ID: 6425 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 600.586168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 600.587205] Call Trace: [ 600.587537] dump_stack+0x107/0x167 [ 600.587984] should_fail.cold+0x5/0xa [ 600.588456] ? io_uring_setup+0x258/0x2980 [ 600.588980] should_failslab+0x5/0x20 [ 600.589461] kmem_cache_alloc_trace+0x55/0x320 [ 600.590034] io_uring_setup+0x258/0x2980 [ 600.590582] ? __mutex_unlock_slowpath+0xe1/0x600 [ 600.591175] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 600.591796] ? wait_for_completion_io+0x270/0x270 [ 600.592404] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 600.593049] ? syscall_enter_from_user_mode+0x1d/0x50 [ 600.593685] do_syscall_64+0x33/0x40 [ 600.594143] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 600.594793] RIP: 0033:0x7fdf712e8b19 [ 600.595248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 600.597484] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 600.598427] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 600.599293] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 600.600164] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 600.601084] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 600.601990] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:03:07 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 15:03:07 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) 15:03:07 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:07 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0xa, 0x300) sync_file_range(0xffffffffffffffff, 0x82, 0x5, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000002ec0), 0x2001, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) dup2(r1, r0) r2 = socket$inet(0x2, 0x3, 0x6) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000180)=ANY=[@ANYRESOCT=r5, @ANYRES32, @ANYRES32=r4]) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000000)={r4, 0x3, r2, 0x7a38e4e4}) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) write$binfmt_elf64(r3, &(0x7f0000000980)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x1, 0x2, 0x0, 0x7, 0x2, 0x6, 0x0, 0x11d, 0x40, 0x379, 0xfffffffb, 0x8, 0x38, 0x2, 0x1, 0x7, 0x7fff}, [{0x60000000, 0x7, 0xd62, 0x5, 0x0, 0x1000, 0x5, 0x800}], "948ccc3e5f55f43db84e818de7970ec5bbaa42427e77f02a543aca68cec6b9fb408b4f73e6299b55b42295edfa90e4d02ae807f20e56034f6ef8dbc2b6148c932fb9fe04fcdceec410470405b91f743e88d96bdaa9284941d7cc55059f0ac5e926199ffe89ccb97431a933f45856f108c42746c39243630720effe2a0b5c7e41110a728220", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x9fd) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000000), 0x400000d, 0x0) 15:03:07 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = dup2(r3, r3) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r5 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:03:07 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0xa, 0x300) sync_file_range(0xffffffffffffffff, 0x82, 0x5, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000002ec0), 0x2001, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000580)={0x0, 0x0, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) dup2(r1, r0) r2 = socket$inet(0x2, 0x3, 0x6) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000040)={{0x0, 0x3}}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000180)=ANY=[@ANYRESOCT=r5, @ANYRES32, @ANYRES32=r4]) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000000)={r4, 0x3, r2, 0x7a38e4e4}) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) write$binfmt_elf64(r3, &(0x7f0000000980)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x1, 0x2, 0x0, 0x7, 0x2, 0x6, 0x0, 0x11d, 0x40, 0x379, 0xfffffffb, 0x8, 0x38, 0x2, 0x1, 0x7, 0x7fff}, [{0x60000000, 0x7, 0xd62, 0x5, 0x0, 0x1000, 0x5, 0x800}], "948ccc3e5f55f43db84e818de7970ec5bbaa42427e77f02a543aca68cec6b9fb408b4f73e6299b55b42295edfa90e4d02ae807f20e56034f6ef8dbc2b6148c932fb9fe04fcdceec410470405b91f743e88d96bdaa9284941d7cc55059f0ac5e926199ffe89ccb97431a933f45856f108c42746c39243630720effe2a0b5c7e41110a728220", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x9fd) connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000000), 0x400000d, 0x0) 15:03:07 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 3) 15:03:07 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) [ 600.791196] FAULT_INJECTION: forcing a failure. [ 600.791196] name failslab, interval 1, probability 0, space 0, times 0 [ 600.792628] CPU: 1 PID: 6448 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 600.793460] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 600.794491] Call Trace: [ 600.794820] dump_stack+0x107/0x167 [ 600.795271] should_fail.cold+0x5/0xa [ 600.795770] ? create_object.isra.0+0x3a/0xa20 [ 600.796333] should_failslab+0x5/0x20 [ 600.796801] kmem_cache_alloc+0x5b/0x310 [ 600.797304] create_object.isra.0+0x3a/0xa20 [ 600.797889] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 600.798554] kmem_cache_alloc_trace+0x151/0x320 [ 600.799143] io_uring_setup+0x258/0x2980 [ 600.799644] ? __mutex_unlock_slowpath+0xe1/0x600 [ 600.800238] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 600.800858] ? wait_for_completion_io+0x270/0x270 [ 600.801464] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 600.802108] ? syscall_enter_from_user_mode+0x1d/0x50 [ 600.802759] do_syscall_64+0x33/0x40 [ 600.803218] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 600.803847] RIP: 0033:0x7fdf712e8b19 [ 600.804303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 600.806583] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 600.807585] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 600.808628] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 600.809495] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 600.810386] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 600.811278] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:03:07 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:07 executing program 5: setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) r0 = memfd_create(&(0x7f0000000040)='\x00\'\'x\xe0\x1c\xaa\x00d\x88\xc4p\xb0\x89`\xe4\xc6O\xca\x1d\b6\xdd\xda\xacQB\xa7\x8d\xb7\x01Q\xc6\x0fG/\xf9\n', 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000000c0)=0x0) stat(&(0x7f0000000900)='.\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r2, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000016c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001680)={&(0x7f0000000100)={0x1578, 0x29, 0x400, 0x70bd28, 0x25dfdbfd, {0xa}, [@generic="7fd21334d4fd5b94cccbcbc1a38f4aed1545b5a70267544a3de19b38d23959563e644894b0d64f10c2935cefdaeafcc475467c4179733b1d66b3fdff4b9ee6fea8e35fd3f2b7d6edfe008233583953119c9c3753a0a6fbb7e2fe198859008907d0ae02b77ce650850241e0b26ec489ebef786a121b2b1f1f5aecfc6eac1c07e5ace80d64d865b1", @generic="f95e046e7a584fbce94afb763ccd3161e960f4632c99355d27244d14c477ce11dd3d38ec23eed89f7207ae3fcfa4271187", @generic="08a927fda030f2d19d4db33bc1f8a82cb0a7bcd615b69da6b618cadcfe3dbf322666b84c5369fbdf750bdafafcd2343fee9c7e10b2d863f4989d622febe84ad25401a47817a745ed1045815c09e2", @generic="ead8a3886de3a527953a52bfbe5a226134eed6993e15149131f7c3d29c004e9ea75d85057f648f6377ecd67bbb6a6345932d997238cb4884ffc4fc17b900b7986b9d8ec6c2113c431cb983388b4b341dfa9832195c2cd01f627dd2a99a6d0187c6b9881d0df6031c1d3b5ad5e622a7721db38bf68a2e9ddc1f0bedacef728b54fdd80902f6165f780ee432a46c68d5ecf58ccd8a61b78d2435be766d64b7a8a295046a83670399278a50dd885eeb5a93a89ab95b49eb9c62c7d84f5ba1131f17ed2bf5ab7be96dc865c73c2a80cc6cc822ad61839f9ed943b05a0bc6d70d", @nested={0x11de, 0x1b, 0x0, 0x1, [@typed={0x8, 0x74, 0x0, 0x0, @uid=r1}, @generic, @generic="eedaebe612e160f21dcc806eeef1aa3512f31bb1ff61e496b19a268049014932ba037c54a07c3e73378c917514331a19576902082b9f9206a2cff43201393b7cbab0d3d83a6d91520b35912377e8603e173eb0c39ac06dd110e78545dc1a962233404ed91bc4811b5d44180a7bd4c758c62a021ccee34614dfb0984aafd11e6be8632fcd6ffd69bb43d309edf78e5989fde037dcf5aeec4d770e6766fd", @typed={0xb, 0x72, 0x0, 0x0, @binary="33d7fec66440af"}, @typed={0x8, 0x64, 0x0, 0x0, @u32=0x3f}, @generic="d4bd08be1a05c4d6385983e19ba58596c09b2fef47c418de96ac7e15daa67411436bba3b39c664739cd9e9399c6df259146572a1584f7363cf35aa8badbdd64c5f140d42094bc5eb7b1bd8e37faea6598e79161aa151f2e808d14fa617fd618e98643f7b27afea0756e64f80f2494d318963aa5322b698681cda6c20373069d1badd7cd48d3d2133c87b1e287dd6d3683e734915c74b16bbc61ea640e7030b62a7439ffe7cca1009d98cef3056b2122016b50b", @generic="b64b3081805d47bd00b62c53b41216b19981d66799b78268803feac3eeaf26c5278ba7faee31f20907fa47f2b131c3b77fbbab204dfb2816c2dadd726cc8ec0669fc611418036a725a85a117b19d9591f90f178efa14512ac8aa5fc430931318decdd82f70e359a989b83b2d0304", @generic="e568f8630c3a0f64eb7fa72363decfcbcef703dd826027bdcfe17250cd3500ea2dbf182046ed749525a801282d59f676bb97f60546ace476e2830e4682e3c4fe536ca87028e9c7576c5570716caa3e249fa37cbe45a43a81756b3e980befe613c66367b885ce73088973addd1e727b170c19da5c7f1a9ba354d62d65f44bd93e326dc67f8bd6999d32e2f044e83037cd8d5e7a082da48d3fa4962be925e4cad8b8535c201364e98cf5e82d8cf08fd0626c5a10d42a098e9e116262ab4eed3e03d84e42ba5b0202f08c3f240d4754f7f8cd94c7e5ce17855bdae559463421b2316c182ff75e174922f3d050e8d0097ef428dd868c64d094fdd19757538a1d10f816a9cddd5c31d0b8f11e38d3c0eb65cf15069400175241433cea450c64135212d2f0f65031a18bf3ed5fd896c513b822eef9368e2b03aa286ae3b1c043331ecdae141bd7a0eb317b367db2fe8d47fba295ffeabe4bcf5ed99ad810acab320fb1c0788cb55ab2969395dadedff15b624ae2fc0ef36543a5c0689e81efe66937679328f2bedc2dc0f431cded4807453dc24703bc6c968837283696226c6c981b3e2473adfbfb77f1bec807407f0bdc7c33f493bf7c5843cebb47d265011a2eb1032ae778395201ddf6dd85ac78729a04f9caf6f582a25e0e6498d0de2289126400d15a84f73b8129a57290f023baa3d7fd62ee998d3f1b18004e468563ff82a2ffca90763e0ecd50d4e8958607794f449ca01097ffcf6538cbffe4d06a97786a207a355390282d141b21ae560ef86b7d4e73e608fabba3fc10950511762b560cc8397df44bdf56cb54872f1444d45b11eba5dd84ff314a75e9b66481b7daca98e10b8d63f7f85a33495842fb748a7afddda9c4550f1681706675082bab14f1469009fb1d55e0d9d8ca686ac6af49dde0f2ff892d386ac1a3a37840136f2bcb43902eef74e4555edfa47ea7088f17aabdbae2a031f39f35f8662a06a04c6ef1ef43975c4b454acc4c572ff4af84739545be1d0544f753eda432cd0aeaa0c34cd93666907680593cfc41478815c753c1dff25e4c63b19cc8c0ce3c9d791507857b9051be0facf129a80ee97cd375f3d0e40f59db65a0489d6b62364a40d4f4b8521deae2caf302d256c40a23f117be8e7038b5411a22a7ad88ef007af58b2faa9ce966a3dd661205c6f0e0e6eee17fa94b35a5c009581c74539cecdf829e62e454279473bbe13002026608ef3742a23f9aade79f8d7a493a9e70339e4f5f87dd8dcfcda01587b1a1755ec54e9ef0bfcd14358a408949588a0143ae192b09e267aa8e071a60ce249c3cda212a3ea1b7266dd99019adbfb3b3377a7d8e53b3c2265c7e336e558ca636c98e4108e592a8d13bd140a54fb188f08cb5f5b0e496eeabfdd9e60fc4212514e2d5ffba52f1e6000e203a22fc0c09916432d86af581606e0003650c475e298d8788d67c1d84f183b87023113a68f0bfe4efe04f7eeda3a4d40ff7d215b7a2259348e7e3c2b36ff9b11c13df656c511137ee95e9467b29238f4292393956a3d153fa7ff09daf2e07a8ffd800301d822a051536654aee6322a916c51bfe18256c483b3172e6fceda680f4372c738a4769cd024ad859cfba0d5f14e33b2fb5a75e55bf1f8aad47ca052b01b6d69ad02baeb20a63d7c4ca46cb954db27e8b699f23df8972c25eff64f453506c8c1a92189a86f33fa3e2196c4f087966f311a61ae7fd90bc7802de2dc0030542897e6c0d169c3f966cb3fa84ee6245cc5dfb308b61bbf420bc5f2e74ce9efc6214472fe2c8b85a15132a7dbc29913d10ae07516be836e3dae0f90c2c1e29e2a39700e69422f4b18e77c88b76e0c74fcd6f5685343d1713e490d3f283e963f1143cca68a546576152d28385ff483018ad8a60bea84d527e77aab19a3c0915ee8ef5ebd51f639f8f98f806a435aa98f9bde7ad22462a39ef9209db3dbe483203f22abc46b590ce7f867247dbb440c36bd6021f765d9e2ed8263cf0185d2b451556fd5dd663304d56391415dcf267ee92a4933cacd5f29e92f052b9447492013a0ebcd6a7ddf3c0cb69f561c0e3b81be8c4276e4b941b018ee277e5845906fdf018f46e5be0b857302e0cd88abbbb90d1a55710300d8274628d355c72c79823ec8556a753ba8da4690e4bc542961e5da617c3e36ccb1ea3da8554b5e2a42a032157bd6ebb05a263b3712d94bb32899c5c51f923a71c5db035b97409705db2b207f51d20df75c0f20dc3c927c19d80c24900d95def7d871c571ca5c469860e686b3ba99669500d802be96d2b12093d0c7bfbd5541463a6ec750bb57df728ed1abc0bf84f9ee12a1a193e10f77ee2925729d607e25e6c49d9b6624925b6d5665dd74b3c6e7187948dc3c26db81a3bec6dd84e905400a7b62acc47d7c443e49a67c693d5b1bfd7db07d5f73a401d671da9c7560dd4fb14262ff23e50f24e6764ac531437b2b5b4611e4c673b46a092b91be02b48aa16b9357877bbdb54a38fe7bc46a740273cdebf8dd83952ffa33e5de6d66a11bf47779917172c6c4a2a36e96ec9323155fb075212e27d676e2131aca36915686388a20232202c740cc27b368fdfe5cf6531bdb99c47a16d6f8d5fbff77f65f04dac4031b412c923f89b8f3c7d255e480840b836e1316b46238093174b781a43fb025286f05a0be2795831321fb012fbbce83757577becd441f4d8f03ce82c617d83dbf93effaa11027a6845846c66a07087a5c4aa2b89e6cf25fe057f0a61abfa17beda13056d7407f52350dafbce396673644745c3c54d7cf9ed7d9425ae40f7f7ea10ca99dfd378fe6599219bf212538a8ce3a5b565852ba78f2bd0835534ae1054e23944885753a3ccd8ce72de891f0d46068cb28bd0b8460b7e7960dae4ecfd2e7d527e2af29773354098f49241b99c3a3865800d8d2c2ee252d133f1a17de91708e1f45963ecc7282f9dbc5e83c34341fa33612c05ffc87d0b073436f6ff72b3311c2a7cfedf372582ab7cd50c430739e59ac35e8f668eb9ece294e841b5d35f5b1067862029c7ab9639a33688fe00a4b53962879f9eabe1cd8f70a935a2d945e78d11eff6459ea68af732054d41f343ce0602c8d1d3a0fb2b8f8445c38fee0fc11cc6d14d5055336770bab4f8144b253e05fc729987103230cbd6d1224ec91950bc51784245a4e708399f1dfdded922042a08aad6515b91bdc3f7a3d471c0d3659a08fe8b3c010ded021bc0c4a536a4e1a5fcb241718f9039b01c03328ac7c371d3d38950149de172450c368ba3c4d836524ab86a0ffe91de07ee01673ccdc3692ba3d0ffdc94938fa5e66ba457314a35544830a0047e80430fc80508997d79b971ee3c80a88eaf3951af755e32de32410a557c7ba11e940b59168e9454bba150fdc72fa9b99c7728b614c63d3dbc26713e8dcef4415b744e004e0b9a11a103d7d565d7946219e270ad74400f676093e22e2f7e5f83a45d9d0a5d2253f98124f8e1d025c06c63dc7850eecc4e044824f1f2870df4cee36d7fe08bfdaffa67d1159811dfebf1b84351e1ded28e0b852171cba926b9361d9524f065019b81bad26003d41aac50baa0152a2997135c16857e9123eecdb03b078df764c7bbdc6410b7e61370b93695e06b357e5669a5ee0e09349821054a021a7697f34d2d828dd4a3d0311d31687597b27af90155f1c9b1681f9029fca66bbf6313fa1a19b4ab14847adda08443d0564eb6ed512415e083066bfdbef5c7b40d299a2b93615b615b84bf344813efd75e2c00eb5747318ef406d10b545cd79cee495ba8b6432755c4076698f1bbbb6a8a110b5fd2cfde529c3638026ad65cdf25e9a5e36b3f821b92af0cab2d5e96a927091adf6a665a3267bfbb3f608b4e2650be0c382f822163a3345879a836bc797aa6221713fcb09f1c0a7820b17d97d286d2c28a147567516daf82bb9f6b57dda88d56f6b3428fc588d962cca6ee4c4be5309970ed27016cd7a14462703e23e4a37847ab5ddc0601a216b358acf7ca68c5ac4106a1a433bf3fcb5aadda66aa320a5416b5f12c06a492feab7a086f8cfa325baa1dce7216c42e4b711e1c65fdb459c17fd3bfc04f598cba812d1e1113d409076bb920dcebd85157d9f54ed392a9275236d0b637263498aece779e581180b6661a01529415f4f81fa9a10a31f06b2c932fc64d0d75728a194f9638f53a3cad99da10676c4c570c0e24758213650c1976991a419d1eb45c9c048926cf7c2ab5801fa874be22fc836486ebe81a28c64f06d3d3766d3e48d4e2c2266dea9131c87bf52eb1249db376f2704fb413967943334702997bd5fa339bde001b2310b57ab2ea7849acc4b4be69aa878d135129c4351e66bef16f255dca2852573f2290638303455b5843d7163b2892449db00ebaa68a1394ac2955300b75806611833f56fbba175072e6d90496d3c62758292d0f5d8441312b889b42c06f60eccca105415026468f9b24601073cdf1e755a6f43f3f86c122c6cbfae286effafa99d5ad1fbf4683fe39c4fad768dfeca907cea933305f1b56435dc65d17b0d39eb19dafce408e4ae002b889f605f6ef1a7cc6918b64872c357c4cd05d780be36a4ac87235b4a22c7c9dff79391bd04d9c16a6db57b56c77f0a64d16025470db48c0b6170fabaf89179dc2034f3a7ab3e129541c42d4dac8fd8f7739e9aef4da2511f2bb63e816b2421c9668a940470b5fb1cc38bf959255dfa4df2b7379a90a13dc39a1e7d16e4ee8e055135ab543d18913b99d37869a16410bf75fe28e5cd90fdb7036e07d319e88fcfe9604b3c715ecbeee2cccadf26d5ae0386eb2666379b474a40f5da9cd72693297603c8722e09e0fb0447d89fc8322959cc777c4cc79e9b1be6ca08146286656850ac63c33c960a5cbdf01357437b004dd57f983e3e75b35010105dd4e2e8e6c088b12cf35cc399c66f6714e144e0a2f5b4544783215012e50d098f61da70821559e28376d5ab6fcf3efc46b845863a2d2972808936ea6ae965d4171b6bf0b059b4536acf57b0c392ce3ab3f71fc968c0f4d1c9fd1b2a91b6602b51de442344ae783470e2377ee8b1d0c32fc03585060d0f204aec96edadbdb81b9de3e071301a06290fa6592243ca289a7baa4e5bb27282af51cdcb1bb1b4481192db44c3bdebe6e5252de11eca655b369277fcb1a5ef73132e2b3e238fd7369dfb7253b191e94f6d85ceef08c059d69457c108b64d858f42a65da791fc1a014c880cf58dc656cb3039f57101799c079122a95dad590abb6163bbd9adbe4e522dbbb4dc5aa96dde2eecd4a0b408462115e8a1f7f5917084b4b812f2199daa1a8479894a3e92f906bb811691a6ba822900f1fb8406ed31b3725173268f48ba913af0aef8392289daa0008f43c767458ca8da18d0d0368cbf95de67f942caae9fb23398951fe4f160653138fec2f6facf1663d491abe811b45fb53f28ec2b6fd53c0d4297ff64fda0a0ed5fc668481b7333725552ead6017a2b601d6ae52db53b2345744bc837d2a77656fd0bedb0f378755f4f5b2dbb218a81c472d0422df62b89c80d9c1e7b0c6a17279ee1294053532ff720c05e0f84a0770816702ccc6a7843ab3caf96cb9ecb3a96e36638dd85fd89b62971063d3c54e415f7867ec87cfa0f644c91ed7d326b069dd50aa58c911b1cfcd29a7a6e20590495146fe7fe593bfba2bfc88b2f07744d36e61ce314a1e1e31431cb63885f60730858b53cc2914c21255471e96f3dee17458e1930dc06bab492342a0877080972de4f04f7177755ea7dccf1c"]}, @generic="b3b83193a05b493788948159945a7f8629901a7f4045e883e5523b141f437d68aea98ab5a5c2be452d8d22c8e70212a144a2151adef9a4ede4613449a64d4fac7ce3e77fbefef2a653db4893ca461736227ad94111eca43a362afdc3365fb740bf1b8f40eb94b59fd82922b8a3ca503ce7c9ee7087ee113d791f06805bdb02d5138b3e6f504f3fdf99862094e3e1cf851ff1", @nested={0x2b, 0x8b, 0x0, 0x1, [@typed={0x8, 0x48, 0x0, 0x0, @ipv4=@broadcast}, @typed={0x8, 0x50, 0x0, 0x0, @uid=r2}, @generic="a45b86599e3eaa79a1cb76956453d01a9aee7acd86e28b"]}, @nested={0xe0, 0x1b, 0x0, 0x1, [@generic="8eea8960dab1905ee43865051e2f8a2354fd98a8a966fb08079228dbe9145a7ac78bc8c8ab4b929667d635ced2ed69231fa4e64f18fd8a373125065d970db6c3a620b9a10fb6f871675f7d57536e30eee6913c20", @generic="ab401f95f5219ffd4f59ce3f94054a93a5b7943a6d0bd68d9f5316f6af4e78e8935eb849d3d7cc1489b2de112545e635a0d3cef0cccf9d76ff588dc25a92f8456389e863e0990c4cf5d724d915d99fe3b47c26ad8a7d8ac8891ae968c9cbf3132137facf50a48fd0ac4ba0f5eb1faa36d04d9e631d866fc5dbd6e7b0b5400b7c", @typed={0x8, 0x4c, 0x0, 0x0, @ipv4=@multicast2}]}]}, 0x1578}, 0x1, 0x0, 0x0, 0x8844}, 0x4) ftruncate(0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x1f012, r0, 0x0) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0}], 0x0) 15:03:07 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) pwrite64(r0, &(0x7f00000000c0)="a3", 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) lseek(r1, 0x0, 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) copy_file_range(r2, 0x0, r1, 0x0, 0x200f5ef, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x0) lseek(r3, 0x0, 0x2) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCGETA(r5, 0x5405, &(0x7f0000000000)) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r7 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) ioctl$TCSETAF(r7, 0x5408, &(0x7f0000000040)={0x7, 0x6, 0x5, 0x1, 0x3, "d165b2d25f58f49e"}) r8 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCGETA(r8, 0x5405, &(0x7f0000000000)) sendfile(r5, r8, 0x0, 0x9) copy_file_range(r4, 0x0, r3, 0x0, 0x200f5ef, 0x0) 15:03:07 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_setup(0x132, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000980)) syz_io_uring_submit(r2, 0x0, 0x0, 0x1ff) r4 = dup2(r1, r0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x0, 0x0, &(0x7f0000001640), 0x10018c6, &(0x7f0000000340)=ANY=[]) lseek(0xffffffffffffffff, 0x7, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xa001, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) setxattr$incfs_id(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), 0x0, 0x0, 0x0) open(&(0x7f00000001c0)='./file1\x00', 0x0, 0x88) setxattr$trusted_overlay_nlink(&(0x7f0000000280)='./file1\x00', &(0x7f00000002c0), &(0x7f0000000300)={'U-', 0x80000000}, 0x16, 0x0) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10009ff}], 0x0, 0x0) sendfile(r5, r4, 0x0, 0x7ffffff9) 15:03:20 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:03:20 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:20 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) (fail_nth: 1) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:20 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 613.961950] FAULT_INJECTION: forcing a failure. [ 613.961950] name failslab, interval 1, probability 0, space 0, times 0 [ 613.963539] CPU: 1 PID: 6487 Comm: syz-executor.2 Not tainted 5.10.237 #1 [ 613.964433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 613.965560] Call Trace: [ 613.965910] dump_stack+0x107/0x167 [ 613.966390] should_fail.cold+0x5/0xa [ 613.966907] ? sock_alloc_inode+0x18/0x1c0 [ 613.967461] should_failslab+0x5/0x20 [ 613.967964] kmem_cache_alloc+0x5b/0x310 [ 613.968501] ? selinux_ipv6_output+0x180/0x180 [ 613.968713] FAULT_INJECTION: forcing a failure. [ 613.968713] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 613.969078] ? sock_free_inode+0x20/0x20 [ 613.970986] sock_alloc_inode+0x18/0x1c0 [ 613.971486] ? sock_free_inode+0x20/0x20 [ 613.971981] alloc_inode+0x63/0x240 [ 613.972445] new_inode_pseudo+0x14/0xe0 [ 613.972967] sock_alloc+0x3c/0x270 [ 613.973432] __sock_create+0xbd/0x7f0 [ 613.973904] ? wait_for_completion_io+0x270/0x270 [ 613.978537] __sys_socket+0xef/0x200 [ 613.978992] ? fput_many+0x2f/0x1a0 [ 613.979452] ? move_addr_to_kernel+0x70/0x70 [ 613.980025] ? ksys_write+0x1a9/0x260 [ 613.980523] ? __ia32_sys_read+0xb0/0xb0 [ 613.981023] __x64_sys_socket+0x6f/0xb0 [ 613.981511] ? syscall_enter_from_user_mode+0x1d/0x50 [ 613.982139] do_syscall_64+0x33/0x40 [ 613.982617] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 613.983242] RIP: 0033:0x7fad34350b19 [ 613.983703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 613.985935] RSP: 002b:00007fad318c6188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 613.986899] RAX: ffffffffffffffda RBX: 00007fad34463f60 RCX: 00007fad34350b19 [ 613.987804] RDX: 0000000000000015 RSI: 0000000000000003 RDI: 0000000000000010 [ 613.988675] RBP: 00007fad318c61d0 R08: 0000000000000000 R09: 0000000000000000 [ 613.989545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 613.990415] R13: 00007fffccbbcc3f R14: 00007fad318c6300 R15: 0000000000022000 [ 613.995340] CPU: 0 PID: 6486 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 613.995500] socket: no more sockets [ 613.996162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 613.997657] Call Trace: [ 613.998006] dump_stack+0x107/0x167 [ 613.998501] should_fail.cold+0x5/0xa [ 613.999008] __alloc_pages_nodemask+0x182/0x600 [ 613.999619] ? create_object.isra.0+0x3ad/0xa20 [ 614.000232] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 614.001018] ? lock_release+0x680/0x680 [ 614.001557] ? kmem_cache_alloc_trace+0x151/0x320 [ 614.002184] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 614.002894] alloc_page_interleave+0x22/0x130 [ 614.003513] ? __next_node_in+0x72/0x80 [ 614.004028] alloc_pages_current+0x237/0x280 [ 614.004595] kmalloc_order+0x35/0x160 [ 614.005095] kmalloc_order_trace+0x14/0xa0 [ 614.005655] io_uring_setup+0x33c/0x2980 [ 614.006187] ? __mutex_unlock_slowpath+0xe1/0x600 [ 614.006836] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 614.007499] ? wait_for_completion_io+0x270/0x270 [ 614.008144] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 614.008829] ? syscall_enter_from_user_mode+0x1d/0x50 [ 614.009502] do_syscall_64+0x33/0x40 [ 614.009993] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 614.010709] RIP: 0033:0x7fdf712e8b19 [ 614.011164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 614.013390] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 614.014308] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 614.015240] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 614.016163] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 614.017063] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 614.017986] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:03:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 4) 15:03:20 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000a00)={0x3, 0x80, 0x70, 0x0, 0x20, 0x0, 0x0, 0xe9a, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000380)=""/187, 0xbb, 0x6) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000a80)=ANY=[@ANYBLOB="00f9ff00000000000100606e74a80fb646147dc85e0000000000000000000000010000000000000000000000000000000000000000000000000000000000eaff0200000003000000ffff00000000000009000000000000000600000000000000020000000000000000000000000000000000000000000000000000000000000000800000030000000200007f000000002a84000000000000fcffffffffffffff08000000000000000000000000000000000000000000000000000000c91d84c30000000000000000000000000000000000000000000000000000000000000000000000010000030000000000000000e2ffffff00000000000000000000000000bde386d63bcd07f198d746b9157e5bb66ca4c3317884d539c0cb07f0432fa5c0cc6d215b3df4f3146623cc352833ca4e5c8a29f5293b66bbbbe1626566e7cb7f908feb74133e10edb36e004febd9bdd5666aba350b1e4871fe1d3d3163daea34319314168a0f52566e068efc69ae2467ed0521131580f063b47145fde83dcc89ec6faa226f316174181770836d9ccf8467f3fcf34e54f752b6ee5868cbd58a1db6558002ff5d649ad2c97ac5b25884429d9b7e372a480cb61ddd873a2cbd146b69ba038acbfbfe843411c124e8d22947d62368d0a977d4bea46832dc2d0efb9675f96687f1c3417d7d49aeb8045c21ffc969cfb704e450fe462050ff80588979a1d69879903f989bae9dc2c599441721234a84652ebf4218b6e0ce32fe10c1fa4d5e170c515229628131de71197e7387ec2eab018be7b4c6a4f2dfe76b5f9d240033f8b3872484db4f182d9d1fba63d800978b3f9845123490549ea944cb838f11ae968ef87cf524c9079f60b9dc621518e0039ec3f20f717ae0b38da93bd3ec9ae808a142cb8af18cd4142038d6e34429d561b257f6997e38d6cae1d4686aa4653cc972bf37a717695ff75b5d6339832bd4c6806617b12ee49a7c46ebaeaa65bb855f07737fbaa23820c7bd62591186c41483c3844693569066bccf04dd3c0f2f7c69df6aea887e527874cecbaafb1825418616fd5a9092b1e2369c8723aa1437ac40128785bb3599d4f864b7d73ae6df0e429689711dcdc11b5d0c4797ee7c0e41925f0f952c1823e73af158d6d915c4ac3fe2ff5f6cc31dfd7c8e641414e2770c59a28540b8004b7d3c4561aceca7571313a78e8ef4f5a1853f30eb6168277c64c8fae94489922de7b1818233"]) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') readv(r0, &(0x7f0000000280)=[{&(0x7f0000001e00)=""/4098, 0x1002}], 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r4, 0x40086607, &(0x7f0000000080)) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/suspend_stats', 0x11b800, 0x40) pread64(r5, &(0x7f0000000180)=""/112, 0x70, 0x4) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) fcntl$setlease(r1, 0x400, 0x0) request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)='\x00', 0x0) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r6, 0x4, 0x2c00) ioctl$BTRFS_IOC_SCRUB_CANCEL(r2, 0x941c, 0x0) 15:03:21 executing program 3: sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe2(&(0x7f00000000c0), 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x20008880}, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)={0xd8, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@nested={0xc, 0x11, 0x0, 0x1, [@typed={0x7, 0x76, 0x0, 0x0, @str='\xf3+\x00'}]}, @generic="2ef9b9d79bb827e8b023d973f9a9b317430606a5eb854dcf902b63643a28dfea2b84efeeb6dd5765d40299ce6e50190d9408877186bdf575b0c6c65b685d75e818361d6b1d17e3cf85df0b3de40dc1ec6c27fdc611b63c9c9d1c566dd4d417a0d86a6b907220885899fea9320188a414523d893995ae45cdc0276ce695fd4969066c7fe9dbabe7b9f1185eaa5447775b2f81f9484dc04a388b73b9313d8395bb5588a2d2d59aaee6064f9ea0235eebdd073e56f754222c96"]}, 0xd8}}, 0x0) 15:03:21 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:03:21 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:21 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) 15:03:21 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 614.394621] audit: type=1326 audit(1748271801.386:257): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6493 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 614.409399] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.3'. 15:03:21 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x2, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 5) [ 614.503819] FAULT_INJECTION: forcing a failure. [ 614.503819] name failslab, interval 1, probability 0, space 0, times 0 [ 614.505282] CPU: 1 PID: 6520 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 614.506113] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 614.507153] Call Trace: [ 614.507511] dump_stack+0x107/0x167 [ 614.507983] should_fail.cold+0x5/0xa [ 614.508477] ? create_object.isra.0+0x3a/0xa20 [ 614.509042] should_failslab+0x5/0x20 [ 614.509511] kmem_cache_alloc+0x5b/0x310 [ 614.510014] create_object.isra.0+0x3a/0xa20 [ 614.510573] ? kasan_unpoison_shadow+0x33/0x50 [ 614.511138] kmalloc_order+0xfe/0x160 [ 614.511610] kmalloc_order_trace+0x14/0xa0 [ 614.512133] io_uring_setup+0x33c/0x2980 [ 614.512635] ? __mutex_unlock_slowpath+0xe1/0x600 [ 614.513229] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 614.513850] ? wait_for_completion_io+0x270/0x270 [ 614.514506] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 614.515159] ? syscall_enter_from_user_mode+0x1d/0x50 [ 614.515792] do_syscall_64+0x33/0x40 [ 614.516249] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 614.516927] RIP: 0033:0x7fdf712e8b19 [ 614.517402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 614.519689] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 614.520624] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 614.521498] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 614.522372] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 614.523273] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 614.524147] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 614.566035] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.3'. 15:03:34 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:03:34 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) 15:03:34 executing program 3: ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2, "77004a6efdff0000000008002600", 0x0, 0x401}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETQUEUE(r0, 0x400454ca, &(0x7f0000000000)={'veth0_vlan\x00'}) r1 = syz_open_pts(0xffffffffffffffff, 0x208c02) ioctl$KDENABIO(r1, 0x4b36) mq_open(&(0x7f0000000000)='-@\x00\xb7!