr+0x160/0x160 [ 3064.965562] ? __fget_files+0x2cf/0x520 [ 3064.966082] ? lock_downgrade+0x6d0/0x6d0 [ 3064.966641] ? find_held_lock+0x2c/0x110 [ 3064.967183] ? __fget_files+0x2f8/0x520 [ 3064.967711] ? __fget_light+0xea/0x290 [ 3064.968228] __sys_sendmsg+0xe5/0x1b0 [ 3064.968726] ? __sys_sendmsg_sock+0x40/0x40 [ 3064.969291] ? rcu_read_lock_any_held+0x75/0xa0 [ 3064.969913] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3064.970607] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3064.971287] ? trace_hardirqs_on+0x5b/0x180 [ 3064.971854] do_syscall_64+0x33/0x40 [ 3064.972344] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3064.973019] RIP: 0033:0x7ff152763b19 [ 3064.973507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3064.975923] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3064.976924] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3064.977855] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3064.978805] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3064.979739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3064.980677] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 13:57:24 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000b01010100"], 0x1c}}, 0x0) 13:57:24 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x500) 13:57:24 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 43) 13:57:24 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000002501010100"], 0x1c}}, 0x0) [ 3065.037003] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3065.044378] FAULT_INJECTION: forcing a failure. [ 3065.044378] name failslab, interval 1, probability 0, space 0, times 0 [ 3065.045832] CPU: 1 PID: 24397 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3065.046709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3065.048434] Call Trace: [ 3065.048764] dump_stack+0x107/0x167 [ 3065.049285] should_fail.cold+0x5/0xa [ 3065.050094] ? xas_alloc+0x336/0x440 [ 3065.051147] should_failslab+0x5/0x20 [ 3065.052259] kmem_cache_alloc+0x5b/0x310 [ 3065.053447] xas_alloc+0x336/0x440 [ 3065.054463] xas_create+0x34a/0x10d0 [ 3065.055007] ? kernel_text_address+0xf2/0x120 [ 3065.055559] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3065.056236] xas_store+0x8c/0x1c40 [ 3065.056703] __xa_store+0x164/0x2d0 [ 3065.057170] ? xa_delete_node+0x280/0x280 [ 3065.057722] ? trace_hardirqs_on+0x5b/0x180 [ 3065.058292] xa_store+0x31/0x50 [ 3065.058746] __io_uring_add_tctx_node+0x1cf/0x520 [ 3065.059437] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3065.060160] ? alloc_fd+0x2e7/0x670 [ 3065.060635] io_uring_setup+0x1fbb/0x2980 [ 3065.061158] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3065.061789] ? wait_for_completion_io+0x270/0x270 [ 3065.062393] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3065.063128] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3065.063787] do_syscall_64+0x33/0x40 [ 3065.064261] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3065.064921] RIP: 0033:0x7fbe2462eb19 13:57:24 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000005f01010100"], 0x1c}}, 0x0) [ 3065.065393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3065.074812] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3065.075742] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3065.076610] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3065.077484] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3065.078369] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3065.079265] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3065.088125] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3065.094583] FAULT_INJECTION: forcing a failure. [ 3065.094583] name failslab, interval 1, probability 0, space 0, times 0 [ 3065.095996] CPU: 1 PID: 24316 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 3065.096844] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3065.097856] Call Trace: [ 3065.098187] dump_stack+0x107/0x167 [ 3065.098669] should_fail.cold+0x5/0xa [ 3065.099143] ? __alloc_skb+0x6d/0x5b0 [ 3065.099612] should_failslab+0x5/0x20 [ 3065.100077] kmem_cache_alloc_node+0x55/0x330 [ 3065.100626] __alloc_skb+0x6d/0x5b0 [ 3065.101075] inet6_rt_notify+0xed/0x2a0 [ 3065.101564] fib6_del+0xf4c/0x1540 [ 3065.102009] ? fib6_locate+0x660/0x660 [ 3065.102489] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3065.103152] ? fib6_ifdown+0xc5/0x8f0 [ 3065.103624] fib6_clean_node+0x39e/0x570 [ 3065.104122] ? fib6_del+0x1540/0x1540 [ 3065.104587] ? fib6_clean_tree+0x14c/0x260 [ 3065.105110] fib6_walk_continue+0x35c/0x710 [ 3065.105636] ? trace_hardirqs_on+0x5b/0x180 [ 3065.106164] fib6_clean_tree+0x154/0x260 [ 3065.110703] ? fib6_ifup+0x260/0x260 [ 3065.111158] ? fib6_info_destroy_rcu+0x210/0x210 [ 3065.111742] ? fib6_del+0x1540/0x1540 [ 3065.112213] ? fib6_ifup+0x260/0x260 [ 3065.112667] ? spin_bug+0xf0/0x100 [ 3065.113100] ? lock_chain_count+0x20/0x20 [ 3065.113610] ? fib6_ifup+0x260/0x260 [ 3065.114061] __fib6_clean_all+0xf0/0x2a0 [ 3065.114576] rt6_disable_ip+0x4d5/0x5b0 [ 3065.115079] ? lock_chain_count+0x20/0x20 [ 3065.115589] ? rt6_sync_down_dev+0x150/0x150 [ 3065.116138] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3065.116725] ? addrconf_dad_run+0x180/0x180 [ 3065.117265] addrconf_notify+0x159/0x2410 [ 3065.117775] ? tun_device_event+0x71/0x1160 [ 3065.118302] ? mark_held_locks+0x9e/0xe0 [ 3065.118880] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3065.119526] ? inet6_ifinfo_notify+0x150/0x150 [ 3065.120084] ? failover_register+0x530/0x530 [ 3065.120644] raw_notifier_call_chain+0xb3/0x110 [ 3065.121234] call_netdevice_notifiers_info+0xb5/0x130 [ 3065.121866] __dev_notify_flags+0x1de/0x2c0 [ 3065.122392] ? dev_change_name+0x660/0x660 [ 3065.122931] ? __dev_change_flags+0x4cf/0x6e0 [ 3065.123481] ? dev_set_allmulti+0x30/0x30 [ 3065.123996] dev_change_flags+0x100/0x160 [ 3065.124508] do_setlink+0x90c/0x3ac0 [ 3065.124970] ? vprintk_func+0x93/0x140 [ 3065.125445] ? rtnl_getlink+0xaa0/0xaa0 [ 3065.125930] ? printk+0xba/0xf1 [ 3065.126333] ? record_print_text.cold+0x16/0x16 [ 3065.126940] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3065.127554] ? trace_hardirqs_on+0x5b/0x180 [ 3065.128092] ? __nla_validate_parse+0x2d8/0x2b10 [ 3065.128679] ? perf_trace_lock+0xac/0x490 [ 3065.129188] ? nla_get_range_signed+0x520/0x520 [ 3065.129753] ? __lock_acquire+0xbb1/0x5b00 [ 3065.130284] __rtnl_newlink+0xc39/0x1700 [ 3065.134828] ? rtnl_setlink+0x3b0/0x3b0 [ 3065.135317] ? __is_insn_slot_addr+0x123/0x290 [ 3065.135880] ? unwind_next_frame+0x13ef/0x1a90 [ 3065.136436] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3065.137081] ? 0xffffffffa0000000 [ 3065.137512] ? __is_insn_slot_addr+0x14c/0x290 [ 3065.138074] ? kernel_text_address+0xf2/0x120 [ 3065.138658] ? __kernel_text_address+0x9/0x40 [ 3065.139206] ? unwind_get_return_address+0x55/0xa0 [ 3065.139803] ? create_prof_cpu_mask+0x20/0x20 [ 3065.140347] ? arch_stack_walk+0x99/0xf0 [ 3065.140856] ? stack_trace_save+0x8c/0xc0 [ 3065.141408] ? mark_held_locks+0x9e/0xe0 [ 3065.141914] ? trace_hardirqs_on+0x5b/0x180 [ 3065.142441] ? kasan_unpoison_shadow+0x33/0x50 [ 3065.143039] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3065.143660] rtnl_newlink+0x64/0xa0 [ 3065.144103] ? __rtnl_newlink+0x1700/0x1700 [ 3065.144628] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3065.145144] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3065.145639] ? perf_trace_lock+0xac/0x490 [ 3065.146162] ? __lockdep_reset_lock+0x180/0x180 [ 3065.146755] netlink_rcv_skb+0x14b/0x430 [ 3065.147273] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3065.147792] ? netlink_ack+0xab0/0xab0 [ 3065.148281] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3065.148843] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3065.149399] ? is_vmalloc_addr+0x7b/0xb0 [ 3065.149900] netlink_unicast+0x549/0x7f0 [ 3065.150399] ? netlink_attachskb+0x870/0x870 [ 3065.151043] netlink_sendmsg+0x90f/0xdf0 [ 3065.152049] ? netlink_unicast+0x7f0/0x7f0 [ 3065.153109] ? netlink_unicast+0x7f0/0x7f0 [ 3065.154157] __sock_sendmsg+0x154/0x190 [ 3065.155197] ____sys_sendmsg+0x70d/0x870 [ 3065.156219] ? sock_write_iter+0x3d0/0x3d0 [ 3065.157277] ? do_recvmmsg+0x6d0/0x6d0 [ 3065.158236] ? lock_downgrade+0x6d0/0x6d0 [ 3065.158956] ? __lockdep_reset_lock+0x180/0x180 [ 3065.159535] ___sys_sendmsg+0xf3/0x170 [ 3065.160036] ? sendmsg_copy_msghdr+0x160/0x160 [ 3065.160600] ? __fget_files+0x2cf/0x520 [ 3065.161087] ? lock_downgrade+0x6d0/0x6d0 [ 3065.161596] ? find_held_lock+0x2c/0x110 [ 3065.162100] ? __fget_files+0x2f8/0x520 [ 3065.162622] ? __fget_light+0xea/0x290 [ 3065.163688] __sys_sendmsg+0xe5/0x1b0 [ 3065.164643] ? __sys_sendmsg_sock+0x40/0x40 [ 3065.165806] ? rcu_read_lock_any_held+0x75/0xa0 [ 3065.166858] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3065.167498] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3065.168122] ? trace_hardirqs_on+0x5b/0x180 [ 3065.168647] do_syscall_64+0x33/0x40 [ 3065.169101] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3065.169723] RIP: 0033:0x7f6e57a6eb19 [ 3065.170180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3065.172479] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3065.173413] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 3065.174284] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3065.175221] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 3065.176153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3065.177073] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 3065.181103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3065.182099] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3065.183157] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3065.186397] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3065.186412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3065.187970] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3065.188751] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3065.199661] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3065.205037] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:57:38 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x80087601, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:57:38 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c7ffffff201010100"], 0x1c}}, 0x0) 13:57:38 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 31) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:38 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xbb77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:57:38 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 44) 13:57:38 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x600) 13:57:38 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 20) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:38 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3079.043322] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3079.050775] FAULT_INJECTION: forcing a failure. [ 3079.050775] name failslab, interval 1, probability 0, space 0, times 0 [ 3079.052629] CPU: 0 PID: 24442 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3079.053571] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3079.054685] Call Trace: [ 3079.063067] dump_stack+0x107/0x167 [ 3079.063578] should_fail.cold+0x5/0xa [ 3079.064095] ? ___slab_alloc+0x360/0x700 [ 3079.064650] ? create_object.isra.0+0x3a/0xa20 [ 3079.065268] should_failslab+0x5/0x20 [ 3079.065782] kmem_cache_alloc+0x5b/0x310 [ 3079.066335] create_object.isra.0+0x3a/0xa20 [ 3079.066925] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3079.067636] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3079.068319] ? netlink_trim+0x1ee/0x250 [ 3079.068866] pskb_expand_head+0x15a/0x1040 [ 3079.069443] ? nl80211_send_station+0xee3/0x30c0 [ 3079.070086] netlink_trim+0x1ee/0x250 [ 3079.070605] netlink_broadcast_filtered+0x60/0xdc0 [ 3079.071308] netlink_broadcast+0x35/0x50 [ 3079.071863] cfg80211_del_sta_sinfo+0x265/0x470 [ 3079.072489] ? cfg80211_new_sta+0x370/0x370 [ 3079.073121] __sta_info_destroy_part2+0x310/0x4f0 [ 3079.073779] __sta_info_flush+0x3a0/0x520 [ 3079.074352] ? __sta_info_destroy+0x50/0x50 [ 3079.074944] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.076849] ? trace_hardirqs_on+0x5b/0x180 [ 3079.077414] ? cfg80211_put_bss+0x1b0/0x270 [ 3079.077981] ? __local_bh_enable_ip+0x9d/0x100 [ 3079.078584] ieee80211_ibss_disconnect+0x115/0x750 [ 3079.079305] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.079996] ieee80211_ibss_leave+0x12/0x160 [ 3079.080572] __cfg80211_leave_ibss+0x183/0x4f0 [ 3079.081171] __cfg80211_leave+0x14b/0x370 [ 3079.081718] cfg80211_netdev_notifier_call+0x385/0x10c0 [ 3079.082415] ? ipmr_device_event+0x18b/0x1f0 [ 3079.082991] ? __sanitizer_cov_trace_switch+0x45/0x80 13:57:38 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c7ffffff901010100"], 0x1c}}, 0x0) [ 3079.083701] raw_notifier_call_chain+0xb3/0x110 [ 3079.091331] call_netdevice_notifiers_info+0xb5/0x130 [ 3079.092027] __dev_close_many+0xf3/0x2f0 [ 3079.092559] ? skb_crc32c_csum_help.part.0+0x4d0/0x4d0 [ 3079.093225] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.093889] ? __local_bh_enable_ip+0x9d/0x100 [ 3079.094461] ? trace_hardirqs_on+0x5b/0x180 [ 3079.095000] __dev_change_flags+0x299/0x6e0 [ 3079.095626] ? dev_set_allmulti+0x30/0x30 [ 3079.096167] dev_change_flags+0x8a/0x160 [ 3079.096709] do_setlink+0x90c/0x3ac0 [ 3079.097216] ? vprintk_func+0x93/0x140 [ 3079.097727] ? rtnl_getlink+0xaa0/0xaa0 [ 3079.098239] ? printk+0xba/0xf1 [ 3079.098650] ? record_print_text.cold+0x16/0x16 [ 3079.099259] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3079.099906] ? trace_hardirqs_on+0x5b/0x180 [ 3079.100480] ? __nla_validate_parse+0x2d8/0x2b10 [ 3079.101076] ? perf_trace_lock+0xac/0x490 [ 3079.101616] ? nla_get_range_signed+0x520/0x520 [ 3079.102210] ? __lock_acquire+0xbb1/0x5b00 [ 3079.102770] __rtnl_newlink+0xc39/0x1700 [ 3079.103317] ? rtnl_setlink+0x3b0/0x3b0 [ 3079.103828] ? __is_insn_slot_addr+0x123/0x290 [ 3079.104420] ? unwind_next_frame+0x13ef/0x1a90 [ 3079.105010] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.105695] ? 0xffffffffa0000000 [ 3079.106146] ? __is_insn_slot_addr+0x14c/0x290 [ 3079.106395] FAULT_INJECTION: forcing a failure. [ 3079.106395] name failslab, interval 1, probability 0, space 0, times 0 [ 3079.106746] ? kernel_text_address+0xf2/0x120 [ 3079.106764] ? __kernel_text_address+0x9/0x40 [ 3079.109259] ? unwind_get_return_address+0x55/0xa0 [ 3079.109887] ? create_prof_cpu_mask+0x20/0x20 [ 3079.110454] ? arch_stack_walk+0x99/0xf0 [ 3079.110983] ? stack_trace_save+0x8c/0xc0 [ 3079.111581] ? mark_held_locks+0x9e/0xe0 [ 3079.112100] ? trace_hardirqs_on+0x5b/0x180 [ 3079.112651] ? kasan_unpoison_shadow+0x33/0x50 [ 3079.113234] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3079.113886] rtnl_newlink+0x64/0xa0 [ 3079.114353] ? __rtnl_newlink+0x1700/0x1700 [ 3079.114900] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3079.119503] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3079.120042] ? perf_trace_lock+0xac/0x490 [ 3079.120568] ? __lockdep_reset_lock+0x180/0x180 [ 3079.121167] netlink_rcv_skb+0x14b/0x430 [ 3079.121689] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3079.122221] ? netlink_ack+0xab0/0xab0 [ 3079.122720] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3079.123321] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3079.123907] ? is_vmalloc_addr+0x7b/0xb0 [ 3079.124428] netlink_unicast+0x549/0x7f0 [ 3079.124951] ? netlink_attachskb+0x870/0x870 [ 3079.125523] netlink_sendmsg+0x90f/0xdf0 [ 3079.126044] ? netlink_unicast+0x7f0/0x7f0 [ 3079.126590] ? netlink_unicast+0x7f0/0x7f0 [ 3079.127161] __sock_sendmsg+0x154/0x190 [ 3079.127695] ____sys_sendmsg+0x70d/0x870 [ 3079.128232] ? sock_write_iter+0x3d0/0x3d0 [ 3079.128758] ? do_recvmmsg+0x6d0/0x6d0 [ 3079.129250] ? lock_downgrade+0x6d0/0x6d0 [ 3079.129770] ? __lockdep_reset_lock+0x180/0x180 [ 3079.130384] ___sys_sendmsg+0xf3/0x170 [ 3079.130915] ? sendmsg_copy_msghdr+0x160/0x160 [ 3079.131602] ? __fget_files+0x2cf/0x520 [ 3079.132139] ? lock_downgrade+0x6d0/0x6d0 [ 3079.132696] ? find_held_lock+0x2c/0x110 [ 3079.133262] ? __fget_files+0x2f8/0x520 [ 3079.133801] ? __fget_light+0xea/0x290 [ 3079.134301] __sys_sendmsg+0xe5/0x1b0 [ 3079.134789] ? __sys_sendmsg_sock+0x40/0x40 [ 3079.135366] ? rcu_read_lock_any_held+0x75/0xa0 [ 3079.135966] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.136658] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3079.137351] ? trace_hardirqs_on+0x5b/0x180 [ 3079.137930] do_syscall_64+0x33/0x40 [ 3079.138438] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.139213] RIP: 0033:0x7ff152763b19 [ 3079.139724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3079.142194] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3079.143191] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3079.144106] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3079.145056] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3079.146017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3079.146980] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3079.147998] CPU: 1 PID: 24455 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3079.155756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3079.156755] Call Trace: [ 3079.157093] dump_stack+0x107/0x167 [ 3079.157538] should_fail.cold+0x5/0xa [ 3079.158005] ? xas_alloc+0x336/0x440 [ 3079.158467] should_failslab+0x5/0x20 [ 3079.158940] kmem_cache_alloc+0x5b/0x310 [ 3079.159472] xas_alloc+0x336/0x440 [ 3079.159908] xas_create+0x34a/0x10d0 [ 3079.160368] ? kernel_text_address+0xf2/0x120 [ 3079.160915] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3079.161557] xas_store+0x8c/0x1c40 [ 3079.161999] __xa_store+0x164/0x2d0 [ 3079.162443] ? xa_delete_node+0x280/0x280 [ 3079.162952] ? trace_hardirqs_on+0x5b/0x180 [ 3079.163502] xa_store+0x31/0x50 [ 3079.163909] __io_uring_add_tctx_node+0x1cf/0x520 [ 3079.164493] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3079.165131] ? alloc_fd+0x2e7/0x670 [ 3079.165583] io_uring_setup+0x1fbb/0x2980 [ 3079.166092] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3079.166709] ? wait_for_completion_io+0x270/0x270 [ 3079.167340] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.167989] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3079.168615] do_syscall_64+0x33/0x40 [ 3079.169068] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.169690] RIP: 0033:0x7fbe2462eb19 [ 3079.170148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3079.172419] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3079.173376] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3079.174273] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3079.175186] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3079.176054] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3079.176914] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3079.198649] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3079.211737] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:57:38 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c7fffffff01010100"], 0x1c}}, 0x0) [ 3079.223764] FAULT_INJECTION: forcing a failure. [ 3079.223764] name failslab, interval 1, probability 0, space 0, times 0 [ 3079.225174] CPU: 1 PID: 24447 Comm: syz-executor.6 Not tainted 5.10.233 #1 [ 3079.226020] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3079.227047] Call Trace: [ 3079.227391] dump_stack+0x107/0x167 [ 3079.227840] should_fail.cold+0x5/0xa [ 3079.228310] ? create_object.isra.0+0x3a/0xa20 [ 3079.228875] should_failslab+0x5/0x20 [ 3079.229342] kmem_cache_alloc+0x5b/0x310 [ 3079.229843] create_object.isra.0+0x3a/0xa20 [ 3079.230379] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3079.231005] kmem_cache_alloc_node+0x169/0x330 [ 3079.231590] __alloc_skb+0x6d/0x5b0 [ 3079.232043] inet6_rt_notify+0xed/0x2a0 [ 3079.232535] fib6_del+0xf4c/0x1540 [ 3079.232981] ? fib6_locate+0x660/0x660 [ 3079.233465] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3079.234098] ? fib6_ifdown+0xc5/0x8f0 [ 3079.234571] fib6_clean_node+0x39e/0x570 [ 3079.235079] ? fib6_del+0x1540/0x1540 [ 3079.235555] ? fib6_clean_tree+0x14c/0x260 [ 3079.236080] fib6_walk_continue+0x35c/0x710 [ 3079.236610] ? trace_hardirqs_on+0x5b/0x180 [ 3079.237140] fib6_clean_tree+0x154/0x260 [ 3079.237640] ? fib6_ifup+0x260/0x260 [ 3079.238094] ? fib6_info_destroy_rcu+0x210/0x210 [ 3079.238679] ? fib6_del+0x1540/0x1540 [ 3079.239158] ? fib6_ifup+0x260/0x260 [ 3079.239615] ? spin_bug+0xf0/0x100 [ 3079.240051] ? lock_chain_count+0x20/0x20 [ 3079.240565] ? fib6_ifup+0x260/0x260 [ 3079.241020] __fib6_clean_all+0xf0/0x2a0 [ 3079.241521] rt6_disable_ip+0x4d5/0x5b0 [ 3079.242006] ? lock_chain_count+0x20/0x20 [ 3079.242517] ? rt6_sync_down_dev+0x150/0x150 [ 3079.243082] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3079.243678] ? addrconf_dad_run+0x180/0x180 [ 3079.244217] addrconf_notify+0x159/0x2410 [ 3079.244727] ? tun_device_event+0x71/0x1160 [ 3079.245253] ? mark_held_locks+0x9e/0xe0 [ 3079.245749] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3079.246379] ? inet6_ifinfo_notify+0x150/0x150 [ 3079.246936] ? failover_register+0x530/0x530 [ 3079.247504] raw_notifier_call_chain+0xb3/0x110 [ 3079.248077] call_netdevice_notifiers_info+0xb5/0x130 [ 3079.248708] __dev_notify_flags+0x1de/0x2c0 [ 3079.249234] ? dev_change_name+0x660/0x660 [ 3079.249751] ? __dev_change_flags+0x4cf/0x6e0 [ 3079.250301] ? dev_set_allmulti+0x30/0x30 [ 3079.250819] dev_change_flags+0x100/0x160 [ 3079.251346] do_setlink+0x90c/0x3ac0 [ 3079.251809] ? vprintk_func+0x93/0x140 [ 3079.252287] ? rtnl_getlink+0xaa0/0xaa0 [ 3079.252774] ? printk+0xba/0xf1 [ 3079.253184] ? record_print_text.cold+0x16/0x16 [ 3079.253759] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3079.254377] ? trace_hardirqs_on+0x5b/0x180 [ 3079.254917] ? __nla_validate_parse+0x2d8/0x2b10 [ 3079.255527] ? perf_trace_lock+0xac/0x490 [ 3079.256054] ? nla_get_range_signed+0x520/0x520 [ 3079.256639] ? __lock_acquire+0xbb1/0x5b00 [ 3079.257195] __rtnl_newlink+0xc39/0x1700 [ 3079.257721] ? rtnl_setlink+0x3b0/0x3b0 [ 3079.258224] ? __is_insn_slot_addr+0x123/0x290 [ 3079.258812] ? unwind_next_frame+0x13ef/0x1a90 [ 3079.259402] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.260072] ? 0xffffffffa0000000 [ 3079.260510] ? __is_insn_slot_addr+0x14c/0x290 [ 3079.261071] ? kernel_text_address+0xf2/0x120 [ 3079.261620] ? __kernel_text_address+0x9/0x40 [ 3079.262168] ? unwind_get_return_address+0x55/0xa0 [ 3079.262774] ? create_prof_cpu_mask+0x20/0x20 [ 3079.263336] ? arch_stack_walk+0x99/0xf0 [ 3079.263845] ? stack_trace_save+0x8c/0xc0 [ 3079.264397] ? mark_held_locks+0x9e/0xe0 [ 3079.264897] ? trace_hardirqs_on+0x5b/0x180 [ 3079.265424] ? kasan_unpoison_shadow+0x33/0x50 [ 3079.265980] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3079.266606] rtnl_newlink+0x64/0xa0 [ 3079.267061] ? __rtnl_newlink+0x1700/0x1700 [ 3079.267607] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3079.268142] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3079.268655] ? perf_trace_lock+0xac/0x490 [ 3079.269187] ? __lockdep_reset_lock+0x180/0x180 [ 3079.269778] netlink_rcv_skb+0x14b/0x430 [ 3079.270290] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3079.270808] ? netlink_ack+0xab0/0xab0 [ 3079.271321] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3079.271900] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3079.272482] ? is_vmalloc_addr+0x7b/0xb0 [ 3079.272999] netlink_unicast+0x549/0x7f0 [ 3079.273518] ? netlink_attachskb+0x870/0x870 [ 3079.274085] netlink_sendmsg+0x90f/0xdf0 [ 3079.274605] ? netlink_unicast+0x7f0/0x7f0 [ 3079.275164] ? netlink_unicast+0x7f0/0x7f0 [ 3079.275710] __sock_sendmsg+0x154/0x190 [ 3079.276215] ____sys_sendmsg+0x70d/0x870 [ 3079.276734] ? sock_write_iter+0x3d0/0x3d0 [ 3079.277265] ? do_recvmmsg+0x6d0/0x6d0 [ 3079.277768] ? lock_downgrade+0x6d0/0x6d0 [ 3079.278294] ? __lockdep_reset_lock+0x180/0x180 [ 3079.278888] ___sys_sendmsg+0xf3/0x170 [ 3079.279404] ? sendmsg_copy_msghdr+0x160/0x160 [ 3079.279969] ? __fget_files+0x2cf/0x520 [ 3079.280452] ? lock_downgrade+0x6d0/0x6d0 [ 3079.280960] ? find_held_lock+0x2c/0x110 [ 3079.281470] ? __fget_files+0x2f8/0x520 [ 3079.281964] ? __fget_light+0xea/0x290 [ 3079.282446] __sys_sendmsg+0xe5/0x1b0 [ 3079.282911] ? __sys_sendmsg_sock+0x40/0x40 [ 3079.283470] ? rcu_read_lock_any_held+0x75/0xa0 [ 3079.284070] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.284736] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3079.285390] ? trace_hardirqs_on+0x5b/0x180 [ 3079.285936] do_syscall_64+0x33/0x40 [ 3079.286407] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.287072] RIP: 0033:0x7f6e57a6eb19 [ 3079.287548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3079.289796] RSP: 002b:00007f6e54fe4188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3079.290728] RAX: ffffffffffffffda RBX: 00007f6e57b81f60 RCX: 00007f6e57a6eb19 [ 3079.291634] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3079.292525] RBP: 00007f6e54fe41d0 R08: 0000000000000000 R09: 0000000000000000 [ 3079.293425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 13:57:38 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000004000010100"], 0x1c}}, 0x0) [ 3079.294324] R13: 00007ffcb3c5b2cf R14: 00007f6e54fe4300 R15: 0000000000022000 [ 3079.304956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3079.305864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3079.306867] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3079.310389] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3079.311310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3079.313717] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3079.323248] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:57:38 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 45) 13:57:38 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x700) 13:57:38 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xbc77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3079.344043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3079.344942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3079.345961] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3079.372774] FAULT_INJECTION: forcing a failure. [ 3079.372774] name failslab, interval 1, probability 0, space 0, times 0 [ 3079.374195] CPU: 1 PID: 24573 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3079.375050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3079.376079] Call Trace: [ 3079.376409] dump_stack+0x107/0x167 [ 3079.376857] should_fail.cold+0x5/0xa [ 3079.377329] ? xas_alloc+0x336/0x440 [ 3079.377791] should_failslab+0x5/0x20 [ 3079.378258] kmem_cache_alloc+0x5b/0x310 [ 3079.378759] xas_alloc+0x336/0x440 [ 3079.379225] xas_create+0x34a/0x10d0 [ 3079.379694] ? kernel_text_address+0xf2/0x120 [ 3079.380251] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3079.380936] xas_store+0x8c/0x1c40 [ 3079.381430] __xa_store+0x164/0x2d0 [ 3079.381923] ? xa_delete_node+0x280/0x280 [ 3079.382494] ? trace_hardirqs_on+0x5b/0x180 [ 3079.383089] xa_store+0x31/0x50 [ 3079.383537] __io_uring_add_tctx_node+0x1cf/0x520 [ 3079.384184] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3079.384884] ? alloc_fd+0x2e7/0x670 [ 3079.385385] io_uring_setup+0x1fbb/0x2980 [ 3079.385949] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3079.386614] ? wait_for_completion_io+0x270/0x270 [ 3079.387254] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.387894] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3079.388528] do_syscall_64+0x33/0x40 [ 3079.388982] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.389608] RIP: 0033:0x7fbe2462eb19 [ 3079.390064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3079.392358] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3079.393305] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3079.394188] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3079.395088] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3079.395965] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3079.396834] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:57:38 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 21) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:38 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3079.445152] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3079.461218] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3079.462294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3079.463308] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3079.480225] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3079.502747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3079.503777] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3079.504722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:57:38 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x80108906, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) [ 3079.548416] FAULT_INJECTION: forcing a failure. [ 3079.548416] name failslab, interval 1, probability 0, space 0, times 0 [ 3079.549817] CPU: 1 PID: 24690 Comm: syz-executor.0 Not tainted 5.10.233 #1 13:57:38 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0002000101010100"], 0x1c}}, 0x0) 13:57:38 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 46) 13:57:38 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xc00) 13:57:38 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 32) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:38 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xbd77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3079.550664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3079.555728] Call Trace: [ 3079.556061] dump_stack+0x107/0x167 [ 3079.556510] should_fail.cold+0x5/0xa [ 3079.556978] ? create_object.isra.0+0x3a/0xa20 [ 3079.557539] should_failslab+0x5/0x20 [ 3079.558006] kmem_cache_alloc+0x5b/0x310 [ 3079.558505] ? mark_held_locks+0x9e/0xe0 [ 3079.559003] create_object.isra.0+0x3a/0xa20 [ 3079.559554] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3079.560175] kmem_cache_alloc+0x159/0x310 [ 3079.560688] xas_alloc+0x336/0x440 [ 3079.561125] xas_create+0x34a/0x10d0 [ 3079.561587] ? kernel_text_address+0xf2/0x120 [ 3079.562135] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3079.562778] xas_store+0x8c/0x1c40 [ 3079.563237] __xa_store+0x164/0x2d0 [ 3079.563683] ? xa_delete_node+0x280/0x280 [ 3079.564197] ? trace_hardirqs_on+0x5b/0x180 [ 3079.564729] xa_store+0x31/0x50 [ 3079.565137] __io_uring_add_tctx_node+0x1cf/0x520 [ 3079.565726] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3079.566366] ? alloc_fd+0x2e7/0x670 [ 3079.566818] io_uring_setup+0x1fbb/0x2980 [ 3079.567347] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3079.567968] ? wait_for_completion_io+0x270/0x270 [ 3079.568574] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.569218] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3079.569849] do_syscall_64+0x33/0x40 [ 3079.570304] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.570928] RIP: 0033:0x7fbe2462eb19 [ 3079.571395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3079.573640] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3079.574571] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3079.575455] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3079.576338] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3079.577207] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3079.578079] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3079.585461] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3079.597381] FAULT_INJECTION: forcing a failure. [ 3079.597381] name failslab, interval 1, probability 0, space 0, times 0 [ 3079.598813] CPU: 1 PID: 24695 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3079.599681] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3079.600699] Call Trace: [ 3079.601024] dump_stack+0x107/0x167 [ 3079.601470] should_fail.cold+0x5/0xa [ 3079.601939] ? __alloc_skb+0x6d/0x5b0 [ 3079.602408] should_failslab+0x5/0x20 [ 3079.602877] kmem_cache_alloc_node+0x55/0x330 [ 3079.603446] __alloc_skb+0x6d/0x5b0 [ 3079.603904] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3079.604466] rtmsg_ifinfo+0x83/0x120 [ 3079.604927] __dev_notify_flags+0x22a/0x2c0 [ 3079.605455] ? dev_change_name+0x660/0x660 [ 3079.605971] ? __dev_change_flags+0x4cf/0x6e0 [ 3079.606522] ? dev_set_allmulti+0x30/0x30 [ 3079.607038] dev_change_flags+0x100/0x160 [ 3079.607563] do_setlink+0x90c/0x3ac0 [ 3079.608023] ? lock_chain_count+0x20/0x20 [ 3079.608531] ? vprintk_func+0x93/0x140 [ 3079.609011] ? rtnl_getlink+0xaa0/0xaa0 [ 3079.609497] ? printk+0xba/0xf1 [ 3079.609907] ? record_print_text.cold+0x16/0x16 [ 3079.610480] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3079.611134] ? trace_hardirqs_on+0x5b/0x180 [ 3079.611680] ? mark_held_locks+0x9e/0xe0 [ 3079.612181] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.612821] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3079.613480] ? trace_hardirqs_on+0x5b/0x180 [ 3079.614007] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3079.614676] ? validate_linkmsg+0x18d/0x8b0 [ 3079.615287] ? validate_linkmsg+0x490/0x8b0 [ 3079.615819] __rtnl_newlink+0xc39/0x1700 [ 3079.616328] ? rtnl_setlink+0x3b0/0x3b0 [ 3079.616818] ? __is_insn_slot_addr+0x123/0x290 [ 3079.617383] ? unwind_next_frame+0x13ef/0x1a90 [ 3079.617941] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.618591] ? 0xffffffffa0000000 [ 3079.619015] ? __is_insn_slot_addr+0x14c/0x290 [ 3079.619618] ? kernel_text_address+0xf2/0x120 [ 3079.620166] ? __kernel_text_address+0x9/0x40 [ 3079.620716] ? unwind_get_return_address+0x55/0xa0 [ 3079.621318] ? create_prof_cpu_mask+0x20/0x20 [ 3079.621866] ? arch_stack_walk+0x99/0xf0 [ 3079.622381] ? stack_trace_save+0x8c/0xc0 [ 3079.622935] ? mark_held_locks+0x9e/0xe0 [ 3079.623492] ? trace_hardirqs_on+0x5b/0x180 [ 3079.624022] ? kasan_unpoison_shadow+0x33/0x50 [ 3079.624581] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3079.625202] rtnl_newlink+0x64/0xa0 [ 3079.625646] ? __rtnl_newlink+0x1700/0x1700 [ 3079.626174] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3079.626694] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3079.627408] ? perf_trace_lock+0xac/0x490 [ 3079.628403] ? __lockdep_reset_lock+0x180/0x180 [ 3079.629520] netlink_rcv_skb+0x14b/0x430 [ 3079.630493] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3079.631635] ? netlink_ack+0xab0/0xab0 [ 3079.632775] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3079.634134] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3079.635448] ? is_vmalloc_addr+0x7b/0xb0 [ 3079.636485] netlink_unicast+0x549/0x7f0 [ 3079.637521] ? netlink_attachskb+0x870/0x870 [ 3079.638634] netlink_sendmsg+0x90f/0xdf0 [ 3079.639712] ? netlink_unicast+0x7f0/0x7f0 [ 3079.640800] ? netlink_unicast+0x7f0/0x7f0 [ 3079.641872] __sock_sendmsg+0x154/0x190 [ 3079.642867] ____sys_sendmsg+0x70d/0x870 [ 3079.643932] ? sock_write_iter+0x3d0/0x3d0 [ 3079.645002] ? do_recvmmsg+0x6d0/0x6d0 [ 3079.645997] ? lock_downgrade+0x6d0/0x6d0 [ 3079.647027] ? __lockdep_reset_lock+0x180/0x180 [ 3079.647650] ___sys_sendmsg+0xf3/0x170 [ 3079.648129] ? sendmsg_copy_msghdr+0x160/0x160 [ 3079.648692] ? __fget_files+0x2cf/0x520 [ 3079.649177] ? lock_downgrade+0x6d0/0x6d0 [ 3079.649686] ? find_held_lock+0x2c/0x110 [ 3079.650189] ? __fget_files+0x2f8/0x520 [ 3079.650681] ? __fget_light+0xea/0x290 [ 3079.651334] __sys_sendmsg+0xe5/0x1b0 [ 3079.652251] ? __sys_sendmsg_sock+0x40/0x40 [ 3079.653317] ? rcu_read_lock_any_held+0x75/0xa0 [ 3079.654440] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3079.655883] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3079.657406] ? trace_hardirqs_on+0x5b/0x180 [ 3079.658668] do_syscall_64+0x33/0x40 [ 3079.659368] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3079.659995] RIP: 0033:0x7ff152763b19 [ 3079.660452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3079.662702] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3079.663703] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3079.664574] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3079.665443] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3079.666310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3079.667351] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3079.670949] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3079.695265] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3079.697550] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3079.709069] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3079.776444] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3079.777520] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3079.778452] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:57:53 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 47) 13:57:53 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x80108907, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:57:53 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 22) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:53 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xbe77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:57:53 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:53 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1200) 13:57:53 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0003000101010100"], 0x1c}}, 0x0) [ 3093.702991] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3093.708256] FAULT_INJECTION: forcing a failure. [ 3093.708256] name failslab, interval 1, probability 0, space 0, times 0 [ 3093.709676] CPU: 1 PID: 24824 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3093.710524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3093.711546] Call Trace: [ 3093.711886] dump_stack+0x107/0x167 [ 3093.712337] should_fail.cold+0x5/0xa [ 3093.712807] ? xas_alloc+0x336/0x440 [ 3093.713268] should_failslab+0x5/0x20 [ 3093.713736] kmem_cache_alloc+0x5b/0x310 [ 3093.714238] xas_alloc+0x336/0x440 [ 3093.714676] xas_create+0x34a/0x10d0 [ 3093.715141] ? queued_spin_lock_slowpath+0xcc/0x8c0 [ 3093.715779] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3093.716425] xas_store+0x8c/0x1c40 [ 3093.716870] __xa_store+0x164/0x2d0 [ 3093.717318] ? xa_delete_node+0x280/0x280 [ 3093.717833] ? trace_hardirqs_on+0x5b/0x180 [ 3093.718366] xa_store+0x31/0x50 [ 3093.718776] __io_uring_add_tctx_node+0x1cf/0x520 [ 3093.719366] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3093.720032] ? alloc_fd+0x2e7/0x670 [ 3093.720488] io_uring_setup+0x1fbb/0x2980 [ 3093.721002] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3093.721625] ? wait_for_completion_io+0x270/0x270 [ 3093.722235] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3093.722878] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3093.723511] do_syscall_64+0x33/0x40 [ 3093.727998] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3093.728622] RIP: 0033:0x7fbe2462eb19 [ 3093.729076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3093.731317] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3093.732272] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3093.733151] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3093.734018] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3093.734885] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3093.735765] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:57:53 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3093.752235] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3093.772988] FAULT_INJECTION: forcing a failure. [ 3093.772988] name failslab, interval 1, probability 0, space 0, times 0 [ 3093.774556] CPU: 0 PID: 24833 Comm: syz-executor.3 Not tainted 5.10.233 #1 13:57:53 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1800) [ 3093.775464] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3093.776580] Call Trace: [ 3093.776932] dump_stack+0x107/0x167 [ 3093.777411] should_fail.cold+0x5/0xa [ 3093.777919] should_failslab+0x5/0x20 [ 3093.778422] __kmalloc_node_track_caller+0x74/0x3b0 [ 3093.779083] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3093.779734] __alloc_skb+0xb1/0x5b0 [ 3093.780227] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3093.780843] rtmsg_ifinfo+0x83/0x120 [ 3093.781348] __dev_notify_flags+0x22a/0x2c0 [ 3093.781925] ? dev_change_name+0x660/0x660 [ 3093.782491] ? __dev_change_flags+0x4cf/0x6e0 [ 3093.783094] ? dev_set_allmulti+0x30/0x30 [ 3093.783683] dev_change_flags+0x100/0x160 [ 3093.784244] do_setlink+0x90c/0x3ac0 [ 3093.784752] ? vprintk_func+0x93/0x140 [ 3093.785276] ? rtnl_getlink+0xaa0/0xaa0 [ 3093.785810] ? printk+0xba/0xf1 [ 3093.786257] ? record_print_text.cold+0x16/0x16 [ 3093.786885] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3093.787580] ? trace_hardirqs_on+0x5b/0x180 [ 3093.788169] ? __nla_validate_parse+0x2d8/0x2b10 [ 3093.788793] ? perf_trace_lock+0xac/0x490 [ 3093.789342] ? nla_get_range_signed+0x520/0x520 [ 3093.789948] ? __lock_acquire+0xbb1/0x5b00 [ 3093.790517] __rtnl_newlink+0xc39/0x1700 [ 3093.791056] ? rtnl_setlink+0x3b0/0x3b0 [ 3093.791598] ? __is_insn_slot_addr+0x123/0x290 [ 3093.792222] ? unwind_next_frame+0x13ef/0x1a90 [ 3093.792834] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3093.793548] ? 0xffffffffa0000000 [ 3093.794019] ? __is_insn_slot_addr+0x14c/0x290 [ 3093.794636] ? kernel_text_address+0xf2/0x120 [ 3093.795237] ? __kernel_text_address+0x9/0x40 [ 3093.795864] ? unwind_get_return_address+0x55/0xa0 [ 3093.796523] ? create_prof_cpu_mask+0x20/0x20 [ 3093.797123] ? arch_stack_walk+0x99/0xf0 [ 3093.797679] ? stack_trace_save+0x8c/0xc0 [ 3093.798282] ? mark_held_locks+0x9e/0xe0 [ 3093.798828] ? trace_hardirqs_on+0x5b/0x180 [ 3093.799398] ? kasan_unpoison_shadow+0x33/0x50 [ 3093.800016] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3093.800702] rtnl_newlink+0x64/0xa0 [ 3093.801191] ? __rtnl_newlink+0x1700/0x1700 [ 3093.801772] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3093.802345] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3093.802892] ? perf_trace_lock+0xac/0x490 [ 3093.803457] ? __lockdep_reset_lock+0x180/0x180 [ 3093.804116] netlink_rcv_skb+0x14b/0x430 [ 3093.804661] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3093.805211] ? netlink_ack+0xab0/0xab0 [ 3093.805733] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3093.806355] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3093.807003] ? is_vmalloc_addr+0x7b/0xb0 13:57:53 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 48) 13:57:53 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0004000101010100"], 0x1c}}, 0x0) [ 3093.807566] netlink_unicast+0x549/0x7f0 [ 3093.820123] ? netlink_attachskb+0x870/0x870 [ 3093.820728] netlink_sendmsg+0x90f/0xdf0 [ 3093.821282] ? netlink_unicast+0x7f0/0x7f0 [ 3093.821862] ? netlink_unicast+0x7f0/0x7f0 [ 3093.822494] __sock_sendmsg+0x154/0x190 [ 3093.823032] ____sys_sendmsg+0x70d/0x870 [ 3093.823594] ? sock_write_iter+0x3d0/0x3d0 [ 3093.824171] ? do_recvmmsg+0x6d0/0x6d0 [ 3093.824705] ? lock_downgrade+0x6d0/0x6d0 [ 3093.825268] ? __lockdep_reset_lock+0x180/0x180 [ 3093.825894] ___sys_sendmsg+0xf3/0x170 [ 3093.826408] ? sendmsg_copy_msghdr+0x160/0x160 [ 3093.827021] ? __fget_files+0x2cf/0x520 [ 3093.827585] ? lock_downgrade+0x6d0/0x6d0 [ 3093.828215] ? find_held_lock+0x2c/0x110 [ 3093.828803] ? __fget_files+0x2f8/0x520 [ 3093.829375] ? __fget_light+0xea/0x290 [ 3093.829934] __sys_sendmsg+0xe5/0x1b0 [ 3093.830453] ? __sys_sendmsg_sock+0x40/0x40 [ 3093.831057] ? rcu_read_lock_any_held+0x75/0xa0 [ 3093.839738] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3093.840442] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3093.841139] ? trace_hardirqs_on+0x5b/0x180 [ 3093.841720] do_syscall_64+0x33/0x40 [ 3093.842226] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3093.842915] RIP: 0033:0x7ff152763b19 [ 3093.843420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3093.846035] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3093.847130] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3093.848101] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3093.849052] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3093.850002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3093.850951] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3093.865074] FAULT_INJECTION: forcing a failure. [ 3093.865074] name failslab, interval 1, probability 0, space 0, times 0 [ 3093.866511] CPU: 1 PID: 24942 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3093.867356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3093.868387] Call Trace: [ 3093.868718] dump_stack+0x107/0x167 [ 3093.869171] should_fail.cold+0x5/0xa [ 3093.869643] ? create_object.isra.0+0x3a/0xa20 [ 3093.870206] should_failslab+0x5/0x20 [ 3093.870674] kmem_cache_alloc+0x5b/0x310 [ 3093.871173] ? mark_held_locks+0x9e/0xe0 [ 3093.871698] create_object.isra.0+0x3a/0xa20 [ 3093.872233] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3093.872853] kmem_cache_alloc+0x159/0x310 [ 3093.873363] xas_alloc+0x336/0x440 [ 3093.873798] xas_create+0x34a/0x10d0 [ 3093.874258] ? kernel_text_address+0xf2/0x120 [ 3093.874803] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3093.875443] xas_store+0x8c/0x1c40 [ 3093.875903] __xa_store+0x164/0x2d0 [ 3093.876347] ? xa_delete_node+0x280/0x280 [ 3093.876859] ? trace_hardirqs_on+0x5b/0x180 [ 3093.877388] xa_store+0x31/0x50 [ 3093.877794] __io_uring_add_tctx_node+0x1cf/0x520 [ 3093.878379] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3093.879015] ? alloc_fd+0x2e7/0x670 [ 3093.879466] io_uring_setup+0x1fbb/0x2980 [ 3093.879994] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3093.880615] ? wait_for_completion_io+0x270/0x270 [ 3093.881224] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3093.881862] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3093.882491] do_syscall_64+0x33/0x40 [ 3093.882945] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3093.883581] RIP: 0033:0x7fbe2462eb19 [ 3093.884039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3093.886281] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3093.887213] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3093.888105] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3093.888973] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3093.889837] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3093.890707] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3093.896208] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3093.904800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3093.905821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3093.906305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3093.906864] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3093.907604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3093.909878] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 13:57:53 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0005000101010100"], 0x1c}}, 0x0) [ 3093.910395] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3093.910768] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3093.913254] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:57:53 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xbf77, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3093.942139] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3093.958013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3093.959017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3093.960095] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:57:53 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0006000101010100"], 0x1c}}, 0x0) 13:57:53 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:53 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:57:53 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1e00) [ 3094.044328] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3094.088086] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3094.102411] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3094.103787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3094.104772] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3094.108114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3094.109508] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3094.110669] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3094.117009] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3094.125754] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3094.153298] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3094.154703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3094.155740] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3107.959266] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:58:07 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 49) 13:58:07 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:07 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:07 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0xc0045878, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) [ 3107.968947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3107.972948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:58:07 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xc077, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:58:07 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 23) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:07 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0007000101010100"], 0x1c}}, 0x0) [ 3107.988748] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3107.992449] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:58:07 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) [ 3108.002745] FAULT_INJECTION: forcing a failure. [ 3108.002745] name failslab, interval 1, probability 0, space 0, times 0 [ 3108.004248] CPU: 0 PID: 25087 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3108.005154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3108.006237] Call Trace: [ 3108.006588] dump_stack+0x107/0x167 [ 3108.007066] should_fail.cold+0x5/0xa [ 3108.007568] ? xas_alloc+0x336/0x440 [ 3108.008080] should_failslab+0x5/0x20 [ 3108.008585] kmem_cache_alloc+0x5b/0x310 [ 3108.009119] xas_alloc+0x336/0x440 [ 3108.009585] xas_create+0x34a/0x10d0 [ 3108.010078] ? kernel_text_address+0xf2/0x120 [ 3108.010666] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3108.011352] xas_store+0x8c/0x1c40 13:58:07 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0008000101010100"], 0x1c}}, 0x0) [ 3108.011827] __xa_store+0x164/0x2d0 [ 3108.012317] ? xa_delete_node+0x280/0x280 [ 3108.020210] ? trace_hardirqs_on+0x5b/0x180 [ 3108.020779] xa_store+0x31/0x50 [ 3108.021219] __io_uring_add_tctx_node+0x1cf/0x520 [ 3108.021849] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3108.022532] ? alloc_fd+0x2e7/0x670 [ 3108.023015] io_uring_setup+0x1fbb/0x2980 [ 3108.023562] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3108.024256] ? wait_for_completion_io+0x270/0x270 [ 3108.024903] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3108.025587] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3108.026261] do_syscall_64+0x33/0x40 [ 3108.026746] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3108.027419] RIP: 0033:0x7fbe2462eb19 [ 3108.027906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3108.030326] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3108.031325] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3108.032272] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3108.033202] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3108.034133] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3108.035063] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3108.039196] FAULT_INJECTION: forcing a failure. [ 3108.039196] name failslab, interval 1, probability 0, space 0, times 0 [ 3108.044788] CPU: 0 PID: 25086 Comm: syz-executor.3 Not tainted 5.10.233 #1 13:58:07 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2400) [ 3108.045691] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3108.056567] Call Trace: [ 3108.056914] dump_stack+0x107/0x167 [ 3108.057390] should_fail.cold+0x5/0xa [ 3108.057888] ? create_object.isra.0+0x3a/0xa20 [ 3108.058486] should_failslab+0x5/0x20 [ 3108.058982] kmem_cache_alloc+0x5b/0x310 [ 3108.059516] create_object.isra.0+0x3a/0xa20 [ 3108.060096] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3108.060771] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3108.061434] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3108.062058] __alloc_skb+0xb1/0x5b0 [ 3108.062536] rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3108.063137] rtmsg_ifinfo+0x83/0x120 [ 3108.063627] __dev_notify_flags+0x22a/0x2c0 [ 3108.064206] ? dev_change_name+0x660/0x660 [ 3108.064755] ? __dev_change_flags+0x4cf/0x6e0 [ 3108.065347] ? dev_set_allmulti+0x30/0x30 [ 3108.065898] dev_change_flags+0x100/0x160 [ 3108.066444] do_setlink+0x90c/0x3ac0 [ 3108.066936] ? vprintk_func+0x93/0x140 [ 3108.067444] ? rtnl_getlink+0xaa0/0xaa0 [ 3108.067964] ? printk+0xba/0xf1 [ 3108.068413] ? record_print_text.cold+0x16/0x16 [ 3108.069022] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3108.069687] ? trace_hardirqs_on+0x5b/0x180 [ 3108.070261] ? __nla_validate_parse+0x2d8/0x2b10 [ 3108.070883] ? perf_trace_lock+0xac/0x490 [ 3108.071427] ? nla_get_range_signed+0x520/0x520 [ 3108.072043] ? __lock_acquire+0xbb1/0x5b00 [ 3108.072634] __rtnl_newlink+0xc39/0x1700 [ 3108.073181] ? rtnl_setlink+0x3b0/0x3b0 [ 3108.073705] ? __is_insn_slot_addr+0x123/0x290 [ 3108.074309] ? unwind_next_frame+0x13ef/0x1a90 [ 3108.074904] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3108.075603] ? 0xffffffffa0000000 [ 3108.076068] ? __is_insn_slot_addr+0x14c/0x290 [ 3108.076671] ? kernel_text_address+0xf2/0x120 [ 3108.077256] ? __kernel_text_address+0x9/0x40 [ 3108.077841] ? unwind_get_return_address+0x55/0xa0 [ 3108.078478] ? create_prof_cpu_mask+0x20/0x20 [ 3108.079061] ? arch_stack_walk+0x99/0xf0 [ 3108.079602] ? stack_trace_save+0x8c/0xc0 [ 3108.080203] ? mark_held_locks+0x9e/0xe0 [ 3108.080736] ? trace_hardirqs_on+0x5b/0x180 [ 3108.081306] ? kasan_unpoison_shadow+0x33/0x50 [ 3108.081900] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3108.082565] rtnl_newlink+0x64/0xa0 [ 3108.083038] ? __rtnl_newlink+0x1700/0x1700 [ 3108.083599] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3108.084187] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3108.084722] ? perf_trace_lock+0xac/0x490 [ 3108.085266] ? __lockdep_reset_lock+0x180/0x180 [ 3108.085878] netlink_rcv_skb+0x14b/0x430 [ 3108.086405] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3108.086934] ? netlink_ack+0xab0/0xab0 [ 3108.087439] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3108.088048] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3108.088651] ? is_vmalloc_addr+0x7b/0xb0 [ 3108.089183] netlink_unicast+0x549/0x7f0 [ 3108.089718] ? netlink_attachskb+0x870/0x870 [ 3108.090298] netlink_sendmsg+0x90f/0xdf0 [ 3108.090831] ? netlink_unicast+0x7f0/0x7f0 [ 3108.091392] ? netlink_unicast+0x7f0/0x7f0 [ 3108.091945] __sock_sendmsg+0x154/0x190 [ 3108.092475] ____sys_sendmsg+0x70d/0x870 [ 3108.093006] ? sock_write_iter+0x3d0/0x3d0 [ 3108.093554] ? do_recvmmsg+0x6d0/0x6d0 [ 3108.094064] ? lock_downgrade+0x6d0/0x6d0 [ 3108.094610] ? __lockdep_reset_lock+0x180/0x180 [ 3108.095222] ___sys_sendmsg+0xf3/0x170 [ 3108.095732] ? sendmsg_copy_msghdr+0x160/0x160 [ 3108.096349] ? __fget_files+0x2cf/0x520 [ 3108.096867] ? lock_downgrade+0x6d0/0x6d0 [ 3108.097407] ? find_held_lock+0x2c/0x110 [ 3108.097944] ? __fget_files+0x2f8/0x520 [ 3108.098470] ? __fget_light+0xea/0x290 [ 3108.098983] __sys_sendmsg+0xe5/0x1b0 [ 3108.099479] ? __sys_sendmsg_sock+0x40/0x40 [ 3108.100053] ? rcu_read_lock_any_held+0x75/0xa0 [ 3108.100691] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3108.101374] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3108.102042] ? trace_hardirqs_on+0x5b/0x180 [ 3108.102605] do_syscall_64+0x33/0x40 [ 3108.103089] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3108.103757] RIP: 0033:0x7ff152763b19 [ 3108.104256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3108.106657] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3108.107650] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3108.108592] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3108.109522] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3108.110459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3108.111388] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3108.129701] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3108.149092] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3108.150311] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3108.151218] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3108.161305] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3108.166629] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3108.179257] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3108.180182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3108.181603] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3108.243844] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3108.244809] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3108.245962] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3122.387573] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:58:21 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0009000101010100"], 0x1c}}, 0x0) 13:58:21 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2a00) 13:58:21 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0xc0045878, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:58:21 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 24) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:21 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedc0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:58:21 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x6, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:21 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:21 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 50) [ 3122.421941] FAULT_INJECTION: forcing a failure. [ 3122.421941] name failslab, interval 1, probability 0, space 0, times 0 [ 3122.423576] CPU: 1 PID: 25205 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3122.425832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3122.428101] Call Trace: [ 3122.428933] dump_stack+0x107/0x167 [ 3122.429883] should_fail.cold+0x5/0xa [ 3122.430884] should_failslab+0x5/0x20 [ 3122.431891] __kmalloc_node_track_caller+0x74/0x3b0 [ 3122.433346] ? netlink_trim+0x1ee/0x250 [ 3122.433843] FAULT_INJECTION: forcing a failure. [ 3122.433843] name failslab, interval 1, probability 0, space 0, times 0 [ 3122.434368] pskb_expand_head+0x15a/0x1040 [ 3122.437292] netlink_trim+0x1ee/0x250 [ 3122.438195] netlink_broadcast_filtered+0x60/0xdc0 [ 3122.439356] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3122.440483] ? rtmsg_ifinfo_build_skb+0xd1/0x1a0 [ 3122.441824] nlmsg_notify+0x94/0x290 [ 3122.442730] rtmsg_ifinfo+0xf0/0x120 [ 3122.443635] __dev_notify_flags+0x22a/0x2c0 [ 3122.444726] ? dev_change_name+0x660/0x660 [ 3122.445725] ? __dev_change_flags+0x4cf/0x6e0 [ 3122.446788] ? dev_set_allmulti+0x30/0x30 [ 3122.447777] dev_change_flags+0x100/0x160 [ 3122.448828] do_setlink+0x90c/0x3ac0 [ 3122.449334] ? lock_chain_count+0x20/0x20 [ 3122.449845] ? rtnl_getlink+0xaa0/0xaa0 [ 3122.450336] ? printk+0xba/0xf1 [ 3122.450748] ? record_print_text.cold+0x16/0x16 [ 3122.451323] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3122.451945] ? trace_hardirqs_on+0x5b/0x180 [ 3122.452495] ? mark_held_locks+0x9e/0xe0 [ 3122.453638] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3122.454912] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3122.456218] ? trace_hardirqs_on+0x5b/0x180 [ 3122.457395] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3122.458697] __rtnl_newlink+0xc39/0x1700 [ 3122.459668] ? rtnl_setlink+0x3b0/0x3b0 [ 3122.460636] ? __is_insn_slot_addr+0x123/0x290 [ 3122.461754] ? unwind_next_frame+0x13ef/0x1a90 [ 3122.462860] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3122.464149] ? 