\xf9Z\xbb,;\x7f\xc0\xa9J\xb3\v\xfb\x84\xaa\xb5\x9a\xa4O\xa8\xb5\xd2\x13/z\v\xae\xfc\xfek*D\xeb{\t\xba>\xe8\xe2\xba\x00\x00\x00\x00\x00\x00\xd0zd\xccD\xf4a\xd8/\x90x\xb5\xd8\x04\x19u\xf9D\xb7Eq\xc1\xcee\xd9\b0\xec\v\xe3\x96\x1f\x80\xe4Nk\xa6\xe1\b\x97,\x8b/\x96\x9b\xdb&\xd1\xe3J\xd5\xaf\xe3\xfc\xde\xbe\xa0\x8b\xeb\xea%\x10eW\xf6\xa0J\xe51\xa4\xfesm\x96\x89\x0f\xea\xa6\xc02\xd4\xb8y\x83L\xc4\x93U\x15\x9b\f\x9b\xc3Z\xff\\\x9d\x83\xe6\xc7fc\xa9n\x8e\aV\xe8\xf9\xf9\xe4\xfb+~\xabu\xf9K\x1d9[\xcd\x9b;=6Q\x80', 0x3, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000200)=""/230, 0xe6, 0x2) r2 = socket$inet(0x2, 0xa, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000300)={'wg2\x00'}) r3 = socket$netlink(0x10, 0x3, 0xa) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000580)={'syz_tun\x00'}) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = syz_mount_image$nfs4(&(0x7f0000000180), &(0x7f0000000340)='./file0\x00', 0x2, 0x0, &(0x7f0000000480), 0x80000, &(0x7f0000000380)=ANY=[@ANYBLOB="2a2c272c776732002c2f6465762f6e65742f707500000000657468305f766c616e002c2f6465762f6e65742f74756e002c2d4000b721f95abb2c3b7fc0a94ab30bfb84aab59aa44fa8b5d2132f7a0baefcfe6b2a44eb7b09ba3ee8e2ba000000000000d07a64cc44f461d82f9078b5d8041975f944b74571c1ce65d90830ec0be3961f80e44e6ba6e108972c8b2f969bdb26d1b6d5bb90a82b2ad79149e34ad5afe3fcdebea08bebea2d106557f6a04ae531a4fe736d96890feaa6c032d4b879834cc49355159b2c9bc35aff5c9d83e6c76663a96e8e0756e8f9f9e4fb0b7eab75f94b2c776732007970653d2d4000b721f95abb2c3b7fc0a94ab30bfb84aab59aa44fa8b5d2132f7a0baefcfe6b2a44eb7b09ba3ee8e2ba000000000000d07a64cc44f461d82f9078b5d8041975f944b74571c1ce65d90830ec0be3961f80e44e6ba6e108972c8b2f969bdb26d1e34ad5afe3fcdebea08bebea25106557f6a04ae531a4fe736d968920eaa6c032d4b879834cc49355159b0c9bc35aff5c9d83e6c76663a96e8e0756e8f9f9e4fb2b7eab75f94b1d395bcd9b3b3d3651802c646f6e745f686173682c646f6e745f6d6561737572652c686173682c000904821c42073a3c628c9796000000000000"]) openat(r5, &(0x7f0000000980)='./file0\x00', 0x268c40, 0x105) sendmsg$nl_generic(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x30, 0x18, 0xc21, 0x0, 0x0, {0x2}, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@private2}]}, 0x30}}, 0x0) ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000100)) dup3(0xffffffffffffffff, r0, 0x80000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffffffffffff}, 0x840, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r0, 0x0) [ 627.896468] audit: type=1326 audit(1748271814.893:258): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6530 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 627.924818] FAULT_INJECTION: forcing a failure. [ 627.924818] name failslab, interval 1, probability 0, space 0, times 0 [ 627.931651] CPU: 0 PID: 6545 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 627.932490] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 627.933509] Call Trace: [ 627.933843] dump_stack+0x107/0x167 [ 627.934292] should_fail.cold+0x5/0xa [ 627.934798] ? io_uring_setup+0x40b/0x2980 [ 627.935424] should_failslab+0x5/0x20 [ 627.935976] kmem_cache_alloc_trace+0x55/0x320 [ 627.936649] io_uring_setup+0x40b/0x2980 [ 627.937250] ? __mutex_unlock_slowpath+0xe1/0x600 [ 627.937958] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 627.938692] ? wait_for_completion_io+0x270/0x270 [ 627.939347] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 627.940020] ? syscall_enter_from_user_mode+0x1d/0x50 [ 627.940657] do_syscall_64+0x33/0x40 [ 627.941120] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 627.941750] RIP: 0033:0x7fdf712e8b19 [ 627.942206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 627.944488] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 627.945475] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 627.946383] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 627.947270] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 627.948152] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 627.949031] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:03:34 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:34 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x3, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:34 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:03:34 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000a00)={0x3, 0x80, 0x70, 0x0, 0x20, 0x0, 0x0, 0xe9a, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_mount_image$ext4(0x0, &(0x7f0000000340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000380)=""/187, 0xbb, 0x6) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000a80)=ANY=[@ANYBLOB="00f9ff00000000000100606e74a80fb646147dc85e0000000000000000000000010000000000000000000000000000000000000000000000000000000000eaff0200000003000000ffff00000000000009000000000000000600000000000000020000000000000000000000000000000000000000000000000000000000000000800000030000000200007f000000002a84000000000000fcffffffffffffff08000000000000000000000000000000000000000000000000000000c91d84c30000000000000000000000000000000000000000000000000000000000000000000000010000030000000000000000e2ffffff00000000000000000000000000bde386d63bcd07f198d746b9157e5bb66ca4c3317884d539c0cb07f0432fa5c0cc6d215b3df4f3146623cc352833ca4e5c8a29f5293b66bbbbe1626566e7cb7f908feb74133e10edb36e004febd9bdd5666aba350b1e4871fe1d3d3163daea34319314168a0f52566e068efc69ae2467ed0521131580f063b47145fde83dcc89ec6faa226f316174181770836d9ccf8467f3fcf34e54f752b6ee5868cbd58a1db6558002ff5d649ad2c97ac5b25884429d9b7e372a480cb61ddd873a2cbd146b69ba038acbfbfe843411c124e8d22947d62368d0a977d4bea46832dc2d0efb9675f96687f1c3417d7d49aeb8045c21ffc969cfb704e450fe462050ff80588979a1d69879903f989bae9dc2c599441721234a84652ebf4218b6e0ce32fe10c1fa4d5e170c515229628131de71197e7387ec2eab018be7b4c6a4f2dfe76b5f9d240033f8b3872484db4f182d9d1fba63d800978b3f9845123490549ea944cb838f11ae968ef87cf524c9079f60b9dc621518e0039ec3f20f717ae0b38da93bd3ec9ae808a142cb8af18cd4142038d6e34429d561b257f6997e38d6cae1d4686aa4653cc972bf37a717695ff75b5d6339832bd4c6806617b12ee49a7c46ebaeaa65bb855f07737fbaa23820c7bd62591186c41483c3844693569066bccf04dd3c0f2f7c69df6aea887e527874cecbaafb1825418616fd5a9092b1e2369c8723aa1437ac40128785bb3599d4f864b7d73ae6df0e429689711dcdc11b5d0c4797ee7c0e41925f0f952c1823e73af158d6d915c4ac3fe2ff5f6cc31dfd7c8e641414e2770c59a28540b8004b7d3c4561aceca7571313a78e8ef4f5a1853f30eb6168277c64c8fae94489922de7b1818233"]) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') readv(r0, &(0x7f0000000280)=[{&(0x7f0000001e00)=""/4098, 0x1002}], 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r4, 0x40086607, &(0x7f0000000080)) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/suspend_stats', 0x11b800, 0x40) pread64(r5, &(0x7f0000000180)=""/112, 0x70, 0x4) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) fcntl$setlease(r1, 0x400, 0x0) request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)='\x00', 0x0) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r6, 0x4, 0x2c00) ioctl$BTRFS_IOC_SCRUB_CANCEL(r2, 0x941c, 0x0) 15:03:34 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 6) 15:03:34 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x4, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:34 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 7) [ 628.215341] FAULT_INJECTION: forcing a failure. [ 628.215341] name failslab, interval 1, probability 0, space 0, times 0 [ 628.216758] CPU: 0 PID: 6571 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 628.217645] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 628.218725] Call Trace: [ 628.219059] dump_stack+0x107/0x167 [ 628.219504] should_fail.cold+0x5/0xa [ 628.219971] ? create_object.isra.0+0x3a/0xa20 [ 628.220532] should_failslab+0x5/0x20 [ 628.226930] kmem_cache_alloc+0x5b/0x310 [ 628.227462] create_object.isra.0+0x3a/0xa20 [ 628.227996] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 628.228618] kmem_cache_alloc_trace+0x151/0x320 [ 628.229190] io_uring_setup+0x40b/0x2980 [ 628.229688] ? __mutex_unlock_slowpath+0xe1/0x600 [ 628.230276] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 628.230910] ? wait_for_completion_io+0x270/0x270 [ 628.231518] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 628.232157] ? syscall_enter_from_user_mode+0x1d/0x50 [ 628.232789] do_syscall_64+0x33/0x40 [ 628.233248] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 628.233874] RIP: 0033:0x7fdf712e8b19 [ 628.234346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 628.236674] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 628.237603] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 628.238473] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 628.239355] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 628.240221] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 628.241096] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 641.597570] audit: type=1326 audit(1748271828.590:259): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6575 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:03:48 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) 15:03:48 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 8) 15:03:48 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:03:48 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) 15:03:48 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000140)={{{@in=@loopback, @in6=@mcast1}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, &(0x7f0000000000)=""/90, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x20}, 0x0) socket$netlink(0x10, 0x3, 0x0) 15:03:48 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x5, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:48 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendfile(r0, r0, 0x0, 0x31) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x1) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000), 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000160011cd00060000000000000002000033fe09a4cf6ca27294489ea5617929cb48792321e31220beefc3f2118e4d87da4a98061d6649dc731305af3e0274309b2c43249815b2250a1857031c2193d9ab0a1b875802bde5ea0444e40e01415dc93f670cfa4300000000ba09fa00f7ff426eaf078f730dc1527df04f062f498bd45c44945ac551ef32f0e1dbc007bfc96daafbc109d55210773a331dd9bf5d0c014bd784ce"], 0x1c}}, 0x0) pread64(r1, &(0x7f0000000240), 0x0, 0x1) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x100, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f00000000c0)=0x2, 0x2) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1, 0x0, 0x0, 0x3}, 0x200000}], 0x7ffff000, 0x0) [ 641.621999] FAULT_INJECTION: forcing a failure. [ 641.621999] name failslab, interval 1, probability 0, space 0, times 0 [ 641.623410] CPU: 1 PID: 6580 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 641.624242] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 641.625257] Call Trace: [ 641.625595] dump_stack+0x107/0x167 [ 641.626070] should_fail.cold+0x5/0xa 15:03:48 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 641.626570] ? create_object.isra.0+0x3a/0xa20 [ 641.631191] should_failslab+0x5/0x20 [ 641.631692] kmem_cache_alloc+0x5b/0x310 [ 641.632223] create_object.isra.0+0x3a/0xa20 [ 641.632802] kmemleak_alloc_percpu+0xa0/0x100 [ 641.633381] pcpu_alloc+0x4e2/0x1240 [ 641.633881] ? io_tctx_exit_cb+0xf0/0xf0 [ 641.634411] percpu_ref_init+0x31/0x3d0 [ 641.634997] io_uring_setup+0x47a/0x2980 [ 641.635551] ? __mutex_unlock_slowpath+0xe1/0x600 [ 641.636187] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 641.636845] ? wait_for_completion_io+0x270/0x270 [ 641.637450] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 641.638092] ? syscall_enter_from_user_mode+0x1d/0x50 [ 641.638726] do_syscall_64+0x33/0x40 [ 641.639235] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 641.639857] RIP: 0033:0x7fdf712e8b19 [ 641.640311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 641.642559] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 641.651520] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 641.652398] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 641.653334] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 641.654252] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 641.655159] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:03:48 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) 15:03:48 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x6, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:03:48 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:03:48 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 9) 15:03:48 executing program 5: socket$netlink(0x10, 0x3, 0x15) 15:03:48 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 641.868579] FAULT_INJECTION: forcing a failure. [ 641.868579] name failslab, interval 1, probability 0, space 0, times 0 [ 641.870107] CPU: 1 PID: 6625 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 641.871023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 641.872107] Call Trace: [ 641.872465] dump_stack+0x107/0x167 [ 641.872949] should_fail.cold+0x5/0xa [ 641.873462] ? create_object.isra.0+0x3a/0xa20 [ 641.874062] should_failslab+0x5/0x20 [ 641.874569] kmem_cache_alloc+0x5b/0x310 [ 641.875689] create_object.isra.0+0x3a/0xa20 [ 641.877106] kmemleak_alloc_percpu+0xa0/0x100 [ 641.878584] pcpu_alloc+0x4e2/0x1240 [ 641.879730] ? io_tctx_exit_cb+0xf0/0xf0 [ 641.880863] percpu_ref_init+0x31/0x3d0 [ 641.881969] io_uring_setup+0x47a/0x2980 [ 641.882961] ? __mutex_unlock_slowpath+0xe1/0x600 [ 641.883601] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 641.884271] ? wait_for_completion_io+0x270/0x270 [ 641.884921] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 641.885623] ? syscall_enter_from_user_mode+0x1d/0x50 [ 641.886318] do_syscall_64+0x33/0x40 [ 641.886888] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 641.888328] RIP: 0033:0x7fdf712e8b19 [ 641.889325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 641.892519] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 641.893527] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 641.894463] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 641.895453] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 641.896388] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 641.897317] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:04:02 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x7, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:02 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000140)={{{@in=@loopback, @in6=@mcast1}}, {{@in6=@local}, 0x0, @in=@remote}}, &(0x7f00000000c0)=0xe8) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, &(0x7f0000000000)=""/90, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x20}, 0x0) socket$netlink(0x10, 0x3, 0x0) 15:04:02 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) 15:04:02 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendfile(r0, r0, 0x0, 0x31) connect$inet6(r0, &(0x7f0000000540)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x1) syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x58ab, 0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_SYNC(0xffffffffffffffff, 0x9408, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000000), 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000160011cd00060000000000000002000033fe09a4cf6ca27294489ea5617929cb48792321e31220beefc3f2118e4d87da4a98061d6649dc731305af3e0274309b2c43249815b2250a1857031c2193d9ab0a1b875802bde5ea0444e40e01415dc93f670cfa4300000000ba09fa00f7ff426eaf078f730dc1527df04f062f498bd45c44945ac551ef32f0e1dbc007bfc96daafbc109d55210773a331dd9bf5d0c014bd784ce"], 0x1c}}, 0x0) pread64(r1, &(0x7f0000000240), 0x0, 0x1) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x100, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x10, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f00000000c0)=0x2, 0x2) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x11, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1, 0x0, 0x0, 0x3}, 0x200000}], 0x7ffff000, 0x0) [ 655.243748] audit: type=1326 audit(1748271842.241:260): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6645 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:04:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 10) 15:04:02 executing program 5: socket$netlink(0x10, 0x3, 0x15) 15:04:02 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:02 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 655.275353] FAULT_INJECTION: forcing a failure. [ 655.275353] name failslab, interval 1, probability 0, space 0, times 0 [ 655.276816] CPU: 0 PID: 6658 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 655.277656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 655.278671] Call Trace: [ 655.279021] dump_stack+0x107/0x167 [ 655.279471] should_fail.cold+0x5/0xa [ 655.279943] ? percpu_ref_init+0xd8/0x3d0 [ 655.280458] should_failslab+0x5/0x20 [ 655.280928] kmem_cache_alloc_trace+0x55/0x320 [ 655.281492] ? io_tctx_exit_cb+0xf0/0xf0 [ 655.281991] percpu_ref_init+0xd8/0x3d0 [ 655.282483] io_uring_setup+0x47a/0x2980 [ 655.282618] cgroup: fork rejected by pids controller in [ 655.282996] ? __mutex_unlock_slowpath+0xe1/0x600 [ 655.283011] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 655.283020] ? wait_for_completion_io+0x270/0x270 [ 655.283052] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 655.283064] ? syscall_enter_from_user_mode+0x1d/0x50 [ 655.284037] /syz2 [ 655.284401] do_syscall_64+0x33/0x40 [ 655.284415] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 655.284423] RIP: 0033:0x7fdf712e8b19 [ 655.285101] [ 655.285657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 655.285663] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 655.292153] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 655.293030] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 655.293906] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 655.294782] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 655.299716] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:04:02 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x8, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:02 executing program 5: socket$netlink(0x10, 0x3, 0x15) 15:04:02 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:02 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x9, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:02 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:04:02 executing program 3: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 11) 15:04:02 executing program 5: clone3(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) 15:04:02 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 655.508502] FAULT_INJECTION: forcing a failure. [ 655.508502] name failslab, interval 1, probability 0, space 0, times 0 [ 655.509914] CPU: 1 PID: 6756 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 655.510754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 655.511821] Call Trace: [ 655.512170] dump_stack+0x107/0x167 [ 655.512625] should_fail.cold+0x5/0xa [ 655.513104] ? create_object.isra.0+0x3a/0xa20 [ 655.513674] should_failslab+0x5/0x20 [ 655.514144] kmem_cache_alloc+0x5b/0x310 [ 655.514649] create_object.isra.0+0x3a/0xa20 [ 655.515206] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 655.515839] kmem_cache_alloc_trace+0x151/0x320 [ 655.516416] ? io_tctx_exit_cb+0xf0/0xf0 [ 655.516919] percpu_ref_init+0xd8/0x3d0 [ 655.517411] io_uring_setup+0x47a/0x2980 [ 655.517914] ? __mutex_unlock_slowpath+0xe1/0x600 [ 655.518509] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 655.523163] ? wait_for_completion_io+0x270/0x270 [ 655.523766] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 655.524404] ? syscall_enter_from_user_mode+0x1d/0x50 [ 655.525033] do_syscall_64+0x33/0x40 [ 655.525487] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 655.526116] RIP: 0033:0x7fdf712e8b19 [ 655.526568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 655.528829] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 655.529771] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 655.530684] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 655.531590] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 655.532460] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 655.533330] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:04:02 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:04:15 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0xa, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:15 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) 15:04:15 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ftruncate(r0, 0x1000004) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000140)=ANY=[@ANYBLOB="9fd12ab8189c44040eed5b8464387a28010400001f00000018000000", @ANYRES32=r0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='./file0/file0\x00']) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0xeab8050e99fd9bc9, 0x2004, @fd_index=0x2, 0x64e8, &(0x7f00000002c0)="2a3ed46defd02223dcc61e1ddbe47f75baa8c1562b24ceb869d17d893e09570b139a3a6e166d12892e1235e98b3a91d32ca8ab69e19440263493c95ed47e3bfc000012eea53297336ac8f5d3f002f168278c955fbeca68e78d215579b29e5761b284c1af480c9c42dc2aedabb5511bab086e5aaad239120f708d48953b3aa7b52703bae93155d9c7cf6b9d31cad9a062d50075c1f2e1cb478e4c", 0x9a, 0x3, 0x1}, 0x7f) sendmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000240)="60d70ee92e7e56020f71fe6c862dd622abc6df4019b788864a7f573edb9997c48cc74cdb1d94b4dbadf62caa9e133ba7dc04923bac3b", 0x36}], 0x1, &(0x7f0000000640)=[{0x80, 0x10a, 0x1, "90b63dfe23c6d431b04aeba99e69db922cfcb36461cf06817602e7aac74e2077c1f213cd13ff364ce371e7991ddbda9bd5eb2b55dfb8abad03ed0ce697999e9b3ddd771b68b95707768c9df3f1691929a22120aa4051aeea79ab44f94718b2624a76364f003b4501f7b8da68"}, {0xd8, 0x109, 0x413, "0ca150879f218c635c1647762743d57879db05a5c56c8e26ec53b344b38e96b7c34dfed12d1672401f64f9978d0edba13117e5029a26addd80a23eb0c2f7552dcf76e0ed157122699369bc168a86fa97538becff50e33c6d06c6e52e49a0f32b72978657b11a7ad90e516dbde67197f613b029d70543872d21445d3a06c9394f115189a962f02b38183b1e4fa6e3b89cee2c17ff87eade3df5529f7574c246b861abe9edc7f8551c83f42f6fcc3c34a5e6f7f0750d723ecb1c9c5d323834d0ad1f66"}, {0x1010, 0x108, 0x1, "ab1e8f5d15eb2a0ca246e5e505ccd01b21f9dda87e1b939698f41e05c931d49158e6718c196db45992268b0779871696d4c459b160d82c8e601468dbbac729b5a99f1f7fbc020a8785ac65544f00c8d706b81aee0853153765a77db8d6218c968ccfe6de290fe821756c73892cafd7efec000c882b4a1ac38a99385e45633644995dc312b0738846b08a1a8c2c4f2ebc767bebfb69f02241115ba507dd42af2c37362500126f76d6c86145122ee083f85ced0d4499eefd9fd3ed6daff9ea09747f2cb18323d1affd74388eff638e7f9fbf79812f70e16277d696d40dbc4c54aee6722ecde637cd94b4a7386fd40b7b7aee237a103f7dbc7c3c5a4e5c5fd1780a2965de6ec15b0e3c191330ab63f63cfea8c47bda2eabd777f10fd79b2203f097ef52a9279427bafc722b201bb82e92a498da5d7473c335037a09e77d1b469b15cd21a7cb99f9f50869fbe953060fa7e26057a20c8ba299a32520e943cc6a69812f0e2ea78bfb447e508e499ed98061dd4476499223225701d3d7b6e9c07bb01235edf8c56394db4090c34c3efdd472a6919e20cfb401fa28683cee77a274c556ff4cf465d76f95e8ad9f82925b908763baceede84e1141a4ed3aa1647728771106378f3e5c7ff198c580cbed51389bcb6cd45981f904bfc56f97a1226920a40926b911d5bb5de1b35a1304dad4a17a9e4fda9ea1646d8f7faf2e8147c141c962eb861a8ec06955c1bfc3876fa1bd0b7ed462b4f0bf4b04702d454b48e78246e2e16061690645aa5f62d04ccdeec1786459360b0bd27d1581f5c747a310e89d5fe0cc80436c64384376b8d4041a7879d4499dcec732f90f75fd6823c3035c6f5200f0b4b8f8b6af3cea0a05ee0f9d868a7b0cb7adc31f91dc726f9313cfae12bac3b60262ffd87be9275fde2f71d61184d78f9f589d90223b54f89e060526891b45b01ddcd1be887fd5ce913d776b4bcc0e1a3afcb8eda7fb8f2b5858b3e7271332a1ac16f83632b61060c4cd134e17641113c0bb8876427b32fddf1151877c35282fe70af4824b70508923ce7197dc1b8512b57bc5dd9ef20e001be11d83ceb2d574dab010da4357e1f440af28453a264ff8cbb37dbe0828af2d72805aaa328aab85e5d8c26f4979a8bb45aed76622055b638fd14a69bc81f637dd081943705fd68803f142a012c9282e371caf8c638c825bddbfc128e0749dc41533d59282a239280b9022403628892d1487b93f5b17167bcae363d02ea04bc1a528f2003475dd25344bd47d1c0307938b4c426252aa94202a762535dbf5f30edcf9760cecdfa57f5a395293988b373e4ca516ad09e973e8bca97f6b61ada0be115ea8e1ed7bdb3dc2c6f7fc6bf789d9ca31d814c46c8a7c33cf394f38068dc7498449c4614d510ad8244f64b6d33e7f3bdce5c32e0dd448fe9c0befaab3ac3e00c64237eddc6779778dea5bc64c9290927672a4e68880c25d28c2517f30928259b7d79f56415ede3727326e57cda97a1bc4b9f5769e5f0506dfdc8134b81049ddaecf7c6f48bf6d394b2e2b1c1794fa12b2aa93e1c0397529675ed120c2f8a976f85e78ef4e139cea9d2817e9a0382533b6f1e0115605ee19cbdb27b0636ed475fc0a00223d7878e4d1280e309171978e94e96a648dabe83007c9eaff11cb4f379c34e0c13377146496da5e7851aec712f671f0e0367c74468c32610995f45b014f0285ff09d928a0b5602fa74cb8a6ad21fb2e6c688892ea85e589d9de671dec9ae0ebce88228cde33a7b5395f656cf6ba5a5a4838dcf16376b572a00bcbdd8641036edf74bdf225d05a946f80823e7c78328e04fcf7a2762f7a91565577ebe9455d99b819292dd9555ff5078f9156506d06ef0468541f99c09e75ea8acb888c6c4b352b9fcd4610fb6127f1844234174f46ac97f55a74e8ff28cd1e2b17afdb2f367845b63514263a42a22901b638599e3d989e3e47de50675c303f98cdaba68d61236abcdbeac6db3a24a0581fb3834d622c057ea007492f3be58f26c84fa0a7d75aca3b16afda73a7dcb4273f026be628976d448e54d326bebbd31616c4fbe889f4931a5e880469cc688a92c309e2bb8f5d9d1685a40b04868ed0f30d5dce9f2130a44a8ebcdebf02028de072f2692ffc339663a94c03046883aa2c6e42666dc7473aeeb7362ab6094dfed74918829cef0c58535c7a9ca43bbc410f3e939d245a1f09e03ab9686e2ce689e02e421dc25a220542955dfd12a597fb9556dada9931673c55722d43e92454482809076471307943ffe8cce31bea0cdb9ec343fa5a873489fe6fd202d35aee19b1bca9254dd41d01c679923de88bc1d3bb8310ef313d93d9fc1d7f0683d6b4fee913e96f5f83d7c1c9c2e2c9a35c6fddb1a2fd6252c9d275c4ebda52785b58fc2321da014a3bb91a04b140163844c79eacd1b5fac95f17e680e079f2fc3da85c0b3b4a7aecc89b4b98087753e0907dccf9663905ecbbb29a158e6a763312b61f418b9cf2b80a85be5032bec3a8aa01135830a98f9e0fbd660d770de3de63e1d559f38139d85ea77db663fec35c1813e3f3324a688422ef16327bfd30fcd3e308f9b5ecb49953c7889172243e4ef705c5f1fd1bdcfdad29aa28cf7490a4c7def761024d9535f47aa01947d6a3f85bc4601406904968e010ee01f10d9c3eb0598c5ddd3fbc2ce88c3180a1e5027c65b044919ca5ef83e78c362af352e89ddd93506411d37df62142fc2e1bb73fa4f9c03eca719f55ba95ae778f10d2dd2bca4ef420e5b94ca9ff60c7cf39d3d97b45798313d3fc0a37c380704f19d77a58db6dc855e42b533862fe562e5f31e04f2c7d402ab7e1d8dc1033572683cf538e0531d5ecadea866819c0303b1dd899b219a2dde7902b43c912d5c1d4ff0c316b845e29535b9b90b8357c01f5624b34a19936f8eb1def6ac3ccf1c2dc3f67688fc5a3a5a7fc1405f8e2bf069bd78601b68aa3d61657848cd5c9f811164d51e4415084e637e4674bd830438c5375d278f828720a66a468bb5c7c2e69584f718cad46599ba92d892d387539634a7c8db1d8faf269cbf07b64174cf16c6b3a09532e63ee9073d3ba6749a5edcfcc87f0658d35d929a73fec6cae5d5e976f5b5fa064f942e948d1d6118634d8ad5f5cf4eec837a5edb764df14d4dd885f36a13ba6336a5f2b40bdf84ade55c446e9e256c0061aaf294c65d45c91cc3bfb73ad65b5b7032b66541326415bb4d2fd1a094d72b0fde2e278e90f3d4f3a8e851b157051f40a15c5fec291767f832dd9721416457633220afb085665f0cf1cfde26e5547714af642343698dc325e178acb549247f80d929c0ce00201c1aa7cd495054dba146daae462b2493c965b874944d411f98e4263dd16e173055b969751046158b1dbdafdcbfde8de411904fae4cc5612cea4c02a4dcef4950d4f288b6bde48ac8985bc03eb1eb7a414b8dfd482df8f78584b3428e08e8eb0b7147250159e4018952d6b2c3b2cf5d5216029fd77df45ff58fb295957efd91b3ff29622da9e6cf9329e21c402caf6200cfc600e08001ca4b80be4aff0c8e5ac7c326b8cef3a3ccaf49e9a6b143a20e2ca7ed3c869172aed0aae7741f5d7f468e1d60a2b610eece7793cfef103c73236b93caf025dbeefeeec976e8e2999fbccc939fff37df24a8f6f21e4fc77ef265c8ec7ef264a5c144fa474ee8b20f9160e74ec65b63e0e9aa7204c2ae37e49f6666a1a81dab8f26d9fffd3b64a91748df6134f6c1c5b4951067c7ded6bb738b1722b3bd8978cb45095fa4b12d2e9e9ed52a10e0bc6d62333bea2944865d249e3fa8df00f2e2642654a631428931a43a3447adeb1f0ebd03074baa8cf1a60c4f5da88e858fea38a71b911bd9f7593df95b0319e8f9255c650d2ac9f55c50384790654b42bfa6d562b1dd12d908a8ff3455b3859edcc7a430a6fd21bfa7522c4824cf5211f3a58772aa2582977c41253278c9128dc6b37c577cb5103f1618ac7ae06ee16aeb88abd02daafb0e2eba967a7460a96c40e39fffa952256f69acee69246ab1ffd46dd60490a9589d00d48dcc383ee5a03ea9af8c1c906a7a055df331f576a28be63d0485c0d571e2f0c5b675933b6a4a806f6cd62bf930ae97c4954060475967d458f705f977caf9ff767bf8e1763fb57d579fb099706444154071f81c984ff2695922ab67bb7af26e471b24be4bb376ce4c32c90205ed0be0df5cc8de0dbd565fa35c0e12902fc0cad304137fa351e7faa0305e32395ebba6b737bbdd6c93698735eacd91f776ccaa393f71986567c3f97d8b502b5a28e307ca947985a13172d6fab0abc62ba0744da04b1743a61677135d9988fbfcfc355b2f0072848edba25544a7cc4d0c67b5d485163e3edf885398856f7b63478d175e5b6a087b4426aa5cd0f55a4b2a10705e762b3930e7816abed80192a3da82ff4e44868be8e02c1226d02c4e5cc787ee9952dd49b002d74531f71bc2fd54a561032d48d9e126f65a606c5e5bc4e56029812154520d03d758afa38d9ffceb860ab17e78d1c1dde5221a1318d4aad0cf5cf614e1d2ef5b5eab664a42cd1d7c8e193a52e6819b5ff3d1224d631cb90f4151b508283c3a13047f2c14386c65da7ef68c3e6e2b463360db60c5e539add6ea7bea45460cd5fe4d4fd6e97926b7cb3bfd29cec76f1a77665ab66da3eff66c9cb214bc04d8b1238c407193fdc7e760b8a21a49ef98bfc22ba6615c04a52a07d6f39e89286b85ae77c4c7b1b9b4f706f1c4060ccca6937a1247fa6df82148861095c05d8fcfbbf0d2f37201019c576cd9b7c28abe500882f98510364abbb836620f407386ff54fb6de2d5a32798f37cf69df735ddbda8a16dc2cdedd7397de862c42b9997bd3a8a93474e006bf7adea54d9c66f8a78bccef3bbc675a81e39458896ef4f3ab110a77e23dbb99f3575054ac4baf946e74981e734d86ad003929f6f8eeee0d889bcf5aa84408f239f05f9add9165a488873938ad8c8232a31d420d47e7cf8374f9175e8de22f0768eba122affcc5c3d52a525e0a6a8f994e0e222bd9a4444f385baddfe3496e926b5f5e3787d817184d2d67e89ebe3dd920058172173851e6d6f4c01ba264691ba36de78c38daad64505c81917ff0aa28f4bac6dd3abfd457e651bfb4e1bb585ce138b7169286054c70560ed73b9fe22acc7b807d127680d91f1f61f0a1cd2a9cf36b8b46bcd2e40f61b8e309dc3378d7f74956b22db230d640c9d20f4f6483d593a710affb12f859212f16134f028435aa711be5ab34fe1a8bb503e29a283d8185be8cc44d6eb65cb23913cc9a4f3f807fbfcfcf3d427883306fa10d7193be43dcd6837f062ac27cab9b0b3501af09eeae87476132efa7aac559c4afc2a8c45c3172d6a3b95ece5da092d86a802e14bd5115f797f2114be3f2cadf3d156f0fbc6a25d704be7ed2ac68ee5aeaf20820a05efb537353d75a9adbef5eaedb5f02c39f7ead70dbdb1e349a392acdd1aec3bcb581dc8f4adc2e0d31af41568fee883d93706d85afd6ac4a498ec8255f4796965c48018338dd4653d8838fd3de54debfa842860b9fb6147a641c421c56b78d75ee94e9fa80a5656bc7bb9f6056584e142667b973f38d7efb3f776af68ff64306ea1c09190b00eaf555e13d454a6f139dfa213fb762d3dfe31a14e59c349e8ce83d0825acb955a6255202f0f2faf482b910b68f39aeb19f535dbb867e3a507132dabb5cb0c1c0c43e4f534540a9e1b5c8688d2c94fe98e84f359149006b2a03463fc6ca5f11ad51796faa09baa83cc80714"}, {0x100, 0x10a, 0x4, "538a9c1d10f6931bcff2ad8b5b483749032efafb5990bd953005b87ce32115270b3b5d91a6e0e28cf458aa5f932db297b7b001b52ba857a48c8b10a00437840e4cc11e87d64bb69c4729f425e5a5f66dab6fceda01f6ba7f895b50f594813f6b2d921b2effc429b59e43f19ceb6f2537e480c0d231e3d62021d42d09b5c7494d1f50018042ceec45f333c7e5644cff2c4bb2e753253ea2339c9f114d5b4c63b878e42d99e0197b9f512de3acfe037c0587695e3a8054c84fe17f9e6408dd350ccc2572cb79036769bcebdf87e01d30cbd6e2be2605d9ea6b58c2ba1ae66d656795422e16603a8472d7"}, {0xa0, 0x110, 0x1, "05cc8b18cdc80a03b38277a40ae8bc47c7e471a8e75a25d628f9985ae749dff9e6791322fab52937f6536d4ab238e8a9e1d71fc720ad63413de6c4eab400b9c318b68646522708ff25061d18e6c4bf07419fef969dd7f392cf17c123bcd1dbf2fc22ba5bc6fca18ed300e15fb48f6e39fc492ed261b6ead183dfed468d94dfce7e729a907a61253625"}, {0x10, 0x10d, 0x40}], 0x1318}, 0x40) lseek(0xffffffffffffffff, 0x0, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x105142, 0x91) openat$hpet(0xffffffffffffff9c, 0x0, 0x212282, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYRESOCT, @ANYRESDEC, @ANYRESHEX=r0, @ANYBLOB="070000000000000000000000000000027f00000100000000000000000000000200000000000018000a00000000000000776ce5dd8489071246420660a4e58e4bfb5afdc9", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYRESHEX], 0x134}}, 0x24008811) close(0xffffffffffffffff) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000100)={0x6200, 0x1f, 0x1}) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) dup(r0) perf_event_open(&(0x7f0000000400)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x8000, 0x7}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000004c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3037}}, './file0\x00'}) lseek(r1, 0x0, 0x2) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x4000, 0x128) copy_file_range(r2, 0x0, r1, 0x0, 0x200f5ef, 0x0) 15:04:15 executing program 3: statx(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x0, 0x0, 0x0) lstat(&(0x7f00000002c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext, 0x0, 0x0, 0x402}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000180)=[{&(0x7f0000000140)="eb3c906d6b66732e66617400020801000470008400f801", 0x17}, {0x0, 0x0, 0x1001000a00}], 0x0, &(0x7f0000000240)=ANY=[]) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x82307201, &(0x7f0000000300)) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r1, 0x112, 0x10, &(0x7f0000000000), 0x2) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x105080, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r2, r3) pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0x3, 0x0) mmap(&(0x7f0000ff3000/0xc000)=nil, 0xc000, 0x1000007, 0xbb487233eb48b219, r4, 0x3df90000) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) 15:04:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 12) 15:04:15 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(0xffffffffffffffff, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:04:15 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:15 executing program 5: clone3(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) [ 668.931643] FAULT_INJECTION: forcing a failure. [ 668.931643] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 668.933119] CPU: 1 PID: 6867 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 668.933957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 668.934976] Call Trace: [ 668.939348] dump_stack+0x107/0x167 [ 668.939824] should_fail.cold+0x5/0xa [ 668.940319] __alloc_pages_nodemask+0x182/0x600 [ 668.940917] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 668.941524] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 668.942276] ? trace_hardirqs_on+0x5b/0x180 [ 668.942832] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 668.943499] alloc_page_interleave+0x22/0x130 [ 668.944062] ? __next_node_in+0x72/0x80 [ 668.944560] alloc_pages_current+0x237/0x280 [ 668.945124] __get_free_pages+0xc/0xa0 [ 668.945619] io_uring_setup+0xe27/0x2980 [ 668.946138] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 668.946776] ? wait_for_completion_io+0x270/0x270 [ 668.947407] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 668.948068] ? syscall_enter_from_user_mode+0x1d/0x50 [ 668.948715] do_syscall_64+0x33/0x40 [ 668.949177] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 668.949823] RIP: 0033:0x7fdf712e8b19 [ 668.950330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 668.952678] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 668.953625] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 668.954510] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 668.955412] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 668.956297] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 668.957227] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 668.961137] audit: type=1326 audit(1748271855.958:261): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=6866 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 668.972120] loop3: detected capacity change from 0 to 41948160 15:04:16 executing program 5: clone3(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) [ 669.184821] audit: type=1400 audit(1748271856.181:262): avc: denied { map } for pid=6864 comm="syz-executor.3" path="pipe:[22442]" dev="pipefs" ino=22442 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 [ 669.190420] audit: type=1400 audit(1748271856.182:263): avc: denied { execute } for pid=6864 comm="syz-executor.3" path="pipe:[22442]" dev="pipefs" ino=22442 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 15:04:16 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 13) 15:04:16 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0xb, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:16 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 669.248968] syz-executor.4 (6872) used greatest stack depth: 23352 bytes left 15:04:16 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(0xffffffffffffffff, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 669.329939] FAULT_INJECTION: forcing a failure. [ 669.329939] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 669.331432] CPU: 1 PID: 6999 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 669.332275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 669.333339] Call Trace: [ 669.333675] dump_stack+0x107/0x167 [ 669.334153] should_fail.cold+0x5/0xa [ 669.334626] __alloc_pages_nodemask+0x182/0x600 [ 669.335219] ? check_nnp_nosuid.isra.0+0x2a0/0x2a0 [ 669.335822] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 669.336564] ? trace_hardirqs_on+0x5b/0x180 [ 669.337095] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 669.337731] alloc_page_interleave+0x22/0x130 [ 669.338283] ? __next_node_in+0x72/0x80 [ 669.338770] alloc_pages_current+0x237/0x280 [ 669.339330] __get_free_pages+0xc/0xa0 [ 669.339810] io_uring_setup+0xf9a/0x2980 [ 669.340313] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 669.340976] ? wait_for_completion_io+0x270/0x270 [ 669.341588] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 669.342267] ? syscall_enter_from_user_mode+0x1d/0x50 [ 669.342900] do_syscall_64+0x33/0x40 [ 669.359397] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 669.360022] RIP: 0033:0x7fdf712e8b19 [ 669.360474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 669.362709] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 669.363644] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 669.364524] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 669.365395] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 669.366261] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 669.367143] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:04:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 14) 15:04:31 executing program 5: clone3(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:04:31 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) 15:04:31 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(0xffffffffffffffff, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:04:31 executing program 4: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) r5 = perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000580), 0xb}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x200, 0x0, 0x0, 0xef9e}, 0xffffffffffffffff, 0x0, r4, 0xa) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000040)={0x0, 0x1, 0x1a, 0x1a, 0xca, &(0x7f0000000180)="3cd5aba7e1cd88ebd5a882b591e8912a78446d74ee5d06a37571998da1cdfd571e205986ae8292af77d3ab587bbab4432ad4e3bff3798b3c93172c670151360d6c1e6009fc98d286e72f14b746f989e31698f4a4a077aa2fc1c554aeccd4aaab44d13743904b1eb86a4cbfd9e1d18617f2ad085158e9c51c030f5aafe9fff6917a338bdd9a0ce6abea29a31f3ac0b00b66f23bdaf453e9bc51a30b487025e0564bf17b9e0872bf735562fa95af8ac94f839ce9efc5b72560c094596d4a7469edca81bc6f7ae6654a09c9b3fbc2b16bd83ec92fa42dcd36522a191c1128b700345f98fc909ad076119ce763a4b655de26b00f242fcf27c684d3d9421f4c03b3547fa488a609fcd37f2390df9e35e48d21cc69b857a6e4498d723f07bd36e6b1e10cf8e2d17dcc9212709be46406a53567140900e066ccb35d855a91d15d55a5209bed8ffda561dff2d1d64543c83cd6a9e5341b137d01d2476a10d8bf404bc515fbe460fea854fa22d3cbad11f594b91c542b2c5d1ab945b71351959fd3c84a993aec6332884e3d3367b5484359cad616599ae0ee1fd7f3ab959f295de253773751b91a43da195906d53867cb50b1c5cfede9c86f31d78a80961234d588abac84aa49988a7d99b806c07423c8a746bd97c02b38a741fdc55390965e92c941230669b92b55db5267295cbd5e999adb77659f5c9b38cbffda16edaac0a1b86991511b7bef365ec23beb0f6722c0cfba44d8c0f989eecce8d70a17f053cce158841360d5ac1769c12ae1e9b136dbe64a2374b192ddebfe41492974940f6b57e86110c45e73daa8be53dab7528156e27e39aa96f49b3e6d6c0c8aa4d62b10544ab6127f90dcfce006eda8efedc669a7d2753e5968594e5baef76f936c584edef3ebd73dadb2dbe0ac69bd8abea9115a880b756e1dab56ab148bd14a931d499590d84334b9a3dd86f25edadaa9566f566c368dcf455dbbbb85481bcb29e6349ffb5d0aa1252d59bb4f8ff5cc56eb15a60ec39e32b39bf07443b6bb161b240dc79ed838cb4b09d3b328a8b07c34b699537a4c8af9a5931fa9c50fb8cc6806cebf7a32c3571bfba3aa8b723079e83f702b82b915ed056bb4ee8322fc7f69d56d3538a80e5a7d6904d43132e1d3caeb167d4c31c3dd9079dae49f1454fb06c35e93e67f820cad2377bc7452e510d739c5c0350e121fe88e43016f4227b4f972ce5a95d3b84e1f9aa43b40ec2f1a837461f5e16c837c38e883e129945fe7f6aafc4f59b381363c39d61aeec0670b77d15ff3135b00e13d8e19a79309ee181c900666ffa8a762fd1b50b88b065ca78fd6e6856b3abe7750cc21df5939c9ebb26897ba1c8131722f44050fb5a71ce6783adcc85917b135ce8248130106a34662f5bfdef1a7fe8b96e5243fb1761d715e5e7dd79eb432d3ac3929aaa7d33e4fa59298eccab19e"}) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x0) dup2(r7, r5) 15:04:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:31 executing program 3: r0 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), 0xffffffffffffffff) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, r0, 0x100, 0x70bd29, 0x10001, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xc1}]}, @MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x40}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x805}, 0xe19430a590904244) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff810012eb}, 0x0, 0x0, 0xa1b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = getpgrp(0x0) r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x82000, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r10 = fcntl$dupfd(r7, 0x0, r8) sendmsg$NL80211_CMD_JOIN_MESH(r10, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(r5, 0x89f4, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000300)={'sit0\x00', r3, 0x2f, 0xc2, 0x40, 0xf03a, 0x21, @private1, @loopback, 0x10, 0x80, 0x7, 0x1ff}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000480)={'gretap0\x00', &(0x7f00000003c0)={'syztnl1\x00', r3, 0x20, 0x10, 0x3, 0x1f, {{0x21, 0x4, 0x1, 0x34, 0x84, 0x66, 0x0, 0x6, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, {[@cipso={0x86, 0x19, 0xffffffffffffffff, [{0x0, 0x9, "737048905e9662"}, {0x2, 0xa, "b2b884a99d65f420"}]}, @ssrr={0x89, 0x17, 0x7e, [@rand_addr=0x64010102, @empty, @local, @private=0xa010100, @remote]}, @cipso={0x86, 0xa, 0x1, [{0x7, 0x4, "9ee1"}]}, @noop, @timestamp_prespec={0x44, 0x34, 0x65, 0x3, 0x9, [{@local, 0x1ff}, {@multicast1, 0x3}, {@loopback, 0x10001}, {@private=0xa010101, 0x5}, {@remote, 0x5}, {@multicast2, 0x10000}]}]}}}}}) sendmsg$TEAM_CMD_NOOP(r10, &(0x7f0000000740)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000004c0)={0x23c, 0x0, 0x100, 0x70bd28, 0x25dfdbff, {}, [{{0x8, 0x1, r11}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}]}}, {{0x8, 0x1, r3}, {0x180, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r3}, {0x50, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x23c}}, 0x4800) perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x5, 0xc0, 0x8, 0x81, 0x0, 0x9, 0x81461, 0xc, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0xe0, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x4, 0x41b, 0x7, 0x1, 0xfffffffffffffffe, 0x1, 0x9, 0x0, 0x3, 0x0, 0x5d1}, r4, 0x3, r5, 0x8) 15:04:31 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0xc, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 684.253959] audit: type=1326 audit(1748271871.251:264): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=7115 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 684.283834] FAULT_INJECTION: forcing a failure. [ 684.283834] name failslab, interval 1, probability 0, space 0, times 0 [ 684.286139] CPU: 0 PID: 7130 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 684.287233] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 684.288459] Call Trace: [ 684.288912] dump_stack+0x107/0x167 [ 684.289390] should_fail.cold+0x5/0xa [ 684.290041] ? io_rsrc_node_switch_start.part.0+0x43/0x250 [ 684.290895] should_failslab+0x5/0x20 [ 684.291409] kmem_cache_alloc_trace+0x55/0x320 [ 684.292124] ? alloc_page_interleave+0x6e/0x130 [ 684.292894] ? __next_node_in+0x72/0x80 [ 684.293421] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 684.294223] io_uring_setup+0x14f6/0x2980 [ 684.294831] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 684.295496] ? wait_for_completion_io+0x270/0x270 [ 684.296200] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 684.296949] ? syscall_enter_from_user_mode+0x1d/0x50 [ 684.297624] do_syscall_64+0x33/0x40 [ 684.298194] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 684.299928] RIP: 0033:0x7fdf712e8b19 [ 684.300437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 684.303081] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 684.304149] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 684.305166] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 684.306273] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 684.307309] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 684.308301] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:04:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 15) 15:04:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:31 executing program 4: clone3(&(0x7f0000001200)={0x88318d00, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.bfq.io_serviced\x00', 0x0, 0x0) request_key(&(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x2, 0x5}, &(0x7f0000000100)=':\x15\x00U\x1bT;\xfa4\x8dd\xa0\x9d&\xb0Z\xdfv\x8b\x84\x87\xa8K\xff\xb5\xce\xb4\xa7\xab\xc6\xf1\a\xdb\xc2m\xb2w\b\xb7*v\xfdo\x83\'\xd9[\xee|4P\xa7\xe8\xad\x82,\xf5\xd1\xea\xdb\xf4\xf5F\xc0H\v\x8d\xbc\x9e)&nH\x032\x15\x80\x19\xc0\fn\xdc\x8dk\xf2\xe4\x80\x9aJ\xe7\xdb\x8e\xd3\x80*i\x82CT\xb3j%\x94\x15\xc6\xc1\xc2\x82\x83\xdc\xf6sqF\x9cX', 0xffffffffffffffff) r5 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) write$binfmt_elf64(r5, &(0x7f0000001e00)=ANY=[@ANYBLOB="7f454c464f"], 0xb92) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) clone3(&(0x7f0000000480)={0x0, &(0x7f0000000000), 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000400)=[0x0, 0x0, 0x0], 0x3}, 0x58) 15:04:31 executing program 5: clone3(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:04:31 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, 0xffffffffffffffff, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 684.461017] FAULT_INJECTION: forcing a failure. [ 684.461017] name failslab, interval 1, probability 0, space 0, times 0 [ 684.462528] CPU: 0 PID: 7248 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 684.463423] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 684.467505] Call Trace: [ 684.467919] dump_stack+0x107/0x167 [ 684.468398] should_fail.cold+0x5/0xa [ 684.468955] ? create_object.isra.0+0x3a/0xa20 [ 684.469555] should_failslab+0x5/0x20 [ 684.470110] kmem_cache_alloc+0x5b/0x310 [ 684.470722] create_object.isra.0+0x3a/0xa20 [ 684.471280] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 684.472199] kmem_cache_alloc_trace+0x151/0x320 [ 684.472822] ? alloc_page_interleave+0x6e/0x130 [ 684.473433] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 684.474098] io_uring_setup+0x14f6/0x2980 [ 684.474611] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 684.475230] ? wait_for_completion_io+0x270/0x270 [ 684.475887] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 684.476577] ? syscall_enter_from_user_mode+0x1d/0x50 [ 684.477238] do_syscall_64+0x33/0x40 [ 684.477713] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 684.478363] RIP: 0033:0x7fdf712e8b19 [ 684.478835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 684.481177] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 684.482147] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 684.483056] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 684.483978] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 684.484883] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 684.485897] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:04:31 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0xd, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:31 executing program 5: clone3(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:04:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:51 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, 0xffffffffffffffff, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 704.323993] audit: type=1326 audit(1748271891.319:265): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=7388 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:04:51 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0xe, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:51 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x0) 15:04:51 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 16) 15:04:51 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:51 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:51 executing program 3: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_usb_connect$cdc_ecm(0x0, 0x4d, 0x0, 0x0) timer_delete(0x0) timer_create(0x3, &(0x7f0000000000)={0x0, 0x41, 0x1}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000480)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) timer_gettime(0x0, &(0x7f00000002c0)) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r0, 0x1, &(0x7f00000000c0)={{0x77359400}, {r1, r2+10000000}}, &(0x7f0000000440)) socket$inet6_udplite(0xa, 0x2, 0x88) timer_create(0x0, &(0x7f0000000100)={0x0, 0x19, 0x2}, &(0x7f0000000140)=0x0) timer_gettime(r3, &(0x7f0000000240)) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) fallocate(r4, 0x0, 0x0, 0x1000002) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@local}}, {{@in6=@private2}, 0x0, @in=@broadcast}}, &(0x7f0000000180)=0xe8) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/bus/machinecheck', 0x6281, 0x19) timer_delete(r0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x3, &(0x7f0000000380)={0x0, 0xa, 0x4}, &(0x7f00000003c0)) capset(&(0x7f0000000000)={0xc92bfb053a14a5a}, 0x0) clone3(&(0x7f00000001c0)={0xc8182300, 0x0, 0x0, 0x0, {0x34}, 0x0, 0x0, 0x0, 0x0}, 0x58) 15:04:51 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)) [ 704.347460] FAULT_INJECTION: forcing a failure. [ 704.347460] name failslab, interval 1, probability 0, space 0, times 0 [ 704.349484] CPU: 0 PID: 7387 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 704.350610] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 704.352002] Call Trace: [ 704.352334] dump_stack+0x107/0x167 [ 704.352963] should_fail.cold+0x5/0xa [ 704.353435] ? create_object.isra.0+0x3a/0xa20 [ 704.354239] should_failslab+0x5/0x20 [ 704.355019] kmem_cache_alloc+0x5b/0x310 [ 704.356015] create_object.isra.0+0x3a/0xa20 [ 704.356797] kmemleak_alloc_percpu+0xa0/0x100 [ 704.357579] pcpu_alloc+0x4e2/0x1240 [ 704.358154] ? io_async_queue_proc+0x80/0x80 [ 704.358912] percpu_ref_init+0x31/0x3d0 [ 704.359585] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 704.360480] io_uring_setup+0x14f6/0x2980 [ 704.361070] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 704.361963] ? wait_for_completion_io+0x270/0x270 [ 704.362842] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 704.363768] ? syscall_enter_from_user_mode+0x1d/0x50 [ 704.364563] do_syscall_64+0x33/0x40 [ 704.365279] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 704.366184] RIP: 0033:0x7fdf712e8b19 [ 704.366689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 704.369620] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 704.370977] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 704.372073] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 704.373206] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 704.374319] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 704.375697] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:04:51 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x0) 15:04:51 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, 0xffffffffffffffff, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:04:51 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:51 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:04:51 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0xf, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:04:51 executing program 5: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x0) 15:04:51 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 17) [ 704.528225] FAULT_INJECTION: forcing a failure. [ 704.528225] name failslab, interval 1, probability 0, space 0, times 0 [ 704.529694] CPU: 1 PID: 7513 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 704.530539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 704.531574] Call Trace: [ 704.531910] dump_stack+0x107/0x167 [ 704.532362] should_fail.cold+0x5/0xa [ 704.532837] ? create_object.isra.0+0x3a/0xa20 [ 704.533405] should_failslab+0x5/0x20 [ 704.533877] kmem_cache_alloc+0x5b/0x310 [ 704.534391] create_object.isra.0+0x3a/0xa20 [ 704.534944] kmemleak_alloc_percpu+0xa0/0x100 [ 704.535521] pcpu_alloc+0x4e2/0x1240 [ 704.536004] ? io_async_queue_proc+0x80/0x80 [ 704.536559] percpu_ref_init+0x31/0x3d0 [ 704.537063] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 704.537745] io_uring_setup+0x14f6/0x2980 [ 704.538269] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 704.538897] ? wait_for_completion_io+0x270/0x270 [ 704.543723] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 704.544378] ? syscall_enter_from_user_mode+0x1d/0x50 [ 704.545016] do_syscall_64+0x33/0x40 [ 704.545480] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 704.546119] RIP: 0033:0x7fdf712e8b19 [ 704.546576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 704.548853] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 704.549802] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 704.550685] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 704.551602] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 704.552489] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 704.553372] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:05:05 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:05 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)) 15:05:05 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x11, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:05:05 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:05 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:05 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:05:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 18) 15:05:05 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) (fail_nth: 1) [ 718.137044] audit: type=1326 audit(1748271905.134:266): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=7630 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 718.149769] FAULT_INJECTION: forcing a failure. [ 718.149769] name failslab, interval 1, probability 0, space 0, times 0 [ 718.151257] CPU: 0 PID: 7643 Comm: syz-executor.3 Not tainted 5.10.237 #1 [ 718.152155] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 718.153228] Call Trace: [ 718.153587] dump_stack+0x107/0x167 [ 718.154071] should_fail.cold+0x5/0xa [ 718.154584] ? sock_alloc_inode+0x18/0x1c0 [ 718.155150] should_failslab+0x5/0x20 [ 718.155658] kmem_cache_alloc+0x5b/0x310 [ 718.156262] ? selinux_ipv6_output+0x180/0x180 [ 718.156893] ? sock_free_inode+0x20/0x20 [ 718.157421] sock_alloc_inode+0x18/0x1c0 [ 718.157953] ? sock_free_inode+0x20/0x20 [ 718.158487] alloc_inode+0x63/0x240 [ 718.158960] new_inode_pseudo+0x14/0xe0 [ 718.159483] sock_alloc+0x3c/0x270 [ 718.159958] __sock_create+0xbd/0x7f0 [ 718.160057] FAULT_INJECTION: forcing a failure. [ 718.160057] name failslab, interval 1, probability 0, space 0, times 0 [ 718.160433] ? wait_for_completion_io+0x270/0x270 [ 718.160454] __sys_socket+0xef/0x200 [ 718.160469] ? fput_many+0x2f/0x1a0 [ 718.163305] ? move_addr_to_kernel+0x70/0x70 [ 718.163897] ? ksys_write+0x1a9/0x260 [ 718.164369] ? __ia32_sys_read+0xb0/0xb0 [ 718.164873] __x64_sys_socket+0x6f/0xb0 [ 718.165365] ? syscall_enter_from_user_mode+0x1d/0x50 [ 718.165999] do_syscall_64+0x33/0x40 [ 718.166463] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 718.172126] RIP: 0033:0x7febf980db19 [ 718.172587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 718.174849] RSP: 002b:00007febf6d83188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 718.175874] RAX: ffffffffffffffda RBX: 00007febf9920f60 RCX: 00007febf980db19 [ 718.176753] RDX: 0000000000000015 RSI: 0000000000000003 RDI: 0000000000000010 [ 718.177629] RBP: 00007febf6d831d0 R08: 0000000000000000 R09: 0000000000000000 [ 718.178507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 718.179392] R13: 00007ffe463d3e6f R14: 00007febf6d83300 R15: 0000000000022000 [ 718.180969] socket: no more sockets [ 718.181086] CPU: 1 PID: 7647 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 718.182332] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 718.183355] Call Trace: [ 718.183681] dump_stack+0x107/0x167 [ 718.184129] should_fail.cold+0x5/0xa [ 718.184590] ? percpu_ref_init+0xd8/0x3d0 [ 718.185087] should_failslab+0x5/0x20 [ 718.185543] kmem_cache_alloc_trace+0x55/0x320 [ 718.186091] ? io_async_queue_proc+0x80/0x80 [ 718.186617] percpu_ref_init+0xd8/0x3d0 [ 718.187096] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 718.187937] io_uring_setup+0x14f6/0x2980 [ 718.188985] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 718.190182] ? wait_for_completion_io+0x270/0x270 [ 718.191343] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 718.192156] ? syscall_enter_from_user_mode+0x1d/0x50 [ 718.192775] do_syscall_64+0x33/0x40 [ 718.193220] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 718.193830] RIP: 0033:0x7fdf712e8b19 [ 718.194274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 718.197692] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 718.199500] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 718.201504] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 718.203230] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 718.205154] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 718.206849] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:05:05 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:05 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:05 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) (fail_nth: 2) 15:05:05 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x12, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:05:05 executing program 5: syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6673757569643d36343238313437336530362d30366300613932352c00129c58c8e1e5f881a42913c98cd7c0f7945546f73a9c30a7a780368100"/69]) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES16=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00./file0\x00\x00\x00']) [ 718.383837] FAULT_INJECTION: forcing a failure. [ 718.383837] name failslab, interval 1, probability 0, space 0, times 0 [ 718.387070] CPU: 1 PID: 7764 Comm: syz-executor.3 Not tainted 5.10.237 #1 [ 718.388163] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 718.389352] Call Trace: [ 718.389725] dump_stack+0x107/0x167 [ 718.390239] should_fail.cold+0x5/0xa [ 718.390781] ? create_object.isra.0+0x3a/0xa20 [ 718.391423] should_failslab+0x5/0x20 [ 718.428391] kmem_cache_alloc+0x5b/0x310 [ 718.428894] create_object.isra.0+0x3a/0xa20 [ 718.429428] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 718.430050] kmem_cache_alloc+0x159/0x310 [ 718.430558] ? selinux_ipv6_output+0x180/0x180 [ 718.431120] ? sock_free_inode+0x20/0x20 [ 718.431614] sock_alloc_inode+0x18/0x1c0 [ 718.439386] ? sock_free_inode+0x20/0x20 [ 718.439954] alloc_inode+0x63/0x240 [ 718.440402] new_inode_pseudo+0x14/0xe0 [ 718.440887] sock_alloc+0x3c/0x270 [ 718.441323] __sock_create+0xbd/0x7f0 [ 718.441789] ? wait_for_completion_io+0x270/0x270 [ 718.442384] __sys_socket+0xef/0x200 [ 718.442837] ? fput_many+0x2f/0x1a0 [ 718.443282] ? move_addr_to_kernel+0x70/0x70 [ 718.443858] ? ksys_write+0x1a9/0x260 [ 718.444325] ? __ia32_sys_read+0xb0/0xb0 [ 718.444827] __x64_sys_socket+0x6f/0xb0 [ 718.445316] ? syscall_enter_from_user_mode+0x1d/0x50 [ 718.445991] do_syscall_64+0x33/0x40 [ 718.446454] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 718.447078] RIP: 0033:0x7febf980db19 [ 718.447533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 718.454287] RSP: 002b:00007febf6d83188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 718.455216] RAX: ffffffffffffffda RBX: 00007febf9920f60 RCX: 00007febf980db19 [ 718.456122] RDX: 0000000000000015 RSI: 0000000000000003 RDI: 0000000000000010 [ 718.456993] RBP: 00007febf6d831d0 R08: 0000000000000000 R09: 0000000000000000 [ 718.457863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 718.458733] R13: 00007ffe463d3e6f R14: 00007febf6d83300 R15: 0000000000022000 15:05:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 19) 15:05:05 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 718.534091] FAULT_INJECTION: forcing a failure. [ 718.534091] name failslab, interval 1, probability 0, space 0, times 0 [ 718.543548] CPU: 0 PID: 7830 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 718.545747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 718.548292] Call Trace: [ 718.549101] dump_stack+0x107/0x167 [ 718.549979] should_fail.cold+0x5/0xa [ 718.550523] ? create_object.isra.0+0x3a/0xa20 [ 718.551170] should_failslab+0x5/0x20 [ 718.551894] kmem_cache_alloc+0x5b/0x310 [ 718.553214] create_object.isra.0+0x3a/0xa20 [ 718.554577] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 718.555930] kmem_cache_alloc_trace+0x151/0x320 [ 718.556557] ? io_async_queue_proc+0x80/0x80 [ 718.557141] percpu_ref_init+0xd8/0x3d0 [ 718.557671] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 718.558382] io_uring_setup+0x14f6/0x2980 [ 718.558931] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 718.559610] ? wait_for_completion_io+0x270/0x270 [ 718.560307] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 718.561028] ? syscall_enter_from_user_mode+0x1d/0x50 [ 718.561711] do_syscall_64+0x33/0x40 [ 718.562207] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 718.562889] RIP: 0033:0x7fdf712e8b19 [ 718.563380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 718.565764] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 718.566698] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 718.567572] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 718.568523] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 718.569413] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 718.570288] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:05:05 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x2c, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:05:18 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f00000000c0), 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_PROBE_HOST(r1, 0x5385, &(0x7f0000000100)={0x6c, ""/108}) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) r3 = dup2(r0, r2) setsockopt$inet_udp_encap(r3, 0x11, 0x64, &(0x7f0000000000)=0x3, 0x4) syz_emit_ethernet(0x33, &(0x7f00000001c0)=ANY=[@ANYBLOB="79f7ffffffff0000000000080045000000119078ac1e0001e000000100004e200011907801000000df1854c1fb0000000000"], 0x0) [ 731.966344] audit: type=1326 audit(1748271918.963:267): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=7985 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 731.968862] FAULT_INJECTION: forcing a failure. [ 731.968862] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 731.970521] CPU: 1 PID: 7996 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 731.971414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 731.972506] Call Trace: [ 731.972876] dump_stack+0x107/0x167 [ 731.973386] should_fail.cold+0x5/0xa [ 731.973930] _copy_to_user+0x2e/0x180 [ 731.974428] io_uring_setup+0x11b5/0x2980 [ 731.974982] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 731.975651] ? wait_for_completion_io+0x270/0x270 [ 731.976316] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 731.977004] ? syscall_enter_from_user_mode+0x1d/0x50 [ 731.977678] do_syscall_64+0x33/0x40 [ 731.978174] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 731.978853] RIP: 0033:0x7fdf712e8b19 [ 731.979341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 731.985688] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 731.986641] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 731.987529] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 731.988430] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 731.989318] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 731.990207] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 731.992890] FAULT_INJECTION: forcing a failure. [ 731.992890] name failslab, interval 1, probability 0, space 0, times 0 [ 731.994443] CPU: 1 PID: 7997 Comm: syz-executor.3 Not tainted 5.10.237 #1 [ 731.995343] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 731.996442] Call Trace: [ 731.996793] dump_stack+0x107/0x167 [ 731.997288] should_fail.cold+0x5/0xa [ 731.997754] ? security_inode_alloc+0x34/0x160 [ 731.998311] should_failslab+0x5/0x20 [ 731.998776] kmem_cache_alloc+0x5b/0x310 [ 731.999276] security_inode_alloc+0x34/0x160 [ 731.999812] inode_init_always+0xa4e/0xd10 [ 732.000349] alloc_inode+0x84/0x240 [ 732.000793] new_inode_pseudo+0x14/0xe0 [ 732.001285] sock_alloc+0x3c/0x270 [ 732.001720] __sock_create+0xbd/0x7f0 [ 732.002227] ? wait_for_completion_io+0x270/0x270 [ 732.002823] __sys_socket+0xef/0x200 [ 732.003297] ? fput_many+0x2f/0x1a0 [ 732.003742] ? move_addr_to_kernel+0x70/0x70 [ 732.008342] ? ksys_write+0x1a9/0x260 15:05:18 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)) 15:05:18 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:05:18 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:18 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 20) 15:05:18 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) sendmsg$inet6(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="cf", 0x1}], 0x1}, 0x10044809) recvmmsg(r0, &(0x7f0000006900)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/37, 0x25}], 0x1}, 0x4}, {{0x0, 0x0, 0x0}}], 0x2, 0x3, 0x0) 15:05:18 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) (fail_nth: 3) 15:05:18 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x2f, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 732.008836] ? __ia32_sys_read+0xb0/0xb0 [ 732.019899] __x64_sys_socket+0x6f/0xb0 [ 732.020482] ? syscall_enter_from_user_mode+0x1d/0x50 [ 732.021190] do_syscall_64+0x33/0x40 [ 732.021682] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 732.022358] RIP: 0033:0x7febf980db19 [ 732.022843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 732.025244] RSP: 002b:00007febf6d83188 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 732.026237] RAX: ffffffffffffffda RBX: 00007febf9920f60 RCX: 00007febf980db19 [ 732.027101] RDX: 0000000000000015 RSI: 0000000000000003 RDI: 0000000000000010 [ 732.028017] RBP: 00007febf6d831d0 R08: 0000000000000000 R09: 0000000000000000 [ 732.028942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 732.029916] R13: 00007ffe463d3e6f R14: 00007febf6d83300 R15: 0000000000022000 [ 732.032245] socket: no more sockets 15:05:19 executing program 4: r0 = syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x400000000000, 0x0, &(0x7f0000000640), 0x8000, &(0x7f0000000080)={[{@fat=@errors_remount}]}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000005c0)={0x0, 0x0}, &(0x7f0000000600)=0xc) statx(r0, &(0x7f0000000640)='./file0\x00', 0x100, 0x7ff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./file1\x00', 0x6, 0x5, &(0x7f0000000540)=[{&(0x7f0000000140)="11bc782706186ea28b888275f317659b352ed4e6507a93bce46cd7ba970f304b2274b62bc719c4fdb2aea318aa8c6e03df147d39884c8346fc7cce34c9ef415ddddb54715a2870fff4cace1a6a1b098f80a1707dc3c2d8160da9f059ebac142f03a6f24461b54190d0dd382335c1f3648a8ab661", 0x74, 0x10000}, {&(0x7f00000001c0)="94a642e7302923f65b3a9cc3fb2729be5a46bec4c19818ab874108b7e0f69a047ba50ced49d0f333beea2e0ea94f01f7ccd5a7ba8cad35a920f0a021924f0789f02d9e6482953917625f5945896f7a157a388d911ff305cbcb764e966672395bc55c26155fb3937e923ccdad9f876a58e367db1baff7f75860a12613fca0288824fc4c697632bb1322213b1c930bee9605109247", 0x94}, {&(0x7f0000000280)="2fca577e4d95c4587e57d78397e081e912f863f39015cff5f0787910743956f8fa07ab25672f4bd9bd38656dd92e183a19f5d5b860e3d10464ebec0d02e89f30056841a44c89b8d53be72c7c57591296022b76629d0ac8a29c67850ab1ed4409fdc8b66535d71e12d3591e40453859f6c7c7a450ad8c773e0d2eefffc0833a62fbba914ba2d61dca7a459474abdeddf8eed57382b520e025cb56c16adc236cf69efef6329de631f9829924b5db6a117b1aadf05225952a6a15b752d2484bd22fb82787d0f5b76190843d9bb3", 0xcc, 0x551}, {&(0x7f0000000380)="9a6b44e3036740228b9577afe35084b855c33170b8cfe44769fb2749056c82e277a9f72e61402f6bcb257855146fd715b43fdf4d66feab4582fca503f7f8f78db593642c98d60b68cf1ff68b5d586f100e1502ffed799106c52b21334eed865cba6872d2d0ee5796f818c26f6f14b6dc57e3c0dd13f325708a2ab988dd35bcb225ed0410ce7cf7ea15f603d9e50e72cd55eb1753924d2375ebf7b8a0e060f1a4dafe275193a78cc87f567396fc6e40efe9541a629f4a2830832e2ccad4fb67ab659e6beac3573683f5eba1df2f5e2eca50e3ccbd9b231f", 0xd7, 0x8000}, {&(0x7f0000000480)="4abc8339facd91b700e88486c484e6ccd7119a3edb482d82e7952ae051452a3c7625521d56473ad139b71dcc503195fce388b515d636252b51993ec6b1db1c5a5f104fdea562f0d4e88b8d76508e5cb081db2c8d6879a38ec410afe8d029e90fa2465ed25332c922931963173c52be53b3cbf318c0176848367dbf7ef6b53cd6eb2ac4f9f745da332dd828c15bd71182", 0x90, 0x2}], 0x2110080, &(0x7f0000000780)={[{@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@utf8no}, {@nonumtail}, {@shortname_lower}, {@uni_xlate}, {@shortname_win95}, {@utf8no}, {@fat=@nfs_nostale_ro}], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@fowner_eq={'fowner', 0x3d, r1}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@pcr={'pcr', 0x3d, 0x20}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'errors=remount-ro'}}, {@euid_eq={'euid', 0x3d, r2}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}]}) futimesat(r0, &(0x7f00000008c0)='./file1\x00', &(0x7f0000000900)={{}, {0x0, 0xea60}}) 15:05:19 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:19 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='(^:)\x00') 15:05:19 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 21) 15:05:19 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:05:19 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:05:19 executing program 4: r0 = perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=0xffffffffffffffff, @ANYRES32=0xee00, @ANYRES32=0xee00, @ANYBLOB='./&ile0\x00']) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000005c0)=ANY=[@ANYRES64, @ANYRESHEX=r2, @ANYRESHEX, @ANYRESOCT, @ANYRESHEX, @ANYRES32]) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="240000001000010000000000000000960000090005000000000000000500008048000000"], 0x24}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000100)={0x3000000a}) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4305, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x80202, 0x100) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)={0x108, 0x67, 0xf01, 0x0, 0x0, {0x4}, [@typed={0x4, 0x40}, @generic="078ff78dd043c806bb2419634a78bb20ffc0476cc8ecffdabdbf33bc44d8b3948d03b2a6a4313e1100c5037358d3cdb785452c4f027f78336d196cfa4befac3f5ec1e04568536702e081bd619c88e63000b6c49a6ddb7d0f02a7d37bdd89fd5aabe3288081dd16c51fa81982a98fe1e37d74f7343a52a95196f66c79f24c686005d72e86d9cb07f268d5fa2f3a296259c5fdd6a432652abb17bddc66557760894af857443a8908b329539f9b48b832af127edbda3f135aa64d68def3ba5e56a74bf366f8a7ea478c4293c0241cd38df3ef31100871cbeda084d1ee61ffcdeb7bc818f1d751e3df3c5b72e2430a"]}, 0x108}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) accept$unix(r1, 0x0, &(0x7f0000000540)) openat(r4, &(0x7f0000000380)='./file0\x00', 0x24000, 0x20) syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000400)='./file0\x00', 0x10000000000ff9, 0x3, &(0x7f0000000940)=[{&(0x7f0000000b40)="1ddeb83d94ca743d3da6664afb1fbe2b251582abd1f2a0d1c6f5a2eec88d2e2d2c8530002f6615f1186ab2c857c130cb064b08e6fcb8437aa764acabd7113721b3aee36251c5938a25761078b1fd76d4a0033fbb5de9a052d67bb2d24055bf89f78c85303d03938f7eec3b887372044a30b0e1090a60dec66c25a2497d694c389400567581bf91cee387539d7ddf109a1c4cf6a7c30fa0e53e40aece61f13b180b6a9248cecbbc3ee270b788fd4896707ca84376ca1ab800cbeeca8faa82d34b1132cf643d1266c7936e326e5545af8274af13c01c397bf882bcee9389a172c41245eb98b25f0c39e8cc6e93e732eb1bac1416a055d818c262ddf8331b812a4553708fba80", 0x105, 0xffffffffffff7fff}, {&(0x7f0000000640)="c6035cd349b282debcea62835f2323c79ec34a84d1bb8c0f01547ee2fdba2de3d31f51655cc69855a7c1e2e57f1f150d66f64c34c52b2602a87675676152ff389fbf9f22f36e37f6dd7de2c05ec0bf4d9740c44efad3b35ec61dd8b0a92831b9446a1d6662b5f2a7387d34592c354abbe7ab05633c4fadc0f7f74d884ce958", 0x7f, 0x7f}, {&(0x7f0000000a40)="84a859bf9795bc5ff5167543e74de95c9844b158a39fc6d828e0c4c9c0a03b63913b9cad93dffa893d5da19c79e057383e9da20b393816fd5c0ea521a583fe64dce4082cf91d5164e118aae9459866cc981eb93452412d13d7b6b5703897b2345f05c1fd4e5402597931c3cd6e43bd5103894914dfd0ee6fe6882921fb358692f4b64188006b0d1db0a35cd9a9635e38eb3ea41aec60a82597c107f710b45b78009f16fe53180b7e02f4611daf7d8449fec52cd303abe43ce35b04a3bb3566aa61df5c367a22fd9c1ecdee18048127c253d454d054518a8f72ed8854", 0xdc, 0x9}], 0x1002, &(0x7f00000009c0)={[{@utf8no}, {@uni_xlate}, {@shortname_mixed}, {@nonumtail}, {@nonumtail}, {@rodir}], [{@subj_type={'subj_type', 0x3d, 'wlan1\x00'}}, {@subj_role}]}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f00000001c0)=@default_ibss_ssid, 0x6, 0x0) [ 732.179465] FAULT_INJECTION: forcing a failure. [ 732.179465] name failslab, interval 1, probability 0, space 0, times 0 [ 732.181112] CPU: 1 PID: 8119 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 732.182006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 732.183081] Call Trace: [ 732.183432] dump_stack+0x107/0x167 [ 732.183934] should_fail.cold+0x5/0xa [ 732.184435] ? __d_alloc+0x2a/0x990 [ 732.184922] should_failslab+0x5/0x20 [ 732.185423] kmem_cache_alloc+0x5b/0x310 [ 732.185967] __d_alloc+0x2a/0x990 [ 732.186471] ? find_held_lock+0x2c/0x110 [ 732.187018] d_alloc_pseudo+0x19/0x70 [ 732.187555] alloc_file_pseudo+0xce/0x250 [ 732.188133] ? trace_hardirqs_on+0x5b/0x180 [ 732.188698] ? alloc_file+0x5a0/0x5a0 [ 732.189218] anon_inode_getfile+0xc8/0x1f0 [ 732.189777] io_uring_setup+0x138b/0x2980 [ 732.190334] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 732.190996] ? wait_for_completion_io+0x270/0x270 [ 732.191651] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 732.192362] ? syscall_enter_from_user_mode+0x1d/0x50 [ 732.193034] do_syscall_64+0x33/0x40 [ 732.193574] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 732.194275] RIP: 0033:0x7fdf712e8b19 [ 732.194780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 732.197185] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 732.198188] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 732.199100] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 732.200046] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 732.200982] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 732.201898] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 732.228731] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 732.319822] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 732.320837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 732.321940] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 732.340664] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 745.934197] audit: type=1326 audit(1748271932.931:268): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x7ffc0000 [ 745.937144] audit: type=1326 audit(1748271932.931:269): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x7ffc0000 [ 745.946747] FAULT_INJECTION: forcing a failure. [ 745.946747] name failslab, interval 1, probability 0, space 0, times 0 [ 745.948256] CPU: 1 PID: 8139 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 745.948533] audit: type=1326 audit(1748271932.932:270): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7f54f0803b19 code=0x7ffc0000 [ 745.949107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 745.951720] audit: type=1326 audit(1748271932.932:271): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x7ffc0000 [ 745.952638] Call Trace: 15:05:32 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x2, 0x3, 0x15) 15:05:32 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:05:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000001340)=ANY=[@ANYBLOB="000000000000000055677f1a536c79544dd1c9acb2d8390000"]) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001300)={0x64, 0x0, &(0x7f0000000140)=[@enter_looper, @acquire_done={0x40106309, 0x1}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000080)={@fda={0x66646185, 0x8, 0x2, 0x9}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/4096, 0x1000, 0x1, 0x20}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000100)={0x0, 0x20, 0x48}}}], 0xfb, 0x0, &(0x7f0000001200)="1abc3467a4c939e5bc44415432923aefc7b170f328fc2804ab4088a0157e7ed16405c049bd12ccf156e9501b2f63e369fbb7ef3f4ae14723b4c79ad4cf7afcd9679bd48b3eb72aa580fc31b2d1ebdc4b55ab8bf7610b5f2c9fb5e537b3277ccc31a3d68189a4738ae21519ddc538227542df992785a6e2187466d2f82d47edafa79b6fa94e46139e42a1b3c42251617b8902ca2ea08844da01261ad75e0eca79f073c515bd27cf24a00050de604c1cba5cc16c40577cfc0022ece32161823991506badf96ead1a814d7964b8e1ab34486cdba1cf88db13e52543f7dbb430a5aa0c39e0f6b308a80652c82790e4373024898c934f68015074d2360b"}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) sched_rr_get_interval(0x0, &(0x7f0000000040)) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001440)={&(0x7f0000001400)={0x30, r1, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfff, 0x66}}}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x9}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x6}]}, 0x30}, 0x1, 0x0, 0x0, 0x820}, 0x4) 15:05:32 executing program 5: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0xb55c}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r3 = creat(0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x18}, 0x0) getpgrp(0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f0000000300)={0x2, 0x80, 0xcf, 0x7, 0x5, 0x73, 0x0, 0x400, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x8001, 0x0, @perf_bp={&(0x7f0000000140), 0xb}, 0x80, 0x1f, 0x7, 0x0, 0x9, 0x5, 0xffff, 0x0, 0x400, 0x0, 0x8}, r5, 0xd, 0xffffffffffffffff, 0x3) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x300) 15:05:32 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x63, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:05:32 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 22) 15:05:32 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 745.952660] dump_stack+0x107/0x167 [ 745.952677] should_fail.cold+0x5/0xa [ 745.964792] ? create_object.isra.0+0x3a/0xa20 [ 745.965394] should_failslab+0x5/0x20 [ 745.974322] audit: type=1326 audit(1748271932.932:272): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f54f0805197 code=0x7ffc0000 [ 745.976472] kmem_cache_alloc+0x5b/0x310 [ 745.976494] create_object.isra.0+0x3a/0xa20 [ 745.976505] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 745.976523] kmem_cache_alloc+0x159/0x310 [ 745.981432] __d_alloc+0x2a/0x990 [ 745.981911] ? find_held_lock+0x2c/0x110 [ 745.982453] d_alloc_pseudo+0x19/0x70 [ 745.982962] alloc_file_pseudo+0xce/0x250 [ 745.983505] ? trace_hardirqs_on+0x5b/0x180 [ 745.984109] ? alloc_file+0x5a0/0x5a0 [ 745.984680] anon_inode_getfile+0xc8/0x1f0 [ 745.985302] io_uring_setup+0x138b/0x2980 [ 745.985881] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 745.986578] ? wait_for_completion_io+0x270/0x270 [ 745.987264] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 745.987976] ? syscall_enter_from_user_mode+0x1d/0x50 [ 745.988677] do_syscall_64+0x33/0x40 [ 745.989174] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 745.989873] RIP: 0033:0x7fdf712e8b19 [ 745.990372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 745.990696] audit: type=1326 audit(1748271932.932:273): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f54f07b68ac code=0x7ffc0000 [ 745.992715] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 745.992732] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 745.992741] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 745.992750] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 745.992757] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 745.992770] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:05:33 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x3, 0x3, 0x15) [ 746.026077] audit: type=1326 audit(1748271932.933:274): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f54f07b67e4 code=0x7ffc0000 15:05:33 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x4, 0x3, 0x15) [ 746.074546] audit: type=1326 audit(1748271932.933:275): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f54f07b67e4 code=0x7ffc0000 [ 746.101849] audit: type=1326 audit(1748271932.933:276): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f54f07b672b code=0x7ffc0000 [ 746.119051] audit: type=1326 audit(1748271932.933:277): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8140 comm="syz-executor.4" exe="/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x7ffc0000 15:05:33 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:33 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3872, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xffffffff, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18}, 0x0) r3 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0xd431, 0x0, 0x0, 0x2aa}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) syz_io_uring_submit(r6, r5, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0xffffffbd, 0x0, 0x2074, &(0x7f0000000340)=ANY=[@ANYRES64=r6, @ANYBLOB="6e68516d9395dacda369922a27090c8c35bd0801048214c0011e7a5b388c72cf2e4de67f605e3bed2092f5c7af4ebe1e5b3bdedca2bad6e66a5a1befbb727da511f8b3dcf5965a75c0ffe8691f0a68a01c4ce5dba82e4e8525a3d4082dc1d28e595b67f5a8079f3587b32c07bf7bfefbdae403dfbffc828a70f2bc72"]) r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0x5a30c0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r8, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x17}, 0x80000001) io_uring_enter(r7, 0x3970, 0x38d1, 0x2, &(0x7f0000000180)={[0x86]}, 0x8) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 15:05:33 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x5, 0x3, 0x15) 15:05:33 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x5f5e0ff, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:05:33 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:05:33 executing program 6: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:05:33 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:33 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x6, 0x3, 0x15) 15:05:33 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x7, 0x3, 0x15) 15:05:46 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0xa, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:05:46 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:05:46 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x10240, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b8000000130001000000000000000000ffffffff000000000000000000000000ff02000000000000000000000000000100000000000000000a00403c00000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/112], 0xb8}}, 0x0) r1 = pidfd_open(0xffffffffffffffff, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000400)={@private2={0xfc, 0x2, '\x00', 0x1}}, 0x14) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000180)={r1, 0x0, 0x800, 0x2}) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x7, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x2631, &(0x7f0000000040)={0x0, 0xef33, 0x2, 0x1, 0x256, 0x0, r2}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f00000000c0), &(0x7f00000003c0)) pipe2(&(0x7f00000014c0), 0xc000) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/mdstat\x00', 0x0, 0x0) pread64(r3, &(0x7f00000010c0)=""/4088, 0xff8, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001080)=ANY=[@ANYBLOB="780200002700000427bd7000ffdbdf2506000000d012e199abd19c1b18aa0458b56b5fbcc2c12d6ef774f6e883eba470073349db5acaf58eb62a6a5931d34efbe19f070088b4e7f0f7a5ddf39987c8972af782d3baa8c2a3d8019fc24cceb7a82da574fb11153cab0417ebfa73715979d65d51b21b6dca43105fb84ab0e861a53aa339842389054ada4d0907a245aba98d42cf7e001f3610de472b1b97c518f9a43ccd3f75644d3fb2fb128adfbc9fd6ad6940ceb351599b700987f57d18400c12f31263b0a6a39f4549c21ed7e9ccdd6c15638b770d737d45827f78dbe7db080078000000000008003b00", @ANYRES32=0xee01, @ANYBLOB='\b\x00W\x00', @ANYRES32, @ANYBLOB="d194b3ae4be4251d1a00000000066ea8514b664d4b65acd5c910bed754b63301ed587ebd45c595d5794db93bdb171e0a35997066eb6ccb1507cb50bd65ee49b3bdda207138ff6499ff134c110f442e9b10497965ef40c525173254b30cfcfa657ccbb845bfe794f6605bce03490aed4b8acbbcb9359b10ebe92ebb023ab3f815a4250923380d265d4a7c4771ef4f3c15b8c8aa771e464b9f38e9f2fc74b1d271ea633a4ae9ae7d080000009c542aa8fc9bdcc83e865efba76a91b5de0a751ebb29f73a9c67ddc4f02100e0000001ce5aa8d09e6f1fe420712ba901d3789dc91b1975140b1dec58f314437b7dd74ddd91cf9884391275e328745be6a9559cf89d9d169612e0f38fb4d86d9b79d3caf0c5cc00a6b84b3b8ee6713e0c90026039420977c8ead4ead1a4f7af260d7b3af96d691a95736adf637f2fbdfa16445bf5e9b5321c546b6b28547804f7d146526a75b06137c53236d3ac54b4ea0855b154068142554b3a46330e0000"], 0x278}, 0x1, 0x0, 0x0, 0x20040044}, 0x20008010) 15:05:46 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 23) 15:05:46 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:46 executing program 6: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:05:46 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x8, 0x3, 0x15) 15:05:46 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3872, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xffffffff, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18}, 0x0) r3 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0xd431, 0x0, 0x0, 0x2aa}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) syz_io_uring_submit(r6, r5, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0xffffffbd, 0x0, 0x2074, &(0x7f0000000340)=ANY=[@ANYRES64=r6, @ANYBLOB="6e68516d9395dacda369922a27090c8c35bd0801048214c0011e7a5b388c72cf2e4de67f605e3bed2092f5c7af4ebe1e5b3bdedca2bad6e66a5a1befbb727da511f8b3dcf5965a75c0ffe8691f0a68a01c4ce5dba82e4e8525a3d4082dc1d28e595b67f5a8079f3587b32c07bf7bfefbdae403dfbffc828a70f2bc72"]) r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0x5a30c0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r8, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x17}, 0x80000001) io_uring_enter(r7, 0x3970, 0x38d1, 0x2, &(0x7f0000000180)={[0x86]}, 0x8) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 759.996448] kauditd_printk_skb: 18 callbacks suppressed [ 759.996467] audit: type=1326 audit(1748271946.993:296): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8424 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 760.006590] FAULT_INJECTION: forcing a failure. [ 760.006590] name failslab, interval 1, probability 0, space 0, times 0 [ 760.008080] CPU: 0 PID: 8437 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 760.008989] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 760.010120] Call Trace: [ 760.010482] dump_stack+0x107/0x167 [ 760.011001] should_fail.cold+0x5/0xa [ 760.011501] ? __alloc_file+0x21/0x320 [ 760.012018] should_failslab+0x5/0x20 [ 760.012541] kmem_cache_alloc+0x5b/0x310 [ 760.013085] __alloc_file+0x21/0x320 [ 760.013579] alloc_empty_file+0x6d/0x170 [ 760.014122] alloc_file+0x5e/0x5a0 [ 760.014584] alloc_file_pseudo+0x16a/0x250 [ 760.015113] ? alloc_file+0x5a0/0x5a0 [ 760.015635] anon_inode_getfile+0xc8/0x1f0 [ 760.016212] io_uring_setup+0x138b/0x2980 [ 760.016796] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 760.017494] ? wait_for_completion_io+0x270/0x270 [ 760.018187] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 760.018882] ? syscall_enter_from_user_mode+0x1d/0x50 [ 760.019557] do_syscall_64+0x33/0x40 [ 760.020051] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 760.020732] RIP: 0033:0x7fdf712e8b19 [ 760.021211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 760.023614] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 760.024704] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 760.025660] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 760.026565] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 760.027480] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 760.028433] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:05:47 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x9, 0x3, 0x15) 15:05:47 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:05:47 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xa, 0x3, 0x15) 15:05:47 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 24) 15:05:47 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0xf002, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:05:47 executing program 6: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 760.248073] FAULT_INJECTION: forcing a failure. [ 760.248073] name failslab, interval 1, probability 0, space 0, times 0 [ 760.249621] CPU: 0 PID: 8581 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 760.250525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 760.251577] Call Trace: [ 760.251896] dump_stack+0x107/0x167 [ 760.252385] should_fail.cold+0x5/0xa [ 760.252889] ? create_object.isra.0+0x3a/0xa20 [ 760.253498] should_failslab+0x5/0x20 [ 760.254009] kmem_cache_alloc+0x5b/0x310 [ 760.254561] create_object.isra.0+0x3a/0xa20 [ 760.255140] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 760.255813] kmem_cache_alloc+0x159/0x310 [ 760.256384] __alloc_file+0x21/0x320 [ 760.256879] alloc_empty_file+0x6d/0x170 [ 760.257451] alloc_file+0x5e/0x5a0 [ 760.257933] alloc_file_pseudo+0x16a/0x250 [ 760.258493] ? alloc_file+0x5a0/0x5a0 [ 760.259015] anon_inode_getfile+0xc8/0x1f0 [ 760.259576] io_uring_setup+0x138b/0x2980 [ 760.260133] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 760.260829] ? wait_for_completion_io+0x270/0x270 [ 760.261485] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 760.262182] ? syscall_enter_from_user_mode+0x1d/0x50 [ 760.262857] do_syscall_64+0x33/0x40 [ 760.263363] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 760.264029] RIP: 0033:0x7fdf712e8b19 [ 760.264575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 760.267040] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 760.268031] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 760.268999] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 760.269936] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 760.270877] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 760.271860] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:01 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x15) 15:06:01 executing program 4: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3872, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xffffffff, 0x1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18}, 0x0) r3 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0xd431, 0x0, 0x0, 0x2aa}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r3, 0x0) syz_io_uring_submit(r6, r5, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, 0xffffffbd, 0x0, 0x2074, &(0x7f0000000340)=ANY=[@ANYRES64=r6, @ANYBLOB="6e68516d9395dacda369922a27090c8c35bd0801048214c0011e7a5b388c72cf2e4de67f605e3bed2092f5c7af4ebe1e5b3bdedca2bad6e66a5a1befbb727da511f8b3dcf5965a75c0ffe8691f0a68a01c4ce5dba82e4e8525a3d4082dc1d28e595b67f5a8079f3587b32c07bf7bfefbdae403dfbffc828a70f2bc72"]) r7 = openat$sr(0xffffffffffffff9c, &(0x7f0000000140), 0x5a30c0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r8 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r8, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0, 0x0, 0x17}, 0x80000001) io_uring_enter(r7, 0x3970, 0x38d1, 0x2, &(0x7f0000000180)={[0x86]}, 0x8) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 774.351388] FAULT_INJECTION: forcing a failure. [ 774.351388] name failslab, interval 1, probability 0, space 0, times 0 [ 774.356948] CPU: 0 PID: 8686 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 774.357790] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 774.358824] Call Trace: [ 774.359156] dump_stack+0x107/0x167 [ 774.359607] should_fail.cold+0x5/0xa [ 774.360078] ? security_file_alloc+0x34/0x170 [ 774.360657] should_failslab+0x5/0x20 [ 774.361136] kmem_cache_alloc+0x5b/0x310 [ 774.361645] security_file_alloc+0x34/0x170 [ 774.362176] __alloc_file+0xb7/0x320 [ 774.362636] alloc_empty_file+0x6d/0x170 [ 774.363140] alloc_file+0x5e/0x5a0 [ 774.363580] alloc_file_pseudo+0x16a/0x250 [ 774.364099] ? alloc_file+0x5a0/0x5a0 [ 774.364600] anon_inode_getfile+0xc8/0x1f0 [ 774.365135] io_uring_setup+0x138b/0x2980 [ 774.365654] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 774.366280] ? wait_for_completion_io+0x270/0x270 [ 774.366888] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 774.367534] ? syscall_enter_from_user_mode+0x1d/0x50 [ 774.368174] do_syscall_64+0x33/0x40 [ 774.368654] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 774.369284] RIP: 0033:0x7fdf712e8b19 [ 774.369742] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 774.372020] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 774.372985] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 774.373862] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 774.374742] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 774.375622] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 774.376515] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 25) 15:06:01 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:06:01 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:01 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x9) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:06:01 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) (fail_nth: 1) 15:06:01 executing program 6: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 774.401561] audit: type=1326 audit(1748271961.398:297): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8687 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 [ 774.408632] audit: type=1326 audit(1748271961.406:298): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8695 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:06:01 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xc, 0x3, 0x15) 15:06:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 26) 15:06:01 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xd, 0x3, 0x15) [ 774.506641] FAULT_INJECTION: forcing a failure. [ 774.506641] name failslab, interval 1, probability 0, space 0, times 0 [ 774.508102] CPU: 1 PID: 8804 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 774.509011] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 774.513206] Call Trace: [ 774.513544] dump_stack+0x107/0x167 [ 774.514002] should_fail.cold+0x5/0xa [ 774.514482] ? create_object.isra.0+0x3a/0xa20 [ 774.515058] should_failslab+0x5/0x20 [ 774.515542] kmem_cache_alloc+0x5b/0x310 [ 774.516053] ? percpu_ref_put_many.constprop.0+0x4e/0x110 [ 774.516807] create_object.isra.0+0x3a/0xa20 [ 774.517381] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 774.518015] kmem_cache_alloc+0x159/0x310 [ 774.518539] security_file_alloc+0x34/0x170 [ 774.519075] __alloc_file+0xb7/0x320 [ 774.519538] alloc_empty_file+0x6d/0x170 [ 774.520037] alloc_file+0x5e/0x5a0 [ 774.520503] alloc_file_pseudo+0x16a/0x250 [ 774.521031] ? alloc_file+0x5a0/0x5a0 [ 774.521509] anon_inode_getfile+0xc8/0x1f0 [ 774.522038] io_uring_setup+0x138b/0x2980 [ 774.522552] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 774.523176] ? wait_for_completion_io+0x270/0x270 [ 774.523785] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 774.524458] ? syscall_enter_from_user_mode+0x1d/0x50 [ 774.525113] do_syscall_64+0x33/0x40 [ 774.525578] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 774.526217] RIP: 0033:0x7fdf712e8b19 [ 774.526680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 774.528972] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 774.529919] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 774.530803] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 774.531701] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 774.532606] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 774.533490] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 774.535449] FAULT_INJECTION: forcing a failure. [ 774.535449] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 774.540899] CPU: 1 PID: 8810 Comm: syz-executor.0 Not tainted 5.10.237 #1 [ 774.541758] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 774.542775] Call Trace: [ 774.543100] dump_stack+0x107/0x167 [ 774.543548] should_fail.cold+0x5/0xa [ 774.544021] _copy_to_user+0x2e/0x180 [ 774.544564] simple_read_from_buffer+0xcc/0x160 [ 774.545148] proc_fail_nth_read+0x198/0x230 [ 774.545685] ? proc_sessionid_read+0x230/0x230 [ 774.546251] ? security_file_permission+0xb1/0xe0 [ 774.546849] ? proc_sessionid_read+0x230/0x230 [ 774.547412] vfs_read+0x228/0x620 [ 774.547840] ksys_read+0x12d/0x260 [ 774.548278] ? vfs_write+0xb10/0xb10 [ 774.549165] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 