0xffffffffa0000000 [ 3122.464793] ? __is_insn_slot_addr+0x14c/0x290 [ 3122.465360] ? kernel_text_address+0xf2/0x120 [ 3122.465918] ? __kernel_text_address+0x9/0x40 [ 3122.466470] ? unwind_get_return_address+0x55/0xa0 [ 3122.467075] ? create_prof_cpu_mask+0x20/0x20 [ 3122.467628] ? arch_stack_walk+0x99/0xf0 [ 3122.468144] ? stack_trace_save+0x8c/0xc0 [ 3122.468732] ? mark_held_locks+0x9e/0xe0 [ 3122.469238] ? trace_hardirqs_on+0x5b/0x180 [ 3122.469772] ? kasan_unpoison_shadow+0x33/0x50 [ 3122.470333] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3122.470960] rtnl_newlink+0x64/0xa0 [ 3122.471408] ? __rtnl_newlink+0x1700/0x1700 [ 3122.471939] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3122.472461] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3122.472987] ? perf_trace_lock+0xac/0x490 [ 3122.473504] ? __lockdep_reset_lock+0x180/0x180 [ 3122.474082] netlink_rcv_skb+0x14b/0x430 [ 3122.474584] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3122.475085] ? netlink_ack+0xab0/0xab0 [ 3122.475564] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3122.476130] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3122.476716] netlink_unicast+0x549/0x7f0 [ 3122.477222] ? netlink_attachskb+0x870/0x870 [ 3122.477774] netlink_sendmsg+0x90f/0xdf0 [ 3122.478279] ? netlink_unicast+0x7f0/0x7f0 [ 3122.478815] ? netlink_unicast+0x7f0/0x7f0 [ 3122.479338] __sock_sendmsg+0x154/0x190 [ 3122.479829] ____sys_sendmsg+0x70d/0x870 [ 3122.480332] ? sock_write_iter+0x3d0/0x3d0 [ 3122.480865] ? do_recvmmsg+0x6d0/0x6d0 [ 3122.481350] ? lock_downgrade+0x6d0/0x6d0 [ 3122.481864] ? __lockdep_reset_lock+0x180/0x180 [ 3122.482440] ___sys_sendmsg+0xf3/0x170 [ 3122.482925] ? sendmsg_copy_msghdr+0x160/0x160 [ 3122.483494] ? __fget_files+0x2cf/0x520 [ 3122.483982] ? lock_downgrade+0x6d0/0x6d0 [ 3122.484494] ? find_held_lock+0x2c/0x110 [ 3122.485050] ? __fget_files+0x2f8/0x520 [ 3122.485548] ? __fget_light+0xea/0x290 [ 3122.486034] __sys_sendmsg+0xe5/0x1b0 [ 3122.486505] ? __sys_sendmsg_sock+0x40/0x40 [ 3122.487036] ? rcu_read_lock_any_held+0x75/0xa0 [ 3122.487626] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3122.488300] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3122.488956] ? trace_hardirqs_on+0x5b/0x180 [ 3122.489489] do_syscall_64+0x33/0x40 [ 3122.489948] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3122.490578] RIP: 0033:0x7ff152763b19 [ 3122.491046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3122.493305] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3122.494242] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3122.495113] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3122.495984] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3122.496873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3122.497744] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3122.498644] CPU: 0 PID: 25288 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3122.499602] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3122.500737] Call Trace: [ 3122.501102] dump_stack+0x107/0x167 [ 3122.501611] should_fail.cold+0x5/0xa [ 3122.502122] ? create_object.isra.0+0x3a/0xa20 [ 3122.502733] should_failslab+0x5/0x20 [ 3122.503242] kmem_cache_alloc+0x5b/0x310 [ 3122.503814] ? mark_held_locks+0x9e/0xe0 [ 3122.504384] create_object.isra.0+0x3a/0xa20 [ 3122.505020] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3122.505778] kmem_cache_alloc+0x159/0x310 [ 3122.506436] xas_alloc+0x336/0x440 [ 3122.506985] xas_create+0x34a/0x10d0 [ 3122.507579] ? kernel_text_address+0xf2/0x120 [ 3122.508258] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3122.509045] xas_store+0x8c/0x1c40 [ 3122.509556] __xa_store+0x164/0x2d0 [ 3122.510080] ? xa_delete_node+0x280/0x280 [ 3122.510747] ? trace_hardirqs_on+0x5b/0x180 [ 3122.511375] xa_store+0x31/0x50 [ 3122.511842] __io_uring_add_tctx_node+0x1cf/0x520 [ 3122.512564] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3122.513362] ? alloc_fd+0x2e7/0x670 [ 3122.513882] io_uring_setup+0x1fbb/0x2980 [ 3122.514472] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3122.515197] ? wait_for_completion_io+0x270/0x270 [ 3122.515895] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3122.516631] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3122.517347] do_syscall_64+0x33/0x40 [ 3122.517866] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3122.518581] RIP: 0033:0x7fbe2462eb19 [ 3122.519100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3122.521649] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3122.522707] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3122.523693] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3122.524696] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3122.525684] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3122.526674] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:58:21 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000a000101010100"], 0x1c}}, 0x0) [ 3122.530823] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3122.542573] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3122.543593] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3122.544708] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3122.546297] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3122.555214] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3122.556294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3122.557224] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3122.558166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3122.559239] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3122.561029] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3122.573915] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3122.587004] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3122.605091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3122.606184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3122.607240] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:58:21 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 25) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:21 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x80000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:58:21 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3000) 13:58:21 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0048000101010100"], 0x1c}}, 0x0) 13:58:21 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:22 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x7, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3122.720176] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3122.744604] FAULT_INJECTION: forcing a failure. [ 3122.744604] name failslab, interval 1, probability 0, space 0, times 0 [ 3122.747425] CPU: 0 PID: 25341 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3122.748399] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3122.749561] Call Trace: [ 3122.749934] dump_stack+0x107/0x167 [ 3122.750453] should_fail.cold+0x5/0xa [ 3122.750988] ? ___slab_alloc+0x360/0x700 [ 3122.751567] ? create_object.isra.0+0x3a/0xa20 [ 3122.752215] should_failslab+0x5/0x20 [ 3122.752831] kmem_cache_alloc+0x5b/0x310 [ 3122.753428] create_object.isra.0+0x3a/0xa20 [ 3122.754046] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3122.754761] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3122.755480] ? netlink_trim+0x1ee/0x250 [ 3122.756052] pskb_expand_head+0x15a/0x1040 [ 3122.756852] netlink_trim+0x1ee/0x250 [ 3122.757932] netlink_broadcast_filtered+0x60/0xdc0 [ 3122.759321] ? rtmsg_ifinfo_build_skb+0x72/0x1a0 [ 3122.760699] ? rtmsg_ifinfo_build_skb+0xd1/0x1a0 [ 3122.762052] nlmsg_notify+0x94/0x290 [ 3122.763147] rtmsg_ifinfo+0xf0/0x120 [ 3122.764218] __dev_notify_flags+0x22a/0x2c0 [ 3122.765657] ? dev_change_name+0x660/0x660 [ 3122.766834] ? __dev_change_flags+0x4cf/0x6e0 [ 3122.768080] ? dev_set_allmulti+0x30/0x30 [ 3122.769423] dev_change_flags+0x100/0x160 [ 3122.770615] do_setlink+0x90c/0x3ac0 [ 3122.771682] ? vprintk_func+0x93/0x140 [ 3122.772850] ? rtnl_getlink+0xaa0/0xaa0 [ 3122.773968] ? printk+0xba/0xf1 [ 3122.774899] ? record_print_text.cold+0x16/0x16 [ 3122.776181] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3122.777803] ? trace_hardirqs_on+0x5b/0x180 [ 3122.779047] ? __nla_validate_parse+0x2d8/0x2b10 [ 3122.780438] ? perf_trace_lock+0xac/0x490 [ 3122.781837] ? nla_get_range_signed+0x520/0x520 [ 3122.783088] ? __lock_acquire+0xbb1/0x5b00 [ 3122.784251] __rtnl_newlink+0xc39/0x1700 [ 3122.785725] ? rtnl_setlink+0x3b0/0x3b0 [ 3122.786850] ? __is_insn_slot_addr+0x123/0x290 [ 3122.788060] ? unwind_next_frame+0x13ef/0x1a90 [ 3122.789502] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3122.791026] ? 0xffffffffa0000000 [ 3122.792042] ? __is_insn_slot_addr+0x14c/0x290 [ 3122.793571] ? kernel_text_address+0xf2/0x120 [ 3122.794894] ? __kernel_text_address+0x9/0x40 [ 3122.796239] ? unwind_get_return_address+0x55/0xa0 [ 3122.797899] ? create_prof_cpu_mask+0x20/0x20 [ 3122.799143] ? arch_stack_walk+0x99/0xf0 [ 3122.800360] ? stack_trace_save+0x8c/0xc0 [ 3122.801839] ? mark_held_locks+0x9e/0xe0 [ 3122.803044] ? trace_hardirqs_on+0x5b/0x180 [ 3122.804307] ? kasan_unpoison_shadow+0x33/0x50 [ 3122.805915] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3122.807375] rtnl_newlink+0x64/0xa0 [ 3122.808423] ? __rtnl_newlink+0x1700/0x1700 [ 3122.809117] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3122.809727] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3122.810332] ? perf_trace_lock+0xac/0x490 [ 3122.810918] ? __lockdep_reset_lock+0x180/0x180 [ 3122.811611] netlink_rcv_skb+0x14b/0x430 [ 3122.812185] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3122.813092] ? netlink_ack+0xab0/0xab0 [ 3122.814246] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3122.815583] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3122.816718] ? is_vmalloc_addr+0x7b/0xb0 [ 3122.817289] netlink_unicast+0x549/0x7f0 [ 3122.817870] ? netlink_attachskb+0x870/0x870 [ 3122.818506] netlink_sendmsg+0x90f/0xdf0 [ 3122.819081] ? netlink_unicast+0x7f0/0x7f0 [ 3122.819690] ? netlink_unicast+0x7f0/0x7f0 [ 3122.820286] __sock_sendmsg+0x154/0x190 [ 3122.820908] ____sys_sendmsg+0x70d/0x870 [ 3122.821488] ? sock_write_iter+0x3d0/0x3d0 [ 3122.822088] ? do_recvmmsg+0x6d0/0x6d0 [ 3122.822648] ? lock_downgrade+0x6d0/0x6d0 [ 3122.823246] ? __lockdep_reset_lock+0x180/0x180 [ 3122.823915] ___sys_sendmsg+0xf3/0x170 [ 3122.824466] ? sendmsg_copy_msghdr+0x160/0x160 [ 3122.825965] ? __fget_files+0x2cf/0x520 [ 3122.827335] ? lock_downgrade+0x6d0/0x6d0 [ 3122.828763] ? find_held_lock+0x2c/0x110 [ 3122.830147] ? __fget_files+0x2f8/0x520 [ 3122.831543] ? __fget_light+0xea/0x290 [ 3122.832870] __sys_sendmsg+0xe5/0x1b0 [ 3122.834071] ? __sys_sendmsg_sock+0x40/0x40 [ 3122.835548] ? rcu_read_lock_any_held+0x75/0xa0 [ 3122.837181] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3122.838952] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3122.840737] ? trace_hardirqs_on+0x5b/0x180 [ 3122.842221] do_syscall_64+0x33/0x40 [ 3122.843480] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3122.845256] RIP: 0033:0x7ff152763b19 [ 3122.846529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3122.852771] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3122.854962] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3122.857104] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3122.859116] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3122.860879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3122.861872] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3122.875912] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3122.878791] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:58:22 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3600) 13:58:22 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c004c000101010100"], 0x1c}}, 0x0) 13:58:22 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 51) [ 3122.910256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3122.912594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3122.916001] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3122.928808] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3122.931165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3122.934863] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3122.952836] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3122.971925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3122.974383] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3122.997006] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3123.006584] FAULT_INJECTION: forcing a failure. [ 3123.006584] name failslab, interval 1, probability 0, space 0, times 0 [ 3123.009686] CPU: 0 PID: 25459 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3123.010978] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3123.013978] Call Trace: [ 3123.014895] dump_stack+0x107/0x167 [ 3123.016144] should_fail.cold+0x5/0xa [ 3123.017496] ? xas_alloc+0x336/0x440 [ 3123.018927] should_failslab+0x5/0x20 [ 3123.019646] kmem_cache_alloc+0x5b/0x310 [ 3123.021031] xas_alloc+0x336/0x440 [ 3123.022543] xas_create+0x34a/0x10d0 [ 3123.023277] ? kernel_text_address+0xf2/0x120 [ 3123.024748] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3123.025756] xas_store+0x8c/0x1c40 [ 3123.027116] __xa_store+0x164/0x2d0 [ 3123.027824] ? xa_delete_node+0x280/0x280 [ 3123.029279] ? trace_hardirqs_on+0x5b/0x180 [ 3123.030036] xa_store+0x31/0x50 [ 3123.031242] __io_uring_add_tctx_node+0x1cf/0x520 [ 3123.032106] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3123.033950] ? alloc_fd+0x2e7/0x670 [ 3123.034664] io_uring_setup+0x1fbb/0x2980 [ 3123.036098] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3123.037055] ? wait_for_completion_io+0x270/0x270 [ 3123.039233] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3123.040201] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3123.042042] do_syscall_64+0x33/0x40 [ 3123.042740] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3123.044627] RIP: 0033:0x7fbe2462eb19 [ 3123.045379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3123.051996] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3123.053351] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3123.054601] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3123.055852] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3123.057112] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3123.058369] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3123.074987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3123.076274] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3123.079065] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:58:36 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x8, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:36 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 26) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:36 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0xc0189436, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) [ 3136.888301] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3136.915225] FAULT_INJECTION: forcing a failure. [ 3136.915225] name failslab, interval 1, probability 0, space 0, times 0 13:58:36 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3c00) 13:58:36 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe0ffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:58:36 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0068000101010100"], 0x1c}}, 0x0) 13:58:36 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x5, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:36 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 52) [ 3136.916714] CPU: 0 PID: 25490 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3136.917645] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3136.918736] Call Trace: [ 3136.919088] dump_stack+0x107/0x167 [ 3136.919568] should_fail.cold+0x5/0xa [ 3136.920070] ? create_object.isra.0+0x3a/0xa20 [ 3136.920674] should_failslab+0x5/0x20 [ 3136.921195] kmem_cache_alloc+0x5b/0x310 [ 3136.921741] ? mark_held_locks+0x9e/0xe0 [ 3136.922277] create_object.isra.0+0x3a/0xa20 [ 3136.922855] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3136.923526] kmem_cache_alloc+0x159/0x310 [ 3136.924076] xas_alloc+0x336/0x440 [ 3136.924551] xas_create+0x34a/0x10d0 [ 3136.925057] ? kernel_text_address+0xf2/0x120 [ 3136.925652] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3136.926339] xas_store+0x8c/0x1c40 [ 3136.926818] __xa_store+0x164/0x2d0 [ 3136.927304] ? xa_delete_node+0x280/0x280 [ 3136.927856] ? trace_hardirqs_on+0x5b/0x180 [ 3136.928428] xa_store+0x31/0x50 [ 3136.928865] __io_uring_add_tctx_node+0x1cf/0x520 [ 3136.929520] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3136.930208] ? alloc_fd+0x2e7/0x670 [ 3136.930698] io_uring_setup+0x1fbb/0x2980 [ 3136.931250] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3136.931918] ? wait_for_completion_io+0x270/0x270 [ 3136.932568] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3136.933277] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3136.933959] do_syscall_64+0x33/0x40 [ 3136.934448] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3136.935123] RIP: 0033:0x7fbe2462eb19 [ 3136.935616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3136.938063] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3136.939071] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3136.940013] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3136.940953] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3136.945916] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3136.946846] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:58:36 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c006c000101010100"], 0x1c}}, 0x0) [ 3136.952612] FAULT_INJECTION: forcing a failure. [ 3136.952612] name failslab, interval 1, probability 0, space 0, times 0 [ 3136.955343] CPU: 0 PID: 25473 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3136.957120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3136.958264] Call Trace: [ 3136.958611] dump_stack+0x107/0x167 [ 3136.959089] should_fail.cold+0x5/0xa [ 3136.959595] ? __alloc_skb+0x6d/0x5b0 [ 3136.960094] should_failslab+0x5/0x20 [ 3136.960593] kmem_cache_alloc_node+0x55/0x330 [ 3136.961205] __alloc_skb+0x6d/0x5b0 [ 3136.961687] inet6_rt_notify+0xed/0x2a0 [ 3136.962211] fib6_del+0xf4c/0x1540 [ 3136.962692] ? fib6_locate+0x660/0x660 [ 3136.963204] ? fib6_ifdown+0xc5/0x8f0 [ 3136.963709] fib6_clean_node+0x39e/0x570 [ 3136.964241] ? fib6_del+0x1540/0x1540 [ 3136.964740] ? fib6_clean_tree+0x14c/0x260 [ 3136.965319] fib6_walk_continue+0x35c/0x710 [ 3136.965898] ? trace_hardirqs_on+0x5b/0x180 [ 3136.966465] fib6_clean_tree+0x154/0x260 [ 3136.967005] ? fib6_ifup+0x260/0x260 [ 3136.967558] ? fib6_info_destroy_rcu+0x210/0x210 [ 3136.968182] ? fib6_del+0x1540/0x1540 [ 3136.968685] ? fib6_ifup+0x260/0x260 [ 3136.973213] ? spin_bug+0xf0/0x100 [ 3136.973678] ? lock_chain_count+0x20/0x20 [ 3136.974227] ? fib6_ifup+0x260/0x260 [ 3136.974713] __fib6_clean_all+0xf0/0x2a0 [ 3136.975246] rt6_disable_ip+0x4d5/0x5b0 [ 3136.975766] ? lock_chain_count+0x20/0x20 [ 3136.976311] ? rt6_sync_down_dev+0x150/0x150 [ 3136.976895] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3136.977588] ? addrconf_dad_run+0x180/0x180 [ 3136.978164] addrconf_notify+0x159/0x2410 [ 3136.978709] ? tun_device_event+0x71/0x1160 [ 3136.979271] ? mark_held_locks+0x9e/0xe0 [ 3136.979904] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3136.980622] ? inet6_ifinfo_notify+0x150/0x150 [ 3136.981241] ? failover_register+0x530/0x530 [ 3136.981832] raw_notifier_call_chain+0xb3/0x110 [ 3136.982497] call_netdevice_notifiers_info+0xb5/0x130 [ 3136.983207] __dev_notify_flags+0x1de/0x2c0 [ 3136.983772] ? dev_change_name+0x660/0x660 [ 3136.984323] ? __dev_change_flags+0x4cf/0x6e0 [ 3136.984915] ? dev_set_allmulti+0x30/0x30 [ 3136.985486] dev_change_flags+0x100/0x160 [ 3136.986032] do_setlink+0x90c/0x3ac0 [ 3136.986522] ? mark_held_locks+0x9e/0xe0 [ 3136.987056] ? rtnl_getlink+0xaa0/0xaa0 [ 3136.987574] ? trace_hardirqs_on+0x5b/0x180 [ 3136.988140] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3136.988856] ? __nla_validate_parse+0x1a3/0x2b10 [ 3136.989527] ? __nla_validate_parse+0x1b8/0x2b10 [ 3136.990192] ? __nla_validate_parse+0x2d8/0x2b10 [ 3136.990815] ? perf_trace_lock+0xac/0x490 [ 3136.991361] ? nla_get_range_signed+0x520/0x520 [ 3136.991968] ? __lock_acquire+0xbb1/0x5b00 [ 3136.992596] __rtnl_newlink+0xc39/0x1700 [ 3136.993158] ? rtnl_setlink+0x3b0/0x3b0 [ 3136.993685] ? __is_insn_slot_addr+0x123/0x290 [ 3136.994290] ? unwind_next_frame+0x13ef/0x1a90 [ 3136.994888] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3136.995650] ? 0xffffffffa0000000 [ 3136.996107] ? __is_insn_slot_addr+0x14c/0x290 [ 3136.996751] ? kernel_text_address+0xf2/0x120 [ 3137.001419] ? __kernel_text_address+0x9/0x40 [ 3137.002005] ? unwind_get_return_address+0x55/0xa0 [ 3137.002646] ? create_prof_cpu_mask+0x20/0x20 [ 3137.003232] ? arch_stack_walk+0x99/0xf0 [ 3137.009089] ? stack_trace_save+0x8c/0xc0 [ 3137.013638] ? mark_held_locks+0x9e/0xe0 [ 3137.014173] ? trace_hardirqs_on+0x5b/0x180 [ 3137.014738] ? kasan_unpoison_shadow+0x33/0x50 [ 3137.015332] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3137.016001] rtnl_newlink+0x64/0xa0 [ 3137.016476] ? __rtnl_newlink+0x1700/0x1700 [ 3137.017048] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3137.017617] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3137.018147] ? perf_trace_lock+0xac/0x490 [ 3137.018702] ? __lockdep_reset_lock+0x180/0x180 [ 3137.019318] netlink_rcv_skb+0x14b/0x430 [ 3137.019850] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3137.020381] ? netlink_ack+0xab0/0xab0 [ 3137.020888] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3137.021504] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3137.022104] ? is_vmalloc_addr+0x7b/0xb0 [ 3137.022639] netlink_unicast+0x549/0x7f0 [ 3137.023179] ? netlink_attachskb+0x870/0x870 [ 3137.023766] netlink_sendmsg+0x90f/0xdf0 [ 3137.024302] ? netlink_unicast+0x7f0/0x7f0 [ 3137.024864] ? netlink_unicast+0x7f0/0x7f0 [ 3137.025436] __sock_sendmsg+0x154/0x190 [ 3137.025956] ____sys_sendmsg+0x70d/0x870 [ 3137.026490] ? sock_write_iter+0x3d0/0x3d0 [ 3137.027040] ? do_recvmmsg+0x6d0/0x6d0 [ 3137.027553] ? lock_downgrade+0x6d0/0x6d0 [ 3137.028095] ? __lockdep_reset_lock+0x180/0x180 [ 3137.028710] ___sys_sendmsg+0xf3/0x170 [ 3137.029242] ? sendmsg_copy_msghdr+0x160/0x160 [ 3137.029842] ? __fget_files+0x2cf/0x520 [ 3137.030361] ? lock_downgrade+0x6d0/0x6d0 [ 3137.030905] ? find_held_lock+0x2c/0x110 [ 3137.031445] ? __fget_files+0x2f8/0x520 [ 3137.031972] ? __fget_light+0xea/0x290 [ 3137.032487] __sys_sendmsg+0xe5/0x1b0 [ 3137.032986] ? __sys_sendmsg_sock+0x40/0x40 [ 3137.033575] ? rcu_read_lock_any_held+0x75/0xa0 [ 3137.034197] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3137.034887] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3137.035558] ? trace_hardirqs_on+0x5b/0x180 [ 3137.036122] do_syscall_64+0x33/0x40 [ 3137.036608] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3137.037300] RIP: 0033:0x7ff152763b19 [ 3137.037792] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3137.045644] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3137.046638] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3137.047570] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3137.048501] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3137.049464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3137.050396] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3137.062862] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3137.073548] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:58:36 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x1000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:58:36 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4800) 13:58:36 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0074000101010100"], 0x1c}}, 0x0) [ 3137.090332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3137.091259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3137.092219] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3137.093812] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3137.100063] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3137.100975] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3137.102029] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3137.103509] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3137.104366] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3137.105511] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3137.122675] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:58:36 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x9, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3137.177326] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3137.202842] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3137.203795] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:58:36 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3137.205028] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3137.219907] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:58:36 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4c00) 13:58:36 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 53) 13:58:36 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c007a000101010100"], 0x1c}}, 0x0) [ 3137.253915] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3137.254879] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3137.255954] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3137.297903] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3137.299126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3137.300184] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3137.315407] FAULT_INJECTION: forcing a failure. [ 3137.315407] name failslab, interval 1, probability 0, space 0, times 0 [ 3137.317027] CPU: 1 PID: 25776 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3137.317925] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3137.318937] Call Trace: [ 3137.319268] dump_stack+0x107/0x167 [ 3137.319712] should_fail.cold+0x5/0xa [ 3137.320176] ? xas_alloc+0x336/0x440 [ 3137.320633] should_failslab+0x5/0x20 [ 3137.321130] kmem_cache_alloc+0x5b/0x310 [ 3137.321649] xas_alloc+0x336/0x440 [ 3137.322103] xas_create+0x34a/0x10d0 [ 3137.322586] ? kernel_text_address+0xf2/0x120 [ 3137.323160] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3137.323822] xas_store+0x8c/0x1c40 [ 3137.324287] __xa_store+0x164/0x2d0 [ 3137.324749] ? xa_delete_node+0x280/0x280 [ 3137.325310] ? trace_hardirqs_on+0x5b/0x180 [ 3137.325861] xa_store+0x31/0x50 [ 3137.326284] __io_uring_add_tctx_node+0x1cf/0x520 [ 3137.326891] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3137.327551] ? alloc_fd+0x2e7/0x670 [ 3137.328011] io_uring_setup+0x1fbb/0x2980 [ 3137.328537] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3137.329195] ? wait_for_completion_io+0x270/0x270 [ 3137.329804] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3137.330451] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3137.331100] do_syscall_64+0x33/0x40 [ 3137.331567] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3137.332200] RIP: 0033:0x7fbe2462eb19 [ 3137.332664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3137.334915] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3137.335831] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3137.336696] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3137.337600] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3137.338470] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3137.339339] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:58:50 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 54) [ 3150.970780] FAULT_INJECTION: forcing a failure. [ 3150.970780] name failslab, interval 1, probability 0, space 0, times 0 [ 3150.972384] CPU: 0 PID: 25823 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3150.973331] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3150.974576] Call Trace: [ 3150.974927] dump_stack+0x107/0x167 [ 3150.975456] should_fail.cold+0x5/0xa 13:58:50 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x3000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:58:50 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x6, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:50 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00f0000101010100"], 0x1c}}, 0x0) [ 3150.975960] ? create_object.isra.0+0x3a/0xa20 [ 3150.976606] should_failslab+0x5/0x20 [ 3150.977352] kmem_cache_alloc+0x5b/0x310 [ 3150.977911] ? mark_held_locks+0x9e/0xe0 [ 3150.978528] create_object.isra.0+0x3a/0xa20 [ 3150.979100] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3150.979816] kmem_cache_alloc+0x159/0x310 [ 3150.980415] xas_alloc+0x336/0x440 [ 3150.980880] xas_create+0x34a/0x10d0 [ 3150.981427] ? kernel_text_address+0xf2/0x120 [ 3150.982029] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3150.982790] xas_store+0x8c/0x1c40 [ 3150.983265] __xa_store+0x164/0x2d0 [ 3150.983792] ? xa_delete_node+0x280/0x280 [ 3150.984392] ? trace_hardirqs_on+0x5b/0x180 [ 3150.984962] xa_store+0x31/0x50 [ 3150.985445] __io_uring_add_tctx_node+0x1cf/0x520 [ 3150.986096] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3150.986853] ? alloc_fd+0x2e7/0x670 [ 3150.987388] io_uring_setup+0x1fbb/0x2980 [ 3150.987937] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3150.988650] ? wait_for_completion_io+0x270/0x270 [ 3150.989295] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3150.990053] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3150.990779] do_syscall_64+0x33/0x40 [ 3150.991265] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3150.992009] RIP: 0033:0x7fbe2462eb19 [ 3150.992548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3150.995056] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3150.996126] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3150.997100] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3150.998092] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3150.999066] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3151.000049] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:58:50 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 27) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:50 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0xc020660b, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:58:50 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6800) [ 3151.024244] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3151.039656] FAULT_INJECTION: forcing a failure. [ 3151.039656] name failslab, interval 1, probability 0, space 0, times 0 [ 3151.041806] CPU: 0 PID: 25834 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3151.042772] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3151.043900] Call Trace: [ 3151.044252] dump_stack+0x107/0x167 [ 3151.044808] should_fail.cold+0x5/0xa [ 3151.045356] ? create_object.isra.0+0x3a/0xa20 [ 3151.046004] should_failslab+0x5/0x20 [ 3151.046552] kmem_cache_alloc+0x5b/0x310 [ 3151.047085] ? lock_acquire+0x197/0x470 [ 3151.047658] create_object.isra.0+0x3a/0xa20 [ 3151.048231] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3151.048976] kmem_cache_alloc_node+0x169/0x330 [ 3151.049845] __alloc_skb+0x6d/0x5b0 [ 3151.050379] inet6_rt_notify+0xed/0x2a0 [ 3151.050908] fib6_del+0xf4c/0x1540 [ 3151.051436] ? fib6_locate+0x660/0x660 [ 3151.051950] ? fib6_ifdown+0xc5/0x8f0 [ 3151.052506] fib6_clean_node+0x39e/0x570 13:58:50 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0xa, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3151.053039] ? fib6_del+0x1540/0x1540 [ 3151.057683] ? fib6_clean_tree+0x14c/0x260 [ 3151.058242] fib6_walk_continue+0x35c/0x710 [ 3151.058857] ? trace_hardirqs_on+0x5b/0x180 [ 3151.059475] fib6_clean_tree+0x154/0x260 [ 3151.060007] ? fib6_ifup+0x260/0x260 [ 3151.060544] ? fib6_info_destroy_rcu+0x210/0x210 [ 3151.061168] ? fib6_del+0x1540/0x1540 [ 3151.061738] ? fib6_ifup+0x260/0x260 [ 3151.062226] ? spin_bug+0xf0/0x100 [ 3151.062795] ? lock_chain_count+0x20/0x20 [ 3151.063395] ? fib6_ifup+0x260/0x260 [ 3151.063882] __fib6_clean_all+0xf0/0x2a0 [ 3151.064468] rt6_disable_ip+0x4d5/0x5b0 [ 3151.064989] ? lock_chain_count+0x20/0x20 [ 3151.065605] ? rt6_sync_down_dev+0x150/0x150 [ 3151.066193] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3151.066897] ? addrconf_dad_run+0x180/0x180 [ 3151.067527] addrconf_notify+0x159/0x2410 [ 3151.068075] ? tun_device_event+0x71/0x1160 [ 3151.068690] ? mark_held_locks+0x9e/0xe0 [ 3151.069222] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3151.069971] ? inet6_ifinfo_notify+0x150/0x150 [ 3151.070626] ? failover_register+0x530/0x530 [ 3151.071211] raw_notifier_call_chain+0xb3/0x110 [ 3151.071902] call_netdevice_notifiers_info+0xb5/0x130 [ 3151.072629] __dev_notify_flags+0x1de/0x2c0 [ 3151.073194] ? dev_change_name+0x660/0x660 [ 3151.073830] ? __dev_change_flags+0x4cf/0x6e0 [ 3151.074492] ? dev_set_allmulti+0x30/0x30 [ 3151.075064] dev_change_flags+0x100/0x160 [ 3151.075714] do_setlink+0x90c/0x3ac0 [ 3151.076222] ? vprintk_func+0x93/0x140 [ 3151.076799] ? rtnl_getlink+0xaa0/0xaa0 [ 3151.077392] ? printk+0xba/0xf1 [ 3151.077858] ? record_print_text.cold+0x16/0x16 [ 3151.078541] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3151.079222] ? trace_hardirqs_on+0x5b/0x180 [ 3151.079902] ? __nla_validate_parse+0x2d8/0x2b10 [ 3151.080601] ? perf_trace_lock+0xac/0x490 [ 3151.081163] ? nla_get_range_signed+0x520/0x520 [ 3151.081858] ? __lock_acquire+0xbb1/0x5b00 [ 3151.082505] __rtnl_newlink+0xc39/0x1700 [ 3151.083068] ? rtnl_setlink+0x3b0/0x3b0 [ 3151.083694] ? __is_insn_slot_addr+0x123/0x290 [ 3151.084363] ? unwind_next_frame+0x13ef/0x1a90 [ 3151.084992] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3151.085783] ? 0xffffffffa0000000 [ 3151.086259] ? __is_insn_slot_addr+0x14c/0x290 [ 3151.098445] ? kernel_text_address+0xf2/0x120 [ 3151.099063] ? __kernel_text_address+0x9/0x40 [ 3151.099675] ? unwind_get_return_address+0x55/0xa0 [ 3151.100339] ? create_prof_cpu_mask+0x20/0x20 [ 3151.100947] ? arch_stack_walk+0x99/0xf0 [ 3151.101559] ? stack_trace_save+0x8c/0xc0 [ 3151.102192] ? mark_held_locks+0x9e/0xe0 [ 3151.102757] ? trace_hardirqs_on+0x5b/0x180 [ 3151.103357] ? kasan_unpoison_shadow+0x33/0x50 [ 3151.103985] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3151.104686] rtnl_newlink+0x64/0xa0 [ 3151.105163] ? __rtnl_newlink+0x1700/0x1700 [ 3151.105771] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3151.106347] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3151.106881] ? perf_trace_lock+0xac/0x490 [ 3151.107426] ? __lockdep_reset_lock+0x180/0x180 [ 3151.108040] netlink_rcv_skb+0x14b/0x430 [ 3151.108575] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3151.109106] ? netlink_ack+0xab0/0xab0 [ 3151.109653] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3151.110253] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3151.110851] ? is_vmalloc_addr+0x7b/0xb0 [ 3151.111386] netlink_unicast+0x549/0x7f0 [ 3151.111920] ? netlink_attachskb+0x870/0x870 [ 3151.112504] netlink_sendmsg+0x90f/0xdf0 [ 3151.113040] ? netlink_unicast+0x7f0/0x7f0 [ 3151.113640] ? netlink_unicast+0x7f0/0x7f0 [ 3151.114200] __sock_sendmsg+0x154/0x190 [ 3151.114721] ____sys_sendmsg+0x70d/0x870 [ 3151.115253] ? sock_write_iter+0x3d0/0x3d0 [ 3151.115805] ? do_recvmmsg+0x6d0/0x6d0 [ 3151.116315] ? lock_downgrade+0x6d0/0x6d0 [ 3151.116859] ? __lockdep_reset_lock+0x180/0x180 [ 3151.117470] ___sys_sendmsg+0xf3/0x170 [ 3151.118024] ? sendmsg_copy_msghdr+0x160/0x160 [ 3151.118627] ? __fget_files+0x2cf/0x520 [ 3151.119146] ? lock_downgrade+0x6d0/0x6d0 [ 3151.119687] ? find_held_lock+0x2c/0x110 [ 3151.120224] ? __fget_files+0x2f8/0x520 [ 3151.120749] ? __fget_light+0xea/0x290 [ 3151.121263] __sys_sendmsg+0xe5/0x1b0 [ 3151.121803] ? __sys_sendmsg_sock+0x40/0x40 [ 3151.122367] ? rcu_read_lock_any_held+0x75/0xa0 [ 3151.122991] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3151.123675] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3151.124345] ? trace_hardirqs_on+0x5b/0x180 [ 3151.124909] do_syscall_64+0x33/0x40 [ 3151.125397] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3151.126124] RIP: 0033:0x7ff152763b19 [ 3151.126630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3151.129056] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3151.134097] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3151.135030] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3151.135957] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 13:58:50 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00d7020101010100"], 0x1c}}, 0x0) [ 3151.136882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3151.137853] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3151.142069] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3151.144974] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3151.161638] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.162592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.163599] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3151.173114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.174066] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.175036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.175892] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.176582] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:58:50 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 55) [ 3151.191530] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3151.196225] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:58:50 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00f1020101010100"], 0x1c}}, 0x0) [ 3151.213127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.214061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.215006] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:58:50 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3151.226785] FAULT_INJECTION: forcing a failure. [ 3151.226785] name failslab, interval 1, probability 0, space 0, times 0 [ 3151.228343] CPU: 0 PID: 25951 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3151.229250] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3151.230361] Call Trace: [ 3151.230712] dump_stack+0x107/0x167 [ 3151.231190] should_fail.cold+0x5/0xa [ 3151.231691] ? xas_alloc+0x336/0x440 [ 3151.232184] should_failslab+0x5/0x20 [ 3151.232683] kmem_cache_alloc+0x5b/0x310 [ 3151.233219] xas_alloc+0x336/0x440 [ 3151.233705] xas_create+0x34a/0x10d0 [ 3151.234200] ? kernel_text_address+0xf2/0x120 [ 3151.234788] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3151.235476] xas_store+0x8c/0x1c40 [ 3151.235952] __xa_store+0x164/0x2d0 [ 3151.236430] ? xa_delete_node+0x280/0x280 [ 3151.236979] ? trace_hardirqs_on+0x5b/0x180 13:58:50 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6c00) [ 3151.237555] xa_store+0x31/0x50 [ 3151.237994] __io_uring_add_tctx_node+0x1cf/0x520 [ 3151.238626] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3151.239309] ? alloc_fd+0x2e7/0x670 [ 3151.239793] io_uring_setup+0x1fbb/0x2980 [ 3151.240538] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3151.241202] ? wait_for_completion_io+0x270/0x270 [ 3151.241873] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3151.242555] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3151.243229] do_syscall_64+0x33/0x40 [ 3151.243713] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3151.244381] RIP: 0033:0x7fbe2462eb19 [ 3151.244867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3151.247276] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3151.248269] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3151.249206] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3151.250154] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3151.251093] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3151.252024] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:58:50 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x7, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:50 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000030101010100"], 0x1c}}, 0x0) 13:58:50 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0xc, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:58:50 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 28) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3151.326064] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3151.336661] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3151.352060] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3151.360321] FAULT_INJECTION: forcing a failure. [ 3151.360321] name failslab, interval 1, probability 0, space 0, times 0 [ 3151.361877] CPU: 0 PID: 26021 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3151.362778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3151.363855] Call Trace: [ 3151.364206] dump_stack+0x107/0x167 [ 3151.364683] should_fail.cold+0x5/0xa [ 3151.365188] should_failslab+0x5/0x20 [ 3151.365729] __kmalloc_node_track_caller+0x74/0x3b0 [ 3151.366380] ? inet6_rt_notify+0xed/0x2a0 [ 3151.366926] __alloc_skb+0xb1/0x5b0 [ 3151.367404] inet6_rt_notify+0xed/0x2a0 [ 3151.367925] fib6_del+0xf4c/0x1540 [ 3151.368399] ? fib6_locate+0x660/0x660 [ 3151.368906] ? perf_trace_lock+0xac/0x490 [ 3151.369448] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3151.370162] ? fib6_ifdown+0xc5/0x8f0 [ 3151.370666] fib6_clean_node+0x39e/0x570 [ 3151.371199] ? fib6_del+0x1540/0x1540 [ 3151.371697] ? fib6_clean_tree+0x14c/0x260 [ 3151.372255] fib6_walk_continue+0x35c/0x710 [ 3151.372816] ? trace_hardirqs_on+0x5b/0x180 [ 3151.373380] fib6_clean_tree+0x154/0x260 [ 3151.373953] ? fib6_ifup+0x260/0x260 [ 3151.374440] ? fib6_info_destroy_rcu+0x210/0x210 [ 3151.375062] ? fib6_del+0x1540/0x1540 [ 3151.375559] ? fib6_ifup+0x260/0x260 [ 3151.376042] ? spin_bug+0xf0/0x100 [ 3151.376580] ? lock_chain_count+0x20/0x20 [ 3151.377132] ? fib6_ifup+0x260/0x260 [ 3151.377638] __fib6_clean_all+0xf0/0x2a0 [ 3151.378170] rt6_disable_ip+0x4d5/0x5b0 [ 3151.378690] ? lock_chain_count+0x20/0x20 [ 3151.379233] ? rt6_sync_down_dev+0x150/0x150 [ 3151.379818] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3151.380443] ? addrconf_dad_run+0x180/0x180 [ 3151.381018] addrconf_notify+0x159/0x2410 [ 3151.381574] ? tun_device_event+0x71/0x1160 [ 3151.382147] ? mark_held_locks+0x9e/0xe0 [ 3151.382683] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3151.383358] ? inet6_ifinfo_notify+0x150/0x150 [ 3151.383967] ? failover_register+0x530/0x530 [ 3151.384557] raw_notifier_call_chain+0xb3/0x110 [ 3151.385170] call_netdevice_notifiers_info+0xb5/0x130 [ 3151.385871] __dev_notify_flags+0x1de/0x2c0 [ 3151.386437] ? dev_change_name+0x660/0x660 [ 3151.386985] ? __dev_change_flags+0x4cf/0x6e0 [ 3151.387572] ? dev_set_allmulti+0x30/0x30 [ 3151.388121] dev_change_flags+0x100/0x160 [ 3151.388665] do_setlink+0x90c/0x3ac0 [ 3151.389156] ? vprintk_func+0x93/0x140 [ 3151.389690] ? rtnl_getlink+0xaa0/0xaa0 [ 3151.390213] ? printk+0xba/0xf1 [ 3151.390651] ? record_print_text.cold+0x16/0x16 [ 3151.391262] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3151.391924] ? trace_hardirqs_on+0x5b/0x180 [ 3151.392512] ? __nla_validate_parse+0x2d8/0x2b10 [ 3151.393134] ? perf_trace_lock+0xac/0x490 [ 3151.393707] ? nla_get_range_signed+0x520/0x520 [ 3151.394311] ? __lock_acquire+0xbb1/0x5b00 [ 3151.394886] __rtnl_newlink+0xc39/0x1700 [ 3151.395428] ? rtnl_setlink+0x3b0/0x3b0 [ 3151.395950] ? __is_insn_slot_addr+0x123/0x290 [ 3151.396553] ? unwind_next_frame+0x13ef/0x1a90 [ 3151.397146] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3151.397866] ? 0xffffffffa0000000 [ 3151.398329] ? __is_insn_slot_addr+0x14c/0x290 [ 3151.399010] ? kernel_text_address+0xf2/0x120 [ 3151.399598] ? __kernel_text_address+0x9/0x40 [ 3151.400184] ? unwind_get_return_address+0x55/0xa0 [ 3151.400825] ? create_prof_cpu_mask+0x20/0x20 [ 3151.401410] ? arch_stack_walk+0x99/0xf0 [ 3151.401976] ? stack_trace_save+0x8c/0xc0 [ 3151.402565] ? mark_held_locks+0x9e/0xe0 [ 3151.403101] ? trace_hardirqs_on+0x5b/0x180 [ 3151.403666] ? kasan_unpoison_shadow+0x33/0x50 [ 3151.404262] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3151.404925] rtnl_newlink+0x64/0xa0 [ 3151.405401] ? __rtnl_newlink+0x1700/0x1700 [ 3151.405986] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3151.406542] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3151.407075] ? perf_trace_lock+0xac/0x490 [ 3151.407621] ? __lockdep_reset_lock+0x180/0x180 [ 3151.408235] netlink_rcv_skb+0x14b/0x430 [ 3151.408767] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3151.409304] ? netlink_ack+0xab0/0xab0 [ 3151.409830] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3151.410431] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3151.411027] ? is_vmalloc_addr+0x7b/0xb0 [ 3151.411563] netlink_unicast+0x549/0x7f0 [ 3151.412103] ? netlink_attachskb+0x870/0x870 [ 3151.412689] netlink_sendmsg+0x90f/0xdf0 [ 3151.413226] ? netlink_unicast+0x7f0/0x7f0 [ 3151.413809] ? netlink_unicast+0x7f0/0x7f0 [ 3151.414378] __sock_sendmsg+0x154/0x190 [ 3151.414927] ____sys_sendmsg+0x70d/0x870 [ 3151.415487] ? sock_write_iter+0x3d0/0x3d0 [ 3151.416048] ? do_recvmmsg+0x6d0/0x6d0 [ 3151.416562] ? lock_downgrade+0x6d0/0x6d0 [ 3151.417108] ? __lockdep_reset_lock+0x180/0x180 [ 3151.417734] ___sys_sendmsg+0xf3/0x170 [ 3151.418247] ? sendmsg_copy_msghdr+0x160/0x160 [ 3151.418852] ? __fget_files+0x2cf/0x520 [ 3151.419373] ? lock_downgrade+0x6d0/0x6d0 [ 3151.419917] ? find_held_lock+0x2c/0x110 [ 3151.420458] ? __fget_files+0x2f8/0x520 [ 3151.420986] ? __fget_light+0xea/0x290 [ 3151.421505] __sys_sendmsg+0xe5/0x1b0 [ 3151.422028] ? __sys_sendmsg_sock+0x40/0x40 [ 3151.422593] ? rcu_read_lock_any_held+0x75/0xa0 [ 3151.423217] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3151.423904] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3151.424576] ? trace_hardirqs_on+0x5b/0x180 [ 3151.425141] do_syscall_64+0x33/0x40 [ 3151.425650] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3151.426321] RIP: 0033:0x7ff152763b19 [ 3151.426813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3151.429217] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3151.430242] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3151.431182] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3151.432117] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3151.433051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3151.434009] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3151.440681] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.441638] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.442634] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3151.450730] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.451641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.456008] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3151.468149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.469064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.471033] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3151.479629] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3151.483396] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3151.485830] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3151.486750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3151.487727] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:59:04 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x5000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:59:04 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x7400) 13:59:04 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x3}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x5d, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:59:05 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x8, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:05 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 56) 13:59:05 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 29) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:05 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0xf, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:05 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0092030101010100"], 0x1c}}, 0x0) [ 3165.699400] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3165.701984] FAULT_INJECTION: forcing a failure. [ 3165.701984] name failslab, interval 1, probability 0, space 0, times 0 [ 3165.703412] CPU: 1 PID: 26093 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3165.704325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3165.705335] Call Trace: [ 3165.705667] dump_stack+0x107/0x167 [ 3165.706160] should_fail.cold+0x5/0xa [ 3165.706629] ? create_object.isra.0+0x3a/0xa20 [ 3165.707196] should_failslab+0x5/0x20 [ 3165.707663] kmem_cache_alloc+0x5b/0x310 [ 3165.708161] ? mark_held_locks+0x9e/0xe0 [ 3165.708663] create_object.isra.0+0x3a/0xa20 [ 3165.709197] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3165.709820] kmem_cache_alloc+0x159/0x310 [ 3165.710375] xas_alloc+0x336/0x440 [ 3165.710812] xas_create+0x34a/0x10d0 [ 3165.711281] ? kernel_text_address+0xf2/0x120 [ 3165.711830] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3165.712471] xas_store+0x8c/0x1c40 [ 3165.712917] __xa_store+0x164/0x2d0 [ 3165.713369] ? xa_delete_node+0x280/0x280 [ 3165.713881] ? trace_hardirqs_on+0x5b/0x180 [ 3165.714438] xa_store+0x31/0x50 [ 3165.714844] __io_uring_add_tctx_node+0x1cf/0x520 [ 3165.715433] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3165.716071] ? alloc_fd+0x2e7/0x670 [ 3165.716530] io_uring_setup+0x1fbb/0x2980 [ 3165.717042] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3165.717662] ? wait_for_completion_io+0x270/0x270 [ 3165.718289] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3165.718928] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3165.719559] do_syscall_64+0x33/0x40 [ 3165.720014] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3165.721353] RIP: 0033:0x7fbe2462eb19 [ 3165.722364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3165.726650] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3165.727589] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3165.728467] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3165.729348] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3165.730272] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3165.731146] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3165.745693] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3165.759430] FAULT_INJECTION: forcing a failure. [ 3165.759430] name failslab, interval 1, probability 0, space 0, times 0 [ 3165.760928] CPU: 1 PID: 26090 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3165.761773] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3165.762837] Call Trace: [ 3165.763166] dump_stack+0x107/0x167 [ 3165.763615] should_fail.cold+0x5/0xa [ 3165.764086] ? create_object.isra.0+0x3a/0xa20 [ 3165.764650] should_failslab+0x5/0x20 [ 3165.765117] kmem_cache_alloc+0x5b/0x310 [ 3165.765621] create_object.isra.0+0x3a/0xa20 [ 3165.766198] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3165.766826] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3165.767461] ? inet6_rt_notify+0xed/0x2a0 [ 3165.767976] __alloc_skb+0xb1/0x5b0 [ 3165.768429] inet6_rt_notify+0xed/0x2a0 [ 3165.768920] fib6_del+0xf4c/0x1540 [ 3165.769376] ? fib6_locate+0x660/0x660 [ 3165.769859] ? fib6_ifdown+0xc5/0x8f0 [ 3165.770377] fib6_clean_node+0x39e/0x570 [ 3165.770880] ? fib6_del+0x1540/0x1540 [ 3165.771350] ? fib6_clean_tree+0x14c/0x260 [ 3165.771876] fib6_walk_continue+0x35c/0x710 [ 3165.772411] ? trace_hardirqs_on+0x5b/0x180 [ 3165.772942] fib6_clean_tree+0x154/0x260 [ 3165.773445] ? fib6_ifup+0x260/0x260 [ 3165.773901] ? fib6_info_destroy_rcu+0x210/0x210 [ 3165.774532] ? fib6_del+0x1540/0x1540 [ 3165.775000] ? fib6_ifup+0x260/0x260 [ 3165.775458] ? spin_bug+0xf0/0x100 [ 3165.775895] ? lock_chain_count+0x20/0x20 [ 3165.776415] ? fib6_ifup+0x260/0x260 [ 3165.776871] __fib6_clean_all+0xf0/0x2a0 [ 3165.777371] rt6_disable_ip+0x4d5/0x5b0 [ 3165.777859] ? lock_chain_count+0x20/0x20 [ 3165.778412] ? rt6_sync_down_dev+0x150/0x150 [ 3165.778962] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3165.779552] ? addrconf_dad_run+0x180/0x180 [ 3165.780095] addrconf_notify+0x159/0x2410 [ 3165.780615] ? tun_device_event+0x71/0x1160 [ 3165.781144] ? mark_held_locks+0x9e/0xe0 [ 3165.781645] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3165.782321] ? inet6_ifinfo_notify+0x150/0x150 [ 3165.782887] ? failover_register+0x530/0x530 [ 3165.783441] raw_notifier_call_chain+0xb3/0x110 [ 3165.784018] call_netdevice_notifiers_info+0xb5/0x130 [ 3165.784652] __dev_notify_flags+0x1de/0x2c0 [ 3165.785180] ? dev_change_name+0x660/0x660 [ 3165.785698] ? __dev_change_flags+0x4cf/0x6e0 [ 3165.786294] ? dev_set_allmulti+0x30/0x30 [ 3165.786816] dev_change_flags+0x100/0x160 [ 3165.787336] do_setlink+0x90c/0x3ac0 [ 3165.787799] ? vprintk_func+0x93/0x140 [ 3165.788275] ? rtnl_getlink+0xaa0/0xaa0 [ 3165.788764] ? printk+0xba/0xf1 [ 3165.789171] ? record_print_text.cold+0x16/0x16 [ 3165.789749] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3165.790414] ? trace_hardirqs_on+0x5b/0x180 [ 3165.790965] ? __nla_validate_parse+0x2d8/0x2b10 [ 3165.791549] ? perf_trace_lock+0xac/0x490 [ 3165.792062] ? nla_get_range_signed+0x520/0x520 [ 3165.792631] ? __lock_acquire+0xbb1/0x5b00 [ 3165.793169] __rtnl_newlink+0xc39/0x1700 [ 3165.793684] ? rtnl_setlink+0x3b0/0x3b0 [ 3165.794245] ? __is_insn_slot_addr+0x123/0x290 [ 3165.794818] ? unwind_next_frame+0x13ef/0x1a90 [ 3165.795379] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3165.796030] ? 0xffffffffa0000000 [ 3165.796459] ? __is_insn_slot_addr+0x14c/0x290 [ 3165.797023] ? kernel_text_address+0xf2/0x120 [ 3165.797572] ? __kernel_text_address+0x9/0x40 [ 3165.798185] ? unwind_get_return_address+0x55/0xa0 [ 3165.798817] ? create_prof_cpu_mask+0x20/0x20 [ 3165.799476] ? arch_stack_walk+0x99/0xf0 [ 3165.799993] ? stack_trace_save+0x8c/0xc0 [ 3165.800549] ? mark_held_locks+0x9e/0xe0 [ 3165.801073] ? trace_hardirqs_on+0x5b/0x180 [ 3165.801605] ? kasan_unpoison_shadow+0x33/0x50 [ 3165.802204] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3165.802836] rtnl_newlink+0x64/0xa0 [ 3165.803281] ? __rtnl_newlink+0x1700/0x1700 [ 3165.803837] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3165.804360] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3165.804858] ? perf_trace_lock+0xac/0x490 [ 3165.805423] ? __lockdep_reset_lock+0x180/0x180 [ 3165.806001] netlink_rcv_skb+0x14b/0x430 [ 3165.806562] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3165.807066] ? netlink_ack+0xab0/0xab0 [ 3165.807542] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3165.808107] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3165.808675] ? is_vmalloc_addr+0x7b/0xb0 [ 3165.809178] netlink_unicast+0x549/0x7f0 [ 3165.809683] ? netlink_attachskb+0x870/0x870 [ 3165.810263] netlink_sendmsg+0x90f/0xdf0 [ 3165.810767] ? netlink_unicast+0x7f0/0x7f0 [ 3165.811295] ? netlink_unicast+0x7f0/0x7f0 [ 3165.811836] __sock_sendmsg+0x154/0x190 [ 3165.812326] ____sys_sendmsg+0x70d/0x870 [ 3165.812838] ? sock_write_iter+0x3d0/0x3d0 [ 3165.813356] ? do_recvmmsg+0x6d0/0x6d0 [ 3165.813840] ? lock_downgrade+0x6d0/0x6d0 [ 3165.814380] ? __lockdep_reset_lock+0x180/0x180 [ 3165.814956] ___sys_sendmsg+0xf3/0x170 [ 3165.815438] ? sendmsg_copy_msghdr+0x160/0x160 [ 3165.816002] ? __fget_files+0x2cf/0x520 [ 3165.816489] ? lock_downgrade+0x6d0/0x6d0 [ 3165.816999] ? find_held_lock+0x2c/0x110 [ 3165.817510] ? __fget_files+0x2f8/0x520 [ 3165.818010] ? __fget_light+0xea/0x290 [ 3165.818543] __sys_sendmsg+0xe5/0x1b0 [ 3165.819012] ? __sys_sendmsg_sock+0x40/0x40 [ 3165.819542] ? rcu_read_lock_any_held+0x75/0xa0 [ 3165.820126] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3165.820781] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3165.821411] ? trace_hardirqs_on+0x5b/0x180 [ 3165.821940] do_syscall_64+0x33/0x40 [ 3165.822433] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3165.823062] RIP: 0033:0x7ff152763b19 [ 3165.823527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3165.825781] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3165.826772] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3165.827649] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3165.828522] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 13:59:05 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 57) [ 3165.829395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3165.830350] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3165.836103] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3165.838596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3165.839626] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3165.843592] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3165.847557] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3165.848419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:59:05 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000050101010100"], 0x1c}}, 0x0) [ 3165.849755] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3165.854765] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3165.855739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3165.856742] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3165.862913] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:59:05 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3165.878843] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3165.879372] FAULT_INJECTION: forcing a failure. [ 3165.879372] name failslab, interval 1, probability 0, space 0, times 0 [ 3165.881401] CPU: 0 PID: 26206 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3165.882325] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3165.883409] Call Trace: [ 3165.883763] dump_stack+0x107/0x167 [ 3165.884243] should_fail.cold+0x5/0xa [ 3165.884745] ? xas_alloc+0x336/0x440 [ 3165.885237] should_failslab+0x5/0x20 [ 3165.885738] kmem_cache_alloc+0x5b/0x310 [ 3165.886294] xas_alloc+0x336/0x440 [ 3165.886763] xas_create+0x34a/0x10d0 [ 3165.887261] ? kernel_text_address+0xf2/0x120 [ 3165.887854] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3165.888544] xas_store+0x8c/0x1c40 [ 3165.889023] __xa_store+0x164/0x2d0 [ 3165.889505] ? xa_delete_node+0x280/0x280 [ 3165.890066] ? trace_hardirqs_on+0x5b/0x180 [ 3165.890642] xa_store+0x31/0x50 [ 3165.891077] __io_uring_add_tctx_node+0x1cf/0x520 [ 3165.891710] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3165.892394] ? alloc_fd+0x2e7/0x670 [ 3165.892881] io_uring_setup+0x1fbb/0x2980 [ 3165.893429] ? __do_sys_io_uring_enter+0x1890/0x1890 13:59:05 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000060101010100"], 0x1c}}, 0x0) [ 3165.894112] ? wait_for_completion_io+0x270/0x270 [ 3165.894762] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3165.895446] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3165.896124] do_syscall_64+0x33/0x40 [ 3165.896614] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3165.897415] RIP: 0033:0x7fbe2462eb19 [ 3165.897911] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3165.900369] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3165.901367] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3165.902360] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3165.903294] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3165.904236] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3165.905168] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:59:05 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x7a00) [ 3165.924405] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3165.925367] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3165.926568] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:59:05 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x48, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:05 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 30) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:05 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x9, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:05 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000070101010100"], 0x1c}}, 0x0) [ 3166.014082] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3166.024172] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3166.051327] FAULT_INJECTION: forcing a failure. [ 3166.051327] name failslab, interval 1, probability 0, space 0, times 0 [ 3166.052807] CPU: 1 PID: 26322 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3166.053653] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3166.054688] Call Trace: [ 3166.055020] dump_stack+0x107/0x167 [ 3166.055467] should_fail.cold+0x5/0xa [ 3166.055936] ? __alloc_skb+0x6d/0x5b0 [ 3166.056403] should_failslab+0x5/0x20 [ 3166.056870] kmem_cache_alloc_node+0x55/0x330 [ 3166.057420] __alloc_skb+0x6d/0x5b0 [ 3166.057876] inet6_rt_notify+0xed/0x2a0 [ 3166.058395] fib6_del+0xf4c/0x1540 [ 3166.058841] ? fib6_locate+0x660/0x660 [ 3166.059315] ? perf_trace_lock+0xac/0x490 [ 3166.059823] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3166.060452] ? fib6_ifdown+0xc5/0x8f0 [ 3166.060924] fib6_clean_node+0x39e/0x570 [ 3166.061419] ? fib6_del+0x1540/0x1540 [ 3166.061882] ? fib6_clean_tree+0x14c/0x260 [ 3166.062453] fib6_walk_continue+0x35c/0x710 [ 3166.062981] ? trace_hardirqs_on+0x5b/0x180 [ 3166.063508] fib6_clean_tree+0x154/0x260 [ 3166.064002] ? fib6_ifup+0x260/0x260 [ 3166.064456] ? fib6_info_destroy_rcu+0x210/0x210 [ 3166.065039] ? fib6_del+0x1540/0x1540 [ 3166.065504] ? fib6_ifup+0x260/0x260 [ 3166.065958] ? spin_bug+0xf0/0x100 [ 3166.066430] ? lock_chain_count+0x20/0x20 [ 3166.067015] ? fib6_ifup+0x260/0x260 [ 3166.067469] __fib6_clean_all+0xf0/0x2a0 [ 3166.067971] rt6_disable_ip+0x4d5/0x5b0 [ 3166.068458] ? lock_chain_count+0x20/0x20 [ 3166.068972] ? rt6_sync_down_dev+0x150/0x150 [ 3166.069520] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3166.070131] ? addrconf_dad_run+0x180/0x180 [ 3166.070755] addrconf_notify+0x159/0x2410 [ 3166.071276] ? tun_device_event+0x71/0x1160 [ 3166.071803] ? mark_held_locks+0x9e/0xe0 [ 3166.072299] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3166.072932] ? inet6_ifinfo_notify+0x150/0x150 [ 3166.073492] ? failover_register+0x530/0x530 [ 3166.074053] raw_notifier_call_chain+0xb3/0x110 [ 3166.074654] call_netdevice_notifiers_info+0xb5/0x130 [ 3166.075285] __dev_notify_flags+0x1de/0x2c0 [ 3166.075811] ? dev_change_name+0x660/0x660 [ 3166.076323] ? __dev_change_flags+0x4cf/0x6e0 [ 3166.076876] ? dev_set_allmulti+0x30/0x30 [ 3166.077389] dev_change_flags+0x100/0x160 [ 3166.077899] do_setlink+0x90c/0x3ac0 [ 3166.078388] ? vprintk_func+0x93/0x140 [ 3166.078865] ? rtnl_getlink+0xaa0/0xaa0 [ 3166.079351] ? printk+0xba/0xf1 [ 3166.079754] ? record_print_text.cold+0x16/0x16 [ 3166.080323] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3166.080936] ? trace_hardirqs_on+0x5b/0x180 [ 3166.081474] ? __nla_validate_parse+0x2d8/0x2b10 [ 3166.082104] ? perf_trace_lock+0xac/0x490 [ 3166.082614] ? nla_get_range_signed+0x520/0x520 [ 3166.083180] ? __lock_acquire+0xbb1/0x5b00 [ 3166.083714] __rtnl_newlink+0xc39/0x1700 [ 3166.084222] ? rtnl_setlink+0x3b0/0x3b0 [ 3166.084710] ? __is_insn_slot_addr+0x123/0x290 [ 3166.085274] ? unwind_next_frame+0x13ef/0x1a90 [ 3166.085831] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3166.086506] ? 