774.550400] ? syscall_enter_from_user_mode+0x1d/0x50 [ 774.551612] do_syscall_64+0x33/0x40 [ 774.552534] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 774.553796] RIP: 0033:0x7fe89ba9069c [ 774.554698] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 774.559737] RSP: 002b:00007fe899032170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 774.561806] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007fe89ba9069c [ 774.563546] RDX: 000000000000000f RSI: 00007fe8990321e0 RDI: 0000000000000004 [ 774.565479] RBP: 00007fe8990321d0 R08: 0000000000000000 R09: 0000000000000000 [ 774.567166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 774.568625] R13: 00007fff00d118cf R14: 00007fe899032300 R15: 0000000000022000 15:06:01 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xe, 0x3, 0x15) 15:06:01 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:01 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0xa) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 788.211248] audit: type=1326 audit(1748271975.208:299): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8937 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 788.219382] audit: type=1326 audit(1748271975.216:300): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=8936 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 [ 788.253365] FAULT_INJECTION: forcing a failure. [ 788.253365] name failslab, interval 1, probability 0, space 0, times 0 [ 788.256614] CPU: 0 PID: 8950 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 788.257511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 788.258580] Call Trace: [ 788.258913] dump_stack+0x107/0x167 [ 788.259372] should_fail.cold+0x5/0xa [ 788.259844] ? io_uring_alloc_task_context+0x99/0x6a0 [ 788.260479] should_failslab+0x5/0x20 [ 788.260967] kmem_cache_alloc_trace+0x55/0x320 [ 788.261529] io_uring_alloc_task_context+0x99/0x6a0 [ 788.262140] ? io_import_iovec+0x1120/0x1120 [ 788.262679] ? lock_downgrade+0x6d0/0x6d0 [ 788.263185] ? do_raw_spin_lock+0x121/0x260 [ 788.263711] ? rwlock_bug.part.0+0x90/0x90 15:06:15 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xf, 0x3, 0x15) [ 788.264240] __io_uring_add_tctx_node+0x2c6/0x520 [ 788.272854] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 788.273507] ? alloc_fd+0x2e7/0x670 [ 788.273982] io_uring_setup+0x1fbb/0x2980 [ 788.274514] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 788.275153] ? wait_for_completion_io+0x270/0x270 [ 788.275779] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 788.276429] ? syscall_enter_from_user_mode+0x1d/0x50 [ 788.277093] do_syscall_64+0x33/0x40 [ 788.277561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 788.278236] RIP: 0033:0x7fdf712e8b19 [ 788.278713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 788.281054] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 788.282011] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 788.282905] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 788.283792] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 788.284720] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 788.285617] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:15 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:06:15 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:15 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000000c0)) 15:06:15 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:15 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:06:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 27) 15:06:15 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x63) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:06:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 28) 15:06:15 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:15 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x11, 0x3, 0x15) [ 788.415324] FAULT_INJECTION: forcing a failure. [ 788.415324] name failslab, interval 1, probability 0, space 0, times 0 [ 788.418058] CPU: 0 PID: 8994 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 788.420046] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 788.422549] Call Trace: [ 788.423307] dump_stack+0x107/0x167 15:06:15 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 788.424357] should_fail.cold+0x5/0xa [ 788.425738] ? create_object.isra.0+0x3a/0xa20 [ 788.427110] should_failslab+0x5/0x20 [ 788.428238] kmem_cache_alloc+0x5b/0x310 [ 788.429431] create_object.isra.0+0x3a/0xa20 [ 788.430692] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 788.432157] kmem_cache_alloc_trace+0x151/0x320 [ 788.433522] io_uring_alloc_task_context+0x99/0x6a0 [ 788.434968] ? io_import_iovec+0x1120/0x1120 [ 788.436234] ? lock_downgrade+0x6d0/0x6d0 [ 788.437434] ? do_raw_spin_lock+0x121/0x260 [ 788.438669] ? rwlock_bug.part.0+0x90/0x90 [ 788.439898] __io_uring_add_tctx_node+0x2c6/0x520 [ 788.441310] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 788.442817] ? alloc_fd+0x2e7/0x670 [ 788.443864] io_uring_setup+0x1fbb/0x2980 [ 788.445127] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 788.446615] ? wait_for_completion_io+0x270/0x270 [ 788.448014] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 788.449540] ? syscall_enter_from_user_mode+0x1d/0x50 [ 788.451039] do_syscall_64+0x33/0x40 [ 788.452109] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 788.453598] RIP: 0033:0x7fdf712e8b19 [ 788.454662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 788.460090] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 788.462311] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 788.464403] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 788.466487] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 788.468570] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 788.470630] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:15 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x12, 0x3, 0x15) 15:06:15 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x5f5e0ff) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:06:15 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:06:15 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:15 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x2c, 0x3, 0x15) 15:06:29 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 802.156939] FAULT_INJECTION: forcing a failure. [ 802.156939] name failslab, interval 1, probability 0, space 0, times 0 [ 802.160317] CPU: 1 PID: 9205 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 802.160836] audit: type=1326 audit(1748271989.150:301): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9201 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 802.161412] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 802.161416] Call Trace: [ 802.161437] dump_stack+0x107/0x167 [ 802.161451] should_fail.cold+0x5/0xa [ 802.168375] ? create_object.isra.0+0x3a/0xa20 [ 802.169760] should_failslab+0x5/0x20 [ 802.170865] kmem_cache_alloc+0x5b/0x310 [ 802.172043] create_object.isra.0+0x3a/0xa20 [ 802.173371] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 802.174876] kmem_cache_alloc_trace+0x151/0x320 [ 802.176228] io_uring_alloc_task_context+0x99/0x6a0 [ 802.177681] ? io_import_iovec+0x1120/0x1120 [ 802.178956] ? lock_downgrade+0x6d0/0x6d0 [ 802.180153] ? do_raw_spin_lock+0x121/0x260 [ 802.181482] ? rwlock_bug.part.0+0x90/0x90 [ 802.182707] __io_uring_add_tctx_node+0x2c6/0x520 [ 802.184124] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 802.185649] ? alloc_fd+0x2e7/0x670 [ 802.186709] io_uring_setup+0x1fbb/0x2980 [ 802.187956] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 802.189439] ? wait_for_completion_io+0x270/0x270 [ 802.190844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 802.192361] ? syscall_enter_from_user_mode+0x1d/0x50 [ 802.193913] do_syscall_64+0x33/0x40 [ 802.195027] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 802.196513] RIP: 0033:0x7fdf712e8b19 [ 802.197616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 802.203111] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 802.205341] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 802.207460] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 802.209587] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 802.211707] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 802.213845] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 802.217027] audit: type=1326 audit(1748271989.214:302): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9206 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:06:29 executing program 4: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x15) 15:06:29 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x2, &(0x7f00000000c0)) 15:06:29 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:06:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:29 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x2f, 0x3, 0x15) 15:06:29 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 29) 15:06:29 executing program 2: clone3(&(0x7f0000000000)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x5) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, &(0x7f0000000080)={0xd2d, 0x800, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:06:29 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x63, 0x3, 0x15) 15:06:29 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x5f5e0ff, 0x3, 0x15) 15:06:29 executing program 4: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x15) 15:06:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r0, 0x0, 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r2, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r3}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r3}}, 0x2) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:29 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:06:29 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r2}, &(0x7f0000000000)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) kcmp(r2, r3, 0x2, r1, 0xffffffffffffffff) 15:06:29 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0xa, 0x15) 15:06:29 executing program 4: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x15) 15:06:29 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 30) [ 802.436767] FAULT_INJECTION: forcing a failure. [ 802.436767] name failslab, interval 1, probability 0, space 0, times 0 [ 802.439958] CPU: 1 PID: 9397 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 802.441845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 802.443878] Call Trace: [ 802.444513] dump_stack+0x107/0x167 [ 802.445545] should_fail.cold+0x5/0xa [ 802.446446] ? create_object.isra.0+0x3a/0xa20 [ 802.447543] should_failslab+0x5/0x20 [ 802.448444] kmem_cache_alloc+0x5b/0x310 [ 802.449590] create_object.isra.0+0x3a/0xa20 [ 802.450672] kmemleak_alloc_percpu+0xa0/0x100 [ 802.451762] pcpu_alloc+0x4e2/0x1240 [ 802.452715] __percpu_counter_init+0x10d/0x2d0 [ 802.454108] io_uring_alloc_task_context+0xcc/0x6a0 [ 802.455293] ? io_import_iovec+0x1120/0x1120 [ 802.456334] ? lock_downgrade+0x6d0/0x6d0 [ 802.457471] ? do_raw_spin_lock+0x121/0x260 [ 802.458514] ? rwlock_bug.part.0+0x90/0x90 [ 802.459541] __io_uring_add_tctx_node+0x2c6/0x520 [ 802.460762] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 802.462050] ? alloc_fd+0x2e7/0x670 [ 802.462914] io_uring_setup+0x1fbb/0x2980 [ 802.463896] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 802.465209] ? wait_for_completion_io+0x270/0x270 [ 802.466402] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 802.467676] ? syscall_enter_from_user_mode+0x1d/0x50 [ 802.468995] do_syscall_64+0x33/0x40 [ 802.469879] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 802.471102] RIP: 0033:0x7fdf712e8b19 [ 802.471978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 802.477281] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 802.479161] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 802.480967] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 802.482677] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 802.484374] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 802.486391] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:29 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0xf002, 0x15) [ 802.981513] audit: type=1326 audit(1748271989.978:303): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9201 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:06:43 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x4b47, &(0x7f00000000c0)) [ 816.494219] audit: type=1326 audit(1748272003.491:304): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9470 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:06:43 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:06:43 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x9) [ 816.497815] audit: type=1326 audit(1748272003.494:305): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9471 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:06:43 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:06:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r0, 0x0, 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r2, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r3}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r3}}, 0x2) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 31) 15:06:43 executing program 4: socket$netlink(0xb, 0x3, 0x15) 15:06:43 executing program 2: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = syz_open_procfs(0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000240)=0x0) r4 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r4}, &(0x7f0000000000)) r5 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r5}, &(0x7f0000000000)) r6 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r6}, &(0x7f0000000000)) recvmmsg$unix(r1, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)=""/62, 0x3e}], 0x1, &(0x7f0000003680)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="04008900e2e3db4b455acdda0600000000000000a5f0d698f10383c38f3c6248bc287967dcedd868edd91b8c8de5eaee19a0757a9097483d92805074351d59cc069d178e893457a556c681f675cdac0fa81963a1040c6db7b0e4074556c3ed6440c410621b7057c5324dec184dd3d09f895f7f50c45623775554851dc303261b1ad912adb53f23588169ada0de343731ecca29383d638acd96889b6bb26e2c6c63b4d27ca35bc140ea67081b9b798ceadc721af9ee80b8", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x48}}], 0x1, 0x2000, &(0x7f00000003c0)) recvmmsg$unix(r1, &(0x7f0000003440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000400)=""/27, 0x1b}, {&(0x7f0000000440)=""/241, 0xf1}], 0x2, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x20}}, {{&(0x7f00000005c0)=@abs, 0x6e, &(0x7f0000001900)=[{&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000001640)=""/253, 0xfd}, {&(0x7f0000001740)=""/166, 0xa6}, {&(0x7f0000001800)=""/32, 0x20}, {&(0x7f0000001840)=""/153, 0x99}], 0x5, &(0x7f0000001980)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x60}}, {{&(0x7f0000001a00), 0x6e, &(0x7f0000001b00)=[{&(0x7f0000001a80)=""/99, 0x63}], 0x1}}, {{&(0x7f0000001b40)=@abs, 0x6e, &(0x7f0000001cc0)=[{&(0x7f0000001bc0)=""/12, 0xc}, {&(0x7f0000001c00)=""/163, 0xa3}], 0x2, &(0x7f0000001d00)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0xf8}}, {{&(0x7f0000001e00), 0x6e, &(0x7f0000003180)=[{&(0x7f0000001e80)=""/127, 0x7f}, {&(0x7f0000001f00)=""/151, 0x97}, {&(0x7f0000001fc0)=""/238, 0xee}, {&(0x7f00000020c0)=""/4096, 0x1000}, {&(0x7f00000030c0)=""/167, 0xa7}], 0x5}}, {{&(0x7f0000003200), 0x6e, &(0x7f0000003380)=[{&(0x7f0000003280)=""/15, 0xf}, {&(0x7f00000032c0)=""/183, 0xb7}], 0x2, &(0x7f00000033c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x80}}], 0x6, 0x1a1, 0x0) r11 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r11}, &(0x7f0000000000)) syz_io_uring_setup(0x3053, &(0x7f0000000300)={0x0, 0xd69c, 0x4, 0x1, 0x8, 0x0, r10}, &(0x7f0000fed000/0x12000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000003780)=0x0, &(0x7f00000037c0)) r13 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) [ 816.514531] FAULT_INJECTION: forcing a failure. [ 816.514531] name failslab, interval 1, probability 0, space 0, times 0 [ 816.515940] CPU: 0 PID: 9476 Comm: syz-executor.7 Not tainted 5.10.237 #1 syz_io_uring_submit(r12, 0x0, &(0x7f00000038c0)=@IORING_OP_SEND={0x1a, 0x2, 0x0, r2, 0x0, &(0x7f0000003800)="7830fc91cdc117f2055a249102b991e2aa258e58e7d15483998e417eb6c47cca17c35bd42d70ba13eaa461502d1cea60da410d47103fa73efd99d6c1504f716648000b2d9f196d3863a4de69760ff3d78e6b603d0a367977633e55e7211eddf866a89c9f6bd99a0fd393b10ff9ab958eaa11083524fd506f4d22cace71ea2b8b6dc22303ec23490c57a15923e325cedaf35862a531ea3193129be90f2235e00801e8e95a41cab2f3d526aa1103b442a6cdee56e6", 0xb4, 0x40000, 0x1, {0x0, r13}}, 0x0) clone3(&(0x7f0000003600)={0x20000800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x22}, &(0x7f0000000140)=""/22, 0x16, &(0x7f0000000180)=""/149, &(0x7f00000035c0)=[r3, r4, r5, r0, r6, r7, r8, r11], 0x8, {r1}}, 0x58) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 816.516790] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 816.518952] Call Trace: [ 816.519591] dump_stack+0x107/0x167 [ 816.520477] should_fail.cold+0x5/0xa [ 816.521563] ? create_object.isra.0+0x3a/0xa20 [ 816.522886] should_failslab+0x5/0x20 [ 816.523983] kmem_cache_alloc+0x5b/0x310 [ 816.525169] create_object.isra.0+0x3a/0xa20 [ 816.526442] kmemleak_alloc_percpu+0xa0/0x100 [ 816.527734] pcpu_alloc+0x4e2/0x1240 15:06:43 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0xa) [ 816.528816] __percpu_counter_init+0x10d/0x2d0 [ 816.530269] io_uring_alloc_task_context+0xcc/0x6a0 [ 816.531706] ? io_import_iovec+0x1120/0x1120 [ 816.532990] ? lock_downgrade+0x6d0/0x6d0 [ 816.534182] ? do_raw_spin_lock+0x121/0x260 [ 816.535424] ? rwlock_bug.part.0+0x90/0x90 [ 816.536645] __io_uring_add_tctx_node+0x2c6/0x520 [ 816.538043] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 816.539555] ? alloc_fd+0x2e7/0x670 [ 816.540608] io_uring_setup+0x1fbb/0x2980 [ 816.541825] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 816.543283] ? wait_for_completion_io+0x270/0x270 [ 816.544683] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 816.546203] ? syscall_enter_from_user_mode+0x1d/0x50 [ 816.547696] do_syscall_64+0x33/0x40 [ 816.548765] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 816.550254] RIP: 0033:0x7fdf712e8b19 [ 816.551326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 816.556683] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 816.558893] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 816.560966] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 816.563031] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 816.565106] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 816.567170] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:43 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x63) 15:06:43 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x5f5e0ff) 15:06:43 executing program 4: socket$netlink(0xb, 0x3, 0x15) 15:06:43 executing program 3: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = fcntl$dupfd(r2, 0x0, r3) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\r\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB="08006b00000000000a0018000303030303030000"], 0x30}}, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x80, 0x4, 0x9f, 0x7, 0xce, 0x0, 0xfffffffffff00001, 0x2a408, 0xb, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1f, 0x2, @perf_bp={&(0x7f0000000000), 0xc}, 0x10, 0x5, 0x11ba, 0x5, 0x1, 0x6, 0x401, 0x0, 0x9, 0x0, 0xfffffffffffffffd}, r0, 0x6, r5, 0xf) 15:06:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r0, 0x0, 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(0x0, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r2, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r3}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r3}}, 0x2) syz_io_uring_submit(0x0, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:43 executing program 2: clone3(&(0x7f0000000080)={0x1201900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000000)={r0, 0x14, 0x7, 0x8}) sendmsg$nl_generic(r2, &(0x7f0000001180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001140)={&(0x7f0000000100)={0x1028, 0x19, 0x200, 0x70bd26, 0x25dfdbff, {0x1}, [@generic="4f5bf1b74064980132c6aca68dc874deb2eef0e1c5911df0fbf2e040b132386d3e6b5838a6f8109504bbe10578be9ed2854b938bb80c4f159f6adcefa17afc09c4c86bd53bc215dff9827a7024386c21013b6f32ab0586eb10630f11d4c72d1430b746c7e6f6fa93af83f2af427021f856d4b988e3a04902b82c4922665739606ad1157200edd1d5a0a45c96829cf23b2235cab41873c03be2c180b4899efbe236dc27f9555bfb5dfb904e37a23d3298536d8abc2ed30b5554d873156b0e614e68ca2406e826a07a59870b79623476fce03e46979d3c878af768acbcc7f0c2da2597298aa20ffe214b33d5d6167c7f8a2026ec6587f840b029a209c1a6e0436e14221f6ac09cf885da6c1ba06d73116bcd37a70995dfa00ca4a87d60e3747dec0fae7fbea2dd83234b1f83e3f94314e292cdc34009fb7ca923453a97caf488b695e120c0fb721f39b901bb090b8cdbd64bd10f7c15e2011278cf43cabf969eb4210c680e4c183de98feecd8521c79fbb7f90f451fd5f6e5dd2056b14cd206887a1f37325627eaf1d96693b43cefce6e47273063a70515c1ef76a72ce80ad2860fe4638b6d7627f17dc3ce563da5878ef3b998259e387ef0ef8e5a0706c824633813dc8cb87e1c7e17bffe976caaeb52f3dbeb038c6101105b397873ebdfd78778f636af02ea0e1e57fde5bc11c3e7530d6b18ad0b3836832ae42eaab0093347488f2794d55e35e976a618043440f9203adeb3ce70f8776e2657896f491ab47bfbae265ffb3298a490a760e08c5508668d5692c54283e5165fea8a54b04f4739d7b90b31d5ae1da19322508c803c81d252038765b76490f16fea9a86504068e2b323d8950e0ade433d82576d093347550a212ed2e9f690939db702e7fb85935de26d7c99a490ef57218b30ae3d26cf3eed3347e2b31b1934f887258ddbdca06aaacdd4842fc853055a071db9706eccf299b6d78e3bb5d4d907aec4eba2b086ca9a68160684fdd1b9e91eb94e2e08d7a9d073ac6ab6cd0e47f0dc5214fce030e20005230b12597e6b1a9102d09dbb0389bac59178363eedbc4a70093e55f1821ac0dfdaae02caee063c3fc798ce9332c88e212afa8206139b26fdd76ec52a55efaced1f1250eaf02d06a71f1f82808a728fe017a023c3bb381b1b633d5f8882babfffef3cf6426609c98d37ebbc7847f93c468f53b159a9204bc3be6afa9473631483fa236f86ecfea821a4a16d915715c62da471e2f81b988db56865945102084ff22d08f0b238c55585f5327c2cc3cc7acea18d395c5b819b7524bd4d85b2389cff3f5799e50ea4d50437b646998a1517cbc5a5d25fe98a925e43c9a2da5a1f036037bc4fcf947dd7e47726f81cbc3eb3a9bd35ec8bd3beda3fd00620349151c907b5f282a1bee7ae94808ef4cb4e88093078ca00381b6de1c1bdfaeb7031037e1e40fefe5e305b8008c636e3dd7075c4690578e671bbcd848636de50e2f66aec5aade3789e742b4b15854419a07d49bb97f09b7361fb4b567f1afaff6a07f378b68f1a9a31d2033600d7850146eb9015d8acfa652cc590ede827e7f4ffbf907863db54b1e7432fc653c7f2abe3b4be31c8426b2bd6e513562190edbc121d52b3fc7d9fa48bacac4ffea5e4caacb78f6ed2b76f9cd5c888bfdfeaa581c356ab8575f0772b470dfea3ec01b4e9cf58143c1454f6cc3ad67e9f6f9a9806af8c4d48e050c3a0b093170cf9bb5cfcfa2f6440323311b2e0632224eadc72ac9b6a9eac303351c6cbe3054a1aee0d3cef637e8510ea790d9be6a76ed4225c5ba525f945edc49892634d7574ff7b2e59a862daba45ac8cb4c33737fa54e468f76a981aedea6f9a76b82b94ec4dd464d7389cd6ee88b564a086d674f79d3a82245a927d5eee9302f4f1cd05dc695fb8b602f3c2b90a3ec55977ee1c733f4f2d768351ac7ff086afb5432301c0b580f67b27c83db1a36e5d5ac5727a1dadc29d1d01c3619b50ea93562c03fbba6531236e36949d32cb9ca1536fb3c7c7b33c057d4d57678f5e1fbdb202df9215e7cb972dd9bc92f204d9a1d0d46749b26256fc595d327c982647c47db9397ea03410f8295db5426aed6233cbcc4910dc755f4fadfef27f566d3b33d3fbb5c8b82a1d489f7057e55d4dbd6cbe225d7e8a7ec82b92ef27f06dc468845e1c40bbbb969a68f5e5ba4db50b93a6e87bedefd3b8b92e08a3c7763ae201ec5c49310f1c717bec85a3a94bb49b105c165a66f5d4bc43f4a9688a65dea48b38066f6e7519782c3f4d72d2abbdc7a8a33b105faec79a543b28f70661d0f9f92d1389c37e25497622faf6f9160575796d117110b7980783d1e97192a4886f86d6fbdee0cd9fa2f1dc4d9a5b8ef98bfc6df541776a6ad560308d763a0d53c1e636d33562f9c89f383d4c58ed7d302c4884da7793cd8a4ddfc096dd6a3506cd598b9923f43dad8a6502d00e1b6434ea9163ab62cc8fa03111dd0a36a0793ee88d06bf6868991f826a19ec558e61520ddcc809ac7465a892dfaf1bf62bdd6b5dc4e8b3bc10f15a8c23b1faeb035414c2cb34cf349ad02b462e91187222f33e15df44577b92fad98f05b618380807a87e03b4dcbf7b65e9e8f42877f042457bf7ecd728095fa100b2c970e40ce71f76c91d98d3fd16cd493bd477d4737c189982604b068885c4ae42c8bde39bc1c0a78d86bdf04ab1cdd319b26d9d9301d700750fe0153d05fcf56c6c6b0a8648813d4dc4275dc253d86aca351626d017aa6d9c9ee15fc24753c3ca8e16338138e31792873faec151e62917ccbec09e055d7dc6cc0dd80d8964730b345ae86f1b2bd8652ab4511b9e11eb60178204a37fa6c51f8de78faf5e76e4e1648013aed3d334db89e0667320204c4b87d76743cd0dbf71cb8ecae93e9a5d6439fd78c8991de2450f95cd2b05d363a1787d1f2d67ab8a5c9738ee08b33b043c3e57eecdb49de090499b00a09c7f6038dea3a51aa76e64d3a1d7a082782390073183a8dfe5af933954ab097577da1fd8ee5c600c0d44e3ef4d6bb514a8c263d3a4ca6d8eb131242d2958b6e468597d6760d161ab020cb2b979d2f73159de4f5ef6381136dec67210d1263a8c32eaa9395105c394ec2725c875da96bc476d5087098298f98bc572163fd9f1af611eee1805b70d49e319ed10cf9ac9724f772faf4ac7b5b9b41ad2e723ed7ee8b5116bf6ed2dcc8b03a38b5f3c269331d93db4dd3c551c50226932c18d8338f709c95c4511e1f64dbc37a52b025d15d96cf8cf8488c43044c10d3a07f6a5f66eb6c8d82d24d0cae2fd9feb3bd098b9b158a35dd8a4588b2a919c862bc032abba88537c2619489e8f46e3766da709036939abf1ca52cb09337c096c31abbb7424e810b66fb64d89c4bd50fd582218671a76c266439ae94763502217af141ca04fe4c4188274cd3c9081ef46f36180d449df41e8831d790979b2aa7ab66e469272a733c733777e38538c5abe6ef8092f9a3d439d62ba4512aab452e0335159c7ad8990a9250eddf605121547e251465287740f61b6c5f942df0a9a9773cebfd57b301280d21cd85ac790b49fe2c7391a84e5ba8dd851e7a4150c40e15f8699e8f71a4407f9e36335340a9005c1a2dd45804add93da6b55633f30c3da2c6aa12e67bf96008c33496245a24ec40615dea38fd339c41c881d3fe60ed5f515f021a457c34413655ab90c0ad166bc14135fe1fa217d34d0a62cf772628bcef04e1d8c239975f779a1ba0ec6413b7b37b076a4b2bf4584f05d3f1612e29f95fcfdef337cfdea73eec0aa16af1eea8eaee80215538af90046ea539af12e627f909e623160b94f7ab726c293b0d8178e2c9e1ec90a96374b08c7205e1df32f841309f18ea7644d2c8bbf1a412fffa8423daf166e706fed745def7c6cb7364632713b182abae0e166c288379454ebbd441146c5f12f597f61871a2e1f398e02c5711901c55d6f8ee3eeee258c904c3209672a1d5630546adb017c8c5cb0f97ca6359ba48cb6af38e59991689f56592de499b724136deedf354b53e90316608525e7e394c768a13f30a13a549843899a25313c93538d8588115fca77092e74042839974c56ebc37dc256c2ac6aa3ba07a6c15d63e6e91c58fa704de20edfc37b3371ddb6e55b7b9772b9c1281203a2cddb6685b7909c104bb318475bd4a83ba5064ee193bcada7071f199f78e2d1e494d0169991cb6b1cbb19cd722ff60fba445929d81243b12b5ca6f14640f50b6ef087a62b611c0569da90b764f68da1520747565a4f665334787fe91b2c0cfe967d3994021f6209fcc974844b91a156ff6673b257d938a86310b2e90542719b843c71cd7a389bf2910cf1ae2400d030e32c656ab0f1caefc10d8fd9df72817ec6415f078bee2bf0c600ffbb82e44799e0f091a3599caf53706fb15223aeb0a3daf067fd210e19ad132f179298ee69a4846ae9bbdb258a7dd18d8204b30fab03be79c5cb16eccca1b957583dac35dbab77843401727bdba68f2cd53db9b037a11e978159407146b8854fa3fad6f10e20e9a7d3db983a1f63d033b11dc14356a61ef7b9299ec39dee2aebe7c53686eb555da3851e2415b554e10434bb7780f6373b357c19a07cc4f2f6b04cf4305c53d7ab04ed75855ede09efddb951517ba59c8bd0b63f586f92e15c34cf5a3ca61d2b51160dd7f633802b4977809b46df42796e7d8301c110e3cedfbe297a09535074cb184f7bbef8d0003fbd88b0b86520dfd9256a14712f623acd355b7f464c29c7b508b29a1fa6a90ce23cc377e3273923573501e8695acbf8d2d1f6cb7032e83ea69061710ee65b893c070df5b8257eb5d69dd213d92155eed8ac8efe810fc0a48064bf516fa3936beaaef0f9963b8c24c95c2deb2595d9ba75c4682926ccd69836447f64ee17e9e7f7c5e0ee4f7f3497bb1ed9006eebc794fbe1838b94da71caaa37315065f5bf515bfd32aa61a12aa56cf474d2721b0ed1bdeb8472ad8660c9b27ea749d095d8309a697a0e2c42600695767b733d25fafe45a2f5f0ad2623d131921f97d3051d49f87b5e5ed32f77f1b0213ca769c19e9cd65334f2cb4cef0cbdc7a75b1404d21f2b76bf6fbafe6ecf6542ce7aeccafe49dad064fdb7360682e7208bb453d782a6b34d1e669b433ac044feacb4a971b0a5d656b11f09947e2889cae759b1a1f33f1985bb0c0df1de7c7b285debb99ad8fc962da521f6985661e24bf89305940116ec58766e61128e96e5ef6c3b4f9ba4697cda6a83ddedd57d156b0f8787d4f94a2a37169bd7d760a1889e41a07307b4fd070f5889ccb913c902a4caa435e96999228df6368b4fee20346002483d329768b8b42aeee03d4ca2299105f74e4db19e0e83194e32d5277f5133c7f7bb174e6d804e64410f2a7359ae694203bd4c99cb2206c0c733f3dc32d8eabbbe5b60e34825d03084d5ce74c595454f60cd2f268fa10b1ebc83b1742a3229e157d7e907c8df687aefcc1ec609d452c853c9cad4ee279421c6695cd292539d6fe423f6c8eedb72a75b0cb87e9be642c6a2f8299cfa1d56f1f7ee5c0deca60cdcb87aa570d2ed330fc46f6e769984ba941cd4999b18aa1eee6d9727783f874c5069b277dede5c37d7ccba9ada339fa8797be1f8a8969630425dab17012ca2274368d253cdcc2c10f296ceb0161741fa1f4086ce80e10414f510af3b6efa56d4b8a3d58bc83235a17c77464be46e94f3c171ebd0ae7217a9bdc11a7c6215fe478c3b9d2808376276bc400b096d6dc3d0a8b60f950f3623612ca3b033c23e68877", @typed={0x5, 0x10, 0x0, 0x0, @str='\x00'}, @typed={0xc, 0x7b, 0x0, 0x0, @str='%*.&&\\\'\x00'}]}, 0x1028}, 0x1, 0x0, 0x0, 0x91}, 0x20008000) 15:06:43 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 817.330560] audit: type=1326 audit(1748272004.328:306): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9471 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 830.573494] audit: type=1326 audit(1748272017.570:307): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9733 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:06:57 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:06:57 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x4b49, &(0x7f00000000c0)) 15:06:57 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080)=0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:06:57 executing program 3: sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0xe, 0x6, 0x801, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000002}, 0x80) clone3(&(0x7f0000000000)={0x50e0900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:06:57 executing program 2: ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000003c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffff8}}, './file0\x00'}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = fcntl$dupfd(r2, 0x0, r3) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x68, r1, 0x200, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x17}}}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}, @NL80211_ATTR_BANDS={0x8, 0xef, 0xc}, @NL80211_ATTR_NAN_MASTER_PREF={0x5}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x9}]}, 0x68}, 0x1, 0x0, 0x0, 0x24000000}, 0x20044001) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:06:57 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 32) 15:06:57 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:06:57 executing program 4: socket$netlink(0xb, 0x3, 0x15) [ 830.587151] audit: type=1326 audit(1748272017.584:308): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9741 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 830.601374] FAULT_INJECTION: forcing a failure. [ 830.601374] name failslab, interval 1, probability 0, space 0, times 0 [ 830.603173] CPU: 1 PID: 9745 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 830.604073] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 830.609179] Call Trace: [ 830.609535] dump_stack+0x107/0x167 [ 830.610006] should_fail.cold+0x5/0xa [ 830.610513] ? create_object.isra.0+0x3a/0xa20 [ 830.611120] should_failslab+0x5/0x20 [ 830.611628] kmem_cache_alloc+0x5b/0x310 [ 830.612165] create_object.isra.0+0x3a/0xa20 [ 830.612742] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 830.613437] kmem_cache_alloc_trace+0x151/0x320 [ 830.614069] io_uring_alloc_task_context+0x4a3/0x6a0 [ 830.614739] ? io_import_iovec+0x1120/0x1120 [ 830.615318] ? lock_downgrade+0x6d0/0x6d0 [ 830.615863] ? do_raw_spin_lock+0x121/0x260 [ 830.616415] ? rwlock_bug.part.0+0x90/0x90 [ 830.616976] __io_uring_add_tctx_node+0x2c6/0x520 [ 830.617631] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 830.618322] ? alloc_fd+0x2e7/0x670 [ 830.618816] io_uring_setup+0x1fbb/0x2980 [ 830.619374] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 830.620039] ? wait_for_completion_io+0x270/0x270 [ 830.620694] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 830.621421] ? syscall_enter_from_user_mode+0x1d/0x50 [ 830.622110] do_syscall_64+0x33/0x40 [ 830.622606] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 830.623280] RIP: 0033:0x7fdf712e8b19 [ 830.623775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 830.626148] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 830.627143] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 830.628071] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 830.629009] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 830.629953] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 830.630882] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:57 executing program 4: clone3(0x0, 0x0) socket$netlink(0xb, 0x3, 0x15) 15:06:57 executing program 3: syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r3 = fcntl$dupfd(r0, 0x0, r1) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r8 = fcntl$dupfd(r5, 0x0, r6) sendmsg$NL80211_CMD_JOIN_MESH(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000000038f5bd74b3d86616640914862921443cf56f805049bd1c2424e1e66c1ac399a0a1797cf9f00fb7f8eb5cf7e1ede8702e4e582dc87c5098e122768f6077ce6fac9e815c101fd06b1199e24773d0edf2771fc12f9ec52e5dd4456f9598c2b3e6cc8f5506795852a31b681bd01a47c1c1b88a5d004417fc36f3cc898354f8f24c5a48d7210af21e3e1ab3b127fc379b36d5c7018a", @ANYRES16=r4, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r7, @ANYBLOB="08006b00000000000a0018000303030303030000"], 0x30}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x38, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x10, 0x24, [{0x6c}, {0x1}, {0x18}, {0x6c}, {0x18}, {0x6}, {0x1b}, {0x24}, {0x16}, {0x60, 0x1}, {0x18, 0x1}, {0x1b}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x38}}, 0x0) clone3(&(0x7f0000000080)={0x1140900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0xaf) socket$netlink(0x10, 0x3, 0x15) 15:06:57 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:06:57 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 33) 15:06:57 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080)=0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 830.781112] FAULT_INJECTION: forcing a failure. [ 830.781112] name failslab, interval 1, probability 0, space 0, times 0 [ 830.782659] CPU: 1 PID: 9867 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 830.783561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 830.784631] Call Trace: [ 830.784982] dump_stack+0x107/0x167 [ 830.785490] should_fail.cold+0x5/0xa [ 830.786000] ? io_wq_create+0xeb/0xc00 [ 830.786526] should_failslab+0x5/0x20 [ 830.787033] __kmalloc+0x72/0x390 [ 830.787503] io_wq_create+0xeb/0xc00 [ 830.788002] io_uring_alloc_task_context+0x1f1/0x6a0 [ 830.788688] ? io_import_iovec+0x1120/0x1120 [ 830.789294] ? io_apoll_task_func+0x2d0/0x2d0 [ 830.789878] ? __io_req_find_next+0x300/0x300 [ 830.790470] ? do_raw_spin_lock+0x121/0x260 [ 830.791038] ? rwlock_bug.part.0+0x90/0x90 [ 830.791606] __io_uring_add_tctx_node+0x2c6/0x520 [ 830.792243] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 830.792930] ? alloc_fd+0x2e7/0x670 [ 830.793440] io_uring_setup+0x1fbb/0x2980 [ 830.793995] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 830.794677] ? wait_for_completion_io+0x270/0x270 [ 830.795334] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 830.796026] ? syscall_enter_from_user_mode+0x1d/0x50 [ 830.796717] do_syscall_64+0x33/0x40 [ 830.797231] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 830.797904] RIP: 0033:0x7fdf712e8b19 [ 830.798394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 830.800757] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 830.801780] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 830.802697] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 830.803623] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 830.804553] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 830.805555] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:06:57 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000040), &(0x7f0000000180)='\x00', 0x1, 0x1) timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r0}, &(0x7f0000000000)) perf_event_open(&(0x7f0000000100)={0x4, 0x80, 0x6f, 0x1, 0x8, 0x8, 0x0, 0x873, 0x10488, 0x6, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xfffffffe, 0x4, @perf_config_ext={0x6, 0x100}, 0x400, 0x20, 0xde2, 0x58191caa369af164, 0x9, 0x4, 0x2, 0x0, 0x8, 0x0, 0x8}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) 15:06:57 executing program 4: clone3(0x0, 0x0) socket$netlink(0xb, 0x3, 0x15) 15:06:57 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r0}, &(0x7f0000000000)) pidfd_open(r0, 0x0) [ 831.420349] audit: type=1326 audit(1748272018.416:309): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9741 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:07:11 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 34) [ 844.493386] audit: type=1326 audit(1748272031.488:310): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9994 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 844.509811] FAULT_INJECTION: forcing a failure. [ 844.509811] name failslab, interval 1, probability 0, space 0, times 0 [ 844.511229] CPU: 0 PID: 9995 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 844.512078] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 844.513101] Call Trace: [ 844.513445] dump_stack+0x107/0x167 [ 844.513898] should_fail.cold+0x5/0xa [ 844.514373] ? create_object.isra.0+0x3a/0xa20 [ 844.514940] should_failslab+0x5/0x20 [ 844.515411] kmem_cache_alloc+0x5b/0x310 [ 844.515916] create_object.isra.0+0x3a/0xa20 [ 844.516458] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 844.517121] __kmalloc+0x16e/0x390 [ 844.517592] io_wq_create+0xeb/0xc00 [ 844.518085] io_uring_alloc_task_context+0x1f1/0x6a0 [ 844.518713] ? io_import_iovec+0x1120/0x1120 [ 844.519258] ? io_apoll_task_func+0x2d0/0x2d0 [ 844.519811] ? __io_req_find_next+0x300/0x300 [ 844.520361] ? do_raw_spin_lock+0x121/0x260 [ 844.520892] ? rwlock_bug.part.0+0x90/0x90 [ 844.521429] __io_uring_add_tctx_node+0x2c6/0x520 [ 844.522026] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 844.522673] ? alloc_fd+0x2e7/0x670 [ 844.523129] io_uring_setup+0x1fbb/0x2980 [ 844.523644] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 844.524269] ? wait_for_completion_io+0x270/0x270 [ 844.524878] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 844.529561] ? syscall_enter_from_user_mode+0x1d/0x50 [ 844.530201] do_syscall_64+0x33/0x40 [ 844.530659] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 844.531291] RIP: 0033:0x7fdf712e8b19 [ 844.531744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 844.534008] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 844.534939] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 844.535810] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 15:07:11 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:07:11 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080)=0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:11 executing program 4: clone3(0x0, 0x0) socket$netlink(0xb, 0x3, 0x15) 15:07:11 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x8) 15:07:11 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:07:11 executing program 2: ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xae9}}, './file0\x00'}) ioctl$PTP_EXTTS_REQUEST(r0, 0x40103d02, &(0x7f0000000040)={0x5, 0x2}) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:07:11 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 844.536695] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 844.541598] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 844.542505] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 844.550132] audit: type=1326 audit(1748272031.547:311): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10006 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:07:11 executing program 4: clone3(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x15) 15:07:11 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20700, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000040)=0x8, 0x4) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = fcntl$dupfd(r2, 0x0, r3) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) sendmsg$IPSET_CMD_SAVE(r5, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, 0x8, 0x6, 0x3, 0x0, 0x0, {0xa, 0x0, 0x9}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x1) 15:07:11 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r0, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r1, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r2}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r2}}, 0x2) syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r2}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:11 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 35) 15:07:11 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:07:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) fcntl$dupfd(r0, 0x0, r1) sendmsg$nl_generic(r0, &(0x7f0000001480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc00a100}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x136c, 0x28, 0x400, 0x70bd29, 0x25dfdbfe, {0x3}, [@typed={0x3a, 0xd, 0x0, 0x0, @binary="173dc684866401fdd8ebd54e50b14235f8b8f269af6870a2c01dc59d368a7ce9439f366b83cd7911f65e17b7197aff6fde4c01e9056e"}, @generic="e416a3dea8d698f578faa426ad98bc46f53a28cdf468841bcb2d43349e1cab8cb0e31605c385838fa7fda2f43a6f5d37ccdb12e3afad89029605511b5076ef9f472b6ec05e3be64ce2f043f10c03dafb0f13adfa30", @nested={0x22, 0x0, 0x0, 0x1, [@typed={0x8, 0x2e, 0x0, 0x0, @pid}, @generic="6d8b6a2f0ce1929f23e22000aeda", @typed={0x8, 0x3c, 0x0, 0x0, @ipv4=@rand_addr=0x64010101}]}, @generic="d4c379d5b10896bd38a7650414fb273ef3c9642bec17f4f70ce14cc04f4140b758f7527b091cec6122d312844bb812daab243298a8d6b839093ced420a51d52697bba2ca83f7fece35321648961587a68bd174e5c72a213ba65b0297a19f7cf034020ab15238484b215e42368bb5ff725132a74a455ad5fe8b7dc057e9cf2ab23eed86c3145c944fff86cd86fe2705fe31a25cf35db09eaa5b89874a4e1b8b6ff08fe2adb37afc59f710dc871cc2620ac938c090", @typed={0xc, 0x69, 0x0, 0x0, @str='%&$\xc9:\xce{\x00'}, @typed={0x39, 0x62, 0x0, 0x0, @binary="18ef03691ddf8fe0f614986707e2c35f56df6a6868d1f706cb223a005a21226d4ee298ae342b21e5c10705c60e8d0d6ae46b947c35"}, @nested={0x185, 0x5c, 0x0, 0x1, [@generic="592303868b9810cea38effca21779b1df4c76e73d73884cfbc736f98d9ec76fa2eb36d191aec9e5cacde04a43a6dff1c6eb5aafcef4f73f1008536322a2a054014668fe1c5553a661288529ea802814ee6d3407544cba644fd462b7c82c9524e7746e278b3d894af53b01740ea5fafe9aae40042bbc53ff190b566a1441d10224dd534d872cae985870e3c6aa0d80bca3116d4f77fbbd31dac6778ef7807265ae1d375a84f7953c5ef3afc7bdd", @generic="aeaf0398f279946ee98ad9acefe5379ab8645b82fcc90596e31a32bae33ed97a175bbb09f7481591e55a64a7fbbbde58703e3139e3993c416e045d91d4a5b20e2730f96f0135df81f804b35e5daf62b79fab7ffdd78bbbdf76fbc77e15b47bae1ae58d33926c2aaff286ae0079fc8a0a99e20d609813fef50d295908ffd251fb782b8899fc23d8e71081a17d7aec7596d9a65c0f00034a9b30f34e9b5d1641f9382147dca215967b1d6a7fa519b21e6db009a753fa9084b81fa86a5e152a9f0a878182d0babe2a69d6eb6bb90a6d56adb8df1717"]}, @generic="86db860c47325df431376f13696576bb11461bf31053165375172d0a", @generic="fd9a1f39be62fc596c51360038487d772d27823ef2045d24ad35d01ff1a09a6d1b2c369f4c95d54413ede2cc4ae49005d3a9156796b8d6d40e6b9890140a779bae9225380646cdb675af02b61092fd4244bc58c2ec0d6cd897557e9beb049e2d60bffa794bdc152f0ba2847ceadf2d158eebcae732940a8e11f9259a994fee0f48661968e1cd821164054860f33420625c0cf2b633fd72e139328d5f0ab1e551f4ec36fab0142af07fdb0dbe4c34270e7df53428fcc39b1d3ca7d275b2e43a091c35a01cb5d012341e7d7f8c7e60402c8e41434a8b24cebef59a9dbd591ad648db90a6270a89c46363db0666fe43da4ccf4eb0058c4d5c98edd6f68ca9797ceec95aba499c41f72757c8bae2d44e6f19bc7a1de98c0cda423be4040f94e89c2e8e6d11e2eddcaf4225f0f1965ee2314fd3bc7153b06fe3aa79ec5facb6cf6b9f423d49ee7361e9eca806eb546332b7df149e0b2c5f6028a12c1eff7c0ad681383ebf9a018bc1bc1bdb3047f7305aee28060caedfb0e695798b8d9e4d8181c2484849cf08c0adac664a1af16eaf2a344973ef62d447393ec1439ee9e19d34a225c0eee097684225a3daa834c33f8ca9e905524ae65c67b3d5707cb3987a2bab23d5fc0be9a3aade80aa6f3a3f9f62d6c1b71dae9da7bf6af5427e16928b736d6a859740159b879df9468e97c195402a58ea580a939da0626bbf72dc09b19974ce9a6aacc74686857ddfca780c222597e76e6e746d670af201ceaac24a668d6e18841a8f478996945bc50b9fc239febf879a48787f389b958e593c7a4370257b4dd6af437e9ae2ccd7dcb05b73161c4527b189593dffc6783c61bf33f5c637c2b47a34d8ca8f5bba94f2631e38c4874daf5fc1fe8c06e8e56a51ac4f3898cac709553dacfb74862aa9666d5ae832128696f15db066c09681bad2e2aa057827c6e2dc9927681b14f0b3704554f9739b77e7e219b0cca5d51abdf8594420c7ddb90aa800cc96c27197bf78f5f99e77a840390ea0e33e7dae39ef7ad009d38e8e711e27d085906a2ad1cffb8adf09c6acd6ca76774d74130e68d62cd3eea1727a921e442053baa7c791e246cc31283ed9a7f2c4ce93a88be2a3c225b23f2bf05d2eb31c0f8b293e7a3e117f4d3740aaa7b9fc59c7651b6c575489f662c8f8dc10469a17406f8208fcfef86a60a379874b714a9c87b4d0cbf67abaaed23d05ed920b0e816bd2f67ef7edcf051ba2074435507e2e971d64d7699df679f773b22061b6dc1d71a3eb69b52b0a5a4342ae1bc9199bc6c6905c6a5731a495c61a11b79eb2c8d43b4b23c7aa832ac1bd370e372f06da81e7c686c943b61dd170c15ed0f5d3b5a67c1a3c8e62f1f6ed4050747ab505c01657df7d7c58ea224d16437b1f3af08882dda8a4eb2915830a6b3eb8fec2d7e50d8aa5cdcaa8eb146de46b7c3e69d296b8560fb6b638b1437f61972d2e1b6498718f06af225b9d015ffa65ac54e9fc7deecfb8365369624e315ff1df8dc61ee6d1cbac33e9a870808f95dfc2b418123e949add00a209509b188d245e39076831f322d40c236b68bd6b47695512fb1a0bb5484efb565174598427de602a8479797df6d93a0071f8bc7ac7660995b24dd499bddfa6fb6bc4620219baacb0e0e9502496f0dc87fe448547d587b3d39617f04a09442a3e372f0d55f139312efdc663512d784aea3fe7e4e9f4b2fd45fae4800e5ab255e183d8a980f0a886e61da53277a409202574cc42a33d79e83e42bf5afdc2535403a701518fa7ff758da6d0e1e53344693b6de4e766b471b7dfc4a5b37e35f2c0e1ba5c5c5ac2dedf18b550b4af6923b58bd1f6aa9cc3815e0be7250d983e25c920b91a15f65898dd5494230b1dd20d35e58d59dd1f3a337f6dffe446b7575b165dba776b0b6f9fa66e8be388b6e20ef00e0be07d6f062f96d8cb26ad5146dd7bd4b44daf8a9d6fa82ebaeededa48f1daddfa13990cc452cebd59389688081f17b43f827809b10811b04eafa69cfed94bfd50f4bac5cb1196bdf77b00919418f8d985f7aee5eb4e0efe44e1b477ffda1021b8f1dee092f627c4390c48cf2423f741d80fecff8cfcf732967912182cbe89be7f7a52a0f3a3c9e79cfac2a41b9072d6507e2786e5eb95b258de85218d1fbeac354b9717aab9b714406fa41d31570b14be98a5a49ec3a9e7e69f279b44bcbc0398d72ecc1c21aed5eb6af730caa5b1177cc7e3eaed38fc1410a83c6577bba1210bdc682b39d3b817441ca6e9c676f95ffa1163495ef3314245e5f2d15c2425bf49cee55076ecdd0f40219bdfc598c529c04f60de06345db23d64973c58f600d771b6aca9ef49c3922b37dcad927f4544404944f8fda3e095dc3f0961343c08bf25bf120ee973bd29c38d434079fe7b554eeb0c48e9294b9e26286f2365a13c63414362f64f41610a185096fdc5fa306196127605bef221ac3eb2893ea85e24683a9489b4669591a9806b12d0f7d2baf483e27c6b5aa054a9d1ed1e5894f717701ad5c6fd0d99bf2bca48298f65b85df5dc42a08851dbe7b4daa3c1d1957b424bfca3829a579b09a3cb66ae814d9a9e40db42581e74a208cc7a1ee29b39ebcb25e4bf6a2163d6763fd46ba5ffb8ccbf48235c6b102baf615fe72602da2d30b16744e27718ba15d3f6e8f96328c41c06e01ba528a82e5604925ff4d105037a24961f6aec2460653f44d84afcd6622117baf287ac0442cc9d58b63755aebbc864d29d1d687f2c7d11df7923f661bd4a99c33790cb81ad8fe2480c4c43254f6a0d8736cc5b1377800216c4d37ab601e175f0b1f0ceff65f7701bf8f72bdeee9fd82b752f1e3a578db07ae4d43b925dbf1363ebb29e3abc7746e059270811a942d00ae93ea7477df15d4b25d27eb3718dd09d67c9bab24c1b98040d7fbf286975da16e7ba23327e78a021c02372e5f58dbc1a5ae9a20e974ecea01dde7edb3fd6591dba2de24cc13d8aa5c63cc2fd2cabc11ca40b46500df989ce1d5a8c331e7678f494ba7316c9e2c3a1ce8b43333139447000e98616dc63fcb9960f94a8e4801f9eb8497244cadd2beffd56259baab592a15e0354d95c5d7a4fec14af7491034322965ab3e6d8fbe4e1755c201b25b5285fe30166c7725dbf56c46cf45285e20ae3921de0416d8b9f226aa82b09be1493cdd697aa6147d4323f7b5c10d2ac01b8e7a75d99be49298a9b52d5a5bd5e34e31874b9281cde38238cbaee366fcf667f3823fdc187ae79a0096d9c68811025981ef6f5869170c88f837494f5e354adf111e1cabf09f3ad26b154a37c85239ad770295ec0e125a024ded34a611b441af6f7afe39d09a329f84e0b2fae76adfacbdc0036993ded15e75b92e59556f4441cdcf16b0953e9cc25531747e9f2eb7c6c54373542c4f2b1969e45905dd9af738541138284deb1e506c8204590e24282c0fbe01068e7e7d2aaa50edff25f8776db7661c925b8b0d39c4ebb92146740504c667f026ade95395acb0778364d4cd71d6c415b1a21dd4654a84f2894b86f8bc22588bbc50f97721efe173bad2f84e3abb338c2bc0bc786190b89773272f3c3bbaa6e5362dc8be68240d3a7836086c2068136dd395499ef179cafb04ff3ba682ab6c9ee7e6e1690c2ad55b1c2b7eb1dadcfeb5109fe1173df5457ee4af6c4c99ea201afca250164c81ea87f826b25fbc64c9f4899176fd51a09b20eddbfda587ee1aa4d1e5a80e9095176134158b97e04b41ba87e162f4a610d2d109906e4c4e284a5ac1e556f81d132d3d66f5367c592530e5a68c13d92d257c1b77553666c8edf2ab6911b2c808624a69f20d0b99ca07b29c35d2a24727870e2d0dc1f0b48928082a71932b139a2baa847c533deb845e020f31834c059db29574bac688790471d56c871f684daffebb7e4d078388f2a7a6ffa0090edc3611b553dd758e416840ab68c9c186841d6062038ebc37637e6510521393bd76fc8f79df3c3a916ae22ea829da5acb25945dc09a303d5d5c44bbcd3aa30ecfab5b32c5680ba81cc7feb836795b350d244b25ab068c1f7f87db045009b6d134f8c001bf34d3de09f09143b06c86477509262d5f8e87eac265991a1de6bd4ccd321f377eede95517e519dfbaaa239efdebfced5a123f4edb4d5d6c34e65b61202953325d64f5c92ee3f36bbb2cf3c8d616270a6a223d3ba6e5c633dc3c7bf354425cf92545515ceca8578a1b2c2014a3f0cce0a567727d063272583ec8cfb03ffd68db9019239b1af4a0d7c1562b80be556f820b9b5245bdc0cd25ba0daa623dc8ba2203048c713fbf98a0b8bd8e1e76397686ffa489c5ecebf8de6d3db454cec0590919834a02c14c29d66536fffcf74323bd06fd4410f80341a64459dbe82f2070195049d5c736098ead47799bac85e18b4ca6703b03f647832244623a17ad6ec4f3bd1e2dab4bab3271f996378f9fad1ccd3c377aec4a3a58a4a193f1dfe66672f118548dc381550105a905ddaeb5c95ce4828b196816f2b21884db3a04b62be1326c4ec1ab9b75377d773198ab876cbb4dba558ba818eb58bd5034be7ac637c6c23b57fe2ad12ec3e0d8ae1213f1e4e7745a695adce4ccf39944930d83195a119fb1bef7e0b9545acca300ae16a85d009609071e6a177419d1cd67d23f59eb7aebad82f098ac76becfc1131f6d3a362af48bf501880af9c74b4cfe802065adb084a40d767a7a76040108ded0ef7858ebf39d85e677ee55aa3bd596ca3bf28505b931b1b3cc8a0c851702db793425cf2f2b97ad51694028a135acf7729a78bc0330a073f5b9456e982e8b0e23c09bcadf26f74bda650eca1052c40d39e5068c3c86ac68621c472c6900de7beeccf58ac4438b5891db1fd610ce405c149d4a10fc225c9e33262005baf881e000373901418c48e85e3123668997873e12cd94476e6a728e339598aa2f0929e68c2373ec551640c332c0807a38e1d785fadf56012c566233be62c20e9cae436831fb7f16376bb1f10dd33e16b09fb2fe61ce4ffb8f6dfafed04d5e0adfd50eb130b85580f5e50ddabe978e72ba8afc4d1663bf973f4039dd41ee305283d2776d132421328e55ec267a7cbcfcce42c9c89f00ece1248c0cb120f16c8f2d6b91f1278891621701549407719d57223f24bd3da6fcefe12220141e9118e8d969e32b15f8c3ef32f2e53a49e2a54e3cf55c4f62f280e4c3e8aa414eabb138907599c3fa21382a493383e0796a1f98d2ad6aaa640ded6594248d611fc7e4ae736847dbf89a7ec55da2a28792296da337ff5abbf7bda5fdf50eaa7683a9dc65e8732dbecda26aa1149a91fd7a7ddff15ed09d2bb66299e6ed7d7ade86c415918fe1f7a524a0a8b2f5aed17b9bd555841711797d6cf817504893ba739c9958659437c14ba9e93afb4949b386a6e928a6c83019bd2bf6e01c43213d0c059fc6426393391e610858970b89b984ba36ab23fbc87574f02c8e32d24014e40733d117b9714367df376ded773d931b2b38658660ead3743081641c4db494452cb3e84c16f352441a77ed27e46d27319c298ae0341658734b8b968463e7005bb4b458a94f35d42d3eeb5b7ce8517e80b93cf15b64661c640ffcb63de37af547bd0376a4bfe578d3ee99cd1c913bc1eeca6ff095d4105fca76615672060e269840d787f5d1c30d8e7c93787514fc5a84db9263fcc8bc805793c42ea737b1030409c1aa49023d5c7be8abed6e2a78c61ca9a69a365fc03e0c427eb194e5423d04a1cbeb007ca90189b4a5f968ec917c08a4cfffd1fd1b75d4093e209955bbc7e72c4"]}, 0x136c}, 0x1, 0x0, 0x0, 0x20008011}, 0x20004050) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:07:11 executing program 4: clone3(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x15) [ 844.723443] FAULT_INJECTION: forcing a failure. [ 844.723443] name failslab, interval 1, probability 0, space 0, times 0 [ 844.724913] CPU: 1 PID: 10202 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 844.726707] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 844.728683] Call Trace: [ 844.729342] dump_stack+0x107/0x167 [ 844.730221] should_fail.cold+0x5/0xa [ 844.731141] ? io_wq_create+0x6ef/0xc00 [ 844.732101] should_failslab+0x5/0x20 [ 844.733018] kmem_cache_alloc_node_trace+0x59/0x340 [ 844.734524] io_wq_create+0x6ef/0xc00 [ 844.735426] io_uring_alloc_task_context+0x1f1/0x6a0 [ 844.736617] ? io_import_iovec+0x1120/0x1120 [ 844.737773] ? io_apoll_task_func+0x2d0/0x2d0 [ 844.738853] ? __io_req_find_next+0x300/0x300 [ 844.739931] ? do_raw_spin_lock+0x121/0x260 [ 844.740970] ? rwlock_bug.part.0+0x90/0x90 [ 844.741612] __io_uring_add_tctx_node+0x2c6/0x520 [ 844.742206] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 844.742894] ? alloc_fd+0x2e7/0x670 [ 844.743367] io_uring_setup+0x1fbb/0x2980 [ 844.743900] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 844.744527] ? wait_for_completion_io+0x270/0x270 [ 844.745133] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 844.745796] ? syscall_enter_from_user_mode+0x1d/0x50 [ 844.746431] do_syscall_64+0x33/0x40 [ 844.746890] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 844.747526] RIP: 0033:0x7fdf712e8b19 [ 844.747984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 844.750263] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 844.751215] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 844.752097] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 844.752974] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 844.753868] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 844.754745] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:07:11 executing program 3: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r1}, &(0x7f0000000000)) pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = gettid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000011c0)={0x0}, &(0x7f0000001200)=0xc) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) clone3(&(0x7f0000001280)={0x1001200, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100), {0x28}, &(0x7f0000000140)=""/4096, 0x1000, &(0x7f0000001140)=""/86, &(0x7f0000001240)=[r1, r0, r2, r0, r3], 0x5, {r4}}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:07:11 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) pidfd_send_signal(r0, 0x3b, &(0x7f0000000000)={0x8, 0xffffff25, 0xfd}, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x1, 0xffffffffffffffff, 0x2) 15:07:11 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r0, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r1, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r2}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r2}}, 0x2) syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r2}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 845.333840] audit: type=1326 audit(1748272032.327:312): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=9994 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:07:25 executing program 4: clone3(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x15) 15:07:25 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x5421, &(0x7f00000000c0)) 15:07:25 executing program 5: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) 15:07:25 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r0, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r1, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r2}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r2}}, 0x2) syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r2}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:25 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:07:25 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r0, 0x40089413, &(0x7f0000000000)=0x2e9) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:07:25 executing program 2: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)) syz_open_procfs(r0, 0x0) socket$netlink(0x10, 0x3, 0x15) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:07:25 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 36) 15:07:25 executing program 5: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) [ 858.302062] audit: type=1326 audit(1748272045.295:313): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10365 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:07:25 executing program 1: r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 858.369762] FAULT_INJECTION: forcing a failure. [ 858.369762] name failslab, interval 1, probability 0, space 0, times 0 [ 858.371817] CPU: 0 PID: 10462 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 858.372842] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 858.374061] Call Trace: [ 858.374450] dump_stack+0x107/0x167 [ 858.374978] should_fail.cold+0x5/0xa [ 858.375547] ? create_object.isra.0+0x3a/0xa20 [ 858.376209] should_failslab+0x5/0x20 [ 858.376759] kmem_cache_alloc+0x5b/0x310 [ 858.377361] ? io_wq_create+0x114/0xc00 [ 858.377934] create_object.isra.0+0x3a/0xa20 [ 858.378565] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 858.379314] kmem_cache_alloc_node_trace+0x16d/0x340 [ 858.380092] io_wq_create+0x6ef/0xc00 [ 858.380663] io_uring_alloc_task_context+0x1f1/0x6a0 [ 858.381399] ? io_import_iovec+0x1120/0x1120 [ 858.382030] ? io_apoll_task_func+0x2d0/0x2d0 [ 858.382677] ? __io_req_find_next+0x300/0x300 [ 858.383315] ? do_raw_spin_lock+0x121/0x260 [ 858.383935] ? rwlock_bug.part.0+0x90/0x90 [ 858.384550] __io_uring_add_tctx_node+0x2c6/0x520 [ 858.385248] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 858.385995] ? alloc_fd+0x2e7/0x670 [ 858.386562] io_uring_setup+0x1fbb/0x2980 [ 858.387201] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 858.387944] ? wait_for_completion_io+0x270/0x270 [ 858.388659] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 858.389432] ? syscall_enter_from_user_mode+0x1d/0x50 [ 858.390184] do_syscall_64+0x33/0x40 [ 858.390732] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 858.391474] RIP: 0033:0x7fdf712e8b19 [ 858.392008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 858.394655] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 858.395824] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 858.396866] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 858.397881] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 858.398783] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 858.399697] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:07:25 executing program 5: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) 15:07:25 executing program 4: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0xb, 0x3, 0x0) 15:07:25 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x5450, &(0x7f00000000c0)) [ 858.520987] audit: type=1326 audit(1748272045.518:314): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10504 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 858.566324] audit: type=1326 audit(1748272045.563:315): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10515 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:07:25 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:07:25 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0xc1e, 0x800000) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000100)={0x10000, 0x3, 0xfffffffe, 0xff, 0x2}) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:07:25 executing program 3: creat(&(0x7f0000000000)='./file0\x00', 0x0) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x2, 0x91f) r2 = socket$netlink(0x10, 0x3, 0x6) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x4, 0x210000) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) stat(&(0x7f0000000900)='.