0xffffffffa0000000 [ 3166.086938] ? __is_insn_slot_addr+0x14c/0x290 [ 3166.087499] ? kernel_text_address+0xf2/0x120 [ 3166.088044] ? __kernel_text_address+0x9/0x40 [ 3166.088590] ? unwind_get_return_address+0x55/0xa0 [ 3166.089188] ? create_prof_cpu_mask+0x20/0x20 [ 3166.089733] ? arch_stack_walk+0x99/0xf0 [ 3166.090296] ? stack_trace_save+0x8c/0xc0 [ 3166.090852] ? mark_held_locks+0x9e/0xe0 [ 3166.091353] ? trace_hardirqs_on+0x5b/0x180 [ 3166.091881] ? kasan_unpoison_shadow+0x33/0x50 [ 3166.092436] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3166.093060] rtnl_newlink+0x64/0xa0 [ 3166.093504] ? __rtnl_newlink+0x1700/0x1700 [ 3166.094070] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3166.094596] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3166.095094] ? perf_trace_lock+0xac/0x490 [ 3166.095604] ? __lockdep_reset_lock+0x180/0x180 [ 3166.096177] netlink_rcv_skb+0x14b/0x430 [ 3166.096673] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3166.097170] ? netlink_ack+0xab0/0xab0 [ 3166.097642] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3166.098234] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3166.098792] ? is_vmalloc_addr+0x7b/0xb0 [ 3166.099293] netlink_unicast+0x549/0x7f0 [ 3166.099793] ? netlink_attachskb+0x870/0x870 [ 3166.100343] netlink_sendmsg+0x90f/0xdf0 [ 3166.100844] ? netlink_unicast+0x7f0/0x7f0 [ 3166.101367] ? netlink_unicast+0x7f0/0x7f0 [ 3166.101884] __sock_sendmsg+0x154/0x190 [ 3166.102407] ____sys_sendmsg+0x70d/0x870 [ 3166.102906] ? sock_write_iter+0x3d0/0x3d0 [ 3166.103421] ? do_recvmmsg+0x6d0/0x6d0 [ 3166.103898] ? lock_downgrade+0x6d0/0x6d0 [ 3166.104406] ? __lockdep_reset_lock+0x180/0x180 [ 3166.104976] ___sys_sendmsg+0xf3/0x170 [ 3166.105451] ? sendmsg_copy_msghdr+0x160/0x160 [ 3166.106017] ? __fget_files+0x2cf/0x520 [ 3166.106535] ? lock_downgrade+0x6d0/0x6d0 [ 3166.107042] ? find_held_lock+0x2c/0x110 [ 3166.107545] ? __fget_files+0x2f8/0x520 [ 3166.108035] ? __fget_light+0xea/0x290 [ 3166.108515] __sys_sendmsg+0xe5/0x1b0 [ 3166.108985] ? __sys_sendmsg_sock+0x40/0x40 [ 3166.109510] ? rcu_read_lock_any_held+0x75/0xa0 [ 3166.110125] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3166.110769] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3166.111392] ? trace_hardirqs_on+0x5b/0x180 [ 3166.111923] do_syscall_64+0x33/0x40 [ 3166.112378] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3166.113001] RIP: 0033:0x7ff152763b19 [ 3166.113455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3166.115717] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3166.116642] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3166.117507] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3166.118421] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3166.119294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3166.120160] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3166.130551] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3166.140656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3166.141618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3166.143080] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3166.149779] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3166.153825] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3166.154747] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3166.155690] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3166.167518] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3166.185270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3166.186279] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3166.187481] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3166.191226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3166.192119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3166.193105] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3180.603157] FAULT_INJECTION: forcing a failure. [ 3180.603157] name failslab, interval 1, probability 0, space 0, times 0 [ 3180.604685] CPU: 1 PID: 26354 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3180.605537] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3180.606575] Call Trace: [ 3180.606914] dump_stack+0x107/0x167 [ 3180.607364] should_fail.cold+0x5/0xa [ 3180.607836] ? create_object.isra.0+0x3a/0xa20 [ 3180.608404] should_failslab+0x5/0x20 [ 3180.608576] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3180.608872] kmem_cache_alloc+0x5b/0x310 [ 3180.608893] ? mark_held_locks+0x9e/0xe0 [ 3180.611001] create_object.isra.0+0x3a/0xa20 [ 3180.611538] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3180.612166] kmem_cache_alloc+0x159/0x310 [ 3180.612687] xas_alloc+0x336/0x440 [ 3180.613129] xas_create+0x34a/0x10d0 [ 3180.613593] ? kernel_text_address+0xf2/0x120 [ 3180.614144] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3180.614818] xas_store+0x8c/0x1c40 [ 3180.615271] __xa_store+0x164/0x2d0 [ 3180.615725] ? xa_delete_node+0x280/0x280 [ 3180.616239] ? trace_hardirqs_on+0x5b/0x180 [ 3180.616774] xa_store+0x31/0x50 [ 3180.617185] __io_uring_add_tctx_node+0x1cf/0x520 [ 3180.617776] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3180.618420] ? alloc_fd+0x2e7/0x670 [ 3180.618903] io_uring_setup+0x1fbb/0x2980 [ 3180.619419] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3180.620051] ? wait_for_completion_io+0x270/0x270 [ 3180.620664] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3180.621309] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3180.621949] do_syscall_64+0x33/0x40 [ 3180.622410] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3180.623064] RIP: 0033:0x7fbe2462eb19 [ 3180.623523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3180.625780] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3180.626735] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3180.627606] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3180.628479] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3180.629358] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3180.630233] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3180.640311] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3180.641782] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3180.655065] FAULT_INJECTION: forcing a failure. [ 3180.655065] name failslab, interval 1, probability 0, space 0, times 0 [ 3180.656602] CPU: 0 PID: 26351 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3180.657513] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3180.658617] Call Trace: [ 3180.658976] dump_stack+0x107/0x167 [ 3180.659458] should_fail.cold+0x5/0xa [ 3180.659961] ? __alloc_skb+0x6d/0x5b0 [ 3180.660466] should_failslab+0x5/0x20 [ 3180.660969] kmem_cache_alloc_node+0x55/0x330 [ 3180.661561] __alloc_skb+0x6d/0x5b0 [ 3180.662044] inet6_rt_notify+0xed/0x2a0 [ 3180.662583] fib6_del+0xf4c/0x1540 [ 3180.663065] ? fib6_locate+0x660/0x660 [ 3180.663580] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3180.664257] ? fib6_ifdown+0xc5/0x8f0 [ 3180.664760] fib6_clean_node+0x39e/0x570 [ 3180.665295] ? fib6_del+0x1540/0x1540 [ 3180.665795] ? fib6_clean_tree+0x14c/0x260 [ 3180.666356] fib6_walk_continue+0x35c/0x710 [ 3180.666937] ? trace_hardirqs_on+0x5b/0x180 [ 3180.667505] fib6_clean_tree+0x154/0x260 [ 3180.668035] ? fib6_ifup+0x260/0x260 [ 3180.668524] ? fib6_info_destroy_rcu+0x210/0x210 [ 3180.669154] ? fib6_del+0x1540/0x1540 [ 3180.669656] ? fib6_ifup+0x260/0x260 [ 3180.674931] ? spin_bug+0xf0/0x100 [ 3180.675398] ? lock_chain_count+0x20/0x20 [ 3180.675946] ? fib6_ifup+0x260/0x260 [ 3180.676431] __fib6_clean_all+0xf0/0x2a0 [ 3180.676964] rt6_disable_ip+0x4d5/0x5b0 [ 3180.677486] ? lock_chain_count+0x20/0x20 [ 3180.678031] ? rt6_sync_down_dev+0x150/0x150 [ 3180.678633] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3180.679264] ? addrconf_dad_run+0x180/0x180 [ 3180.679842] addrconf_notify+0x159/0x2410 [ 3180.680389] ? tun_device_event+0x71/0x1160 [ 3180.680954] ? mark_held_locks+0x9e/0xe0 [ 3180.681483] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3180.682164] ? inet6_ifinfo_notify+0x150/0x150 [ 3180.682778] ? failover_register+0x530/0x530 [ 3180.683363] raw_notifier_call_chain+0xb3/0x110 [ 3180.683976] call_netdevice_notifiers_info+0xb5/0x130 [ 3180.684654] __dev_notify_flags+0x1de/0x2c0 [ 3180.685222] ? dev_change_name+0x660/0x660 [ 3180.685772] ? __dev_change_flags+0x4cf/0x6e0 [ 3180.686358] ? dev_set_allmulti+0x30/0x30 [ 3180.686927] dev_change_flags+0x100/0x160 [ 3180.687474] do_setlink+0x90c/0x3ac0 [ 3180.687967] ? vprintk_func+0x93/0x140 [ 3180.688474] ? rtnl_getlink+0xaa0/0xaa0 [ 3180.688995] ? printk+0xba/0xf1 [ 3180.689428] ? record_print_text.cold+0x16/0x16 [ 3180.690039] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3180.690717] ? trace_hardirqs_on+0x5b/0x180 [ 3180.691292] ? __nla_validate_parse+0x2d8/0x2b10 [ 3180.691914] ? perf_trace_lock+0xac/0x490 [ 3180.692459] ? nla_get_range_signed+0x520/0x520 [ 3180.693066] ? __lock_acquire+0xbb1/0x5b00 [ 3180.693635] __rtnl_newlink+0xc39/0x1700 [ 3180.694177] ? rtnl_setlink+0x3b0/0x3b0 [ 3180.694721] ? __is_insn_slot_addr+0x123/0x290 [ 3180.695327] ? unwind_next_frame+0x13ef/0x1a90 [ 3180.695923] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3180.696619] ? 0xffffffffa0000000 [ 3180.697075] ? __is_insn_slot_addr+0x14c/0x290 [ 3180.697678] ? kernel_text_address+0xf2/0x120 [ 3180.698270] ? __kernel_text_address+0x9/0x40 [ 3180.698879] ? unwind_get_return_address+0x55/0xa0 [ 3180.699524] ? create_prof_cpu_mask+0x20/0x20 [ 3180.700107] ? arch_stack_walk+0x99/0xf0 [ 3180.700649] ? stack_trace_save+0x8c/0xc0 [ 3180.701239] ? mark_held_locks+0x9e/0xe0 [ 3180.701774] ? trace_hardirqs_on+0x5b/0x180 [ 3180.702339] ? kasan_unpoison_shadow+0x33/0x50 [ 3180.707041] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3180.707708] rtnl_newlink+0x64/0xa0 [ 3180.708187] ? __rtnl_newlink+0x1700/0x1700 [ 3180.708749] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3180.709303] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3180.709833] ? perf_trace_lock+0xac/0x490 [ 3180.710379] ? __lockdep_reset_lock+0x180/0x180 [ 3180.711015] netlink_rcv_skb+0x14b/0x430 [ 3180.711545] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3180.712077] ? netlink_ack+0xab0/0xab0 [ 3180.712585] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3180.713185] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3180.713785] ? is_vmalloc_addr+0x7b/0xb0 [ 3180.714320] netlink_unicast+0x549/0x7f0 [ 3180.714878] ? netlink_attachskb+0x870/0x870 [ 3180.715462] netlink_sendmsg+0x90f/0xdf0 [ 3180.716005] ? netlink_unicast+0x7f0/0x7f0 [ 3180.716569] ? netlink_unicast+0x7f0/0x7f0 [ 3180.717128] __sock_sendmsg+0x154/0x190 [ 3180.717650] ____sys_sendmsg+0x70d/0x870 [ 3180.718385] ? sock_write_iter+0x3d0/0x3d0 [ 3180.718959] ? do_recvmmsg+0x6d0/0x6d0 [ 3180.719473] ? lock_downgrade+0x6d0/0x6d0 [ 3180.720015] ? __lockdep_reset_lock+0x180/0x180 [ 3180.720629] ___sys_sendmsg+0xf3/0x170 [ 3180.721140] ? sendmsg_copy_msghdr+0x160/0x160 [ 3180.721840] ? __fget_files+0x2cf/0x520 [ 3180.722467] ? lock_downgrade+0x6d0/0x6d0 [ 3180.723202] ? find_held_lock+0x2c/0x110 [ 3180.723744] ? __fget_files+0x2f8/0x520 [ 3180.724275] ? __fget_light+0xea/0x290 [ 3180.724789] __sys_sendmsg+0xe5/0x1b0 [ 3180.725287] ? __sys_sendmsg_sock+0x40/0x40 [ 3180.725856] ? rcu_read_lock_any_held+0x75/0xa0 [ 3180.726477] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3180.727179] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3180.727848] ? trace_hardirqs_on+0x5b/0x180 [ 3180.728420] do_syscall_64+0x33/0x40 [ 3180.728911] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3180.729581] RIP: 0033:0x7ff152763b19 [ 3180.730070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3180.734211] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3180.735215] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3180.736146] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 13:59:19 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 31) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:19 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x4c, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:19 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:59:19 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0xf8, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000100)={0x1, 0x6, 0xc}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x40, 0x0, 0x6, 0x0, 0x0, 0x3b10, 0x80000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x100000, 0xfffffffffffffffb}, 0x2, 0xfffffffffffefffd}, 0x0, 0x9, 0xffffffffffffffff, 0x1) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'veth1_to_bridge\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:59:19 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x80000) 13:59:19 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 58) 13:59:19 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000090101010100"], 0x1c}}, 0x0) 13:59:19 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0xa, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3180.737074] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3180.743320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3180.744248] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3180.757853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3180.758843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3180.759876] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3180.765817] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3180.766814] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3180.767823] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3180.770487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3180.771463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3180.772471] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:59:20 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00000a0101010100"], 0x1c}}, 0x0) 13:59:20 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 59) [ 3180.786405] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3180.800732] FAULT_INJECTION: forcing a failure. [ 3180.800732] name failslab, interval 1, probability 0, space 0, times 0 [ 3180.802244] CPU: 0 PID: 26471 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3180.803175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3180.804262] Call Trace: [ 3180.804615] dump_stack+0x107/0x167 [ 3180.805095] should_fail.cold+0x5/0xa [ 3180.805598] ? xas_alloc+0x336/0x440 [ 3180.806091] should_failslab+0x5/0x20 [ 3180.806608] kmem_cache_alloc+0x5b/0x310 [ 3180.807144] xas_alloc+0x336/0x440 [ 3180.807613] xas_create+0x34a/0x10d0 [ 3180.808109] ? kernel_text_address+0xf2/0x120 [ 3180.808699] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3180.809387] xas_store+0x8c/0x1c40 [ 3180.809864] __xa_store+0x164/0x2d0 [ 3180.810344] ? xa_delete_node+0x280/0x280 [ 3180.810955] ? trace_hardirqs_on+0x5b/0x180 [ 3180.811527] xa_store+0x31/0x50 [ 3180.811963] __io_uring_add_tctx_node+0x1cf/0x520 [ 3180.812597] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3180.813284] ? alloc_fd+0x2e7/0x670 [ 3180.813773] io_uring_setup+0x1fbb/0x2980 [ 3180.814324] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3180.819025] ? wait_for_completion_io+0x270/0x270 [ 3180.819671] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3180.820353] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3180.821030] do_syscall_64+0x33/0x40 [ 3180.821521] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3180.822191] RIP: 0033:0x7fbe2462eb19 [ 3180.822691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3180.825108] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3180.826103] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3180.827051] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3180.828153] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3180.829328] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3180.830256] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:59:20 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x8000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:59:20 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x100000) 13:59:20 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00c00e0101010100"], 0x1c}}, 0x0) [ 3180.867643] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:59:20 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0xc, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:20 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x60, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:20 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00c8180101010100"], 0x1c}}, 0x0) [ 3180.958844] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:59:20 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x200000) 13:59:20 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 32) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3180.978942] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3180.993191] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3180.995567] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3180.997654] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3181.009738] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3181.019255] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:59:20 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000400101010100"], 0x1c}}, 0x0) [ 3181.041258] FAULT_INJECTION: forcing a failure. [ 3181.041258] name failslab, interval 1, probability 0, space 0, times 0 [ 3181.044529] CPU: 1 PID: 26589 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3181.046318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3181.048831] Call Trace: [ 3181.049693] dump_stack+0x107/0x167 [ 3181.050778] should_fail.cold+0x5/0xa [ 3181.051691] should_failslab+0x5/0x20 [ 3181.052667] __kmalloc_node_track_caller+0x74/0x3b0 [ 3181.053935] ? inet6_rt_notify+0xed/0x2a0 [ 3181.058798] __alloc_skb+0xb1/0x5b0 [ 3181.059255] inet6_rt_notify+0xed/0x2a0 [ 3181.059767] fib6_del+0xf4c/0x1540 [ 3181.060238] ? fib6_locate+0x660/0x660 [ 3181.060730] ? perf_trace_lock+0xac/0x490 [ 3181.061262] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3181.061921] ? fib6_ifdown+0xc5/0x8f0 [ 3181.062418] fib6_clean_node+0x39e/0x570 [ 3181.062962] ? fib6_del+0x1540/0x1540 [ 3181.063448] ? fib6_clean_tree+0x14c/0x260 [ 3181.063995] fib6_walk_continue+0x35c/0x710 [ 3181.064545] ? trace_hardirqs_on+0x5b/0x180 [ 3181.065098] fib6_clean_tree+0x154/0x260 [ 3181.065617] ? fib6_ifup+0x260/0x260 [ 3181.066088] ? fib6_info_destroy_rcu+0x210/0x210 [ 3181.066719] ? fib6_del+0x1540/0x1540 [ 3181.067206] ? fib6_ifup+0x260/0x260 [ 3181.067676] ? spin_bug+0xf0/0x100 [ 3181.068126] ? lock_chain_count+0x20/0x20 [ 3181.068667] ? fib6_ifup+0x260/0x260 [ 3181.069138] __fib6_clean_all+0xf0/0x2a0 [ 3181.069657] rt6_disable_ip+0x4d5/0x5b0 [ 3181.070164] ? lock_chain_count+0x20/0x20 [ 3181.070718] ? rt6_sync_down_dev+0x150/0x150 [ 3181.071270] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3181.071859] ? addrconf_dad_run+0x180/0x180 [ 3181.072399] addrconf_notify+0x159/0x2410 [ 3181.072917] ? tun_device_event+0x71/0x1160 [ 3181.073446] ? mark_held_locks+0x9e/0xe0 [ 3181.073941] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3181.074588] ? inet6_ifinfo_notify+0x150/0x150 [ 3181.075158] ? failover_register+0x530/0x530 [ 3181.075711] raw_notifier_call_chain+0xb3/0x110 [ 3181.076286] call_netdevice_notifiers_info+0xb5/0x130 [ 3181.076917] __dev_notify_flags+0x1de/0x2c0 [ 3181.077446] ? dev_change_name+0x660/0x660 [ 3181.077959] ? __dev_change_flags+0x4cf/0x6e0 [ 3181.078510] ? dev_set_allmulti+0x30/0x30 [ 3181.079065] dev_change_flags+0x100/0x160 [ 3181.079579] do_setlink+0x90c/0x3ac0 [ 3181.080039] ? vprintk_func+0x93/0x140 [ 3181.080513] ? rtnl_getlink+0xaa0/0xaa0 [ 3181.080996] ? printk+0xba/0xf1 [ 3181.081398] ? record_print_text.cold+0x16/0x16 [ 3181.081973] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3181.082605] ? trace_hardirqs_on+0x5b/0x180 [ 3181.083146] ? __nla_validate_parse+0x2d8/0x2b10 [ 3181.083727] ? perf_trace_lock+0xac/0x490 [ 3181.084236] ? nla_get_range_signed+0x520/0x520 [ 3181.084809] ? __lock_acquire+0xbb1/0x5b00 [ 3181.085343] __rtnl_newlink+0xc39/0x1700 [ 3181.085850] ? rtnl_setlink+0x3b0/0x3b0 [ 3181.086336] ? __is_insn_slot_addr+0x123/0x290 [ 3181.086924] ? unwind_next_frame+0x13ef/0x1a90 [ 3181.087483] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3181.088135] ? 0xffffffffa0000000 [ 3181.088565] ? __is_insn_slot_addr+0x14c/0x290 [ 3181.089128] ? kernel_text_address+0xf2/0x120 [ 3181.089676] ? __kernel_text_address+0x9/0x40 [ 3181.090243] ? unwind_get_return_address+0x55/0xa0 [ 3181.090864] ? create_prof_cpu_mask+0x20/0x20 [ 3181.091412] ? arch_stack_walk+0x99/0xf0 [ 3181.091929] ? stack_trace_save+0x8c/0xc0 [ 3181.092485] ? mark_held_locks+0x9e/0xe0 [ 3181.092987] ? trace_hardirqs_on+0x5b/0x180 [ 3181.093517] ? kasan_unpoison_shadow+0x33/0x50 [ 3181.094074] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3181.094721] rtnl_newlink+0x64/0xa0 [ 3181.095167] ? __rtnl_newlink+0x1700/0x1700 [ 3181.095696] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3181.096215] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3181.096713] ? perf_trace_lock+0xac/0x490 [ 3181.097224] ? __lockdep_reset_lock+0x180/0x180 [ 3181.097802] netlink_rcv_skb+0x14b/0x430 [ 3181.098300] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3181.098821] ? netlink_ack+0xab0/0xab0 [ 3181.099294] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3181.099855] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3181.100414] ? is_vmalloc_addr+0x7b/0xb0 [ 3181.100916] netlink_unicast+0x549/0x7f0 [ 3181.101418] ? netlink_attachskb+0x870/0x870 [ 3181.101965] netlink_sendmsg+0x90f/0xdf0 [ 3181.102469] ? netlink_unicast+0x7f0/0x7f0 [ 3181.103014] ? netlink_unicast+0x7f0/0x7f0 [ 3181.103538] __sock_sendmsg+0x154/0x190 [ 3181.104026] ____sys_sendmsg+0x70d/0x870 [ 3181.104527] ? sock_write_iter+0x3d0/0x3d0 [ 3181.105043] ? do_recvmmsg+0x6d0/0x6d0 [ 3181.105525] ? lock_downgrade+0x6d0/0x6d0 [ 3181.106034] ? __lockdep_reset_lock+0x180/0x180 [ 3181.106682] ___sys_sendmsg+0xf3/0x170 [ 3181.107161] ? sendmsg_copy_msghdr+0x160/0x160 [ 3181.107727] ? __fget_files+0x2cf/0x520 [ 3181.108213] ? lock_downgrade+0x6d0/0x6d0 [ 3181.108723] ? find_held_lock+0x2c/0x110 [ 3181.109228] ? __fget_files+0x2f8/0x520 [ 3181.109721] ? __fget_light+0xea/0x290 [ 3181.110205] __sys_sendmsg+0xe5/0x1b0 [ 3181.110693] ? __sys_sendmsg_sock+0x40/0x40 [ 3181.111220] ? rcu_read_lock_any_held+0x75/0xa0 [ 3181.111805] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3181.112446] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3181.113072] ? trace_hardirqs_on+0x5b/0x180 [ 3181.113601] do_syscall_64+0x33/0x40 [ 3181.114058] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3181.114703] RIP: 0033:0x7ff152763b19 [ 3181.115162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3181.117405] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3181.118346] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3181.119224] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3181.120098] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3181.120970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3181.121842] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3181.128284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3181.129338] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3181.130232] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3181.130375] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3181.131211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3181.137916] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3181.146919] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3181.160774] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3181.161909] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3181.162990] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:59:40 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 60) 13:59:40 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x3b}, 0x1d}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:59:40 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 33) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:40 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x9000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:59:40 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000480101010100"], 0x1c}}, 0x0) 13:59:40 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000) 13:59:40 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0xf, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:40 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x68, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3200.712239] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3200.713512] FAULT_INJECTION: forcing a failure. [ 3200.713512] name failslab, interval 1, probability 0, space 0, times 0 [ 3200.713530] CPU: 1 PID: 26626 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3200.713539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3200.713544] Call Trace: [ 3200.713561] dump_stack+0x107/0x167 [ 3200.713578] should_fail.cold+0x5/0xa [ 3200.713594] ? create_object.isra.0+0x3a/0xa20 [ 3200.713612] should_failslab+0x5/0x20 [ 3200.713626] kmem_cache_alloc+0x5b/0x310 [ 3200.713641] ? mark_held_locks+0x9e/0xe0 [ 3200.713659] create_object.isra.0+0x3a/0xa20 [ 3200.713671] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3200.713689] kmem_cache_alloc+0x159/0x310 [ 3200.713709] xas_alloc+0x336/0x440 [ 3200.713726] xas_create+0x34a/0x10d0 [ 3200.713754] ? kernel_text_address+0xf2/0x120 [ 3200.727454] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3200.728117] xas_store+0x8c/0x1c40 [ 3200.728584] __xa_store+0x164/0x2d0 [ 3200.729049] ? xa_delete_node+0x280/0x280 [ 3200.729678] ? trace_hardirqs_on+0x5b/0x180 [ 3200.730225] xa_store+0x31/0x50 [ 3200.730645] __io_uring_add_tctx_node+0x1cf/0x520 [ 3200.731258] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 3200.731928] ? alloc_fd+0x2e7/0x670 [ 3200.732397] io_uring_setup+0x1fbb/0x2980 [ 3200.732927] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 3200.733569] ? wait_for_completion_io+0x270/0x270 [ 3200.734201] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3200.734861] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3200.735528] do_syscall_64+0x33/0x40 [ 3200.735999] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3200.736643] RIP: 0033:0x7fbe2462eb19 [ 3200.737117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3200.739434] RSP: 002b:00007fbe21ba4108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 3200.740390] RAX: ffffffffffffffda RBX: 00007fbe24741f60 RCX: 00007fbe2462eb19 [ 3200.741286] RDX: 0000000020ffc000 RSI: 00000000200001c0 RDI: 0000000000003872 [ 3200.742179] RBP: 00000000200001c0 R08: 0000000020000100 R09: 0000000020000100 [ 3200.743072] R10: 0000000020000040 R11: 0000000000000202 R12: 0000000020000100 [ 3200.748007] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 13:59:40 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00004c0101010100"], 0x1c}}, 0x0) [ 3200.760749] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3200.768409] FAULT_INJECTION: forcing a failure. [ 3200.768409] name failslab, interval 1, probability 0, space 0, times 0 [ 3200.769950] CPU: 0 PID: 26629 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3200.770856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3200.771959] Call Trace: [ 3200.772314] dump_stack+0x107/0x167 [ 3200.772796] should_fail.cold+0x5/0xa [ 3200.773300] ? create_object.isra.0+0x3a/0xa20 [ 3200.773901] should_failslab+0x5/0x20 [ 3200.774399] kmem_cache_alloc+0x5b/0x310 [ 3200.774935] create_object.isra.0+0x3a/0xa20 [ 3200.775531] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3200.776200] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3200.776864] ? inet6_rt_notify+0xed/0x2a0 [ 3200.777423] __alloc_skb+0xb1/0x5b0 [ 3200.777903] inet6_rt_notify+0xed/0x2a0 [ 3200.778430] fib6_del+0xf4c/0x1540 [ 3200.778913] ? fib6_locate+0x660/0x660 [ 3200.779494] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3200.780171] ? fib6_ifdown+0xc5/0x8f0 [ 3200.780675] fib6_clean_node+0x39e/0x570 [ 3200.781212] ? fib6_del+0x1540/0x1540 [ 3200.781711] ? fib6_clean_tree+0x14c/0x260 [ 3200.782273] fib6_walk_continue+0x35c/0x710 [ 3200.782849] ? trace_hardirqs_on+0x5b/0x180 [ 3200.787480] fib6_clean_tree+0x154/0x260 [ 3200.788026] ? fib6_ifup+0x260/0x260 [ 3200.788515] ? fib6_info_destroy_rcu+0x210/0x210 [ 3200.789142] ? fib6_del+0x1540/0x1540 [ 3200.789646] ? fib6_ifup+0x260/0x260 [ 3200.790142] ? spin_bug+0xf0/0x100 [ 3200.790615] ? lock_chain_count+0x20/0x20 [ 3200.791176] ? fib6_ifup+0x260/0x260 [ 3200.793680] __fib6_clean_all+0xf0/0x2a0 [ 3200.794225] rt6_disable_ip+0x4d5/0x5b0 [ 3200.794749] ? lock_chain_count+0x20/0x20 [ 3200.795303] ? rt6_sync_down_dev+0x150/0x150 [ 3200.795884] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3200.796508] ? addrconf_dad_run+0x180/0x180 [ 3200.797081] addrconf_notify+0x159/0x2410 [ 3200.797627] ? tun_device_event+0x71/0x1160 [ 3200.798191] ? mark_held_locks+0x9e/0xe0 [ 3200.798719] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3200.807446] ? inet6_ifinfo_notify+0x150/0x150 [ 3200.808192] ? failover_register+0x530/0x530 [ 3200.808844] raw_notifier_call_chain+0xb3/0x110 [ 3200.810328] call_netdevice_notifiers_info+0xb5/0x130 [ 3200.811911] __dev_notify_flags+0x1de/0x2c0 [ 3200.813192] ? dev_change_name+0x660/0x660 [ 3200.814470] ? __dev_change_flags+0x4cf/0x6e0 [ 3200.815836] ? dev_set_allmulti+0x30/0x30 [ 3200.817086] dev_change_flags+0x100/0x160 [ 3200.818360] do_setlink+0x90c/0x3ac0 [ 3200.819495] ? vprintk_func+0x93/0x140 [ 3200.820653] ? rtnl_getlink+0xaa0/0xaa0 [ 3200.821836] ? printk+0xba/0xf1 [ 3200.822820] ? record_print_text.cold+0x16/0x16 [ 3200.824788] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3200.826299] ? trace_hardirqs_on+0x5b/0x180 [ 3200.827612] ? __nla_validate_parse+0x2d8/0x2b10 [ 3200.829028] ? perf_trace_lock+0xac/0x490 [ 3200.830272] ? nla_get_range_signed+0x520/0x520 [ 3200.831685] ? __lock_acquire+0xbb1/0x5b00 [ 3200.832960] __rtnl_newlink+0xc39/0x1700 [ 3200.834194] ? rtnl_setlink+0x3b0/0x3b0 [ 3200.835390] ? __is_insn_slot_addr+0x123/0x290 [ 3200.836756] ? unwind_next_frame+0x13ef/0x1a90 [ 3200.838121] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3200.839745] ? 0xffffffffa0000000 [ 3200.840778] ? __is_insn_slot_addr+0x14c/0x290 [ 3200.842142] ? kernel_text_address+0xf2/0x120 [ 3200.843496] ? __kernel_text_address+0x9/0x40 [ 3200.844832] ? unwind_get_return_address+0x55/0xa0 [ 3200.846292] ? create_prof_cpu_mask+0x20/0x20 [ 3200.847690] ? arch_stack_walk+0x99/0xf0 [ 3200.848911] ? stack_trace_save+0x8c/0xc0 [ 3200.850189] ? mark_held_locks+0x9e/0xe0 [ 3200.851421] ? trace_hardirqs_on+0x5b/0x180 [ 3200.852710] ? kasan_unpoison_shadow+0x33/0x50 [ 3200.854066] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3200.855598] rtnl_newlink+0x64/0xa0 [ 3200.856678] ? __rtnl_newlink+0x1700/0x1700 [ 3200.857960] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3200.859226] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3200.860433] ? perf_trace_lock+0xac/0x490 [ 3200.861679] ? __lockdep_reset_lock+0x180/0x180 [ 3200.863070] netlink_rcv_skb+0x14b/0x430 [ 3200.864299] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3200.865506] ? netlink_ack+0xab0/0xab0 [ 3200.866656] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3200.868034] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3200.869398] ? is_vmalloc_addr+0x7b/0xb0 [ 3200.870607] netlink_unicast+0x549/0x7f0 [ 3200.871834] ? netlink_attachskb+0x870/0x870 [ 3200.873158] netlink_sendmsg+0x90f/0xdf0 [ 3200.874409] ? netlink_unicast+0x7f0/0x7f0 [ 3200.875710] ? netlink_unicast+0x7f0/0x7f0 [ 3200.876970] __sock_sendmsg+0x154/0x190 [ 3200.878151] ____sys_sendmsg+0x70d/0x870 [ 3200.879402] ? sock_write_iter+0x3d0/0x3d0 [ 3200.880684] ? do_recvmmsg+0x6d0/0x6d0 [ 3200.881847] ? lock_downgrade+0x6d0/0x6d0 [ 3200.883083] ? __lockdep_reset_lock+0x180/0x180 [ 3200.888539] ___sys_sendmsg+0xf3/0x170 [ 3200.889707] ? sendmsg_copy_msghdr+0x160/0x160 [ 3200.891071] ? __fget_files+0x2cf/0x520 [ 3200.892270] ? lock_downgrade+0x6d0/0x6d0 [ 3200.893647] ? find_held_lock+0x2c/0x110 [ 3200.894869] ? __fget_files+0x2f8/0x520 [ 3200.896109] ? __fget_light+0xea/0x290 [ 3200.897301] __sys_sendmsg+0xe5/0x1b0 [ 3200.898265] ? __sys_sendmsg_sock+0x40/0x40 [ 3200.899452] ? rcu_read_lock_any_held+0x75/0xa0 [ 3200.900612] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3200.901916] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3200.902594] ? trace_hardirqs_on+0x5b/0x180 [ 3200.903163] do_syscall_64+0x33/0x40 [ 3200.903689] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3200.904379] RIP: 0033:0x7ff152763b19 [ 3200.904887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3200.907753] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3200.909687] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3200.911555] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3200.913352] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3200.915178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3200.916175] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3200.919719] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3200.935634] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3200.937321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3200.939318] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3200.941418] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 13:59:40 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000) 13:59:40 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 61) 13:59:40 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x10000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3200.961140] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3200.963931] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3200.969349] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 13:59:40 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000680101010100"], 0x1c}}, 0x0) [ 3200.981245] FAULT_INJECTION: forcing a failure. [ 3200.981245] name failslab, interval 1, probability 0, space 0, times 0 [ 3200.984876] CPU: 1 PID: 26743 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3200.986871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3200.989309] Call Trace: [ 3200.990068] dump_stack+0x107/0x167 [ 3200.991110] should_fail.cold+0x5/0xa [ 3200.992235] ? vm_area_dup+0x78/0x290 [ 3200.993324] should_failslab+0x5/0x20 [ 3200.994408] kmem_cache_alloc+0x5b/0x310 [ 3200.995610] vm_area_dup+0x78/0x290 [ 3200.996657] ? lock_release+0x680/0x680 [ 3200.997796] ? mark_lock+0xf5/0x2df0 [ 3200.998864] ? lock_chain_count+0x20/0x20 [ 3201.000059] ? mark_lock+0xf5/0x2df0 [ 3201.001115] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3201.002627] ? lock_chain_count+0x20/0x20 [ 3201.003849] ? mark_lock+0xf5/0x2df0 [ 3201.004910] ? vm_area_alloc+0x110/0x110 [ 3201.006074] ? __lock_acquire+0x1657/0x5b00 [ 3201.007345] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3201.008821] ? vmacache_find+0x55/0x2a0 [ 3201.009924] __split_vma+0xa8/0x4e0 [ 3201.010938] __do_munmap+0x365/0x1260 [ 3201.012021] ? arch_get_unmapped_area+0x450/0x450 [ 3201.012092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3201.013413] ? lock_release+0x680/0x680 [ 3201.014523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3201.014683] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3201.015691] mmap_region+0x7c8/0x1500 [ 3201.015719] do_mmap+0xcdb/0x11e0 [ 3201.020495] vm_mmap_pgoff+0x198/0x1f0 [ 3201.021582] ? randomize_page+0xb0/0xb0 [ 3201.022702] ksys_mmap_pgoff+0x41c/0x560 [ 3201.023846] ? find_mergeable_anon_vma+0x250/0x250 [ 3201.025204] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3201.026640] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3201.028188] do_syscall_64+0x33/0x40 [ 3201.029233] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3201.030688] RIP: 0033:0x7fbe2462eb62 [ 3201.034229] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3201.036467] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3201.037389] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3201.038252] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3201.039114] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3201.040000] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3201.040862] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3201.044539] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 13:59:40 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00006c0101010100"], 0x1c}}, 0x0) 13:59:40 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 34) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3201.078405] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3201.080949] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3201.083063] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3201.116263] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3201.136281] FAULT_INJECTION: forcing a failure. [ 3201.136281] name failslab, interval 1, probability 0, space 0, times 0 [ 3201.137706] CPU: 1 PID: 26805 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3201.138543] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3201.139560] Call Trace: [ 3201.139887] dump_stack+0x107/0x167 [ 3201.140343] should_fail.cold+0x5/0xa [ 3201.140811] ? __alloc_skb+0x6d/0x5b0 [ 3201.141281] should_failslab+0x5/0x20 [ 3201.141748] kmem_cache_alloc_node+0x55/0x330 [ 3201.142300] __alloc_skb+0x6d/0x5b0 [ 3201.142750] __neigh_notify+0x84/0x160 [ 3201.143242] neigh_cleanup_and_release+0x78/0x220 [ 3201.143839] neigh_flush_dev+0x4ad/0x8b0 [ 3201.144351] __neigh_ifdown.isra.0+0x54/0x380 [ 3201.144907] neigh_ifdown+0x1b/0x30 [ 3201.145352] rt6_disable_ip+0x478/0x5b0 [ 3201.145841] ? lock_chain_count+0x20/0x20 [ 3201.146353] ? rt6_sync_down_dev+0x150/0x150 [ 3201.146904] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3201.147501] ? addrconf_dad_run+0x180/0x180 [ 3201.148038] addrconf_notify+0x159/0x2410 [ 3201.148550] ? tun_device_event+0x71/0x1160 [ 3201.149076] ? mark_held_locks+0x9e/0xe0 [ 3201.149576] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3201.150208] ? inet6_ifinfo_notify+0x150/0x150 [ 3201.150769] ? failover_register+0x530/0x530 [ 3201.151328] raw_notifier_call_chain+0xb3/0x110 [ 3201.151907] call_netdevice_notifiers_info+0xb5/0x130 [ 3201.152538] __dev_notify_flags+0x1de/0x2c0 [ 3201.153065] ? dev_change_name+0x660/0x660 [ 3201.153580] ? __dev_change_flags+0x4cf/0x6e0 [ 3201.154131] ? dev_set_allmulti+0x30/0x30 [ 3201.154648] dev_change_flags+0x100/0x160 [ 3201.155158] do_setlink+0x90c/0x3ac0 [ 3201.155634] ? vprintk_func+0x93/0x140 [ 3201.156108] ? rtnl_getlink+0xaa0/0xaa0 [ 3201.156591] ? printk+0xba/0xf1 [ 3201.156994] ? record_print_text.cold+0x16/0x16 [ 3201.157567] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3201.158196] ? trace_hardirqs_on+0x5b/0x180 [ 3201.158737] ? __nla_validate_parse+0x2d8/0x2b10 [ 3201.159331] ? perf_trace_lock+0xac/0x490 [ 3201.159843] ? nla_get_range_signed+0x520/0x520 [ 3201.160409] ? __lock_acquire+0xbb1/0x5b00 [ 3201.160943] __rtnl_newlink+0xc39/0x1700 [ 3201.161451] ? rtnl_setlink+0x3b0/0x3b0 [ 3201.161939] ? __is_insn_slot_addr+0x123/0x290 [ 3201.162504] ? unwind_next_frame+0x13ef/0x1a90 [ 3201.163065] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3201.163726] ? 0xffffffffa0000000 [ 3201.164151] ? __is_insn_slot_addr+0x14c/0x290 [ 3201.164715] ? kernel_text_address+0xf2/0x120 [ 3201.165261] ? __kernel_text_address+0x9/0x40 [ 3201.165809] ? unwind_get_return_address+0x55/0xa0 [ 3201.166407] ? create_prof_cpu_mask+0x20/0x20 [ 3201.166959] ? arch_stack_walk+0x99/0xf0 [ 3201.167488] ? stack_trace_save+0x8c/0xc0 [ 3201.168040] ? mark_held_locks+0x9e/0xe0 [ 3201.168538] ? trace_hardirqs_on+0x5b/0x180 [ 3201.169065] ? kasan_unpoison_shadow+0x33/0x50 [ 3201.169622] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3201.170243] rtnl_newlink+0x64/0xa0 [ 3201.170688] ? __rtnl_newlink+0x1700/0x1700 [ 3201.171216] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3201.171755] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3201.172256] ? perf_trace_lock+0xac/0x490 [ 3201.172772] ? __lockdep_reset_lock+0x180/0x180 [ 3201.173346] netlink_rcv_skb+0x14b/0x430 [ 3201.173853] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3201.174351] ? netlink_ack+0xab0/0xab0 [ 3201.174828] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3201.175404] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3201.175971] ? is_vmalloc_addr+0x7b/0xb0 [ 3201.176474] netlink_unicast+0x549/0x7f0 [ 3201.176981] ? netlink_attachskb+0x870/0x870 [ 3201.177526] netlink_sendmsg+0x90f/0xdf0 [ 3201.178028] ? netlink_unicast+0x7f0/0x7f0 [ 3201.178557] ? netlink_unicast+0x7f0/0x7f0 [ 3201.179078] __sock_sendmsg+0x154/0x190 [ 3201.179583] ____sys_sendmsg+0x70d/0x870 [ 3201.180082] ? sock_write_iter+0x3d0/0x3d0 [ 3201.180603] ? do_recvmmsg+0x6d0/0x6d0 [ 3201.181083] ? lock_downgrade+0x6d0/0x6d0 [ 3201.181596] ? __lockdep_reset_lock+0x180/0x180 [ 3201.182170] ___sys_sendmsg+0xf3/0x170 [ 3201.182653] ? sendmsg_copy_msghdr+0x160/0x160 [ 3201.183217] ? __fget_files+0x2cf/0x520 [ 3201.183720] ? lock_downgrade+0x6d0/0x6d0 [ 3201.184226] ? find_held_lock+0x2c/0x110 [ 3201.184733] ? __fget_files+0x2f8/0x520 [ 3201.185228] ? __fget_light+0xea/0x290 [ 3201.185714] __sys_sendmsg+0xe5/0x1b0 [ 3201.186183] ? __sys_sendmsg_sock+0x40/0x40 [ 3201.186716] ? rcu_read_lock_any_held+0x75/0xa0 [ 3201.187311] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3201.187952] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3201.188581] ? trace_hardirqs_on+0x5b/0x180 [ 3201.189115] do_syscall_64+0x33/0x40 [ 3201.189572] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3201.190200] RIP: 0033:0x7ff152763b19 [ 3201.190660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3201.192930] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3201.193863] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3201.194740] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3201.195631] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3201.196508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3201.197384] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3201.217923] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3201.219267] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3201.220297] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 13:59:54 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x48, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3215.258341] FAULT_INJECTION: forcing a failure. [ 3215.258341] name failslab, interval 1, probability 0, space 0, times 0 [ 3215.259851] CPU: 1 PID: 26867 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3215.260738] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3215.261794] Call Trace: [ 3215.262171] dump_stack+0x107/0x167 [ 3215.262618] should_fail.cold+0x5/0xa [ 3215.263138] ? create_object.isra.0+0x3a/0xa20 [ 3215.263701] should_failslab+0x5/0x20 [ 3215.264262] kmem_cache_alloc+0x5b/0x310 [ 3215.264763] create_object.isra.0+0x3a/0xa20 [ 3215.265346] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3215.265967] kmem_cache_alloc+0x159/0x310 [ 3215.266529] vm_area_dup+0x78/0x290 [ 3215.266976] ? lock_release+0x680/0x680 [ 3215.267512] ? mark_lock+0xf5/0x2df0 [ 3215.267996] ? lock_chain_count+0x20/0x20 [ 3215.268557] ? mark_lock+0xf5/0x2df0 [ 3215.269084] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3215.269741] ? lock_chain_count+0x20/0x20 [ 3215.269991] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3215.270302] ? mark_lock+0xf5/0x2df0 [ 3215.271899] ? vm_area_alloc+0x110/0x110 [ 3215.272453] ? __lock_acquire+0x1657/0x5b00 [ 3215.272993] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3215.273705] ? vmacache_find+0x55/0x2a0 [ 3215.274241] __split_vma+0xa8/0x4e0 [ 3215.274690] __do_munmap+0x365/0x1260 [ 3215.275208] ? arch_get_unmapped_area+0x450/0x450 [ 3215.275815] ? lock_release+0x680/0x680 [ 3215.276356] mmap_region+0x7c8/0x1500 [ 3215.276833] do_mmap+0xcdb/0x11e0 [ 3215.277317] vm_mmap_pgoff+0x198/0x1f0 [ 3215.277798] ? randomize_page+0xb0/0xb0 [ 3215.280630] ksys_mmap_pgoff+0x41c/0x560 [ 3215.281178] ? find_mergeable_anon_vma+0x250/0x250 [ 3215.281780] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3215.282483] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3215.283203] do_syscall_64+0x33/0x40 [ 3215.283663] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3215.284376] RIP: 0033:0x7fbe2462eb62 [ 3215.284836] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3215.287226] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3215.288224] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3215.289148] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3215.290082] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3215.290951] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3215.291880] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3215.301110] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 13:59:54 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x1c020000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 13:59:54 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x1c9440, 0x95) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 13:59:54 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 35) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:54 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x3000000) 13:59:54 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x6c, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 13:59:54 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 62) 13:59:54 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000740101010100"], 0x1c}}, 0x0) [ 3215.314062] FAULT_INJECTION: forcing a failure. [ 3215.314062] name failslab, interval 1, probability 0, space 0, times 0 [ 3215.315541] CPU: 1 PID: 26871 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3215.316447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3215.317533] Call Trace: [ 3215.317857] dump_stack+0x107/0x167 [ 3215.318352] should_fail.cold+0x5/0xa [ 3215.318818] ? create_object.isra.0+0x3a/0xa20 [ 3215.319424] should_failslab+0x5/0x20 [ 3215.319909] kmem_cache_alloc+0x5b/0x310 [ 3215.320460] create_object.isra.0+0x3a/0xa20 [ 3215.320997] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3215.321698] kmem_cache_alloc_node+0x169/0x330 [ 3215.322374] __alloc_skb+0x6d/0x5b0 [ 3215.322828] inet6_rt_notify+0xed/0x2a0 [ 3215.323394] fib6_del+0xf4c/0x1540 [ 3215.323863] ? fib6_locate+0x660/0x660 [ 3215.324392] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3215.325073] ? fib6_ifdown+0xc5/0x8f0 [ 3215.325552] fib6_clean_node+0x39e/0x570 [ 3215.326133] ? fib6_del+0x1540/0x1540 [ 3215.326604] ? fib6_clean_tree+0x14c/0x260 [ 3215.327182] fib6_walk_continue+0x35c/0x710 [ 3215.327715] ? trace_hardirqs_on+0x5b/0x180 [ 3215.328331] fib6_clean_tree+0x154/0x260 [ 3215.328829] ? fib6_ifup+0x260/0x260 [ 3215.329339] ? fib6_info_destroy_rcu+0x210/0x210 [ 3215.329926] ? fib6_del+0x1540/0x1540 [ 3215.330446] ? fib6_ifup+0x260/0x260 [ 3215.330901] ? spin_bug+0xf0/0x100 [ 3215.331410] ? lock_chain_count+0x20/0x20 [ 3215.331950] ? fib6_ifup+0x260/0x260 [ 3215.332515] __fib6_clean_all+0xf0/0x2a0 [ 3215.333238] rt6_disable_ip+0x4d5/0x5b0 [ 3215.333729] ? lock_chain_count+0x20/0x20 [ 3215.334801] ? rt6_sync_down_dev+0x150/0x150 [ 3215.335430] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3215.339341] ? addrconf_dad_run+0x180/0x180 [ 3215.339904] addrconf_notify+0x159/0x2410 [ 3215.340491] ? tun_device_event+0x71/0x1160 [ 3215.341066] ? mark_held_locks+0x9e/0xe0 [ 3215.341568] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3215.342250] ? inet6_ifinfo_notify+0x150/0x150 [ 3215.342814] ? failover_register+0x530/0x530 [ 3215.343408] raw_notifier_call_chain+0xb3/0x110 [ 3215.344073] call_netdevice_notifiers_info+0xb5/0x130 [ 3215.344716] __dev_notify_flags+0x1de/0x2c0 [ 3215.345293] ? dev_change_name+0x660/0x660 [ 3215.345808] ? __dev_change_flags+0x4cf/0x6e0 [ 3215.346408] ? dev_set_allmulti+0x30/0x30 [ 3215.346925] dev_change_flags+0x100/0x160 [ 3215.347485] do_setlink+0x90c/0x3ac0 [ 3215.347966] ? vprintk_func+0x93/0x140 [ 3215.348498] ? rtnl_getlink+0xaa0/0xaa0 [ 3215.348984] ? printk+0xba/0xf1 [ 3215.349460] ? record_print_text.cold+0x16/0x16 [ 3215.350078] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3215.350695] ? trace_hardirqs_on+0x5b/0x180 [ 3215.351284] ? __nla_validate_parse+0x2d8/0x2b10 [ 3215.351893] ? perf_trace_lock+0xac/0x490 [ 3215.352454] ? nla_get_range_signed+0x520/0x520 [ 3215.353070] ? __lock_acquire+0xbb1/0x5b00 [ 3215.353611] __rtnl_newlink+0xc39/0x1700 [ 3215.354190] ? rtnl_setlink+0x3b0/0x3b0 [ 3215.354680] ? __is_insn_slot_addr+0x123/0x290 [ 3215.355295] ? unwind_next_frame+0x13ef/0x1a90 [ 3215.355872] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3215.356567] ? 0xffffffffa0000000 [ 3215.356997] ? __is_insn_slot_addr+0x14c/0x290 [ 3215.357643] ? kernel_text_address+0xf2/0x120 [ 3215.358244] ? __kernel_text_address+0x9/0x40 [ 3215.358795] ? unwind_get_return_address+0x55/0xa0 [ 3215.359467] ? create_prof_cpu_mask+0x20/0x20 [ 3215.360084] ? arch_stack_walk+0x99/0xf0 [ 3215.360594] ? stack_trace_save+0x8c/0xc0 [ 3215.361199] ? mark_held_locks+0x9e/0xe0 [ 3215.361702] ? trace_hardirqs_on+0x5b/0x180 [ 3215.362285] ? kasan_unpoison_shadow+0x33/0x50 [ 3215.362845] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3215.363538] rtnl_newlink+0x64/0xa0 [ 3215.364041] ? __rtnl_newlink+0x1700/0x1700 [ 3215.364581] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3215.365147] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3215.365646] ? perf_trace_lock+0xac/0x490 [ 3215.366205] ? __lockdep_reset_lock+0x180/0x180 [ 3215.366780] netlink_rcv_skb+0x14b/0x430 [ 3215.367332] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3215.367848] ? netlink_ack+0xab0/0xab0 [ 3215.368394] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3215.368965] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3215.369573] ? is_vmalloc_addr+0x7b/0xb0 [ 3215.370123] netlink_unicast+0x549/0x7f0 [ 3215.370626] ? netlink_attachskb+0x870/0x870 [ 3215.371226] netlink_sendmsg+0x90f/0xdf0 [ 3215.371737] ? netlink_unicast+0x7f0/0x7f0 [ 3215.372326] ? netlink_unicast+0x7f0/0x7f0 [ 3215.372844] __sock_sendmsg+0x154/0x190 [ 3215.373402] ____sys_sendmsg+0x70d/0x870 [ 3215.373900] ? sock_write_iter+0x3d0/0x3d0 [ 3215.374466] ? do_recvmmsg+0x6d0/0x6d0 [ 3215.374946] ? lock_downgrade+0x6d0/0x6d0 [ 3215.375506] ? __lockdep_reset_lock+0x180/0x180 [ 3215.376153] ___sys_sendmsg+0xf3/0x170 [ 3215.376632] ? sendmsg_copy_msghdr+0x160/0x160 [ 3215.377264] ? __fget_files+0x2cf/0x520 [ 3215.377755] ? lock_downgrade+0x6d0/0x6d0 [ 3215.378310] ? find_held_lock+0x2c/0x110 [ 3215.378819] ? __fget_files+0x2f8/0x520 [ 3215.379364] ? __fget_light+0xea/0x290 [ 3215.379865] __sys_sendmsg+0xe5/0x1b0 [ 3215.380380] ? __sys_sendmsg_sock+0x40/0x40 [ 3215.380911] ? rcu_read_lock_any_held+0x75/0xa0 [ 3215.381549] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3215.382261] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3215.382887] ? trace_hardirqs_on+0x5b/0x180 [ 3215.383467] do_syscall_64+0x33/0x40 [ 3215.383943] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3215.384614] RIP: 0033:0x7ff152763b19 [ 3215.385122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3215.387478] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3215.388471] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3215.389401] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3215.390317] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3215.391232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3215.392192] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3215.396839] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3215.397404] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3215.398955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3215.405348] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3215.412666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3215.413626] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3215.414626] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3215.424789] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3215.543902] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3215.551284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3215.552312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3215.553347] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:00:08 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0x5) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) [ 3229.539352] FAULT_INJECTION: forcing a failure. [ 3229.539352] name failslab, interval 1, probability 0, space 0, times 0 [ 3229.540846] CPU: 1 PID: 27000 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3229.541689] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3229.542699] Call Trace: [ 3229.543028] dump_stack+0x107/0x167 [ 3229.543476] should_fail.cold+0x5/0xa [ 3229.543946] ? anon_vma_clone+0xdc/0x590 [ 3229.552492] should_failslab+0x5/0x20 [ 3229.552958] kmem_cache_alloc+0x5b/0x310 [ 3229.553458] anon_vma_clone+0xdc/0x590 [ 3229.553942] __split_vma+0x17c/0x4e0 [ 3229.554398] __do_munmap+0x365/0x1260 [ 3229.554865] ? arch_get_unmapped_area+0x450/0x450 [ 3229.555456] ? lock_release+0x680/0x680 [ 3229.555537] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3229.555943] mmap_region+0x7c8/0x1500 [ 3229.557511] do_mmap+0xcdb/0x11e0 [ 3229.557942] vm_mmap_pgoff+0x198/0x1f0 [ 3229.558427] ? randomize_page+0xb0/0xb0 [ 3229.558923] ksys_mmap_pgoff+0x41c/0x560 [ 3229.559423] ? find_mergeable_anon_vma+0x250/0x250 [ 3229.560025] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3229.560678] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3229.561315] do_syscall_64+0x33/0x40 [ 3229.561772] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3229.562402] RIP: 0033:0x7fbe2462eb62 [ 3229.562858] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3229.565131] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3229.566082] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3229.566958] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3229.567884] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3229.578805] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 14:00:08 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c00007a0101010100"], 0x1c}}, 0x0) 14:00:08 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 63) 14:00:08 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000000) 14:00:08 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x20000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 14:00:08 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x4c, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:08 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 36) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:08 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x74, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3229.579674] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3229.585711] FAULT_INJECTION: forcing a failure. [ 3229.585711] name failslab, interval 1, probability 0, space 0, times 0 [ 3229.587217] CPU: 0 PID: 27006 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3229.588118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3229.589244] Call Trace: [ 3229.589594] dump_stack+0x107/0x167 [ 3229.590075] should_fail.cold+0x5/0xa [ 3229.590595] should_failslab+0x5/0x20 [ 3229.592486] __kmalloc_node_track_caller+0x74/0x3b0 [ 3229.593142] ? inet6_rt_notify+0xed/0x2a0 [ 3229.593690] __alloc_skb+0xb1/0x5b0 [ 3229.594168] inet6_rt_notify+0xed/0x2a0 [ 3229.594691] fib6_del+0xf4c/0x1540 [ 3229.595164] ? fib6_locate+0x660/0x660 [ 3229.595681] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3229.596374] ? fib6_ifdown+0xc5/0x8f0 [ 3229.596877] fib6_clean_node+0x39e/0x570 [ 3229.597408] ? fib6_del+0x1540/0x1540 [ 3229.597906] ? fib6_clean_tree+0x14c/0x260 [ 3229.598465] fib6_walk_continue+0x35c/0x710 [ 3229.599029] ? trace_hardirqs_on+0x5b/0x180 [ 3229.599593] fib6_clean_tree+0x154/0x260 [ 3229.600121] ? fib6_ifup+0x260/0x260 [ 3229.600623] ? fib6_info_destroy_rcu+0x210/0x210 [ 3229.601243] ? fib6_del+0x1540/0x1540 [ 3229.601740] ? fib6_ifup+0x260/0x260 [ 3229.602229] ? spin_bug+0xf0/0x100 [ 3229.602691] ? lock_chain_count+0x20/0x20 [ 3229.603238] ? fib6_ifup+0x260/0x260 [ 3229.603722] __fib6_clean_all+0xf0/0x2a0 [ 3229.604262] rt6_disable_ip+0x4d5/0x5b0 [ 3229.604783] ? lock_chain_count+0x20/0x20 [ 3229.605331] ? rt6_sync_down_dev+0x150/0x150 [ 3229.605914] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3229.606539] ? addrconf_dad_run+0x180/0x180 [ 3229.607114] addrconf_notify+0x159/0x2410 [ 3229.607658] ? tun_device_event+0x71/0x1160 [ 3229.608324] ? mark_held_locks+0x9e/0xe0 [ 3229.608869] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3229.609602] ? inet6_ifinfo_notify+0x150/0x150 [ 3229.610268] ? failover_register+0x530/0x530 [ 3229.610854] raw_notifier_call_chain+0xb3/0x110 [ 3229.611527] call_netdevice_notifiers_info+0xb5/0x130 [ 3229.612339] __dev_notify_flags+0x1de/0x2c0 [ 3229.612901] ? dev_change_name+0x660/0x660 [ 3229.613507] ? __dev_change_flags+0x4cf/0x6e0 [ 3229.614093] ? dev_set_allmulti+0x30/0x30 [ 3229.614704] dev_change_flags+0x100/0x160 [ 3229.615304] do_setlink+0x90c/0x3ac0 [ 3229.615795] ? vprintk_func+0x93/0x140 [ 3229.616491] ? rtnl_getlink+0xaa0/0xaa0 [ 3229.617413] ? printk+0xba/0xf1 [ 3229.617845] ? record_print_text.cold+0x16/0x16 [ 3229.618731] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3229.619475] ? trace_hardirqs_on+0x5b/0x180 [ 3229.620051] ? __nla_validate_parse+0x2d8/0x2b10 [ 3229.621261] ? perf_trace_lock+0xac/0x490 [ 3229.621805] ? nla_get_range_signed+0x520/0x520 [ 3229.622511] ? __lock_acquire+0xbb1/0x5b00 [ 3229.623081] __rtnl_newlink+0xc39/0x1700 [ 3229.623713] ? rtnl_setlink+0x3b0/0x3b0 [ 3229.624359] ? __is_insn_slot_addr+0x123/0x290 [ 3229.624962] ? unwind_next_frame+0x13ef/0x1a90 [ 3229.625644] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3229.626337] ? 0xffffffffa0000000 [ 3229.626792] ? __is_insn_slot_addr+0x14c/0x290 [ 3229.627396] ? kernel_text_address+0xf2/0x120 [ 3229.627979] ? __kernel_text_address+0x9/0x40 [ 3229.628584] ? unwind_get_return_address+0x55/0xa0 [ 3229.629224] ? create_prof_cpu_mask+0x20/0x20 [ 3229.629806] ? arch_stack_walk+0x99/0xf0 [ 3229.630349] ? stack_trace_save+0x8c/0xc0 [ 3229.630939] ? mark_held_locks+0x9e/0xe0 [ 3229.631474] ? trace_hardirqs_on+0x5b/0x180 [ 3229.632036] ? kasan_unpoison_shadow+0x33/0x50 [ 3229.632646] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3229.633403] rtnl_newlink+0x64/0xa0 [ 3229.633879] ? __rtnl_newlink+0x1700/0x1700 [ 3229.634520] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3229.635074] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3229.635663] ? perf_trace_lock+0xac/0x490 [ 3229.636272] ? __lockdep_reset_lock+0x180/0x180 [ 3229.636891] netlink_rcv_skb+0x14b/0x430 [ 3229.637486] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3229.638018] ? netlink_ack+0xab0/0xab0 [ 3229.638600] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3229.639318] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3229.639915] ? is_vmalloc_addr+0x7b/0xb0 [ 3229.640548] netlink_unicast+0x549/0x7f0 [ 3229.641084] ? netlink_attachskb+0x870/0x870 [ 3229.641728] netlink_sendmsg+0x90f/0xdf0 [ 3229.642317] ? netlink_unicast+0x7f0/0x7f0 [ 3229.642879] ? netlink_unicast+0x7f0/0x7f0 [ 3229.643490] __sock_sendmsg+0x154/0x190 [ 3229.644011] ____sys_sendmsg+0x70d/0x870 [ 3229.644640] ? sock_write_iter+0x3d0/0x3d0 [ 3229.645287] ? do_recvmmsg+0x6d0/0x6d0 [ 3229.645799] ? lock_downgrade+0x6d0/0x6d0 [ 3229.646347] ? __lockdep_reset_lock+0x180/0x180 [ 3229.646958] ___sys_sendmsg+0xf3/0x170 [ 3229.647467] ? sendmsg_copy_msghdr+0x160/0x160 [ 3229.648067] ? __fget_files+0x2cf/0x520 [ 3229.648604] ? lock_downgrade+0x6d0/0x6d0 [ 3229.649147] ? find_held_lock+0x2c/0x110 [ 3229.649685] ? __fget_files+0x2f8/0x520 [ 3229.650210] ? __fget_light+0xea/0x290 [ 3229.650725] __sys_sendmsg+0xe5/0x1b0 [ 3229.651223] ? __sys_sendmsg_sock+0x40/0x40 [ 3229.651783] ? rcu_read_lock_any_held+0x75/0xa0 [ 3229.652424] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3229.653107] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3229.653775] ? trace_hardirqs_on+0x5b/0x180 [ 3229.654339] do_syscall_64+0x33/0x40 [ 3229.654824] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3229.655491] RIP: 0033:0x7ff152763b19 [ 3229.655979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3229.658401] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3229.659393] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3229.660336] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3229.661267] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3229.662197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3229.663127] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3229.667150] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 14:00:08 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 64) [ 3229.671950] 9p: Unknown access argument cn [ 3229.679738] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3229.693835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3229.694787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3229.695800] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3229.711128] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3229.712070] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3229.713055] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3229.713942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3229.714808] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 14:00:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0003920101010100"], 0x1c}}, 0x0) [ 3229.716235] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3229.720005] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3229.724278] FAULT_INJECTION: forcing a failure. [ 3229.724278] name failslab, interval 1, probability 0, space 0, times 0 [ 3229.725656] CPU: 1 PID: 27020 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3229.726497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3229.727503] Call Trace: [ 3229.727830] dump_stack+0x107/0x167 [ 3229.728301] should_fail.cold+0x5/0xa [ 3229.728755] ? ___slab_alloc+0x155/0x700 [ 3229.729241] ? create_object.isra.0+0x3a/0xa20 [ 3229.729785] should_failslab+0x5/0x20 [ 3229.730227] kmem_cache_alloc+0x5b/0x310 [ 3229.730703] create_object.isra.0+0x3a/0xa20 [ 3229.731216] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3229.731828] kmem_cache_alloc+0x159/0x310 [ 3229.732370] anon_vma_clone+0xdc/0x590 [ 3229.732835] __split_vma+0x17c/0x4e0 [ 3229.733289] __do_munmap+0x365/0x1260 [ 3229.733770] ? arch_get_unmapped_area+0x450/0x450 [ 3229.734382] ? lock_release+0x680/0x680 [ 3229.734885] mmap_region+0x7c8/0x1500 [ 3229.735379] do_mmap+0xcdb/0x11e0 [ 3229.735823] vm_mmap_pgoff+0x198/0x1f0 [ 3229.736342] ? randomize_page+0xb0/0xb0 [ 3229.736855] ksys_mmap_pgoff+0x41c/0x560 [ 3229.737357] ? find_mergeable_anon_vma+0x250/0x250 [ 3229.737963] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3229.738631] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3229.739280] do_syscall_64+0x33/0x40 [ 3229.739753] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3229.740405] RIP: 0033:0x7fbe2462eb62 [ 3229.740846] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3229.743106] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3229.744050] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3229.744936] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3229.745789] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3229.746619] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3229.747446] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3229.774912] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 14:00:09 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) [ 3229.775844] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3229.776815] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3229.778170] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 14:00:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000ec00101010100"], 0x1c}}, 0x0) 14:00:09 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 37) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:09 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x5000000) 14:00:09 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x60, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:09 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 65) [ 3229.874721] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 14:00:09 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x7a, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3229.888255] FAULT_INJECTION: forcing a failure. [ 3229.888255] name failslab, interval 1, probability 0, space 0, times 0 [ 3229.889690] CPU: 1 PID: 27134 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3229.890531] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3229.891541] Call Trace: [ 3229.891870] dump_stack+0x107/0x167 [ 3229.892346] should_fail.cold+0x5/0xa [ 3229.892832] ? create_object.isra.0+0x3a/0xa20 [ 3229.893409] should_failslab+0x5/0x20 [ 3229.893888] kmem_cache_alloc+0x5b/0x310 [ 3229.894402] create_object.isra.0+0x3a/0xa20 [ 3229.894936] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3229.895557] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3229.896175] ? __neigh_notify+0x84/0x160 [ 3229.896694] __alloc_skb+0xb1/0x5b0 [ 3229.897143] __neigh_notify+0x84/0x160 [ 3229.897620] neigh_cleanup_and_release+0x78/0x220 [ 3229.898206] neigh_flush_dev+0x4ad/0x8b0 [ 3229.898713] __neigh_ifdown.isra.0+0x54/0x380 [ 3229.899267] neigh_ifdown+0x1b/0x30 [ 3229.899711] rt6_disable_ip+0x478/0x5b0 [ 3229.900196] ? lock_chain_count+0x20/0x20 [ 3229.900743] ? rt6_sync_down_dev+0x150/0x150 [ 3229.901310] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3229.901916] ? addrconf_dad_run+0x180/0x180 [ 3229.902473] addrconf_notify+0x159/0x2410 [ 3229.903001] ? tun_device_event+0x71/0x1160 [ 3229.903543] ? mark_held_locks+0x9e/0xe0 [ 3229.904056] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3229.904721] ? inet6_ifinfo_notify+0x150/0x150 [ 3229.905279] ? failover_register+0x530/0x530 [ 3229.905824] raw_notifier_call_chain+0xb3/0x110 [ 3229.906395] call_netdevice_notifiers_info+0xb5/0x130 [ 3229.907024] __dev_notify_flags+0x1de/0x2c0 [ 3229.907549] ? dev_change_name+0x660/0x660 [ 3229.908061] ? __dev_change_flags+0x4cf/0x6e0 [ 3229.908644] ? dev_set_allmulti+0x30/0x30 [ 3229.909159] dev_change_flags+0x100/0x160 [ 3229.909668] do_setlink+0x90c/0x3ac0 [ 3229.910122] ? mark_lock+0xf5/0x2df0 [ 3229.910577] ? lock_chain_count+0x20/0x20 [ 3229.911079] ? rtnl_getlink+0xaa0/0xaa0 [ 3229.911560] ? lock_chain_count+0x20/0x20 [ 3229.912067] ? record_print_text.cold+0x16/0x16 [ 3229.912669] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3229.913284] ? trace_hardirqs_on+0x5b/0x180 [ 3229.913826] ? mark_held_locks+0x9e/0xe0 [ 3229.914325] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3229.914968] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3229.915623] ? trace_hardirqs_on+0x5b/0x180 [ 3229.916149] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3229.916838] __rtnl_newlink+0xc39/0x1700 [ 3229.917345] ? rtnl_setlink+0x3b0/0x3b0 [ 3229.917832] ? __is_insn_slot_addr+0x123/0x290 [ 3229.918005] FAULT_INJECTION: forcing a failure. [ 3229.918005] name failslab, interval 1, probability 0, space 0, times 0 [ 3229.918393] ? unwind_next_frame+0x13ef/0x1a90 [ 3229.918433] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3229.918444] ? 