\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000014c0)=ANY=[@ANYBLOB="000000000000f279db23820a00a53187a100eeee76ca548a4c14e182d736257249c228d5dda761eaaa1adcfb537a86b2259dbe90dd04ae9c805ef3cb75524ed2deac10ca1b825a3cc513d28415522ee81c4dcf36e94b1e1c9f95826d2adfe658a56c1ccc9344056d9729558ef197e54d38f5b595352d91ed817c9d9989e06c57ea85a4a7c526e6ff23a36c4815e93e"]) splice(r0, &(0x7f0000001440)=0x5269, r5, &(0x7f0000001480)=0x741, 0xff5, 0xe) pipe2(&(0x7f0000001c40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x1000) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000001c80)=0x9, 0x4) setresuid(0x0, r4, 0x0) r7 = syz_open_dev$vcsa(&(0x7f0000001400), 0x6, 0x111800) sendmsg$nl_generic(r2, &(0x7f0000001c00)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001bc0)={&(0x7f0000002040)=ANY=[@ANYBLOB="e0070000260000082cbd7000ffdbdf2514000000b202688008007800", @ANYRES32=r3, @ANYBLOB="930034005104e7f57f58093fc7aa01b94cc7fb7c6c11ba3bf84c1be84d656955f7474f0567536dc13debad94e6cb1ae5471a2ae7a0eb11603e91a6c60fa206497a857dd2ddc5ef6954304a108d3cd614116e90aec813500905c69caac063fa3d7b5913b4b81b580a9dfc802c02a315e8bea7ddbcdf1a64adcaab9c53ed973d0049ed657785fc76b88f66b8c7da1b5196b37292008240742d7d22eee0a5d6adaa5dbfdb43b1df47ee3996e2673e8fd1633fbfc9e73cb54cb80b3c7c420773f4a2314926bf2259ea1bfbe57f70f004025499dd9fc1432964dc658ffb20df0a2102f1d5d70b6672e57e6e44777d9f966bf1373f0d093f3695587e08974707158dfc9b149d1cdd07be6436fc98c295d74ee2d7660eacbc8a52725c9246c98f4fa948d061eaecd26785f98816112c31a2369d8634d54c97d4e9ff01b43e974721ec2188159d025c5e2d184917bebe3c8b5c505ca90fcd293c0d87a3ab4f5cd1b6cf323a74e4326e213b868f6749ecae130958aa215834dcef61ee2f371ac1a994fee6c6e513c83aa0018960a0c27516138f16f4512a125a7d3b2c137854583965ba4980f635ba4b6403991069e1819884c62a70a974c428813fc16ec78eb0a0c0fb0ed68b09c749cffe9e020e81c76b628a9ee73d17a881827e1ac78728ee04c3a3fce33dcaaf37a6243422e688fc94237ec36ada1145be2184680bb2bca3b6fd1212e3d078dca5f1ecd2f7c000de0418a33f8cf600e35a030867cb7e2dbc76ab3ff001277b285b871103be0475d160fbe59219c859131bf22a95cee23e3058fb51268877dbbe4df627cd5ed7cfef83eb7d903ecede778ef243a710c22480dca866e8d6782bf5594f9e27bb6e8cf2c87f555c3298d87733cdde6db03f1cd4464358b63e00f7d4a908591fbaacbbf43c776dab226b41ea7c0edd729f3a067de3463e62b74f30924c9a000059019480241d9e19c1ec1f9404f22c13be5d83cf5efba1882c3c7b4b5c4efc6dc80a1037347623ff843957d11b5179038fad5bf414a727582692358603182a615fb890dd7cd1df7fa6643f4603c5b1a370f3adfcb155cc4b72868bf2b25fcaee0df41fac65e075290a269e27728d5b88dc80544a080abb655ccd7ebad5a3cd67b6e57e2b8331e3c82678c235d2f1f88caed7826069a735654d306798085b65bf0d343c558e6fd57365cb8a9888996d468c43ae8a8a053de711065842b713a460cb9d52ec9568b60b18d4c2296a422f9a1dd1ff49df0b9e5275ba5a7a18a44d13e9f6d55d47f167dc99dc7c521470088198593394cd9baec1d6c0b7248c5145d868eb0e23c8f4a6be3499b88b032d5549dddb5c2c32eee70f043fda139c8d996c5e54afc7887bab866c849c3c111b9bf0b1d89e9e3df04ca303f76ac237d98818a84a8a0d80b3af7fabb503ae920ad106318ef61965f3b5dc2a000000a900598008005200", @ANYRES32=0x0, @ANYBLOB="749bd99adb97aa70af448bab632a4f7a353695b9cb7747035a88a6805a4671573a2b9589d67e2984105ba24300eabd31c1af3be70cee35d0dc4a481d1df43073edcb78afae7d0911192ba0d1141f018cccb9170f1ffa7e5cbc5faba48a5b071a8cccadfddd405771319fa9ad5a5a5520a14830d9855bb152bf25f55bfc2722f366efd535cf60af7d4723f1ae9e27fd7a60376ce5cb5db7048b20ccf32c5f080096000000000000000008002000ade6783b4efb2ea5270162205ad17afd18e17e61087b4a819e294327c46f10fe2c8301cd4646eab7add72f7365793f562ff1a2ee3e52f4600753f908b2102c0edc927e61b7e5aae36330239c56d4873d7b38aed34f688b4e6add87d99071cb2f49b9984d8c6b465cd6dc12b7833fc1b2ca7a3cfd52aadc38c4e7cf03852b0ea1ba1b36", @ANYRES32=r7, @ANYBLOB="119921c2bfe1034db46fe0813dfdaf62ca09d9256533563511957d03ec72c684fae951edc3a97864c5d645028584e542b1ecb6fecfa5baf3879892923c5526c719ecfdd9d176830cba6d9f09bd9c1a1e383cc41175b7b4c2cef43ae86ae72be20f0c6b58c5a3ae03505007e0e6d86a4c6a9c98fa020be721220eac758775e690898855b4e73f23df78feebd6e1698f23027fdd8bbba9bb64ec972bcaddbe49661cbfbee8eef3cd22c838f35d3ed47a23bb82ee3b5c4f027e800303cb5164618aebfd4130415a89232c8bc078d60a405649d04b380b1c220736669d44f03cd5a8dc6ad570eb87157c646838300e4bd7ea7cfdde661b48ff01f2c727b8d78c04c5cf5ad115c912c178e1b8962eead0cc2bbabfec5eb06ac653d92e7df0587dc7688a150b58aef81aeeaedb8727ab3fab7f79d26d5789e6c852e1f8fec638b0ee38c86d12441457a81b28aaeabbebffbf62f963ce7dace85dd43f2cde6e4fd71daf645d4c73819191595af3b27dcc4de2c45aaf8e0f640ce484c31f1fc0c5b60835955aba9ce2ca7cc4b0aef6ee3354d5cb113db6ac4df552da5dac8f5f7c8f36b3024f46cc4576a21098014601a315e365cd2e34313befbf951dc9d2064705a62a36fdc98f3faae74b0726da316e996b6def12f9aab5458831ad8356338d7cf9ba580a14259b6e202085f2c6d19aef9c8b582a9c66f404ea255af7e4fb5a9ac6c7ec895cf9e2b48584895159fd094167107e08d7da53746e416ab13c0e149e6e723d6a52ef9e06bf0cfd81a776255cd203d09374be69f96f21d44b8bc9878daf7b9d6dcc0c2ff72994e21b98382a1dc9ba16fa26f0cadde78bed089f6e9fe336617ddf77f136f9a55f35a4616c9bb351d013f87b7ae2471d9d2ae2912428c6df34735216f89b8392c4dab44c4e9bc8d1b0e064fbb7799d81257afaedc274d5cfdad1ca863217ebd26443224b83709b6d37820d695ea5f404f466eb45b3069f7ea68b57901fd5ba28691452a0bd73b020c9323c00ef65fdea59e31d457bd5fc13147888400032ed116fee5e585ab704be27d3e4845c14eea8bbffc4f82d71067ce51e552f610001000016939a1cec0c73cca8329c6b8bca19344e61216034c0cb4bc84f178c1c22af085306acfba280591a2dd871be414ffe53de29fd239514cb2aeffb1a3d19d060653a484a69e3a44805d7d380881b687b79d50f5715adf45651a6b32ee7f7d51291093a29fe2531a589f95f5c976173d4e16a36a2a1f4b4b2e1eb77f9c0b589982b9ec9f0154f755ef2de031cf5399b4816f820c37052f1882e6b721899290ea70d810754a33e386b86dbc975067e3e156126aaaba37cfb66468fbd127189aaff8b903617181f0dfaa25b8822961c9981e5889e37f3befa1ee48c5bcbe7a0d6650d04b02675beb4a5d4360bdfb1ea33cd9cdeb005233524f7d8e3eae51ca4db"], 0x7e0}, 0x1, 0x0, 0x0, 0x20008080}, 0x40) ioprio_set$uid(0x3, r4, 0x2004) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001cc0)={{{@in=@initdev, @in=@remote}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000001dc0)=0xe8) pwritev2(r1, &(0x7f0000001340)=[{&(0x7f0000000100)="9e29fbe0f356aea66cb944598701452aec185be6a962dfec6ed62c725c9c1871a9c8953caab5e53cfc09652433c540dcae4a11dd8b0b5d5e36f72362d7c72ed3dc1104e94efe7ada9947dee6a50ced9a91ddab384204d226991eb1d99e30c362ff6abb6aa73ac7b534abd50ca5983d19c6030481aec4648fef4c1f08d251da038ec5d840c6fb44b4798e206a9ad308fd5369ee92d0bdee1de5185ecf5d394e1c96152400d2e87736deb0d06b65c9ac52aa13c5388371cba9c037e53717d42ab689207e0298d8458d2638ef96ccb1f095ce966a530e2ca07404f6bbcdce63377b3508b1d5c07e5f3fa4bddad078918f9b6770f3d860225dfe1a094ce4e4c9b5255fd1780955e023959001a77c900c70314852ef0f72f28cf0e7526e1ddf8c0f25e9eabc11cc64d2eeee63a8dfed4745dfd518f6aba55f6164dcd28f69b09d74846f1bdd3ce66c84d79639539fd7714fceb6e59401b22856368e16c5a90b0df2997afa835818eaf0e49d2b5f67768c27be9ae21178fb35a6f2023bc28719f00c5a358f575bcf11d52d840c56a27a91d7c300360d5d0feaf7641a361d37d1370ea6a9c91d1d20b1345034da53206ceb00e6b9ba0939a2986dac2e8f2c254a22cfd02d04e8588f01127c3647b6595380033c8489f6a7cf2e7881214bb3a61c67e061f022206bc8e52c47dc88c5c19f8ad782b75ac4cbf767d3b5020352377b79ebe4d3ad16923c537f8ab2c58bc6519d4a555882b80bf1c9f7bc450b3b7f4cbffe96dc2e0be77fb00017d393897e0d41df7fdd845428063a829c9a361a35ab74b8f950c4e5754f6c825557330c3147952f12423a2b2935027dedbefb064d83461beef8b2c5885761cec3efd26f4daa5137deb1d5e12cbaf8d75fbbca9ebc048ffdd086301ebc2ee071a3fc6760f54c59cdbba5466de3672c6f0b25a86e2d69a864b4d4041f5b5c8ac490acf81dc243bfd1a08355025f21f2d7cd6ee5b4f2502f4e00507425b073694ea258039bd2bd873c96d43185971cf39001c8565089ab2e8492015dc9bca214e2f11041b64e7a256534cbdeb4f029b70312603b5722faeea66e97dc5b96b36f9db265d26eb80028cc96f798e6990307fc40c198fda29b7c53d475d78451e436571df534a108313d55cc2d468219141f24050e8f6058e244bc14888e5915a76579265a740693c63b101f6a449d4698ac6a9c5ea317f0fbfdba8ee4ba43800a59970def65789759f4786340e7c1387ae452b6155ef04fdaba7720c86ee7ad918de6c5c263a98b03496ed3e97ddbc31b90444e758cd11093c1de3cd78283534fec0406457848469eb9771b9a6806d284b3c052a771a229cf35584b9a06ad1a4a12d775f9cd4d2a7f78eee9e261ed21e51a5b50dd1a8bb5c2cae271262c8d54a8f120150d1ff8ca1b82f184c80fbbd9a79a79fd282d78878589cb0efee8fcd5a25e0738edb45cc30efbd46029a015fd2f201bcc4192f8b9dad0f9f99ae0f0759b1584338878f151229eb8d85d6c7e547f5db77869a9dbbe70119f45ee4db24aff4167018dd45000e3b9c6746f4c5a517c7a1b7c29adab820cb220e4cd80d6d99918361d61e969698e465213109cc6344a0115dd182be5c557578a55924bcf40e97bfb25499fddfd91b93a54a41d97ede7132980fbdd995500bc43bf97cff32a309de59b8282bd18a5c2d3207602acb955cdd9c2024cc5cb8dbaa76fcd60f15d335376b02517be4c7a07140a217b3368122172923f978a51ba7d487419001e1b0157bd57b73e10d70e8f8587b8930ff48118fd45be7c4c61738037c589e86a17636c2b25f546f0bc46562a4e6300471ec87a2c751da2a6adf35cfb25d54f5189667dc274d0dd64b6401666ce2b1f780d692c174c89d8019d7fa631b93527282168614fc8b920f756e4d5466a24a33edc010254c73ce5f74bee8a275e51cae30dc01a2d814e9865acaad848187cb419dae19658f8b55f8c05e5e21ac7ea95edab6ba11f0b11ba331603ac24b79b1465e3600e800ab4aaf7bf414ecdc2e3fe323e53613984f502705f9010dcad0334168bd79a3a443f9973b9156051b7dbb983b612eddac8287ae31fc0051de8578f986b4285098b0e15679807f128dc790829c4f5f9e734f5e8238e9b285031f2f4c439ac46a633e3894fa498eccb5c093ce65fe0851e43be06c2eb1bea9cd12e8fbaeecb24bfd296976fc0f19fa2c555101a92319fef25436bcc2525e145dd87c27037a3c2cea08f5b92278023888dfab97421ff8941246c81a21d20702bf9c8f001d0bbe15f77f532a87ddfafe344532179e03a093a417b99a90546c3ea51fe67c8122ddce66f144751407ca4d2e3f86d2ab5ef65c9e070a7b0afa49dba783368e96c08231988b4ed79a327a2f213054e5e6425c8100ede05aada7907c23c0f3d4faeb96edd6331a1847c12b0f4a92dda0eb0a40db89c2ea90201ff67736254a2eeceb728caf2f30d403a764a5aaf3426d082e73daa532aec12f8514246cdfa10f611d71f7ae2118e3e234adee7e701e51ef4d791e228b6a1a1f5676c0d425fb5f63c2cba47218f84d24fa5c2596a311fedee4241d4e4ea55e4eac705aac34188782db4a3322ebdcdbc87a26e565fdea5de728f611a86de9f33a1b706aa41200aadf539fdcfffa1b8e3169d5736b4e23308653ce60755bee5eeefd409fd47449b40415a667e58e322469c6241e8bfa050f02f90f050b74c79fd9256e372fd03717b93e106b253b972452f56d557f09f5c8a51ce57ebd3a8ab435d786e0d16b6432a606779904cf3d5509964a1661406f24b10c8e6f02cfb974d2f555bc8715e47b5f046fd066dfbbaaee8e31a2f5df7414d5a6fd633dcad272343e69b02f6c3990a319068485ffd22ab54461f052acb2c4f4a7311a36fe582eece34278beb1c1771f58f11d522c2295ab755b824e9fce26b08290683709b73a39255c3aab0f9ca8b2f734bcde3fa51eeecdbf0e223cc6a4c6e269bd82817e15b58aff39f4853a2df8ab93695fe0f2d44cc8e8263b37e076a8e7b58408e0563a4fe00392865449d22d389fbb99eec2da6e08e76cf53575f2d71e14a8cc1c3b0486b7da71f6f82108894f15e90df12dfa07eb5df706db677927b1d222b1ed55b8f65a081ce20e1a12c46332dcfe1065029230c5cb260383024656aa2ba0ce69cda975c4ff2657bcf0578ecaf5604734dd7c9d4283ec1df88fca55610dd7715ab6a52859e9262c6e0ad567d895fe7ca27ca4be6d9ae074522fe2ffaa0762664a8fd255c095b14671bda08b85174d5106aff017e29d0b9c62bc7150347ad03cbc52a5a1ec81a788beab02330f4f9767ddcad1adcb073ded7ca4c736d1e9ef8cf0d4a402e21bddc34c37c248da17ee9b75504a63697daa12d7297b61c9b5f4ba0b022ab399cc4c26974439648c379d012d7b34ac15aa35a85318b64155ee0a3f3d1176ee6383a10dbd08ce2141479498f8037ebd9d307fd15608218f60ce46e7f4581578460209077646ccc78ec22cdd7b8722dbcd636b154ea06692d3a828dc7f540fd2c0aa3f7fb78717fcbe8fa9e2e2c393cd9450f92b56bfe95683d66a37d71e02eac462641335b1bddab086397e95adbc027dd8e32be51327cae685d08930d8442b9f4ef654b6f8365a88aed6afbb54162c6c21e6207b22ba3efa87e706c5e9a545c479b2f007b1b0d120ab5a9be7aad0e744d2611bad94520fa64d1a79ea01f94b5dfa73678e1fbdcdbb57d9c1a7b61915f334b8909830df0353011636ca62439cdc283f7b89e6826c8f1bd2274fb6878635d85c1a5d57d6d9dcc331543b66a090d6b0b9d241161feb0e341daf5e2bef35ec95b077b283eb37eec3c912aebd8e7de791b5aa0f4eb3b4e8b0af39cc31210dae7149f98e1f3e825b87b28307cb77267e53b7a4e77be8f64e6d86fbb6dd6ce73fc5dfb5629e953ca57aabe4f7798b6e4f8b591a33e00eff3f91c79821def960d1db3ddb9c6d63800d72738f379bf7b41f6fe70d3eb9766aa7e496459bc30919f6b55289570d4ed086397d307d64d9eb1b82799310c2b185346adf1bd43276e7d9b097bb7fd20711ef081ca5428cd33ac07b0edf2682fc2aa594c9bce68eb066d64e6ec597710f57d51dbe24417a0be9abb48b3a4e48cc641aa0522ce6ba7a3639e7b49227fb46c6e76f589e79f5586407dd611ac56f9ae619743b0f2f1d147b9804ae2677184ce1c4edb11e73f22ec151ca68fcaf84dcc55fcd6f3e72f910f7fb91a49cd38ab07d7aed7aaa4bf6e4bac9faa7d13db783cab9f888d00e4c678cd0a40c0acd9dcd3ed448acc41d3dbbc07ae0c39cbe30cfe6743a13a3f8762718aebf6caf22556f6fbd7689bbe047573f62dae2b4226924e2522a4fff165a67c5178a8525ad954c4a12d0c105999ba5d9c426251a007efa0d60201c600401226e4c04bdd052fa19455b9e92a639d71d4b5a3dd3cd6d2dacc7a82876b2530e8f5113b396f3e25e4de2b0762e0a952aba4fb5dc9325cddddb8806abbd79886796780b81d4f66cf877c6ebf1a718068c003ebfecd7cc53e8dc676231fb40395aec9d4678f90eaf176f312333ee1501286872660b7c3c4634d5f849aebf68c49d1822061a5af13d7e883fc6660429a0b695fd102b0d2e8355f73f995d04ca50c38d2a83260505390481508deb5cc446aedd4e4d8a864d10dd88cb62f1f7faeffc6398563b588620a978aeba4d4cc25186e40eba64697bede61a58106cb045fd1144f5b0acd460c350eb807a04bd57ba8d70d628df2f6c91869b9aa799dc77e2f672d59fa3db97a8a5ab9f881c1513d98f7f71f9952ee1b051f948d71326c4852337ff268819602ac0bdaa4a2bb7ae4e5ab2aeb0fab0d5ad68c8e5c756bbb9dd9e44a1050865ea231cbe51c173ec2ade5252b20a8524f5b92e7dac21cb1d8b5a8d63d9ff4798479e5afacb7f8ee74dcd0c95ad1855582f81ab3204d5fce0d493c18f4eb0d4d113ad458cbb15f7d2f0e2d076b3e68144993a09d292d02892ead41aeccfd4d4cd3529ca2cdeaef1eb7ecfb9379507f430ca64c3eaaad4b8ea7bd15b1a7552fbb10d656dcf5db924007bfd1ecdc552bf27f80afd6ec86c198bbfbb627edf906ef14cf6ae6395359b16fc4ce1cc1ef0688e0228571b957902e4bba4220a518a24e9fd0a5eb57fe3546de9b59ec6fdc6633099c8688c2fd99bb01d89f0a81e21564441471fb1b6cf50df170bec62aada094c3bc95fb31fd49a1acdf8b61fda2946105e7af9a2dbb6886c5545737808c73a1266591d1a1e81edd3e03bf0c09ec6b85587efc263d94ab461475277d8be17c30505754b2292e3e6313a4c5c5da960af493a8ddf8df28af3f7860f4e01352b43fa9ef188dd8356c3615b6889488245bb77b181b1c0ce8487309966e4599cbcbc91111e06318f00aa3224d9ac568e0df0f2efd1d3f51ddec2cdeb9449cd7080df2807323b5608fc688cd5091540d3dfadb06576832d353e70432c66515f9f0aad9d74a2edddfce23a5577cfca0c4f34f56db716b9a7a970d5c73b6a817057dc10720ada832a2861db5f5de629371d291ee951334117366d165e01946dff52729ac232376167d2138fa6dc3850d21347ae7a1f9cb4d02d2481f1d55b799c38a958a2b1d516945a7583004f5bc85917ac92c1cb0c04bc922aa6f1ad6fab72ba33e5aa05d9e91b3afc7178f66a9a66ff4621333fc632e56cce9b948f850efb1e941184f69346c5554946bdc52443ff164d813e1dabafdaaf0742fe3fbdbb3b43077aa130d00f5de289a2029b26dabe48e455043", 0x1000}, {&(0x7f0000001100)="1a10df7e80f316f496ed35620849b13e8db0acf9751ad23888e4551f2d54ccee66c00df596fa58fc927552446ea6f59260d5dc15b274753213463c7d2b74ecfcc8cfedda91520f75f044375cfd27b01648c525b41a8867506d3439d2dd76899e0d34c72575c7cb3ee99dc5106f45ea209735fe8d61974134d9fc173d7c8d09af6ad6d3a8be3bdf46fd28bd5a", 0x8c}, {&(0x7f00000011c0)="84a5920194d960765cb266d8345bd109a8677aed37cc5de12b61f8aed3c9a339824863deab47b9e17c9a4107836e1259b9fea8bdb9884d2cd353108826cfc8f7952ca06d9699d45a4d91454b4700fe046128beda59bf3489c5cb6405fe7873ac5ce6c8cdb233a308e59f20", 0x6b}, {&(0x7f0000000040)="0f343d8a8a6fae96512ff88d61be96a797aaebba5974f22345b9f08aa1e1c90ae64291663cf024596a", 0x29}, {&(0x7f0000001240)="3d24ff0e46e2a524d3f723ab1f8fe021ee2dcd5d89c2027aa849e6ac20b90ffdde104e8f0bd705edd2720f272b177756d05466591a6601f434f2046e5e253f587b27b945012cea2dd3bd9475061bd87be478cb68d777be747f393154c7ad3b2483d5ef87ab6be97d8d7c2a24bbdba43a4c7e98cc74c1e51bb2ee744a82787bda746df9e10403ac2f852f", 0x8a}, {&(0x7f0000001300)="f053fef2e644e6fdb4ace91ac9bec58e99d6a3c3ee2aa6e429d6db36a22a7c0d5b4e08cdf72a1f9b16fa6775bf8b", 0x2e}], 0x6, 0x1, 0x3a, 0x1) ioctl$SG_IO(r6, 0x2285, &(0x7f0000001fc0)={0x0, 0xfffffffffffffffe, 0x0, 0x3f, @scatter={0x3, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000001e00)=""/22, 0x16}, {&(0x7f0000001e40)=""/22, 0x16}, {&(0x7f0000001e80)=""/13, 0xd}]}, &(0x7f0000001f00), &(0x7f0000001f40)=""/16, 0x7, 0x10034, 0x1, &(0x7f0000001f80)}) 15:07:25 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 859.357720] audit: type=1326 audit(1748272046.355:316): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10504 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 872.786442] FAULT_INJECTION: forcing a failure. [ 872.786442] name failslab, interval 1, probability 0, space 0, times 0 [ 872.787138] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 872.787891] CPU: 0 PID: 10633 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 872.789795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 872.798225] Call Trace: [ 872.798559] dump_stack+0x107/0x167 [ 872.798999] should_fail.cold+0x5/0xa [ 872.799463] ? __io_uring_add_tctx_node+0x15c/0x520 [ 872.800067] should_failslab+0x5/0x20 [ 872.800530] kmem_cache_alloc_trace+0x55/0x320 [ 872.801082] __io_uring_add_tctx_node+0x15c/0x520 [ 872.801682] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 872.802313] ? alloc_fd+0x2e7/0x670 [ 872.802760] io_uring_setup+0x1fbb/0x2980 [ 872.803263] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 872.803895] ? wait_for_completion_io+0x270/0x270 [ 872.804512] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 872.805187] ? syscall_enter_from_user_mode+0x1d/0x50 [ 872.805840] do_syscall_64+0x33/0x40 [ 872.806294] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 872.806911] RIP: 0033:0x7fdf712e8b19 [ 872.807360] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 872.809588] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 872.810506] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 872.811365] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 872.812222] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 872.813079] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 872.813950] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 872.816022] audit: type=1326 audit(1748272059.812:317): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10634 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 872.819001] audit: type=1326 audit(1748272059.813:318): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10635 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:07:39 executing program 1: r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:39 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x5451, &(0x7f00000000c0)) 15:07:39 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:07:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) fcntl$dupfd(r2, 0x0, r3) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) fcntl$dupfd(r0, 0x0, r1) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000000080)={0x20, r5, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0x3}]}]}, 0x20}}, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r6, &(0x7f0000000240)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x11) clone3(&(0x7f0000000000)={0x1040900, 0x0, 0x0, 0x0, {0x100}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:07:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 37) 15:07:39 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:07:39 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:07:39 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000240)={0x0, 0x0, 0x1, 0x0, '\x00', [{0x1, 0x1f, 0x6, 0x0, 0x10000, 0x7ff}, {0x6, 0x8, 0x3d, 0x4, 0x0, 0x40}], ['\x00']}) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) fgetxattr(r1, &(0x7f0000000000)=@random={'user.', '/dev/sg#\x00'}, &(0x7f0000000100)=""/250, 0xfa) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="004b181af077564130390000"]) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r6 = fcntl$dupfd(r3, 0x0, r4) sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) r7 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r6, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, r7, {0xee01, 0xee00}}, './file0\x00'}) lseek(r0, 0x3, 0x3) socket$netlink(0x10, 0x3, 0x15) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 872.835474] audit: type=1326 audit(1748272059.829:319): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10631 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 [ 872.884426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 15:07:39 executing program 1: r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 38) 15:07:39 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$netlink(0x10, 0x3, 0x15) r1 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) pipe2(&(0x7f0000000100), 0x80800) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x3955}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) [ 872.945520] FAULT_INJECTION: forcing a failure. [ 872.945520] name failslab, interval 1, probability 0, space 0, times 0 [ 872.948070] CPU: 1 PID: 10696 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 872.950339] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 872.951547] Call Trace: [ 872.952378] dump_stack+0x107/0x167 [ 872.953548] should_fail.cold+0x5/0xa [ 872.954113] ? create_object.isra.0+0x3a/0xa20 [ 872.955551] should_failslab+0x5/0x20 [ 872.956112] kmem_cache_alloc+0x5b/0x310 [ 872.957408] create_object.isra.0+0x3a/0xa20 [ 872.958077] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 872.959666] kmem_cache_alloc_trace+0x151/0x320 [ 872.960350] __io_uring_add_tctx_node+0x15c/0x520 [ 872.961700] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 872.962460] ? alloc_fd+0x2e7/0x670 [ 872.963479] io_uring_setup+0x1fbb/0x2980 [ 872.964084] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 872.965499] ? wait_for_completion_io+0x270/0x270 [ 872.966211] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 872.967665] ? syscall_enter_from_user_mode+0x1d/0x50 [ 872.968410] do_syscall_64+0x33/0x40 [ 872.969438] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 872.970181] RIP: 0033:0x7fdf712e8b19 [ 872.971206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 872.973841] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 872.975964] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 872.977965] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 872.979954] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 872.981944] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 872.983927] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:07:39 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:07:40 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) pipe2(&(0x7f0000000000), 0x80000) 15:07:40 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = fcntl$dupfd(r2, 0x0, r3) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB='\b\x00k\x00'/20], 0x30}}, 0x40008a4) perf_event_open$cgroup(&(0x7f0000000100)={0x5, 0x80, 0xf8, 0xce, 0x2, 0x3, 0x0, 0x5, 0x2280, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x188bf131, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x4200, 0xacb, 0x10001, 0x4, 0x7, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x6}, r0, 0xffffffffffffffff, r5, 0xc) [ 873.157076] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 873.614692] audit: type=1326 audit(1748272060.611:320): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10634 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:07:53 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:53 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x5452, &(0x7f00000000c0)) 15:07:53 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:07:53 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 886.583439] audit: type=1326 audit(1748272073.580:321): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10889 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:07:53 executing program 3: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = socket$netlink(0x10, 0x3, 0x15) sendmsg$nl_generic(r1, &(0x7f0000002800)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x26cc, 0x15, 0x0, 0x70bd2d, 0x25dfdbff, {0x2}, [@typed={0x4, 0x1d}, @typed={0x4, 0x18}, @nested={0x457, 0x5d, 0x0, 0x1, [@generic="1feee6e9a677f33dd54bb19099a131341abb01a5ea35a8bc42419cd2cbd9c2b8696cf052a2f46a2a87c773ca7020579e8212a8c3e161f06b9364f5266e04b571b5fb3e2b8dd8c044c3d52a82c9f1489e990013aa25fdd893599e4f1b714ac6fd037fd3cc3eff33a63338497912461d674db4b7ea1f0936fcb724f5dfe2cf167357798ff9e88a00925e5fe8a65284be9952cdf8887203bd89853699397c24e5bebf0daa4fd5f162dc7d07b639898f8b089fc2fc524b539a7a4e26", @generic="e2152a0140d29e4e7eb32fbf1e503c691277dffd52e48d1f760a30cbbb3cf50047a60e742546735283fdfc274fbb1121dfd007a09dcba81eb47c8733c2ed5faefd12a1db435023bca8479b7cd6b453932095bd5cb364", @generic="68883b4f4b98cc503874479823ede22c3b185bf5f4c0ddde285621e17d519f73ae8441f44fcf42a7054db858b7fe", @typed={0xa1, 0x27, 0x0, 0x0, @binary="d63918c6227c3b8ab3af26b176427b92b675c35c6a31e668c177fb542c5f8c4956bd10b373c028a67fe1e0c2dffc7c9ed564e4c4493427e23e62e6c700814b1e25b4522a506b8edff1907feda3b00ba19575a8cff8a2cb346dc2d267bcfd4a0a3627daeb4252f724185f2b9ff54050d7611fdf6826201efa035b8068397d5c2d070f65a336e45afd485ac95c7ef9d83cfd0922ca923d56cb4ea0e56af2"}, @generic="eaf1b7d6a851160ebd6233990bd85c7f58a1bf5cbc5cba08415f02a6d43de7720e6605683eeb5244aa0b13f367d932157cb08d63a49220ecedacb0341f76b395a8a53c9b7b1fef74bc46e209ea96ddd88377667ad578e388139c88fdbdcbcae6629f632249af0920a4043b1ca98cbc23be3d15b911d66540bf52a876964eb81bae9113ee28aa5d49c62eef17f5b64710b3a7ddeab06df3ac50e2369bfeb17d27c526399fba46348855cbb6f2011963e0df0211b052b41c1348dfeb4ea5a1a91fcecdd13625d2bdde43b283fb4e", @typed={0x8, 0x52, 0x0, 0x0, @fd=r1}, @typed={0x5, 0x52, 0x0, 0x0, @str='\x00'}, @generic="084d2d3677b95c30011be13d932a0af69194ce4fc7db02e7d9618fd70cadb6743da3dc539454b0074f974ced3b38ced5afcbab3c3aabe3fc1e5f23752da8150f86c18c1a35285d3c8fadbd82f2f0b9bec035f2bbbd2f60cf15ed3453bea945bd27e82ca338c2cbdb01969b16eaa9886286f738f4eead9766433711af2ad9011beea30ae6ff9f20645cb4c599f9795cf13836eda69ef4", @generic="0d108b1cbe2e72a5fedacc2c491d9e1e27a4574538d63398af2656622ca4bdc2eef8e8835357697c9b2924af412ecb9e31b65554c83b3229025b3e9b6402dbcd898a5a7e051b65058affb339f79cce120aa23ecd510c99bc67d9131d780c3d23b83a62b17d0170dd5334993f5c3706c03ce4836e1668f9c159b8bc16684adb1ea4cbedde299fb2c58a369984349ed44f965ed9e142d4906080f5d378acb4dba744d89dc49d57ae3ed5ebc9363d06636558dc80a334b77ab3bca5e7177e8326990da795bff0fadb88527349860bcf453a083b22fb899713a8189f034b8ad8d99863c93421c30608bb27b694b04a67a0a7a339b78368c1732a54a97225ebf1"]}, @generic="d2", @nested={0x1028, 0xa, 0x0, 0x1, [@typed={0x8, 0x2a, 0x0, 0x0, @uid=0xee00}, @generic="0aae42dc16afb71016a02bda102dd15f77f6a54f1e3ecb1cff4b6e5e4a4f70a36dd3fee0855ef16718154f71c9429b1f3101f1cdbd3613979deedce455e69440f9ba3483991c4c6345c4c38b6bb88e06efd56162fb2935038dd3548590c05b8cf2d785877a48d9c46a680ecb845d23fd901a9280d2be80935b6cbe57f27c18011959286b4bc8a94af6eefed50d8d198d57803b50b561adb032089f553542c69da7ce354acbc0c8e1f31ca074af84417a4b3bc0c9e78b7057a23a2489f3a9a7c9df47d0b2fdd4b6846c3357fc922870e450056df098b6d36663f040934786ffcb18675f99784735b76edf9b82278112cbe9baa9ba916ca760a5817fab012a3a43fd7ceeef5199ac47ee733814273a29f67af458ca3f9da7ef04044dc3405364e20ea2cfa76a0de1d503feeb8fc3a704353d664c5ad2bd95de0db709b093c750abaa4ec01f3f6334ee64c937fa82730d39983ff30bb631cc72baa7f067492ea786ee7329b8cb77c55f283c1582512ff112e146a0c1b9a34b350305cd10a652e7ae580f20ade5d849804695645b250486bb40e7ab34040830835e13670b12314553f008fe3dc093b5e1497165d75cf57faa2115e59d448c19819d0a85ea4fcd290d6729655f7cad16a6f1266fc35e433f05a3c18aa5425d55ac57e4e00bd7396c498215a2c59ed68bbf309a2e47f7addedc4cbb9b17132b04da9e865d1ea9c08eba61a9aba4961abe1aa92c8d4ff13b327566f9058503f9b24c4a3afd11edc09df22a9cb75ed3fac45e84b54fb563e8f79e99920a901b95618b4828e9ddf4d10ecbee3e38f9cc40a7592f58e81efca3720eef55e232e35aae6f64ad15718cddd818e7da1b0abb6d42e313e58201951a8e1e7c94c248f69793c4ab979b60d2c1d25ee5df272520aa0a634a52779653417119b04adcdee4f96fe66e2279b941ba458076746a4451516c7548219ed3c3a0373529516bf967f69743b59df7f597b7817182a69d5fe61e5183eaacd50a4873cbba28faa9371efd407213b07e613f7744595fcc2cd66eeca84b9b56b9ed99f1c7c4c9bd6558264c86bec8cff06389bd4a86aa810667d7dc0cf8f73ffa0ca3eb3bd9f62172923006716154ceb581f8980412bc36ab035aba7d1e80a2368f395ea5eef8988c5014a760284fc449973c63b41005f92b82d8504cd06ae4ab105e069df88698f9ca6574a14cdbaf04e94936e6708ade4533cc90a19de29dc13dabb5d3520d3fa55aa7625d47e861a9c255f9fc9cc04c3b2d55d86d96c296265f07d7f70fc5313af9e3b689181a54020b5ea4ed1c6870691c4118e8d4b0a61cfc2d4ff3ddbf6a7f21761dc3261d3989e7026b2725a9530a36712c55c080cb20482489c963b82268570232535489b7bd7c5c302224c948a78f0f677d8607770ba466c53285400a0031de9e70065f0361cb1ede44b7ccc7fa26ecdc2ecf2f2da74c5908686b9c901f4af4f15daa027d294ad9ccf8a3035b81ef3f46ad6287c49113c4389da8d447dcee61af66d40260ae0ec9a6a727039b5d2b26a06691c37d0b40441a3f00cca1113faddd2bea57c70255d1edc1fea1313c90e4248e4a7868fef5257cac4d6a9063482c7eddecd7dfafaefd49a8feeec49e78556cc0e1fc37160dab4c97962fcbdd57c2b763b6bfab731a3116a2e54efe2b073a8a0fb8700373ffaed1b2dd724aa34d76f0884c81c617a9d90567dbb7db743b8fb900d60b9f3a1e019089a3b96b9b01ce04f001571b2cf209f7e8ae43df4889020d959da7014e10bece49d26ea5268c897f4eeca981314d5eab46a9faab4f52824a14b828fed6256c56146d0937c1611c831fe46c26233e03db7aea1239ef066845754756d88772bda586219dac939fec80b8c1130625d18a0992fd74011d4adb0afb022abb4e47ff906b71e469f38377ad5f2f61b3e195fd8ea0ea82d208e91bbad6232951d4a6400dc7b71f14c36d975585e3192ee9f68d2a8e68831594bd02a99c5e8e0e6fe90da238a0967b15b21fb69510a645cf52705f5c9d905a4db5a70f88ce9a6bbcd121ce0e287e47c8907bdbd6ea6774ecbc3695413dbbb77d6fde178e6ae94304c35ead58741b5c361c9dec00e838b5628f17fe2d4af0f599f1d93b9bb2977e7b34ca0007ade07ed92b3f8b25b0f2a90cacb4abebb142d8c168a57154ff93c57d5f9d528805137accc670467031f1b1e5d990937bbdc1146e328d72439fb08c6f48c8cd3f320d7b91f238bc9afefe1355e4a2dfc9506a453ba3076a06c0391fab8b96bd8ed2077532fbe84b115a068c876d2643483838df8fdf60a57d8e5c08003a9d66fa3c7aa11dfcda7864d8a0539bae7239b0ca13a00403b344b80da7ab41ae2f2bd262af6004f56c697e9fbf3d1c3890b4ca3c3cf3a63c538647588db185136db060283ea199fb93d3f9df969dc08ebee3cdb05abbd7acb50a264f5366691238e2e2abcd1e00aaeebb04654998f1010d07ab4739b9d58b895ecefc204ec20ddbaf955c16cd4c5ca93df15a5d0b99ac4a6ce656ab0b8513b54e4495b365a9bb7e67885dfce52538592dbdd5c5aa6e5764052e40e188b55b7f701d7cd02bd0e7691a3735295c153c377d739bbbdc7f783fb07b8212550493ffce5a41004c2413b3ebb138f691d1c4225657af416a6c0a37dc66887e57c7b545fc043958dcb1f4c33ab1526ffa41ac637f89eab57f47041618510c766aa886424fc0bbb128c65953f95a4e77a640f1836c06cc14cd7cccb7c1284664ccaae0ff686ca95b0d841bc9fb25afa52f771ee9b2b5a80c6e4683a20e9be2fb468ab5b669f623316a43009b859aecc51d286e023aed3f7d3d5df63cc74b66c161db03538a1a9274b982fea445a842c24e6cf5411e6e7442efa1336d384c25b76383f46b310c8bc61adcbb7a5995659d749c01ee8c39ac0aa022df51c0a4431579550350e797a718c96ecd04bd79499d17a552487f59553132bae8e69765272bc24eee78d2300b1936114979475e5c00ec81431e247e4ceb0df9d9be9e9df410b7f977367755ea75beca0a5cc0e27a034a1e37fbb52df6eb3eb641873ff87266de2ccf1ea71e397724c70fd1554b5e88075ce042dc4ebecf060d68391d49c494b249485b8a2c3febbf59138a469430bb96c8922c10c27235e27bab5f11335e8e350fd7c4674112b00da9e4ea9c4b16841843652d1a429677cd18b6394c50ae8dc921dcb3bb4795ebbfeb8c220e2afac6c657486cd22ad9cf90f112b36e81e436698bbf7c8977fb25c8030ee3cd618bc7505f16c76511a22886a89b9e480aef207520510c14dc8c1273b25bc2346c7262152443bf544de1400acb7bd4b004b30273a32eb1167c7aa4f34096977bf37bf5771ef72c692d8e16b3e25cb65f9d0a6886ff369263ba31b194c9774147fc99d935f052a4f34d1a95e4162f0f8b00c403b8a69da81931fe21bb261f5bbe7421cf7b1b634c9242da16f69d07c04dd85eb48c9b5bae9c1e4f0bf419c054eb55405566776c9eb33a6ea958c990f0f1cf1287834b0d8f304a1b4fe6d63fe61163a358d0e273574d51f791f811c0fd3ba9c1802d9f85b5eed6f3bf3d266caf949bc754cebaa448b9875c62688ca34d4a558ec770a656b0d97b85e754acba0dd91d2714ad8874723132846a6c4ca51d7fb05cd25206157fbd88420d6b8643213935cf0d49e4228cfa545aca6f6aee220d9a2ed43d1877cdd9e6c19ac2096fc07df2c6026e68e54c1f8abf6a4527adcfe4a1aade786b892938f5f3a8f26e5db54cc43b7e0488eec3cb0fc4d1d3741a38e58b12132f39403a3b9b66e403b21aec89d49ddba80bee1d026e6331dca30cb6c1e6a0e41d6a93367d9d5c102740164e1ea9d94a35d0ba802de9095c04cdd85ff2df65f84fddade3f49db02d74622650d36bd25ca5ba47c3bc26355905285e7ede83c981859f001a7587c81b5907e316489a31c9dc0ee16104aca5facca66089f9582f7a9d16162f75f9721bbb7b16e9e17a10259003d367734bb06862ff0bcc4037ac5c24854cdbb444e291135136426895357515b7342fc154000f2521c09071e7c2982e2598ded48f4019b5fc8dfc4d0861f42b86854af8b3b6518cd4bdde416129308d2ee56ec41bb0876e540b7b306f69fb3e8e33ee3adb1e7a518e0ca5bf3ce5b09f5594039f582238832f374ea457ed273772f994871ddb70af7e86cbf03cd7107fd6bc049a7c125771733b88aa3cdb17031596fd640bb30ff383f776ec2911604a6c621d3a5e9a9e257c0f205c8bb99be8a282a1300f329443a371b151976e8a02436260f5bb48f17f25841df30053459de9ec935d4f9ebfb960c730eea64fbe6438bd7e7f53b899148cfb4bde39ae96f209b5c96ae3a3cae44b6c07b8f30293719e9203b28f9b973ea1e51d30e3907c3f97dc992dabd5daa3d44e72eb2a1663149a6d2205b5133e3692d1542b393b9152d36d526530f1a8a6584ad751dcd0d29b82375ec57d9a0bfd47e296fc6975d7b802a116a048851dd413718a2c8d41bb01530ef1777ce88a0095af46da8f492e95c2e28e58fa2292a3715144e9d22b2b40af40d37b48b79e7a1f3f04beb63f46796423db8f59e7587e1f421f2a551b53838d3ecff357b4a67e5039443b27a816e839302e2dff2f6e1340b4f4ab6e9fe8d528dcbd3c96f336465e8ffa86ee731795f16164cf59ec25948cdc450393e571af30206930ba60c500cfafe6dac8f1858e1fb8ea6789b0bc67ececed2a4431fe73a0eca9661a10172c0a9c3f738a50a74eb8614f2ae8e8a0bf9d20c4a0fa65151b3fb25221f5c72fe286ea960d1df4f371f6fc71ceabb0e0e5961bcbad5bb3d8a86803e34bd74bac24bc422b51620160d66eeaabaa75e5fc0a091322cda9c6995c04de555b83d9996e0a56da20620357733583d045788b0eacc125212d9d2778532da0b61d9813d88f306e9f4c4bc657b1c6f938863299437238fe8165e7e7cd755ed3e7f640e155ad899a738f935059e2b77c78aa11d205348bf6f98020d8476c7d3cd0874f38b29d4a8e594c9896d75acfbd63da1807a3b4cd297f375dfff2ed52f5fce1e2b05e98cf148781dfabe886462e8474e4ca5349f7469c10ec283bf1f13cf3480128d639760d4879e3e019a0f6411cb899af54ba9dbcedd6e21553ebb019570a72d968c643ba14c4f43f02ff07d30fa2bfb48090aab7d93d5cdb592b2e747cc58744c46ce0e1fa055cf1a6e25d326dc6eea130f890c4fa1f53f572fe69729c3a450c249ef02643065d250531399e0b01305e7d6dbd7d410436c518f2e057898659b6c1a07e15505a692f7a4bc18005e60f41ba31d907bf7b1d1e62d9e924beb5203d978a55cefaeadbbe9fd01675742f7c5db5691f14c601d14f52acf1a8f3f4939bd39ae4d1d188c94f6d094e0c95caaae2db24ef8e782b78c3d7869aa238ab92b682c2f3d1e73577a47957112d8555c93a2e7ddbef3fdc9c322f75c41621dc288a48a4833b81c3b803107422206af378703b16ee6bb8b619ccb6427db37eb3accff5b2499842dc4af9ab444d15e8b0f7976ef5a288bea7aa65ef331f7104ca0385b450409191a12ee16a78e418db067544acb158ce0b3f365a6546ce079987d705ce3b95d037856ffb442b60b89c8423e6ccc1bfb5c73e6c734145e38cc000c860410357548a5ff829360eee522634363a9c58bc49c3ac0e42d7e34fa4cbdc31bc6576730459217d7df4d0c394ce349a1d48a19e779ca3b0751ba4ae6cd0f80915ccc0bff934290528c28830c1ee6c80a24894bf05ff6fb042", @typed={0x8, 0xa, 0x0, 0x0, @pid=r0}, @typed={0x8, 0x29, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0x5, 0x2f, 0x0, 0x0, @str='\x00'}, @typed={0x4, 0x73}]}, @nested={0x122c, 0xa, 0x0, 