0xffffffffa0000000 [ 3229.918459] ? __is_insn_slot_addr+0x14c/0x290 [ 3229.918476] ? kernel_text_address+0xf2/0x120 [ 3229.918492] ? __kernel_text_address+0x9/0x40 [ 3229.918505] ? unwind_get_return_address+0x55/0xa0 [ 3229.918518] ? create_prof_cpu_mask+0x20/0x20 [ 3229.918530] ? arch_stack_walk+0x99/0xf0 [ 3229.924970] ? stack_trace_save+0x8c/0xc0 [ 3229.925521] ? mark_held_locks+0x9e/0xe0 [ 3229.926018] ? trace_hardirqs_on+0x5b/0x180 [ 3229.926544] ? kasan_unpoison_shadow+0x33/0x50 [ 3229.927097] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3229.927714] rtnl_newlink+0x64/0xa0 [ 3229.928156] ? __rtnl_newlink+0x1700/0x1700 [ 3229.928697] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3229.929215] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3229.929710] ? perf_trace_lock+0xac/0x490 [ 3229.930219] ? __lockdep_reset_lock+0x180/0x180 [ 3229.930790] netlink_rcv_skb+0x14b/0x430 [ 3229.931284] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3229.931783] ? netlink_ack+0xab0/0xab0 [ 3229.932264] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3229.932829] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3229.933385] ? is_vmalloc_addr+0x7b/0xb0 [ 3229.933885] netlink_unicast+0x549/0x7f0 [ 3229.934384] ? netlink_attachskb+0x870/0x870 [ 3229.934926] netlink_sendmsg+0x90f/0xdf0 [ 3229.935425] ? netlink_unicast+0x7f0/0x7f0 [ 3229.935947] ? netlink_unicast+0x7f0/0x7f0 [ 3229.936480] __sock_sendmsg+0x154/0x190 [ 3229.936971] ____sys_sendmsg+0x70d/0x870 [ 3229.937467] ? sock_write_iter+0x3d0/0x3d0 [ 3229.937981] ? do_recvmmsg+0x6d0/0x6d0 [ 3229.938459] ? lock_downgrade+0x6d0/0x6d0 [ 3229.938966] ? __lockdep_reset_lock+0x180/0x180 [ 3229.939535] ___sys_sendmsg+0xf3/0x170 [ 3229.940011] ? sendmsg_copy_msghdr+0x160/0x160 [ 3229.940587] ? __fget_files+0x2cf/0x520 [ 3229.941072] ? lock_downgrade+0x6d0/0x6d0 [ 3229.941577] ? find_held_lock+0x2c/0x110 [ 3229.942081] ? __fget_files+0x2f8/0x520 [ 3229.942572] ? __fget_light+0xea/0x290 [ 3229.943052] __sys_sendmsg+0xe5/0x1b0 [ 3229.943517] ? __sys_sendmsg_sock+0x40/0x40 [ 3229.944042] ? rcu_read_lock_any_held+0x75/0xa0 [ 3229.944637] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3229.945275] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3229.945899] ? trace_hardirqs_on+0x5b/0x180 [ 3229.946426] do_syscall_64+0x33/0x40 [ 3229.946878] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3229.947500] RIP: 0033:0x7ff152763b19 [ 3229.947953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3229.950202] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3229.951127] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3229.951995] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3229.952876] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3229.953740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3229.954604] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3229.955493] CPU: 0 PID: 27142 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3229.956434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3229.957526] Call Trace: [ 3229.957881] dump_stack+0x107/0x167 [ 3229.958368] should_fail.cold+0x5/0xa [ 3229.958867] ? down_write+0xe0/0x160 [ 3229.959365] ? anon_vma_clone+0xdc/0x590 [ 3229.959916] should_failslab+0x5/0x20 [ 3229.960445] kmem_cache_alloc+0x5b/0x310 [ 3229.960994] anon_vma_clone+0xdc/0x590 [ 3229.961523] __split_vma+0x17c/0x4e0 [ 3229.961905] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3229.962020] __do_munmap+0x365/0x1260 [ 3229.963530] ? arch_get_unmapped_area+0x450/0x450 [ 3229.964172] ? lock_release+0x680/0x680 [ 3229.964721] mmap_region+0x7c8/0x1500 [ 3229.965244] do_mmap+0xcdb/0x11e0 [ 3229.965718] vm_mmap_pgoff+0x198/0x1f0 [ 3229.966248] ? randomize_page+0xb0/0xb0 [ 3229.966795] ksys_mmap_pgoff+0x41c/0x560 [ 3229.967340] ? find_mergeable_anon_vma+0x250/0x250 [ 3229.968002] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3229.968722] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3229.969413] do_syscall_64+0x33/0x40 [ 3229.969912] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3229.970593] RIP: 0033:0x7fbe2462eb62 [ 3229.971093] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3229.973548] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3229.974561] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3229.975509] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3229.975667] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3229.976476] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3229.976485] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3229.976493] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3229.977212] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3229.977357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 14:00:09 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x20100000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3229.990053] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3229.993487] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3229.994377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3229.996180] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3229.997979] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3230.018115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3230.018136] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3230.019068] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3230.025983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3230.026884] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3230.027715] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3230.037724] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3230.058414] 9p: Unknown access argument cn 14:00:09 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0018c80101010100"], 0x1c}}, 0x0) 14:00:09 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 38) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3230.220088] FAULT_INJECTION: forcing a failure. [ 3230.220088] name failslab, interval 1, probability 0, space 0, times 0 [ 3230.221744] CPU: 0 PID: 27259 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3230.222628] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3230.223683] Call Trace: [ 3230.224022] dump_stack+0x107/0x167 [ 3230.224517] should_fail.cold+0x5/0xa [ 3230.225009] ? __alloc_skb+0x6d/0x5b0 [ 3230.225499] should_failslab+0x5/0x20 [ 3230.225988] kmem_cache_alloc_node+0x55/0x330 [ 3230.226567] __alloc_skb+0x6d/0x5b0 [ 3230.227035] inet6_ifa_notify+0x118/0x220 [ 3230.227563] ? inet6_fill_ifaddr+0xd60/0xd60 [ 3230.228137] __ipv6_ifa_notify+0x17b/0xb10 [ 3230.228720] ? modify_prefix_route+0x590/0x590 [ 3230.229322] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3230.230002] ? __local_bh_enable_ip+0x9d/0x100 [ 3230.230600] addrconf_ifdown.isra.0+0xb99/0x15f0 [ 3230.231225] ? addrconf_dad_run+0x180/0x180 [ 3230.231805] addrconf_notify+0x159/0x2410 [ 3230.232377] ? tun_device_event+0x71/0x1160 [ 3230.232930] ? mark_held_locks+0x9e/0xe0 [ 3230.233472] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3230.234165] ? inet6_ifinfo_notify+0x150/0x150 [ 3230.234768] ? failover_register+0x530/0x530 [ 3230.235380] raw_notifier_call_chain+0xb3/0x110 [ 3230.236013] call_netdevice_notifiers_info+0xb5/0x130 [ 3230.236731] __dev_notify_flags+0x1de/0x2c0 [ 3230.237317] ? dev_change_name+0x660/0x660 [ 3230.237882] ? __dev_change_flags+0x4cf/0x6e0 [ 3230.238486] ? dev_set_allmulti+0x30/0x30 [ 3230.239047] ? __lockdep_reset_lock+0x180/0x180 [ 3230.239676] dev_change_flags+0x100/0x160 [ 3230.240251] do_setlink+0x90c/0x3ac0 [ 3230.240768] ? ___ratelimit+0x29a/0x440 [ 3230.241290] ? rtnl_getlink+0xaa0/0xaa0 [ 3230.241813] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3230.242497] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3230.243154] ? trace_hardirqs_on+0x5b/0x180 [ 3230.243724] ? ___ratelimit+0x1fc/0x440 [ 3230.244268] ? __nla_validate_parse+0x2d8/0x2b10 [ 3230.244917] ? perf_trace_lock+0xac/0x490 [ 3230.245467] ? nla_get_range_signed+0x520/0x520 [ 3230.246100] ? __lock_acquire+0xbb1/0x5b00 [ 3230.246689] __rtnl_newlink+0xc39/0x1700 [ 3230.247247] ? rtnl_setlink+0x3b0/0x3b0 [ 3230.247769] ? __is_insn_slot_addr+0x123/0x290 [ 3230.248392] ? unwind_next_frame+0x13ef/0x1a90 [ 3230.248987] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3230.249679] ? 0xffffffffa0000000 [ 3230.250135] ? __is_insn_slot_addr+0x14c/0x290 [ 3230.250737] ? kernel_text_address+0xf2/0x120 [ 3230.251321] ? __kernel_text_address+0x9/0x40 [ 3230.251906] ? unwind_get_return_address+0x55/0xa0 [ 3230.252576] ? create_prof_cpu_mask+0x20/0x20 [ 3230.253177] ? arch_stack_walk+0x99/0xf0 [ 3230.253735] ? stack_trace_save+0x8c/0xc0 [ 3230.254348] ? mark_held_locks+0x9e/0xe0 [ 3230.254898] ? trace_hardirqs_on+0x5b/0x180 [ 3230.255481] ? kasan_unpoison_shadow+0x33/0x50 [ 3230.256093] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3230.256805] rtnl_newlink+0x64/0xa0 [ 3230.257301] ? __rtnl_newlink+0x1700/0x1700 [ 3230.257863] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3230.258417] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3230.258945] ? perf_trace_lock+0xac/0x490 [ 3230.259490] ? __lockdep_reset_lock+0x180/0x180 [ 3230.260101] netlink_rcv_skb+0x14b/0x430 [ 3230.260665] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3230.261215] ? netlink_ack+0xab0/0xab0 [ 3230.261736] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3230.262355] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3230.262967] ? is_vmalloc_addr+0x7b/0xb0 [ 3230.263517] netlink_unicast+0x549/0x7f0 [ 3230.264053] ? netlink_attachskb+0x870/0x870 [ 3230.264654] netlink_sendmsg+0x90f/0xdf0 [ 3230.265188] ? netlink_unicast+0x7f0/0x7f0 [ 3230.265752] ? netlink_unicast+0x7f0/0x7f0 [ 3230.266305] __sock_sendmsg+0x154/0x190 [ 3230.266825] ____sys_sendmsg+0x70d/0x870 [ 3230.267357] ? sock_write_iter+0x3d0/0x3d0 [ 3230.267907] ? do_recvmmsg+0x6d0/0x6d0 [ 3230.268453] ? lock_downgrade+0x6d0/0x6d0 [ 3230.268996] ? __lockdep_reset_lock+0x180/0x180 [ 3230.269611] ___sys_sendmsg+0xf3/0x170 [ 3230.270120] ? sendmsg_copy_msghdr+0x160/0x160 [ 3230.270718] ? __fget_files+0x2cf/0x520 [ 3230.271235] ? lock_downgrade+0x6d0/0x6d0 [ 3230.271775] ? find_held_lock+0x2c/0x110 [ 3230.272339] ? __fget_files+0x2f8/0x520 [ 3230.272893] ? __fget_light+0xea/0x290 [ 3230.273408] __sys_sendmsg+0xe5/0x1b0 [ 3230.273904] ? __sys_sendmsg_sock+0x40/0x40 [ 3230.274467] ? rcu_read_lock_any_held+0x75/0xa0 [ 3230.275085] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3230.275770] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3230.276459] ? trace_hardirqs_on+0x5b/0x180 [ 3230.277022] do_syscall_64+0x33/0x40 [ 3230.277506] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3230.278175] RIP: 0033:0x7ff152763b19 [ 3230.278662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3230.281086] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3230.282076] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3230.283003] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3230.283930] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3230.284891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3230.285818] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3230.327161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3230.328283] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3230.329256] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:00:23 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 66) 14:00:23 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 39) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:23 executing program 5: r0 = openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r2 = openat(r1, &(0x7f0000000100)='/proc/self/exe\x00', 0xe000, 0x9c) r3 = socket$netlink(0x10, 0x3, 0xf) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r4, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000", 0x7ff}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x59, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r6}) pidfd_getfd(r1, 0xffffffffffffffff, 0x0) sendfile(r3, r2, 0x0, 0x4000007ffffffc) 14:00:23 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0xf0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:23 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x6000000) 14:00:23 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x68, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:23 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0002d70101010100"], 0x1c}}, 0x0) 14:00:23 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x32190000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3244.516560] FAULT_INJECTION: forcing a failure. [ 3244.516560] name failslab, interval 1, probability 0, space 0, times 0 [ 3244.518109] CPU: 0 PID: 27270 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3244.519018] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3244.520105] Call Trace: [ 3244.520459] dump_stack+0x107/0x167 [ 3244.520963] should_fail.cold+0x5/0xa [ 3244.521469] ? create_object.isra.0+0x3a/0xa20 [ 3244.522072] should_failslab+0x5/0x20 [ 3244.522576] kmem_cache_alloc+0x5b/0x310 [ 3244.523115] create_object.isra.0+0x3a/0xa20 [ 3244.523696] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3244.524366] kmem_cache_alloc+0x159/0x310 [ 3244.524938] anon_vma_clone+0xdc/0x590 [ 3244.525460] __split_vma+0x17c/0x4e0 [ 3244.525954] __do_munmap+0x365/0x1260 [ 3244.526459] ? arch_get_unmapped_area+0x450/0x450 [ 3244.527095] ? lock_release+0x680/0x680 [ 3244.527619] mmap_region+0x7c8/0x1500 [ 3244.528130] do_mmap+0xcdb/0x11e0 [ 3244.528596] vm_mmap_pgoff+0x198/0x1f0 [ 3244.529129] ? randomize_page+0xb0/0xb0 [ 3244.529666] ksys_mmap_pgoff+0x41c/0x560 [ 3244.530201] ? find_mergeable_anon_vma+0x250/0x250 [ 3244.530846] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3244.531534] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3244.532213] do_syscall_64+0x33/0x40 [ 3244.532703] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3244.533394] RIP: 0033:0x7fbe2462eb62 [ 3244.533886] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3244.536296] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3244.537319] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3244.538253] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3244.539190] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3244.540126] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3244.541083] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3244.558867] __nla_validate_parse: 1 callbacks suppressed [ 3244.558877] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 14:00:23 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x7000000) 14:00:23 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000f00101010100"], 0x1c}}, 0x0) [ 3244.581806] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3244.582741] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3244.583710] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3244.587793] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3244.603087] FAULT_INJECTION: forcing a failure. [ 3244.603087] name failslab, interval 1, probability 0, space 0, times 0 [ 3244.604540] CPU: 1 PID: 27294 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3244.605434] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3244.606448] Call Trace: [ 3244.606778] dump_stack+0x107/0x167 [ 3244.607226] should_fail.cold+0x5/0xa [ 3244.607697] ? create_object.isra.0+0x3a/0xa20 [ 3244.608257] should_failslab+0x5/0x20 [ 3244.608735] kmem_cache_alloc+0x5b/0x310 [ 3244.609238] ? __lockdep_reset_lock+0x180/0x180 [ 3244.609807] create_object.isra.0+0x3a/0xa20 [ 3244.610341] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3244.610964] kmem_cache_alloc_node+0x169/0x330 [ 3244.611528] __alloc_skb+0x6d/0x5b0 [ 3244.611979] __neigh_notify+0x84/0x160 [ 3244.612458] neigh_cleanup_and_release+0x78/0x220 [ 3244.613063] neigh_flush_dev+0x4ad/0x8b0 [ 3244.613574] __neigh_ifdown.isra.0+0x54/0x380 [ 3244.614128] neigh_ifdown+0x1b/0x30 [ 3244.614574] rt6_disable_ip+0x478/0x5b0 [ 3244.615059] ? lock_chain_count+0x20/0x20 [ 3244.615569] ? rt6_sync_down_dev+0x150/0x150 [ 3244.616116] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3244.616702] ? addrconf_dad_run+0x180/0x180 [ 3244.617269] addrconf_notify+0x159/0x2410 [ 3244.617777] ? tun_device_event+0x71/0x1160 [ 3244.618303] ? mark_held_locks+0x9e/0xe0 [ 3244.618800] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3244.619431] ? inet6_ifinfo_notify+0x150/0x150 [ 3244.619994] ? failover_register+0x530/0x530 [ 3244.620541] raw_notifier_call_chain+0xb3/0x110 [ 3244.621138] call_netdevice_notifiers_info+0xb5/0x130 [ 3244.621772] __dev_notify_flags+0x1de/0x2c0 [ 3244.622298] ? dev_change_name+0x660/0x660 [ 3244.622810] ? __dev_change_flags+0x4cf/0x6e0 [ 3244.623360] ? dev_set_allmulti+0x30/0x30 [ 3244.623875] dev_change_flags+0x100/0x160 [ 3244.624383] do_setlink+0x90c/0x3ac0 [ 3244.624868] ? vprintk_func+0x93/0x140 [ 3244.625342] ? rtnl_getlink+0xaa0/0xaa0 [ 3244.625827] ? printk+0xba/0xf1 [ 3244.626230] ? record_print_text.cold+0x16/0x16 [ 3244.626800] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3244.627415] ? trace_hardirqs_on+0x5b/0x180 [ 3244.627958] ? __nla_validate_parse+0x2d8/0x2b10 [ 3244.628539] ? perf_trace_lock+0xac/0x490 [ 3244.629063] ? nla_get_range_signed+0x520/0x520 [ 3244.629630] ? __lock_acquire+0xbb1/0x5b00 [ 3244.630164] __rtnl_newlink+0xc39/0x1700 [ 3244.630672] ? rtnl_setlink+0x3b0/0x3b0 [ 3244.631160] ? __is_insn_slot_addr+0x123/0x290 [ 3244.631725] ? unwind_next_frame+0x13ef/0x1a90 [ 3244.632282] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3244.632949] ? 0xffffffffa0000000 [ 3244.633381] ? __is_insn_slot_addr+0x14c/0x290 [ 3244.633942] ? kernel_text_address+0xf2/0x120 [ 3244.640927] ? __kernel_text_address+0x9/0x40 [ 3244.641503] ? unwind_get_return_address+0x55/0xa0 [ 3244.642132] ? create_prof_cpu_mask+0x20/0x20 [ 3244.642704] ? arch_stack_walk+0x99/0xf0 [ 3244.643241] ? stack_trace_save+0x8c/0xc0 [ 3244.643830] ? mark_held_locks+0x9e/0xe0 [ 3244.644329] ? trace_hardirqs_on+0x5b/0x180 [ 3244.644870] ? kasan_unpoison_shadow+0x33/0x50 [ 3244.645426] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3244.646044] rtnl_newlink+0x64/0xa0 [ 3244.646492] ? __rtnl_newlink+0x1700/0x1700 [ 3244.647016] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3244.647532] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3244.648028] ? perf_trace_lock+0xac/0x490 [ 3244.648538] ? __lockdep_reset_lock+0x180/0x180 [ 3244.649128] netlink_rcv_skb+0x14b/0x430 [ 3244.649627] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3244.650124] ? netlink_ack+0xab0/0xab0 [ 3244.650597] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3244.651157] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3244.651712] ? is_vmalloc_addr+0x7b/0xb0 [ 3244.652209] netlink_unicast+0x549/0x7f0 [ 3244.652708] ? netlink_attachskb+0x870/0x870 [ 3244.653271] netlink_sendmsg+0x90f/0xdf0 [ 3244.653772] ? netlink_unicast+0x7f0/0x7f0 [ 3244.654300] ? netlink_unicast+0x7f0/0x7f0 [ 3244.654815] __sock_sendmsg+0x154/0x190 [ 3244.655300] ____sys_sendmsg+0x70d/0x870 [ 3244.655796] ? sock_write_iter+0x3d0/0x3d0 [ 3244.656308] ? do_recvmmsg+0x6d0/0x6d0 [ 3244.656796] ? lock_downgrade+0x6d0/0x6d0 [ 3244.657308] ? __lockdep_reset_lock+0x180/0x180 [ 3244.657877] ___sys_sendmsg+0xf3/0x170 [ 3244.658357] ? sendmsg_copy_msghdr+0x160/0x160 [ 3244.658919] ? __fget_files+0x2cf/0x520 [ 3244.659404] ? lock_downgrade+0x6d0/0x6d0 [ 3244.659911] ? find_held_lock+0x2c/0x110 [ 3244.660414] ? __fget_files+0x2f8/0x520 [ 3244.660926] ? __fget_light+0xea/0x290 [ 3244.661409] __sys_sendmsg+0xe5/0x1b0 [ 3244.661874] ? __sys_sendmsg_sock+0x40/0x40 [ 3244.662399] ? rcu_read_lock_any_held+0x75/0xa0 [ 3244.662981] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3244.663620] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3244.664244] ? trace_hardirqs_on+0x5b/0x180 [ 3244.664795] do_syscall_64+0x33/0x40 [ 3244.665250] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3244.665872] RIP: 0033:0x7ff152763b19 [ 3244.666325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3244.668558] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3244.673515] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3244.674378] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3244.675242] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3244.676105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3244.676990] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3244.679764] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3244.699642] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3244.700570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3244.701576] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3244.703945] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3244.719603] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 14:00:24 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 67) [ 3244.720696] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3244.725817] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3244.734573] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 14:00:24 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x40000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3244.756047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3244.761158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 14:00:24 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x6c, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3244.767600] FAULT_INJECTION: forcing a failure. [ 3244.767600] name failslab, interval 1, probability 0, space 0, times 0 [ 3244.769045] CPU: 1 PID: 27397 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3244.769888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3244.770894] Call Trace: [ 3244.771222] dump_stack+0x107/0x167 [ 3244.771670] should_fail.cold+0x5/0xa [ 3244.772137] ? vm_area_alloc+0x1c/0x110 [ 3244.772625] should_failslab+0x5/0x20 [ 3244.777127] kmem_cache_alloc+0x5b/0x310 [ 3244.777627] vm_area_alloc+0x1c/0x110 [ 3244.778090] mmap_region+0x97e/0x1500 [ 3244.778564] do_mmap+0xcdb/0x11e0 [ 3244.778993] vm_mmap_pgoff+0x198/0x1f0 [ 3244.779469] ? randomize_page+0xb0/0xb0 [ 3244.779965] ksys_mmap_pgoff+0x41c/0x560 [ 3244.780460] ? find_mergeable_anon_vma+0x250/0x250 [ 3244.781096] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3244.781738] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3244.782369] do_syscall_64+0x33/0x40 [ 3244.782822] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3244.783443] RIP: 0033:0x7fbe2462eb62 [ 3244.783896] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3244.786153] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3244.787080] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3244.787946] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3244.788826] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3244.789694] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3244.790559] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3244.794651] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:00:24 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0002f10101010100"], 0x1c}}, 0x0) 14:00:24 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x198, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3244.855026] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 14:00:24 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 40) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3244.887077] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3244.898658] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3244.900115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3244.902052] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3244.905288] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 14:00:24 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 68) 14:00:24 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000000f010100"], 0x1c}}, 0x0) [ 3244.923195] FAULT_INJECTION: forcing a failure. [ 3244.923195] name failslab, interval 1, probability 0, space 0, times 0 [ 3244.925503] CPU: 1 PID: 27479 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3244.926351] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3244.927376] Call Trace: [ 3244.927708] dump_stack+0x107/0x167 [ 3244.928158] should_fail.cold+0x5/0xa [ 3244.928631] ? create_object.isra.0+0x3a/0xa20 [ 3244.933226] should_failslab+0x5/0x20 [ 3244.933698] kmem_cache_alloc+0x5b/0x310 [ 3244.934203] create_object.isra.0+0x3a/0xa20 [ 3244.934740] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3244.935366] kmem_cache_alloc+0x159/0x310 [ 3244.936265] vm_area_alloc+0x1c/0x110 [ 3244.937192] mmap_region+0x97e/0x1500 [ 3244.938115] do_mmap+0xcdb/0x11e0 [ 3244.939001] vm_mmap_pgoff+0x198/0x1f0 [ 3244.940097] ? randomize_page+0xb0/0xb0 [ 3244.941205] ksys_mmap_pgoff+0x41c/0x560 [ 3244.942165] ? find_mergeable_anon_vma+0x250/0x250 [ 3244.943322] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3244.944553] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3244.945303] do_syscall_64+0x33/0x40 [ 3244.945766] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3244.946391] RIP: 0033:0x7fbe2462eb62 [ 3244.946849] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3244.949624] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3244.961047] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3244.961954] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3244.962858] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3244.963767] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3244.964674] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3244.977745] FAULT_INJECTION: forcing a failure. [ 3244.977745] name failslab, interval 1, probability 0, space 0, times 0 [ 3244.979380] CPU: 0 PID: 27459 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3244.980308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3244.981438] Call Trace: [ 3244.981806] dump_stack+0x107/0x167 [ 3244.982302] should_fail.cold+0x5/0xa [ 3244.982833] ? __alloc_skb+0x6d/0x5b0 [ 3244.983353] should_failslab+0x5/0x20 [ 3244.983872] kmem_cache_alloc_node+0x55/0x330 [ 3244.984482] __alloc_skb+0x6d/0x5b0 [ 3244.985000] __neigh_notify+0x84/0x160 [ 3244.985531] neigh_cleanup_and_release+0x78/0x220 [ 3244.986186] neigh_flush_dev+0x4ad/0x8b0 [ 3244.986748] __neigh_ifdown.isra.0+0x54/0x380 [ 3244.987360] neigh_ifdown+0x1b/0x30 [ 3244.987851] rt6_disable_ip+0x478/0x5b0 [ 3244.988391] ? lock_chain_count+0x20/0x20 [ 3244.988970] ? rt6_sync_down_dev+0x150/0x150 [ 3244.989565] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3244.990194] ? addrconf_dad_run+0x180/0x180 [ 3244.990780] addrconf_notify+0x159/0x2410 [ 3244.991326] ? tun_device_event+0x71/0x1160 [ 3244.991891] ? mark_held_locks+0x9e/0xe0 [ 3244.992421] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3244.993141] ? inet6_ifinfo_notify+0x150/0x150 [ 3244.993741] ? failover_register+0x530/0x530 [ 3244.994325] raw_notifier_call_chain+0xb3/0x110 [ 3244.994938] call_netdevice_notifiers_info+0xb5/0x130 [ 3244.995613] __dev_notify_flags+0x1de/0x2c0 [ 3244.996176] ? dev_change_name+0x660/0x660 [ 3244.996728] ? __dev_change_flags+0x4cf/0x6e0 [ 3244.997334] ? dev_set_allmulti+0x30/0x30 [ 3244.997890] dev_change_flags+0x100/0x160 [ 3244.998436] do_setlink+0x90c/0x3ac0 [ 3244.998929] ? vprintk_func+0x93/0x140 [ 3244.999441] ? rtnl_getlink+0xaa0/0xaa0 [ 3244.999963] ? printk+0xba/0xf1 [ 3245.000395] ? record_print_text.cold+0x16/0x16 [ 3245.001022] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3245.001684] ? trace_hardirqs_on+0x5b/0x180 [ 3245.002260] ? __nla_validate_parse+0x2d8/0x2b10 [ 3245.002884] ? perf_trace_lock+0xac/0x490 [ 3245.003433] ? nla_get_range_signed+0x520/0x520 [ 3245.004040] ? __lock_acquire+0xbb1/0x5b00 [ 3245.004612] __rtnl_newlink+0xc39/0x1700 [ 3245.005560] ? rtnl_setlink+0x3b0/0x3b0 [ 3245.006540] ? __is_insn_slot_addr+0x123/0x290 [ 3245.007671] ? unwind_next_frame+0x13ef/0x1a90 [ 3245.008826] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3245.010165] ? 0xffffffffa0000000 [ 3245.011029] ? __is_insn_slot_addr+0x14c/0x290 [ 3245.012180] ? kernel_text_address+0xf2/0x120 [ 3245.013427] ? __kernel_text_address+0x9/0x40 [ 3245.014525] ? unwind_get_return_address+0x55/0xa0 [ 3245.015726] ? create_prof_cpu_mask+0x20/0x20 [ 3245.016818] ? arch_stack_walk+0x99/0xf0 [ 3245.017366] ? stack_trace_save+0x8c/0xc0 [ 3245.017958] ? mark_held_locks+0x9e/0xe0 [ 3245.018498] ? trace_hardirqs_on+0x5b/0x180 [ 3245.019065] ? kasan_unpoison_shadow+0x33/0x50 [ 3245.019670] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3245.020336] rtnl_newlink+0x64/0xa0 [ 3245.020882] ? __rtnl_newlink+0x1700/0x1700 [ 3245.021936] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3245.022971] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3245.023989] ? perf_trace_lock+0xac/0x490 [ 3245.025081] ? __lockdep_reset_lock+0x180/0x180 [ 3245.026250] netlink_rcv_skb+0x14b/0x430 [ 3245.027262] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3245.028282] ? netlink_ack+0xab0/0xab0 [ 3245.029359] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3245.030480] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3245.031596] ? is_vmalloc_addr+0x7b/0xb0 [ 3245.032570] netlink_unicast+0x549/0x7f0 [ 3245.033734] ? netlink_attachskb+0x870/0x870 [ 3245.034817] netlink_sendmsg+0x90f/0xdf0 [ 3245.035825] ? netlink_unicast+0x7f0/0x7f0 [ 3245.036920] ? netlink_unicast+0x7f0/0x7f0 [ 3245.037950] __sock_sendmsg+0x154/0x190 [ 3245.038919] ____sys_sendmsg+0x70d/0x870 [ 3245.039909] ? sock_write_iter+0x3d0/0x3d0 [ 3245.045057] ? do_recvmmsg+0x6d0/0x6d0 [ 3245.046023] ? lock_downgrade+0x6d0/0x6d0 [ 3245.047029] ? __lockdep_reset_lock+0x180/0x180 [ 3245.048171] ___sys_sendmsg+0xf3/0x170 [ 3245.048987] ? sendmsg_copy_msghdr+0x160/0x160 [ 3245.049591] ? __fget_files+0x2cf/0x520 [ 3245.050112] ? lock_downgrade+0x6d0/0x6d0 [ 3245.050654] ? find_held_lock+0x2c/0x110 [ 3245.051193] ? __fget_files+0x2f8/0x520 [ 3245.051719] ? __fget_light+0xea/0x290 [ 3245.052233] __sys_sendmsg+0xe5/0x1b0 [ 3245.052734] ? __sys_sendmsg_sock+0x40/0x40 [ 3245.057325] ? rcu_read_lock_any_held+0x75/0xa0 [ 3245.057928] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3245.058595] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3245.059237] ? trace_hardirqs_on+0x5b/0x180 [ 3245.059794] do_syscall_64+0x33/0x40 [ 3245.060266] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3245.060938] RIP: 0033:0x7ff152763b19 [ 3245.061413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3245.063736] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3245.064754] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3245.065706] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3245.066640] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3245.067570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3245.068509] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3245.074079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3245.075413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3245.076436] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3245.103929] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3245.121910] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3245.122842] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3245.123851] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3245.147092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3245.147752] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3245.148697] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3245.166231] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:00:38 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x45000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) 14:00:38 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xc000000) 14:00:38 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000010010100"], 0x1c}}, 0x0) [ 3259.390277] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 14:00:38 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 41) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:38 executing program 5: openat$tcp_congestion(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x181040, 0x0) r1 = openat(r0, &(0x7f0000000180)='/proc/self/exe\x00', 0x8000, 0x24) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r3, 0x541c, 0x0) sched_getattr(0x0, &(0x7f0000000040)={0x38}, 0xfffffffffffffdd0, 0x0) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "e35e91852b1941028300000000000000002000"}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000080)={0x1, 0x8, 0x9}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b10, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, @perf_config_ext={0xb2, 0x4180000000000000}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x0}, &(0x7f0000000680)="ed", 0x1, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) fallocate(0xffffffffffffffff, 0x12, 0x10bffff, 0x5) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000080)={@local, 0x78, r7}) pidfd_getfd(r0, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r6, 0x8916, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, r7}) sendfile(r2, r1, 0x0, 0x4000007ffffffc) 14:00:38 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 69) 14:00:38 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x300, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:38 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x74, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3259.420070] FAULT_INJECTION: forcing a failure. [ 3259.420070] name failslab, interval 1, probability 0, space 0, times 0 [ 3259.421290] FAULT_INJECTION: forcing a failure. [ 3259.421290] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3259.421679] CPU: 0 PID: 27534 Comm: syz-executor.3 Not tainted 5.10.233 #1 [ 3259.425801] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3259.426885] Call Trace: [ 3259.427241] dump_stack+0x107/0x167 [ 3259.427720] should_fail.cold+0x5/0xa [ 3259.428230] ? create_object.isra.0+0x3a/0xa20 [ 3259.429734] should_failslab+0x5/0x20 [ 3259.430806] kmem_cache_alloc+0x5b/0x310 [ 3259.431974] create_object.isra.0+0x3a/0xa20 [ 3259.433217] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3259.433932] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3259.434596] ? __neigh_notify+0x84/0x160 [ 3259.435132] __alloc_skb+0xb1/0x5b0 [ 3259.435616] __neigh_notify+0x84/0x160 [ 3259.436130] neigh_cleanup_and_release+0x78/0x220 [ 3259.436800] neigh_flush_dev+0x4ad/0x8b0 [ 3259.437356] __neigh_ifdown.isra.0+0x54/0x380 [ 3259.437953] neigh_ifdown+0x1b/0x30 [ 3259.438432] rt6_disable_ip+0x478/0x5b0 [ 3259.438956] ? lock_chain_count+0x20/0x20 [ 3259.439504] ? rt6_sync_down_dev+0x150/0x150 [ 3259.440093] addrconf_ifdown.isra.0+0x11a/0x15f0 [ 3259.440723] ? addrconf_dad_run+0x180/0x180 [ 3259.441313] addrconf_notify+0x159/0x2410 [ 3259.441865] ? tun_device_event+0x71/0x1160 [ 3259.442432] ? mark_held_locks+0x9e/0xe0 [ 3259.442967] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3259.443645] ? inet6_ifinfo_notify+0x150/0x150 [ 3259.444246] ? failover_register+0x530/0x530 [ 3259.444834] raw_notifier_call_chain+0xb3/0x110 [ 3259.445474] call_netdevice_notifiers_info+0xb5/0x130 [ 3259.446152] __dev_notify_flags+0x1de/0x2c0 [ 3259.446715] ? dev_change_name+0x660/0x660 [ 3259.447268] ? __dev_change_flags+0x4cf/0x6e0 [ 3259.447858] ? dev_set_allmulti+0x30/0x30 [ 3259.448603] dev_change_flags+0x100/0x160 [ 3259.449872] do_setlink+0x90c/0x3ac0 [ 3259.450989] ? vprintk_func+0x93/0x140 [ 3259.452214] ? rtnl_getlink+0xaa0/0xaa0 [ 3259.453405] ? printk+0xba/0xf1 [ 3259.454413] ? record_print_text.cold+0x16/0x16 [ 3259.455889] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3259.457405] ? trace_hardirqs_on+0x5b/0x180 [ 3259.458700] ? __nla_validate_parse+0x2d8/0x2b10 [ 3259.460107] ? perf_trace_lock+0xac/0x490 [ 3259.461348] ? nla_get_range_signed+0x520/0x520 [ 3259.462725] ? __lock_acquire+0xbb1/0x5b00 [ 3259.463994] __rtnl_newlink+0xc39/0x1700 [ 3259.465205] ? rtnl_setlink+0x3b0/0x3b0 [ 3259.466402] ? __is_insn_slot_addr+0x123/0x290 [ 3259.467761] ? unwind_next_frame+0x13ef/0x1a90 [ 3259.469114] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3259.470714] ? 0xffffffffa0000000 [ 3259.471741] ? __is_insn_slot_addr+0x14c/0x290 [ 3259.473095] ? kernel_text_address+0xf2/0x120 [ 3259.474437] ? __kernel_text_address+0x9/0x40 [ 3259.475763] ? unwind_get_return_address+0x55/0xa0 [ 3259.477215] ? create_prof_cpu_mask+0x20/0x20 [ 3259.478570] ? arch_stack_walk+0x99/0xf0 [ 3259.479782] ? stack_trace_save+0x8c/0xc0 [ 3259.481061] ? mark_held_locks+0x9e/0xe0 [ 3259.482284] ? trace_hardirqs_on+0x5b/0x180 [ 3259.483561] ? kasan_unpoison_shadow+0x33/0x50 [ 3259.484917] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3259.486440] rtnl_newlink+0x64/0xa0 [ 3259.487519] ? __rtnl_newlink+0x1700/0x1700 [ 3259.488794] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3259.490063] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3259.491266] ? perf_trace_lock+0xac/0x490 [ 3259.492504] ? __lockdep_reset_lock+0x180/0x180 [ 3259.493909] netlink_rcv_skb+0x14b/0x430 [ 3259.495114] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3259.496322] ? netlink_ack+0xab0/0xab0 [ 3259.497487] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3259.498847] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3259.500203] ? is_vmalloc_addr+0x7b/0xb0 [ 3259.501419] netlink_unicast+0x549/0x7f0 [ 3259.502630] ? netlink_attachskb+0x870/0x870 [ 3259.503943] netlink_sendmsg+0x90f/0xdf0 [ 3259.505152] ? netlink_unicast+0x7f0/0x7f0 [ 3259.506460] ? netlink_unicast+0x7f0/0x7f0 [ 3259.507713] __sock_sendmsg+0x154/0x190 [ 3259.508891] ____sys_sendmsg+0x70d/0x870 [ 3259.510105] ? sock_write_iter+0x3d0/0x3d0 [ 3259.511355] ? do_recvmmsg+0x6d0/0x6d0 [ 3259.512509] ? lock_downgrade+0x6d0/0x6d0 [ 3259.513753] ? __lockdep_reset_lock+0x180/0x180 [ 3259.515137] ___sys_sendmsg+0xf3/0x170 [ 3259.516289] ? sendmsg_copy_msghdr+0x160/0x160 [ 3259.517658] ? __fget_files+0x2cf/0x520 [ 3259.518833] ? lock_downgrade+0x6d0/0x6d0 [ 3259.520060] ? find_held_lock+0x2c/0x110 [ 3259.521276] ? __fget_files+0x2f8/0x520 [ 3259.522472] ? __fget_light+0xea/0x290 [ 3259.523628] __sys_sendmsg+0xe5/0x1b0 [ 3259.524758] ? __sys_sendmsg_sock+0x40/0x40 [ 3259.526051] ? rcu_read_lock_any_held+0x75/0xa0 [ 3259.527448] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3259.529000] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3259.530542] ? trace_hardirqs_on+0x5b/0x180 [ 3259.531818] do_syscall_64+0x33/0x40 [ 3259.532918] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3259.534451] RIP: 0033:0x7ff152763b19 [ 3259.535551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3259.541083] RSP: 002b:00007ff14fcd9188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3259.543352] RAX: ffffffffffffffda RBX: 00007ff152876f60 RCX: 00007ff152763b19 [ 3259.545486] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 3259.547605] RBP: 00007ff14fcd91d0 R08: 0000000000000000 R09: 0000000000000000 [ 3259.549749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3259.551873] R13: 00007ffcc87700ef R14: 00007ff14fcd9300 R15: 0000000000022000 [ 3259.554059] CPU: 1 PID: 27545 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3259.555089] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3259.556804] Call Trace: [ 3259.557212] dump_stack+0x107/0x167 [ 3259.557757] should_fail.cold+0x5/0xa [ 3259.558315] __alloc_pages_nodemask+0x182/0x600 [ 3259.558987] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 3259.559851] ? walk_mem_res+0x170/0x170 [ 3259.560431] alloc_pages_current+0x187/0x280 [ 3259.561062] pte_alloc_one+0x16/0x1a0 [ 3259.561637] __pte_alloc+0x1d/0x330 [ 3259.562169] remap_pfn_range_internal+0x9a3/0xf60 [ 3259.562867] ? lookup_memtype+0x5b/0x200 [ 3259.563465] ? apply_to_existing_page_range+0x40/0x40 [ 3259.564208] remap_pfn_range+0xcd/0x160 [ 3259.564788] ? remap_pfn_range_notrack+0x70/0x70 [ 3259.565495] io_uring_mmap+0x398/0x530 [ 3259.566065] mmap_file+0x5e/0xe0 [ 3259.566555] mmap_region+0xc49/0x1500 [ 3259.567221] do_mmap+0xcdb/0x11e0 [ 3259.567739] vm_mmap_pgoff+0x198/0x1f0 [ 3259.568299] ? randomize_page+0xb0/0xb0 [ 3259.569529] ksys_mmap_pgoff+0x41c/0x560 [ 3259.570123] ? find_mergeable_anon_vma+0x250/0x250 [ 3259.570935] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3259.571690] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3259.572433] do_syscall_64+0x33/0x40 [ 3259.572980] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3259.573832] RIP: 0033:0x7fbe2462eb62 [ 3259.574372] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3259.575629] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3259.576809] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3259.576826] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3259.576834] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3259.576847] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3259.581614] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3259.583736] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3259.591937] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3259.594128] ------------[ cut here ]------------ [ 3259.596020] WARNING: CPU: 1 PID: 27545 at arch/x86/mm/pat/memtype.c:1019 get_pat_info+0x216/0x270 [ 3259.608771] Modules linked in: [ 3259.609232] CPU: 1 PID: 27545 Comm: syz-executor.0 Not tainted 5.10.233 #1 [ 3259.610332] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3259.611614] RIP: 0010:get_pat_info+0x216/0x270 [ 3259.612239] Code: c1 ea 03 80 3c 02 00 75 71 49 89 1e eb 8e e8 81 81 2e 00 0f 0b e9 97 fe ff ff 41 bc ea ff ff ff e9 77 ff ff ff e8 6a 81 2e 00 <0f> 0b 41 bc ea ff ff ff e9 65 ff ff ff 4c 89 ff e8 f5 78 5a 00 e9 [ 3259.615394] RSP: 0018:ffff88804b087898 EFLAGS: 00010246 [ 3259.616356] RAX: 0000000000040000 RBX: ffff88801e264a00 RCX: ffffc9000be46000 [ 3259.617656] RDX: 0000000000040000 RSI: ffffffff81123696 RDI: 0000000000000007 [ 3259.619024] RBP: ffff88804b087950 R08: 0000000000000000 R09: ffff88804b087820 [ 3259.620407] R10: 0000000000000020 R11: 0000000000000001 R12: 0000000000000028 [ 3259.621714] R13: 1ffff11009610f13 R14: 0000000000000000 R15: ffff88801e264a50 [ 3259.623035] FS: 00007fbe21ba4700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 3259.624484] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3259.627024] CR2: 00007efe03050ea0 CR3: 00000000389dc000 CR4: 0000000000350ee0 [ 3259.630539] Call Trace: [ 3259.630937] ? __warn+0xe2/0x1f0 [ 3259.631553] ? get_pat_info+0x216/0x270 [ 3259.632127] ? report_bug+0x1c1/0x210 [ 3259.632713] ? handle_bug+0x41/0x90 [ 3259.633233] ? exc_invalid_op+0x14/0x50 [ 3259.633841] ? asm_exc_invalid_op+0x12/0x20 [ 3259.634480] ? get_pat_info+0x216/0x270 [ 3259.635047] ? get_pat_info+0x216/0x270 [ 3259.635634] ? get_pat_info+0x216/0x270 [ 3259.636201] ? pgprot_writethrough+0xc0/0xc0 [ 3259.636849] ? finish_task_switch+0x126/0x5d0 [ 3259.637523] untrack_pfn+0xdc/0x240 [ 3259.638047] ? track_pfn_insert+0x150/0x150 [ 3259.638795] ? lock_downgrade+0x6d0/0x6d0 [ 3259.639518] ? uprobe_munmap+0x95/0x560 [ 3259.640098] unmap_single_vma+0x1bc/0x300 [ 3259.640720] zap_page_range_single+0x2ce/0x450 [ 3259.641379] ? unmap_single_vma+0x300/0x300 [ 3259.642022] ? remap_pfn_range_internal+0xc56/0xf60 [ 3259.642760] ? lookup_memtype+0x5b/0x200 [ 3259.643388] ? apply_to_existing_page_range+0x40/0x40 [ 3259.644147] remap_pfn_range+0x139/0x160 [ 3259.644773] ? remap_pfn_range_notrack+0x70/0x70 [ 3259.645521] io_uring_mmap+0x398/0x530 [ 3259.646082] mmap_file+0x5e/0xe0 [ 3259.646597] mmap_region+0xc49/0x1500 [ 3259.647148] do_mmap+0xcdb/0x11e0 [ 3259.647677] vm_mmap_pgoff+0x198/0x1f0 [ 3259.648255] ? randomize_page+0xb0/0xb0 [ 3259.648863] ksys_mmap_pgoff+0x41c/0x560 [ 3259.649484] ? find_mergeable_anon_vma+0x250/0x250 [ 3259.650177] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3259.650946] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3259.651709] do_syscall_64+0x33/0x40 [ 3259.652246] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3259.652993] RIP: 0033:0x7fbe2462eb62 [ 3259.653566] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3259.656119] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3259.657199] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 [ 3259.658352] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3259.659481] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3259.660502] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3259.661540] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3259.662549] irq event stamp: 2233 [ 3259.663029] hardirqs last enabled at (2241): [] console_unlock+0x92d/0xb40 [ 3259.664212] hardirqs last disabled at (2250): [] console_unlock+0x839/0xb40 [ 3259.665444] softirqs last enabled at (1824): [] asm_call_irq_on_stack+0x12/0x20 [ 3259.666686] softirqs last disabled at (1759): [] asm_call_irq_on_stack+0x12/0x20 [ 3259.668112] ---[ end trace 67d0ebbd97a1b6c5 ]--- 14:00:39 executing program 4: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000040001010100"], 0x1c}}, 0x0) [ 3259.684330] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3259.685357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3259.686404] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3259.688845] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3259.689900] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3259.692443] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3259.700732] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3259.703035] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3259.703996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3259.704986] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3259.712508] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 14:00:39 executing program 0: syz_io_uring_setup(0x3872, &(0x7f00000001c0), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040), &(0x7f0000000100)) (fail_nth: 70) 14:00:39 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x10000000) [ 3259.747909] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3259.748916] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3259.750025] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 14:00:39 executing program 3: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) (fail_nth: 42) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) 14:00:39 executing program 6: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x7a, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000480)=ANY=[@ANYBLOB="0100adc862c7c95edd012800", @ANYRES32=r0, @ANYBLOB="05000000000000002e2f66696c6531004c6727b764fb5fd298ff8f0d90fd164f4ea2a8a237e2e2740a112d4a87c7e588633d38"]) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3259.787108] FAULT_INJECTION: forcing a failure. [ 3259.787108] name failslab, interval 1, probability 0, space 0, times 0 [ 3259.788572] CPU: 1 PID: 27661 Comm: syz-executor.0 Tainted: G W 5.10.233 #1 [ 3259.789673] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3259.790786] Call Trace: [ 3259.791119] dump_stack+0x107/0x167 [ 3259.791569] should_fail.cold+0x5/0xa [ 3259.792042] ? ptlock_alloc+0x1d/0x70 [ 3259.792514] should_failslab+0x5/0x20 [ 3259.792983] kmem_cache_alloc+0x5b/0x310 [ 3259.793506] ptlock_alloc+0x1d/0x70 [ 3259.793957] pte_alloc_one+0x68/0x1a0 [ 3259.794428] __pte_alloc+0x1d/0x330 [ 3259.794881] remap_pfn_range_internal+0x9a3/0xf60 [ 3259.795480] ? lookup_memtype+0x5b/0x200 [ 3259.795992] ? apply_to_existing_page_range+0x40/0x40 [ 3259.796633] remap_pfn_range+0xcd/0x160 [ 3259.797211] ? remap_pfn_range_notrack+0x70/0x70 [ 3259.797900] io_uring_mmap+0x398/0x530 [ 3259.798407] mmap_file+0x5e/0xe0 [ 3259.798825] mmap_region+0xc49/0x1500 [ 3259.799305] do_mmap+0xcdb/0x11e0 [ 3259.799812] vm_mmap_pgoff+0x198/0x1f0 [ 3259.800295] ? randomize_page+0xb0/0xb0 [ 3259.800866] ksys_mmap_pgoff+0x41c/0x560 [ 3259.801413] ? find_mergeable_anon_vma+0x250/0x250 [ 3259.802023] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3259.802671] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3259.803306] do_syscall_64+0x33/0x40 [ 3259.803766] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3259.804396] RIP: 0033:0x7fbe2462eb62 [ 3259.804855] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 3259.807127] RSP: 002b:00007fbe21ba40f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 3259.808063] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fbe2462eb62 14:00:39 executing program 2: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="0e00eaff0000400018002000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./file0\x00']) r2 = socket$netlink(0x10, 0x3, 0x0) fallocate(r0, 0x30, 0xffffffffffffff75, 0x10001) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x367, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0), 0x200000, 0x0) r4 = openat(r3, &(0x7f0000000400)='./file1\x00', 0x0, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x3000000a}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {0xfff}}, './file1\x00'}) preadv(r5, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/32, 0x20}, {&(0x7f0000000840)=""/212, 0xd4}], 0x2, 0xffff57e9, 0x6) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000240)={0x1f, 0x0, @fixed}, &(0x7f0000000280)=0xe, 0x80000) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46800) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000001}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x54, 0x0, 0x400, 0x70bd28, 0x25dfdbfa, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10000}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xb}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000091}, 0x30004840) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 3259.809111] RDX: 0000000000000003 RSI: 0000000000090140 RDI: 0000000020ffc000 [ 3259.810271] RBP: 0000000020ffc000 R08: 0000000000000004 R09: 0000000000000000 [ 3259.811147] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 3259.812023] R13: 0000000020ffc000 R14: 0000000020000040 R15: 0000000020ffc000 [ 3259.818721] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. 14:00:39 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x644e2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x48000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2c6d73697a653d3062623433662c6d73697a653d30783030303030f8ff403030303030302c6e6f657874656e642c6163636573733d636e"]) [ 3259.836804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3259.837834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3259.839018] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3259.850267] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.6'. [ 3259.873276] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 14:00:39 executing program 7: socket$inet6_udplite(0xa, 0x2, 0x88) openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/vmcoreinfo', 0x0, 0x0) r0 = syz_io_uring_setup(0xf4c, &(0x7f00000002c0)={0x0, 0x1, 0x10, 0x0, 0x2b1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x9, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000340)=""/142, 0x8e}], 0x1}, 0x0) pipe(&(0x7f00000014c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00') syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x4000, @fd_index=0x3, 0x0, 0x0, 0x0, 0x12, 0x1}, 0x4) r6 = socket$unix(0x1, 0x1, 0x0) fcntl$setown(r6, 0x8, 0xffffffffffffffff) fcntl$getownex(r6, 0x10, &(0x7f00000009c0)) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) openat2(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', &(0x7f0000000400)={0x105001, 0x124, 0x18}, 0x18) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r6, 0x80, &(0x7f0000000140)=@nl=@proc={0x10, 0x0, 0x25dfdbfc}, 0x0, 0x0, 0x1, {0x0, r7}}, 0x1ff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x12000000) [ 3259.905347] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3259.906523] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3259.907575] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3259.915247] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3259.939472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3259.940514] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3259.941874] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 3259.949612] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3259.957117] FAULT_INJECTION: forcing a failure. [ 3259.957117] name failslab, interval 1, probability 0, space 0, times 0 [ 3259.958535] CPU: 1 PID: 27748 Comm: syz-executor.3 Tainted: G W 5.10.233 #1 [ 3259.959545] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3259.960558] Call Trace: [ 3259.960889] dump_stack+0x107/0x167 [ 3259.961356] should_fail.cold+0x5/0xa [ 3259.961832] ? create_object.isra.0+0x3a/0xa20 [ 3259.962396] should_failslab+0x5/0x20 [ 3259.962863] kmem_cache_alloc+0x5b/0x310 [ 3259.963366] create_object.isra.0+0x3a/0xa20 [ 3259.963900] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3259.964524] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3259.965145] ? inet6_ifa_notify+0x118/0x220 [ 3259.965703] __alloc_skb+0xb1/0x5b0 [ 3259.966153] inet6_ifa_notify+0x118/0x220 [ 3259.966659] ? inet6_fill_ifaddr+0xd60/0xd60 [ 3259.967208] __ipv6_ifa_notify+0x17b/0xb10 [ 3259.967727] ? modify_prefix_route+0x590/0x590 [ 3259.968290] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3259.968930] ? __local_bh_enable_ip+0x9d/0x100 [ 3259.969513] addrconf_ifdown.isra.0+0xb99/0x15f0 [ 3259.970101] ? addrconf_dad_run+0x180/0x180 [ 3259.970641] addrconf_notify+0x159/0x2410 [ 3259.971155] ? tun_device_event+0x71/0x1160 [ 3259.971683] ? mark_held_locks+0x9e/0xe0 [ 3259.972181] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 3259.972815] ? inet6_ifinfo_notify+0x150/0x150 [ 3259.973398] ? failover_register+0x530/0x530 [ 3259.973946] raw_notifier_call_chain+0xb3/0x110 [ 3259.974522] call_netdevice_notifiers_info+0xb5/0x130 [ 3259.975153] __dev_notify_flags+0x1de/0x2c0 [ 3259.975680] ? dev_change_name+0x660/0x660 [ 3259.976326] ? __dev_change_flags+0x4cf/0x6e0 [ 3259.976877] ? dev_set_allmulti+0x30/0x30 [ 3259.977419] dev_change_flags+0x100/0x160 [ 3259.977933] do_setlink+0x90c/0x3ac0 [ 3259.978396] ? vprintk_func+0x93/0x140 [ 3259.978873] ? rtnl_getlink+0xaa0/0xaa0 [ 3259.979360] ? printk+0xba/0xf1 [ 3259.979767] ? record_print_text.cold+0x16/0x16 [ 3259.980339] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3259.980959] ? trace_hardirqs_on+0x5b/0x180 [ 3259.981526] ? __nla_validate_parse+0x2d8/0x2b10 [ 3259.982131] ? perf_trace_lock+0xac/0x490 [ 3259.982643] ? nla_get_range_signed+0x520/0x520 [ 3259.983211] ? __lock_acquire+0xbb1/0x5b00 [ 3259.983745] __rtnl_newlink+0xc39/0x1700 [ 3259.984251] ? rtnl_setlink+0x3b0/0x3b0 [ 3259.984741] ? __is_insn_slot_addr+0x123/0x290 [ 3259.985315] ? unwind_next_frame+0x13ef/0x1a90 [ 3259.985921] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3259.986590] ? 0xffffffffa0000000 [ 3259.987019] ? __is_insn_slot_addr+0x14c/0x290 [ 3259.987581] ? kernel_text_address+0xf2/0x120 [ 3259.988176] ? __kernel_text_address+0x9/0x40 [ 3259.988728] ? unwind_get_return_address+0x55/0xa0 [ 3259.989352] ? create_prof_cpu_mask+0x20/0x20 [ 3259.989904] ? arch_stack_walk+0x99/0xf0 [ 3259.990413] ? stack_trace_save+0x8c/0xc0 [ 3259.990968] ? mark_held_locks+0x9e/0xe0 [ 3259.991474] ? trace_hardirqs_on+0x5b/0x180 [ 3259.992003] ? kasan_unpoison_shadow+0x33/0x50 [ 3259.992561] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3259.993185] rtnl_newlink+0x64/0xa0 [ 3259.993677] ? __rtnl_newlink+0x1700/0x1700 [ 3259.994206] rtnetlink_rcv_msg+0x41e/0xbb0 [ 3259.994727] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3259.995224] ? perf_trace_lock+0xac/0x490 [ 3259.995739] ? __lockdep_reset_lock+0x180/0x180 [ 3259.996316] netlink_rcv_skb+0x14b/0x430 [ 3259.996817] ? rtnl_fdb_dump+0x9d0/0x9d0 [ 3259.997338] ? netlink_ack+0xab0/0xab0 [ 3259.998174] ? netlink_deliver_tap+0x1ae/0xcc0 [ 3259.998761] ? netlink_deliver_tap+0x1c4/0xcc0 [ 3259.999322] ? is_vmalloc_addr+0x7b/0xb0 [ 3259.999823] netlink_unicast+0x549/0x7f0 [ 3260.000326] ? netlink_attachskb+0x870/0x870 [ 3260.000873] netlink_sendmsg+0x90f/0xdf0 [ 3260.001400] ? netlink_unicast+0x7f0/0x7f0 [ 3260.002147] ? netlink_unicast+0x7f0/0x7f0 [ 3260.002670] __sock_sendmsg+0x154/0x190 [ 3260.003235] ____sys_sendmsg+0x70d/0x870 [ 3260.003784] ? sock_write_iter+0x3d0/0x3d0 [ 3260.004344] ? do_recvmmsg+0x6d0/0x6d0 [ 3260.004874] ? lock_downgrade+0x6d0/0x6d0 [ 3260.005432] ? __lockdep_reset_lock+0x180/0x180 [ 3260.006075] ___sys_sendmsg+0xf3/0x170 [ 3260.006609] ? sendmsg_copy_msghdr+0x160/0x160 [ 3260.007215] ? __fget_files+0x2cf/0x520 [ 3260.007766] ? lock_downgrade+0x6d0/0x6d0 [ 3260.008276] ? find_held_lock+0x2c/0x110 [ 3260.008861] ? __fget_files+0x2f8/0x520 [ 3260.009432] ? __fget_light+0xea/0x290 [ 3260.009964] __sys_sendmsg+0xe5/0x1b0 [ 3260.010437] ? __sys_sendmsg_sock+0x40/0x40 [ 3260.010967] ? rcu_read_lock_any_held+0x75/0xa0 [ 3260.011616] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3260.012259] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3260.012975] ? trace_hardirqs_on+0x5b/0x180 [ 3260.013557] do_syscall_64+0x33/0x40 [ 3260.014014] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 3260.014716] RIP: 0033:0x7ff152763b19 [ 3260.015176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3260.017467] RSP: 002b:00007ff14fcb8188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3260.018398] RAX: ffffffffffffffda RBX: 00007ff152877020 RCX: 00007ff152763b19 [ 3260.019267] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 3260.020134] RBP: 00007ff14fcb81d0 R08: 0000000000000000 R09: 0000000000000000 [ 3260.021001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3260.021942] R13: 00007ffcc87700ef R14: 00007ff14fcb8300 R15: 0000000000022000 [ 3260.046392] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 3260.047395] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 3260.067829] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready VM DIAGNOSIS: 14:00:39 Registers: info registers vcpu 0 RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff81643b9b RDX=ffff88800928cec0 RSI=0000000000000004 RDI=ffffea000102bb30 RBP=ffffea000102bb00 RSP=ffff88804a0df720 R8 =0000000000000000 R9 =ffffea000102bb07 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffffea000102bb08 R14=0000000000000000 R15=dead000000000100 RIP=ffffffff816c89a4 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f8947ed6000 CR3=0000000046a0e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000dd060a EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822ddd01 RDI=ffffffff879f1140 RBP=ffffffff879f1100 RSP=ffff88804b0872a8 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001 R12=0000000000000065 R13=0000000000000065 R14=ffffffff879f1100 R15=dffffc0000000000 RIP=ffffffff822ddd58 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fbe21ba4700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007efe03050ea0 CR3=00000000389dc000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000