0x1, [@generic="47b8504cf02685ffe08e97ba4f84c3dbc8d0a0dc3ce7fd3a49f7ca6155303e0a290a9d5392eb3561a3e6e89456cfac96dca17ec96ad35cb4d861dd2e4b7d22bea048ef1f50fb5b88ebc032362bbf6cf782a6199bc3e7f445b8c30e5e8cac0f7cd37abb7d6e724918f32f7fb549f0ebbb3091e63b515565836b17ad79faa77c39b64e1f9db4243415bc6bb97e61b5f63a6d24ad17f07b5d4360cf1441bebc39c8e27efac9b6a65542ba6e01578682893e01fd6aee1d1aa3e0b94848224242c6aa1060689e2b8e651bafea396f98b34a14520af8e154a95ec13f8749a8dd617e88bb5f138dbc14304ea028a023ed8807ccde5051217fa2068ee53254cf81c8a3a56c0585f20909bd9a47bc529c074ffe141d7230142377c127378c214d3c127895c3fe47445694f82bbf9fc0058fd20b2d4906a6d08208b04b837f0f73ddfb52e7189f5981dadff57c1ecbd94e69626c8e765761bbd593790f079e6c022cde08043a5ff0124607340a2d68baa6cc814f983a7b24206ca291ba1cbe32056999307c4dd1c0c8a5c93a7d5e718df125ab004b45f5857a03fbf23cae4443bf4c9c4ac672f394a85b1cdc15dfe4f2fa0d807bee8f20eb6d0bfb8ae202bb3661988adaddc860f694252c09f506ee7e82be9aff0f6dbc6faa750edd0ae78c1cf5d50f274f6e738876d5256cf390742266f07efff6245e1088a860c39c1e9831b5efae470000085579e407d2c87d51b2f6171687a9a4dbb6c795a4b3c2c4759bd50e13e18df0e0650089c0f8934fa2d2f777f6d2edcd911b8c5e2ec0f04f85d6dfed48ea5aad1b339ce569faed0db62d3d32b196cfa3ba3b59f06891e824d8f6045cef07b446c7a352e25a925a9e9e59bb87f0bad1d5db3b2df944417e01f7ca10d60a8b78a2d7cfb70ca10435a0055289d4152f0c1dcb9b2b9c017e12de3b9fd86f486aa0933515d6765e83defce17a6f7fb994cd6d8b8e578f506194d9ee427fa61dfc4f684b9d5ae054147e1182707f5283450b6faf9b47e98aaf740cb46778293bd4b55e8d5924ceaa249975a10a7daacc4a94731b8b78f23368cdc2a5b5e1222a46e2751e28c62ffda37e0b20f0b83879ec49fe6bf6739487e88b10c574f539ddc0980a0c7ae156fac063acfde4338958283398e9c1b9aae782371b994baf58f57f8d4de01ed7a18e7c6018f0a8c468f414c9abfe3db33eecf7e01f6286af05d65703d429ac4463ae02d8a57775fe535b04242677dbc7caa382cae6bfeb96cdff867dcf1d2092c2f26f001dc2fd5ae2e138d57e49a751c0bded87b4af78308427fd47ac774d750b917e9ddeb889093bdcd7e0f8f5f1eb69ef6d8a7d69e4a74d88bece2c5e9ed45ec45b8efd93940f00f5b536ca8c6c0afc710e303c4488da19830092dd3077411124070de699a68d24298719abe3085c1fc1e6d3ddb860571af592bc8807c3e794ce4847b1b59fc3629e18d603608c33c1bae0a539418288431256b5a9f4ff1b9f9e7dee798f47338f38ed2e5479b7eff03304a8efc8f3ba42b0a896a7205f97de17db13ac3eff3b2e58eca4ec5d69c738652b9bf94aa59773aff415d1007822ba10b57532d2589dc58d7ffbdf8af142e91771c64d404d831135e8f4058b786488c237d26db9b6638da0ed530eeaa97ec082e2bf85f4a2eaa2cd3ce5f0b2e58dbbbaaafb3ee2ecaae11bf6a102e7d03edd9c7aa376d5bce6f942901da89c48d345fc490c28d7256b98075993aa688b98199f425d86c7a46a198c6e580e994379ac00a6af368fcd5cf0488f1e5e785b13438f37e649867216d68eca1b4ec1b97ebba29fe3b55827df10aec20047165f5338f5622236f43446e05eed8021a1ba6c87d538f128aac1d40c881dc564453ce9a54f138aa3e108716f63ee4bbcae9d859a15cd7a49fa469e868d451cb1339851ca47e49db8621f2265743b61c2152398c5dbe336bbe903de105ff8f281c7740daaa29cc63aa6c7927a85258a08596c473caa7a1dc43273d6dc3a6980ddc745224c0afa536bb8680f580c2e3a342dc24b0c3de3fbaf2eb80adeb797e7e32e65237ab29bca5dc491f280381ecacbaf2c34ece0751f1aebd31041fd67b79483631277c8c730cb146df36b1e8428b0cafa4e8a88a05f1f8321874c5261eda1b6eb03369a885b5faebf5284ee903c95abed66a5c12d159fd38faef2ad6fc2103fac236e292d1d4c99007567ce7def5ee6ebbd1793845fb6ca04353c9695b80d8eabb6de96067435b084da570c1bfbf6dc874d0dad5df9244a6f2c9bf67d992ec40bbd4680e9aa32a95261931949cd24751b2d1f138f9553582582c07e4b3ec14e48e552a5811c783d7246f16715a2e681e314ab2791165582da57ca67b47a04bf495c7b415269e6b7edb68784d011a03c5e2439271ea6916af4966845b01b989df5fbb037d8dd4655c62bbad2cd68e75c5120342f28cd9db66257800034fe55bdf1164b5da6c35f676ee5462af16c430ce8ebd4af9a35ea8277fa93597293135a49bbd16d482654c26dc3548837529f8743a6bee095c73d4c59a16e7a90932466e9cb031f64a3eb5bba88f182cb175f5913f220b83555f47205987cc1622857ea7e045d5af00b275a351dc2abeea352510757b785463c04030d7523e72b797351efcadd4494a67f976045bb6511cc5ae843c75fe6649e035a896310551991e483c853238235c58a889f06e0adff6ddf7cbbd0bb8b97aac739127ecf0e2d79e8236a8863beb135f75df449bbb9b37029a245e37148bb9b642d557443cca08245398e296b1dc5d708b18c5a0ba3a67330bc36bad7936e93c64933d78bb3c54e305c69fbc3d0f562746448dddda68a3d57c1052ec1c57b6bf5d33e4b1fb0aacf34882f34f6cf0205ed5292d007c294a6c1d6a555f8b469f7540ccd4c7beb6f1b8104abbe5959abf28ccf3edada8d455b42509ad6ab783f7f8ebe6cfb86583a5f9bc26b8bbae7e9016a616570b601ea12f25238088dfdba108e48e18170249890593d553df140e0a5ebc4569163b424c02561b8958c0a5a337a0f4553f32b28220c070bb1f08c04b13803d0f1318e447777cf40e0e6a7e2eb8f8ebddb9c76660cfb8b339967c200cc5a4c146a8bea0923556f707836c0b8d57f67898f403852e134345f8c635af3ee45b68ee88d8c9ac4f76067ae3cfbb318302e334dd857e268c279a1896059b0e6d1388f243ea055accf1370152254e74ae54ebc134491208efca01e806f132f6222e389c5d0f0c14b0b92ad685c15769470e2e9fa16b8dd2c44b6d2558dd091af4d1a38871f48545778d224dfee812748a8ee27bfda0f8b9b193367e634523b9ee7fda4b22578c57d6c83ae403a541cd383e25cf9c92895fe6c3b0d0976d5230ed2fc0c360aa77738179de4131e87071ef14465c40cf34848270e2cbbb5f1ad458e349836d6be43877b20f92b6a26e2f8233d9b4db294b69c62f5d39d3ad7b20946c5ac80868b1ab85e02e2ea1fadfe04d068c13852b6647d75453a4ebdca67386ce0ad45f45205adca77fbbe72c8f9f649cf199f3ea71e7f47bfb48a3072c03ea0cf3514fbd8c4c1e57d4a5d14f7037720e3b75f336c1a3dcf3a9cd4d4d48adfa8d99877ccf8014930418390c82baf93907757cd92707206859abb198521ec7f45fd3cf59ebd2b0ee87b71aae9fb6358f881f1c43ae49684b3e1cde7b0e3e49badf1cb0465654ce25c1e6228abb0bd31712548c362d047f9069bb8a50f3d590a2615b363bb5dcf57d5129105bedfcc781b9f48872179c3f83cc25b3e6dc97a94ee301e4051514f8a99c2e5d833f4703c04fb301e8f101ede4ae7abb31353274d5a88ad524e9da6a9ee9afe609bf4e7415127461ca41f1c74f6b340d42a0053eac826fa25ed76778ade2ddbc65817fde247b234a0701d7411b4d529ec4b777931fa19c14b2d831f954e88a09b32125e50cd5eaad28b61e5bf4c1817b11f15c45ec4344e42493d8f70ad40b2d3948caa0a463268d8b01fd9367e90cde7eabc1af54a1f60e55a2d356967ec48f814383a1dad794a154c8025ed888a04d10399e2359188a630659090669824f6f03c972ec9ea6904109585f449837b9fd13cdb12e014fbeb18b3241b538cb30414ba85d1caed1010c91b998a130da7671fd5508e1a92542767cf76d13bca61a249c09412228215eff94fdced68be00a8192b6f925839a8ad5696548e8a62f827e6073027ab30b781777be49b13e5fba47436bf02ba3e5d5d50c41b573311dac75e5c321f452e2eea061935be9f990be990b7065d8c17dfe80b5eb4a4f031ae0193122e709d6e966674dfe31f818b2226da72e51ca4157adf315da51943c22f02365f1e1a94c6856da0f9aebb05b5e78e6f9dfcc417ebf3775d2ab5cca3ad7a4e40afe4b264c563be9f8c78ac7d291b77786bd577dbece28e45ee11410a6bd2e819c80711021948e7d99c7fcd60a035f8cac5c776d6a382e0d00897cf258b060b68fdeb6ea3586cc87e89262ba1ed48cc8936a70417c72906ae8647a7738e7f52501b39a8879b8418624c66fb841d9849522da430bf134e1a545f9bbe4a87202954c9e9a0047d826c1026dd4e94261b9d3723613b4dc0e31a3dd54a3b70257601625302371e5a87e57fca881494f66d193428d6c60e754d6e3b5868bf58617ee41d842842618747fe771b7c92eed8dd6115e73a7cca251ce8b511868c0e1b8983c2cf5a276dcb5c96845079190ff603042d37b208e2bac0ab5a167139993290ade7879bdf0cc91f93e87a9fc78179d7669ab82915ad7d86afeb22ab0dfb05c9b7a98bc925443a97b419a6d3d18e238383072f8c66d537678b31172cef7ba052088d5770d1bd080b5a91efe2cd4eb558eef62417e0b9c2b85122abbf8f928d3541e0c270c4b291123f522eac352ffd935056eafd6e3a1041b47df2ddcc93a9138985ea5c6e1a29185eafda53e442c527f2652fdccab5ff699b20344231da472a2f57bcf42b285dd1ac36d65f5d49188d95d6b2e21cca7281efb4f59bc3dff698b7d9c93af949236547bd1845d17e580a98108c17807c0a359d94cca907f5e7ffc369450ee5ac81a7946399ac9a710ac0feb981d21465cb29ac5b9fa8ad2be9bd61606056f73711a5c7c48fd510d2a51c2065eee427f6ecb22bf29c1f8ff92f7b6a79c928c68443e4fa8ecf422d981d2ca4298ea76d3bbe19c812bfc01694bd26b9e22549212d5ba40784e0d331a5622ec2a6891c87bcb080688546bc867bc804999ddad77ca51c8158dd9a573cb9ae04aeacb5394cb0951f572d6470b7a002e6ad195dfcff8782f81b51fdc03d6cc9a1de4e4d6133119c0ae86747aa786f49d08fef509e802221c7e7254660e31e2313b466ffc10cf351637f337e7ed2ecc86adeb1105b69b84f8ae33b1bf020e0783febe57efafa0d983ebaa659d78f599e815e62fa2d1bfeff7646c4721a3e2e108437e6ca805ca68f9ce469aed51dc0e80b2252bcb9f06eedb0a877e3b43da39903f2893727646d847fe01f2d4f2d71508a39a58d3046af3dea2a466e2f0e68d6919052b346f3eca12c9a0b155c514822a0ee7384b6153997559d198cd8cf0c97c254f1952e2cdbee06fe1ef6196d643510164941692851dc4469e3240e3eff522f9f51c7f084f92ccb6c7a89a853428266ae3a76db7d86474a39fe0035feda2385eddca6c4d237ef0d2a337eed3bddbfd22e35bf1e1f3c1df79bd74914f92ec837c7b307315742da72ea93e4d6f3715464f477d7c3739d0591b6aedfb3aed08019c0c9ae7e957af90408d619e784c9", @generic="d542ed142325f7ed95fa3e19548091e78e3fc4e21b679a977b07a4f5855940dcf4dbf6a8ba773cd3bbc80c1e354d7ee2d534d98462f0dc659d12a793333c50dcbcc4307188d2cc3df964fecd867ce99ac6bc0ead51e4db7ff6f07625f5689afad66098f27493359033b8afcd5b08205a7045981be16244b03dc13a03b9caf922b4478c653d81b5cb8ef306ec12805675042e695f140407360502b4076e7bbda8687a8d75c7de265a3cbdb641706e268f3de2e3173ca0105cf8be17c9bc00dd681325c7f12d", @typed={0x8, 0x33, 0x0, 0x0, @u32=0x1}, @generic="94d090c13262d5a28b83d774c3324f84ea208fa2760210aab1237408bd5dbf1b1e9754b0b62d331ec5ae0618721455069656544d6bd250123775ffb12d0e5e344073ae62251080382cbfe603e24fc0dddbebc218980da6dbb5e8eafa1ef67051399bf8e69f2c2ff2319e91d3edd418808e32880b7327365ab6bf3d09c68d7397d0f4586c08da4b94f3d80cadc82b9ff2112ea4357a9f80c556bc3e8211789e3e09d56fb6672b721629360709910bbb94f1ffdd9cbcbc8359dcacfaeabc62d5f8dd21783d9cbafc033575189cff2e4ea535101cdeff0b105cae6d7a16f478326f980f", @typed={0x7, 0x12, 0x0, 0x0, @str='.*\x00'}, @typed={0x8, 0x82, 0x0, 0x0, @ipv4=@rand_addr=0x64010102}, @generic="a0f0d2d0e3f0d1b49c920f7d044030add92d3d631208243d86852fa9bc52f75bc0501d717735a409dae397e5f6269c47d3f3d134142099080f3156b11ca8c8e5a84939a17799ecc3886a8401c176cde2a4b4ce5c177d8d857d9f2985ef8cd4a55004e86b790060f5dd"]}]}, 0x26cc}, 0x1, 0x0, 0x0, 0x4000}, 0x14) sendmsg$nl_generic(r1, &(0x7f0000003bc0)={&(0x7f0000002840), 0xc, &(0x7f0000003b80)={&(0x7f0000002880)={0x12d0, 0x15, 0x800, 0x70bd2d, 0x25dfdbff, {0xc}, [@nested={0x106, 0x54, 0x0, 0x1, [@typed={0x8, 0x7d, 0x0, 0x0, @u32=0x1}, @generic="e270f4a1e20d4c84aceb1e666a07846bcddfac0fd980f3427beb23d447ee5aa109168aa68e24960069088f1086941f2426fa23818f9dc04b2b6c54f8404ba0993a2e2a07d75c2b9a6d6b8f6eaed23998611f6a9c6b49ccafef1ad71ada72559eb72fa1d5c5c1ecb9a74d83856f409699525b560d266ea224ab7a78d9fad4da6e8e4e0c42f8c5f3c551cdc54370d31a8e3736a11332434c4bf0c3e7589822a6337fba8c77df8b9f2dfb4088bc60674f5d4c34ed477b10715ee962e1844b6ee97e2795493ed9d6c3083c8192591f4d0b1d324944a6f994ad2f366d03430daae9643b3145818085ccfe773701c490a64124f42f06c856fb5a29912b"]}, @typed={0x14, 0x26, 0x0, 0x0, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @nested={0x103f, 0x37, 0x0, 0x1, [@generic="f782f715b3186b8bafd66dea007104abddfbe5c284914b876bf84629084d234e1b285c6f3c1d8fcb0ff1617c71d74057b1f5e9", @generic="cbd45d0a057a8ed2bf2fd3ab5517884bfc87f698c0a8fb7c59c7249bf98145b5fa9b0142ccc1974e1e63615474d6efc53b940cc59b4c48bceba58e0b215e894638f6a19e7e0b285678f75715bc654ad0853aa80b41e158d0cec6b00d6252716d0527e701ee12bcd08001586d7d8b9f6324d95707329b82fce55bac0691194bff4fa3a5acf050ee709dda909ad272ca968669527f3a556ebc0d0bdf42acf85e0c587a7730df49fd419ddf3e9c3cfae92b56af7d9767147728149f37fc24498492d8edcebf073d22be07d7b7567b38a4eae2d8b9520cdccb4c511b349e72a4aeacfe62347d12f21d1a5f9d24258533f7514746e2a6eff1d1fd745acfd43a3f3539960ef04e0dbc83f5503a3921ea8a7eb26a4f8148296be596562bfdb25864f1083f3e03e1bc95f0e9d6fad13b25a0106a4bfa040ad2dd472c6d438a5b77f5668c8687c0781a948c945d84e0bd352935e571d3630d2eedb9fa8f1059767f59d0949c352ac2e35cbbcb266c7ee0af3717325abecf35847482fd671954b3c48bb20d064984d1800c9656d654eafb12d41211f315f5737134c1c28a2b11c63ce6a50de2d15a166693ee9163418a99ce24d7e9ac8576b8b89baa6591fb2c738a8376fa9cb598df78ec60e61192c7cd4662235b56e02a5051615c6fc9240a009a22323997110e275550ea7535b55666e4f4253378fdda6b7ed783c45b8491532c4d89f2ab71d80dd43f0980cce626436558cec462ae7f26bdce4d04194af9724f1eae723855123609b787b7c94eadf4c80c7d5c93ee1570ccbd07f494b4f5b6fda9315cf1b7f24b33da2b6a7b886be6cbb413f558957821f58b6ccdeb0e7ac959da4700bacedd6887bcbf792962bcaf8e08a5cc1c92cdeb6bded814924a077761f5ec11ce5c019cf61cc2a060c96dc88ab350eea2120e201dc9c982fc645f0b599c1a4a0895b4747e9a8a3ab9e140ce2b86b62a488bdd9bf7bf63bc57134eeceb3f92dd11938665ca746c2a67ea68a9ff2ae69ad3f4bdcb7bfbe84541be9958e6926273fefc8c1ba140d1f9495abfdd7365b8b8a3e991497cc40cf88114f8025f42007eaef02db9b57c1921a49a21cd4e1578e0a128093f224c671d1f04e24a8ce9eba7b2316d8763df8c55dcd0a075aaf408904bf2a81e13d403d9d2feed209976b87cbfc76b2863ead76791b8d97be9f4fa79a2d45de23d05d79fc54a5ca52500eea90448e486de7881bc0724306454d88cb2503b1706d46c5216a5271515147f10e40b20748a815bc8af0f63862d18725f380cd266d3793e4830e3eb24e5bef040d775628a28b4aa5d2606dc2295358f828b1d6ba2e2613894194b1358c027fc1b535f724ec0f7b38b8a29d6f4fe230372ec9be0c80bd94d71d444bb9e2d35b138ede357c53dd71252be992cbaac2df9a35688f46ffe5062025b255a20fbc318729b89fd00f8dd6a556f390baec627362bac0325a8e5555fe2aa1dd00dac50c40f15963908812c823279b0e6d129adb0454187dc82bfe8c04f5679e6d13b98dc2e9fa25a19fe6ffe4a398f2864d114bfaa31799932eaffe7ae33eb220c05c873e7a6eb7ae132214685a485eb8dc2fef4c55058836fa1542c7c9b0601978082024ac508627221bd5c241c64521bdd2191dca3d220914047884f5c63041a84d649ce51f0fe1e9aaea4a9c3b84fd1ef9ad1e6996ced8480b42077483581a67b707d8f3c5afbd42a9f21b1be7c08c2e7c8cdc938e52d5eb99fcfc81ed5314d56f3101540499d7cbf279cedd29db28428e185a0dafff277e306a0944e23f93814484744abeb3d68ed98da9dbc3d65294c827a43bb276798f8b74027ad8388f79a06b9143c40898a735ac2894995867a0cd6375fe30a5305847c14c774374a3fb8bb1023433d14f823ffbaba99b039c445a05094d18934a496c27bf6cb4e872bc313153d5921a752e767190953cd0cf05a1b415488cff4ba037f8864a5a868351aace99b7782c50bd381e181586ca67641748b9296b7b08186f5c135f61a5273b554da0e9b6b3e48f42a1ef0e0153c800479d1c371254ee05b9f86436e0e15f5f7f0887beae2517462f836dd7f6d66e5fa54fd2fe0787201a897f23756e5911dd667d8b1d45959b7df14677ed7825b5e65c853492113af70f6fd6fccd1bdc1984218225d153c8a1b2c8e63c79b2b458e6da3cad261178e20ca262df4e8cf962550489ecda32e752790ab43cb508377861b9e79a6b01d089564c0cc96ce0533b3afbe0e24423bcf91dc97ced261a0f2f66cb15f66ac38ac1348860216dff4d134875d13ec1ecf892c810118eb30d6fd4d52fa3fc2407eca8da74649c42624dbb8401e2a57eac2d775e685b202148c7a91e3caf12a23540484f494d137fa3f3de10e1da22b35f0d1aef08440fac41f7e238874ff0c88349d2948dcd952db03214148786078aeeb078102a1252ac8599cd8f3ebb6d9d36e52f3c88e75d1e38004e768fc9fc23842eb93bf04bb0e9ca9016e3f68437c84f5ea9aff6764c3e2dc9cdf35af96a43a20314a1e9aa63385218fb13313ffbbc903c00ad04d06acfd1cd2c1feeb33072d5decb8bfebd7eb70f0927ded1e12d7b2d08c2ec75f7361a082d1cd792cb3b9ef4d9ac8bc01ae9f3381895c94355ee82435b3b3977c2b1df65ad9063eb4f50b52e9a09aac2323be53451d1eb701a0ce13856881e4c228c66eb9ce97540c0e7c02ca083ee76ad09359ac9fe88f787d0e613ec75cf2fb4d263a5ecc324df3ee3567374d2884ae4e6ae7330382815fb274b4699467716b7b0c494c4a42379db2582e2f87859062e52d20e8f37b5c8acce847a2a60a008b05cbd3308fb684dc872e5b99792574a910ce3e8af6465bf48f357ae8c37289803ab129ee1db6c31a76dfe7c33edfc41e5744d81e5ca158077207ca88018deaa5dd14429b1686a2bb8fe99e1b772303062a851a6402cc15fb1b13809f5e944fb2232ed1010e68e4c6cfe6300c886b432ede4be3fbe03796cc75d5cd9fbd90c52cce805cf51acb74b6927425af50df41fb44c7493be946a909875723e00a6ac0d9180c8de96a6e6755ce44fc88adf82d278d7949e63fe936cdb2be990b606dfeb4009f988d604ea69d9dc04930cfa3f3c1ceafc72c5539e4ad599a6d144a95af86c52e5eb9688be0954bd0433e9516698a56ace3469a9d3c765ff3d6f8bc2fccda260c51fba1349a87e1b7ab1f188d90b28d1a574dc272817506aa825f1e6eb945e10b0d7b6b0564fe1fc4264b97b3f7ca7bffd0a812a52bc226fe1385ec87bb9e703347fa60a519b87f20f3d109032f0fcfa66ede73097258946257f00e40b278d80d051e4b6bc9b5be53556c331d990ac0c0d8d2704dd1274254dc1aa687d3a7f2c02780da16e62c71b0f6ffe9dc2a6c6054a2eba74ddf73725c77e6b9202d47a841e41bfde831dc11b4b40f99c95698c588fc2066588c792d811488b77458a1882dfb1bb4b915ea87a10c33d31c6ead53332021e9f4840586c1f5fce367201fdfc40aa03294eddab8ab830eaef6b9d34418737bd71f8d81635f55acc07ad89150c565b1deeea94af262bedf36a4999c6d7fb9f0e330ac179642f5727c0b88ded8c77924800f656fab6ee2d088a21d08afc83f11feed651673d42ebbb3091f72d6c44b1bea4a42dd1a542e9b0a7de9a1cb901b3b75bd2fe6a1c6c39adc098e34daa2d7fe95f8e6fa86f0fbd11582e9c2461698fc64a65f58ea383b19dfbc9ed4bceaaef688346848062a171af96ba52beccbdf8321331d59343c38f88cd4810880a2f0b87249086e5d1077ef0abc2757ccc2a5e7e713e44df0925313a4e87b79c7968a0b894b1e5b605d8d9df4fba337ec6b28dc524a868bbf5441c9c399483d2eb0293bec5eab1779ac7046dc256365e72800f4e7dc9d7432db8c8d786fd0d1dfd202dee93e755bc560e702a4eda1650b9aaca59b14bb5b098c6e1e4c3558993c050d193f8ace49d8df73c5166fcc568ea0f3ce5e64bdbf0918832c663729e2360e82a79ddf82b0e6b712c4d11c93761fb90ae5b926c0a2d0f14deacad7570fad1c8cbc6f0f45109d4ce6db276dbc1c4f32f09a70166eeda409501a3fcfc8cacd54920301c8a57e1d1184d3cdd68619d38d92c19bb4f68e461ab004a1b509165e34c53f283beb9c79270d42fbbbe351afef8164c2e5a29dd0b400852fbc35ff65d1e1f052b1c8a2a045ff87313df33c39a068fb595a7361b03c773425c7a395f813eb03f23977f83bb6532ba6ee05a891d09cd088ccd21d73f1922a67096c0ba7cb43fddc19b8af29e6eb2557cf08955adcf2683675b7a2dddae89f77fd8e299306b5605eb1fe43fd15c0413abbe3accd5d26f60ec390550bcedb572c378fab1b984126624c3e756a8d2632231f0a6efaaa8959c72a60e6103c63d23ea9aee43c846be8d46271b3048ed0848f6474c48f660c70ed1b27db5393bf62e6b04b95e3c85770aad686195b87d9d8bc5dd778930c6691f167df18534ccc37dcec495ddd1fa97c0bde9111e375b6bb818a56d5a77a6f3bfd57228c633dc1ea4c8af0bef486ed165ca8df298ecc851608187f7c15fdce4597b10ab3dbdc5fde43cf12b026e896f12fc1a27a8bc756719fcaf28f61d7970d360f92ab3474aee0ff28f7864b81880e1a913a2f2debe09de78e6138ce4db32b10c066a8427dfa8f0dd349cf2be5e77bb454d117ff6b77dd9a1a347a95bbe307abe53cbe973edf84da82f8115cf6981354b9da09017c14b77d909c76d31b8c280200c17051f61b9fa1f3f1e940fd8873983d852646f73f08c0e00fb97ee82907fc90be7b4073ad1dbae8fdb0ca9c804bfabb6500bac758d5d2b306da35d796b5d467958f31dfb33f0fe63f0e8616b403707418c5cf65109d5470636817e80562a3cc806202305f8192d89a04f13337df4a4268bfd94a18e85708a63ff0e4205e2dca968433dee6c5e5d1e34dd1a701cf0e3d3027c45faf2cb4cae9e53db8aa31a52650e9953ccbf726a9e151c42717bf4922ac0bd241b6aa9be279a675cce54bf4bd2f0be42e700f5a1c8dc70aaf3e05dcd86306ee41042bcc0110826f93e140d627b68153779f9ca43db02c8e81bfd54023dd7875eb698672df2b89e1f8c720e026d74dfb94a77cc1e99c444217186942bbafea573c1c736ea9884bc53366bee950e063002f97b6054e09a2c0334988b8fbd3bc9100b4e7d99d94cb0ef1938e0f8a1071ce961f850d615e217277fef80113dc001d5811d65f1a543ab8106f7c2ed15b280233384f4702549fec82d0d9c5148085f1d3b5eee5069d296bfea424fa721ebc5398acff99a29d8a074754cb34b4e3f20b0db7a322bc49775a3738f337ed55847490978c18fd27c605e735b5103637335e4bf74c827d7e88cc346214176baf1049942c03358ba06d2d63e341f4d3e7bdd769447928d999a3c5d8f5d5b7e78c3ee24d1f48fbdeb1376b0684100278a14249aae93f6797cd1204258ff6e5d3ce11ec23cb68ae6966760b6a07e1b21a560539db318e0a22226a91f543292aa864f26752cb2a46b879b331adaf1a13ba67e0ce780c31d13ac99f5ea43bf56ef5b96afa70848f6ad1aef1c2a605e748e99411eee34e9c15a9d8323dffa000f8c2842ef738f7b3ca50039537408308b9b3f7a120413bf92f57bcd2871689cd698390c0f89ef06fd6e3b767c6ec4a9edf6072d884ac6d7eb29f7dd3629efd2932ca4315d1bf4dc68962cad08d0f3ba9684fb325e9852eebfc7c653eaf0a49d88290993a64becc89251c8270bc0313ac57802b885a617d", @typed={0x8, 0x56, 0x0, 0x0, @ipv4=@multicast1}]}, @typed={0x4, 0x57}, @generic="d412e4c4efef153829365262367e14a20fe848e991391be4d81891dfa153a3ce664b2710db42f0b6fb9fe1253a33a9eb8bab97e92c19cffb20028daf53336b7e982b563ae94712ee8541c93cbb576d15b06f826657201d797c184b6d2e5664f6f76f965b90e989c7e50e1f378fa6955f0f86b1ed1b4a5569e2", @typed={0x14, 0x85, 0x0, 0x0, @ipv6=@private0}, @generic="4739f97d06d19f42c83c4021c1ad85c90c6baec558597a5929efd2416fa4317ae011c1ef4a6096fe3d0fcb616de296ace1de9c82e0fd8b697ac377b65922d476ee", @nested={0x1d, 0x4e, 0x0, 0x1, [@generic="acb18fc246ed6e60280e1f753d7e2006611626a966d3d9a619"]}, @nested={0x4, 0x51}, @generic="6c83e1351e92d23aabcad725cb48606e85c0817561248d67d1b5c59b30fc44c7a228357fa603f2ec953d3f2532aacf869efda378231465443aae050ea5b2078ecc92a053b47977dd8ea6efcb23f0fee20c856640ac7c483c946b7cb0135e4fe65d5a5221cda461d5"]}, 0x12d0}, 0x1, 0x0, 0x0, 0x48000}, 0x24000000) 15:07:53 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 39) 15:07:53 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x24043, 0xc0, 0xa}, 0x18) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {0x1ff}}, './file0\x00'}) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) syz_open_dev$rtc(&(0x7f0000000140), 0x1, 0x4100) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) dup2(r0, r3) 15:07:53 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) [ 886.601378] audit: type=1326 audit(1748272073.598:322): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10896 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 [ 886.611274] FAULT_INJECTION: forcing a failure. [ 886.611274] name failslab, interval 1, probability 0, space 0, times 0 [ 886.619271] CPU: 0 PID: 10905 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 886.621472] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 886.623943] Call Trace: [ 886.624676] dump_stack+0x107/0x167 [ 886.625699] should_fail.cold+0x5/0xa [ 886.626762] ? xas_alloc+0x336/0x440 [ 886.627823] should_failslab+0x5/0x20 [ 886.628945] kmem_cache_alloc+0x5b/0x310 [ 886.630107] ? stack_trace_consume_entry+0x160/0x160 [ 886.631519] xas_alloc+0x336/0x440 [ 886.632506] xas_create+0x34a/0x10d0 [ 886.633543] ? kernel_text_address+0xf2/0x120 [ 886.634862] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 886.636391] xas_store+0x8c/0x1c40 [ 886.637415] __xa_store+0x164/0x2d0 [ 886.646468] ? xa_delete_node+0x280/0x280 [ 886.647621] ? trace_hardirqs_on+0x5b/0x180 [ 886.648824] xa_store+0x31/0x50 [ 886.649751] __io_uring_add_tctx_node+0x1cf/0x520 [ 886.651083] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 886.652537] ? alloc_fd+0x2e7/0x670 [ 886.653550] io_uring_setup+0x1fbb/0x2980 [ 886.654734] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 886.656135] ? wait_for_completion_io+0x270/0x270 [ 886.657490] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 886.658952] ? syscall_enter_from_user_mode+0x1d/0x50 [ 886.660384] do_syscall_64+0x33/0x40 [ 886.661413] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 886.662849] RIP: 0033:0x7fdf712e8b19 [ 886.663877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 886.669029] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 886.671157] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 886.673147] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 886.675142] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 886.677123] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 886.679121] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:07:53 executing program 3: fcntl$notify(0xffffffffffffffff, 0x402, 0x1e) r0 = open(&(0x7f0000000000)='./file0\x00', 0xa280, 0x60) clone3(&(0x7f0000000100)={0x201a65900, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:07:53 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 886.724769] audit: type=1326 audit(1748272073.616:323): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10894 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:07:53 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r5, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r5, {0x5}}, './file0\x00'}) r6 = fork() perf_event_open(0x0, r6, 0x0, 0xffffffffffffffff, 0x2) 15:07:53 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:53 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x10, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {}, 0x2c, {[{@dfltgid}, {@cache_none}, {@version_u}], [{@uid_eq={'uid', 0x3d, 0xee00}}, {@hash}]}}) socket$netlink(0x10, 0x3, 0x15) 15:07:53 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:07:53 executing program 1: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:07:53 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 40) [ 886.962226] FAULT_INJECTION: forcing a failure. [ 886.962226] name failslab, interval 1, probability 0, space 0, times 0 [ 886.963846] CPU: 1 PID: 11060 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 886.964811] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 886.965976] Call Trace: [ 886.966359] dump_stack+0x107/0x167 [ 886.966881] should_fail.cold+0x5/0xa [ 886.967423] ? create_object.isra.0+0x3a/0xa20 [ 886.968069] should_failslab+0x5/0x20 [ 886.968607] kmem_cache_alloc+0x5b/0x310 [ 886.969181] create_object.isra.0+0x3a/0xa20 [ 886.969803] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 886.970511] kmem_cache_alloc+0x159/0x310 [ 886.971100] xas_alloc+0x336/0x440 [ 886.971598] xas_create+0x34a/0x10d0 [ 886.972140] ? kernel_text_address+0xf2/0x120 [ 886.972774] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 886.973518] xas_store+0x8c/0x1c40 [ 886.974039] __xa_store+0x164/0x2d0 [ 886.974545] ? xa_delete_node+0x280/0x280 [ 886.975139] ? trace_hardirqs_on+0x5b/0x180 [ 886.975758] xa_store+0x31/0x50 [ 886.976228] __io_uring_add_tctx_node+0x1cf/0x520 [ 886.976909] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 886.977646] ? alloc_fd+0x2e7/0x670 [ 886.978171] io_uring_setup+0x1fbb/0x2980 [ 886.978760] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 886.979464] ? wait_for_completion_io+0x270/0x270 [ 886.980154] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 886.980880] ? syscall_enter_from_user_mode+0x1d/0x50 [ 886.981607] do_syscall_64+0x33/0x40 [ 886.982106] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 886.982766] RIP: 0033:0x7fdf712e8b19 [ 886.983242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 886.985612] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 886.986621] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 886.987560] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 886.988498] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 886.989431] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 886.990397] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 886.994820] cgroup: fork rejected by pids controller in /syz3 [ 887.044828] perf: interrupt took too long (7891 > 7885), lowering kernel.perf_event_max_sample_rate to 25000 15:07:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 41) [ 887.066021] perf: interrupt took too long (9872 > 9863), lowering kernel.perf_event_max_sample_rate to 20000 [ 887.088475] FAULT_INJECTION: forcing a failure. [ 887.088475] name failslab, interval 1, probability 0, space 0, times 0 [ 887.091382] CPU: 1 PID: 11247 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 887.093740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 887.094953] Call Trace: [ 887.095830] dump_stack+0x107/0x167 [ 887.097049] should_fail.cold+0x5/0xa [ 887.098225] ? xas_alloc+0x336/0x440 [ 887.099381] should_failslab+0x5/0x20 [ 887.100574] kmem_cache_alloc+0x5b/0x310 [ 887.101859] xas_alloc+0x336/0x440 [ 887.102392] xas_create+0x34a/0x10d0 [ 887.103571] ? kernel_text_address+0xf2/0x120 [ 887.105011] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 887.105797] xas_store+0x8c/0x1c40 [ 887.106917] __xa_store+0x164/0x2d0 [ 887.107463] ? xa_delete_node+0x280/0x280 [ 887.108769] ? trace_hardirqs_on+0x5b/0x180 [ 887.109411] xa_store+0x31/0x50 [ 887.110472] __io_uring_add_tctx_node+0x1cf/0x520 [ 887.111192] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 887.112882] ? alloc_fd+0x2e7/0x670 [ 887.113440] io_uring_setup+0x1fbb/0x2980 [ 887.114763] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 887.115510] ? wait_for_completion_io+0x270/0x270 [ 887.117089] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 887.117873] ? syscall_enter_from_user_mode+0x1d/0x50 [ 887.119544] do_syscall_64+0x33/0x40 [ 887.120097] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 887.121744] RIP: 0033:0x7fdf712e8b19 [ 887.122295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 887.128288] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 887.129410] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 887.131703] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 887.134062] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 887.136396] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 887.138757] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 887.422622] audit: type=1326 audit(1748272074.420:324): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=10889 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:08:07 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x5460, &(0x7f00000000c0)) [ 900.730686] audit: type=1326 audit(1748272087.728:325): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11255 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 900.734510] audit: type=1326 audit(1748272087.731:326): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11257 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 15:08:07 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:08:07 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:08:07 executing program 2: lseek(0xffffffffffffffff, 0x5, 0x5) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000400)='./file0\x00', 0x40) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) statx(r0, &(0x7f0000000140)='./file0\x00', 0x6000, 0x800, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_fscache}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@access_user}, {@msize}, {@access_user}], [{@euid_gt={'euid>', r3}}]}}) 15:08:07 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$netlink(0x10, 0x3, 0x15) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r0, &(0x7f0000000580)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x47c, 0x0, 0xa10, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xff80, 0x4}}}}, [@NL80211_ATTR_NAN_FUNC={0x4c, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "7e029509fb16"}, @NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x80}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "4056112c064b"}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x11}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0xe3}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "cee1cc8d7013"}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5}]}, @NL80211_ATTR_NAN_FUNC={0x34, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TERM_REASON={0x5, 0x10, 0x8}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x40}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}, @NL80211_NAN_FUNC_TERM_REASON={0x5, 0x10, 0x1}, @NL80211_NAN_FUNC_CLOSE_RANGE={0x4}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x7}, @NL80211_NAN_FUNC_TYPE={0x5, 0x1, 0x1}]}, @NL80211_ATTR_NAN_FUNC={0x3d8, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TYPE={0x5}, @NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x90, 0xe, 0x0, 0x1, [{0x8a, 0x0, "ef8cf9c73725d2b25ecee1973ec86ef5fbc734b74ed11b401d5ad820450004e198730eed727e54f2d1cefb31abe72316ab3be8ad91125cdea8a9885151d4d73782e5957ecad11fd407d4e948873cdb350c0a6e76170328ddfa0834d5c66d9bf5671fb14d16b1c6c3cf3a744d0f8efed14f1504870479a12feae3d7f6ee36f29eead66c4100de"}]}, @NL80211_NAN_FUNC_RX_MATCH_FILTER={0x234, 0xd, 0x0, 0x1, [{0x10, 0x0, "863e5972a873fc3f72a1d881"}, {0x13, 0x0, "7742e4e369cbda4b3985011a20fbbc"}, {0xde, 0x0, "e3204c0a00503cfd9cc5df8ecea50d848a24c4f849ac5a8a115ac7389848ef2a1ff38adf39001c6385f080eb58a5969ddee422fff9035851beb94268cd8a1c117529d8ec839458de53545b4fd14e18758ae38706e2974e1a63d9e83efe93cf35aaedc9cd115c35f9d3f37bf5a49f53c7b32ddf8caf8913a182ac46e136c5b8ff3b8409fe2ef3fa5fa638e7a884ba9832a5d08e3a11921a119dea2fd2ac7acd698a851d3bd7b2a3db0ffdd52c9f2fa9df83537db8bb00f8fd3f88255baf567fe666d8f5b3c6a01e0c224c159f15ffde14587b427f55ec19c22567"}, {0xf8, 0x0, "fafd597045a9e21d9ce2c4fb5d8c86dc1aa419681137a776bb14371ea7404ac1e67873c6f0a265bbd88454ae1d2914fc01f7fe0d698c4d3ada9b92669c138ae66395b62a101db6ca3057ed786a87f750bcbf44cd8cfc401b4e49dd5e2873a176897bf8b204cb87746c76875f574850c151d6a6ba93dd0c8c3d3254e383fddbca137eea819a8802be949f2bf2d191bb73dc211ec2f92a24a5a76b83305dd1b794785bb84250abc0c1dfe587ac2e5780a736fe0e1219004064ab16dc2d05c5ef8b2ea39579f0a0b11f2a3524dabccc73b2f33b3de4eb1d6ff06b4904f99c60577d7bfac470d891dc46f902212099699dc9fd3b58a9"}, {0xa, 0x0, "2f38f85188c2"}, {0x27, 0x0, "ec08a63dee995ce9d83a1347c61ad161442ff2695a7818d006cc039ddf43811471450c"}]}, @NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID={0x5, 0x7, 0x2}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0xbb}, @NL80211_NAN_FUNC_SERVICE_INFO={0xf4, 0xb, "41833b71cd3a7c3c09548bc5bdccd4349623643cf06473b6c4f99fc4b8feb66e647d0e617c64edd66b5885e0545544ec8acda1956732b563d5f22aa47123b0bae41a09280211e2b1280b5f553843e2cb46e38ccfee67638b1981e592d0abfdfcfa46872a97ec6f89036755725d7eb73b5404127f9927ef79b873911c60d6fa95ae591fb7ff712bff54de6415122b9b5b87eecc82041d62d8509ba95ce0040bf5485268c45ec5fa9d3cb41f31a8d9512061a47dc9a54902575f229d04824557d8b6a857f33e16e17d0b21f536c2fe71347f22b8dbd9c92f9653077cd24c370d39f7d2cd79584d44703576e22133c13ad0"}]}, @NL80211_ATTR_NAN_FUNC={0x4}]}, 0x47c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000005c0)={{0x1, 0x1, 0x18, r0, {0x101}}, './file0\x00'}) r2 = dup2(r0, r1) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) accept4$packet(r1, &(0x7f0000000b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000b80)=0x14, 0x80000) r6 = socket$packet(0x11, 0x2, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r6, &(0x7f0000000240)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r2, 0x89f7, &(0x7f0000000c40)={'ip6tnl0\x00', &(0x7f0000000bc0)={'ip6gre0\x00', 0x0, 0x29, 0xa8, 0x3c, 0xbc5, 0x40, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, 0x700, 0x20, 0xffff, 0xfeca}}) r10 = socket$packet(0x11, 0x2, 0x300) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r10, &(0x7f0000000240)={0x11, 0x0, r12, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001340)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000001300)={&(0x7f0000001380)={0x6a4, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_EEE_TX_LPI_ENABLED={0x5, 0x6, 0x1}, @ETHTOOL_A_EEE_HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_EEE_MODES_OURS={0x5b4, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xaf, 0x4, "6b7d45e998eab2ad518a1996c4e12e3d3f44564272009ab29c93f7f20fde9538f08e7e8c0dd129970991f068be619afa2e79460002f9f3d076540efad37b775193cc8c52a4a3b0181756cadf592141eeca41f3813f700322e24639aa3516506b6bb90ff54c0ccdbcd6674a1c2502baf2531fdfca45a50cf6e10ff80b330fb6489e35100ac37155e1f31bdb854549d2d50e07993dbd04516b9296a8f37f3f55c837b25badc6af9be8054ee8"}, @ETHTOOL_A_BITSET_VALUE={0x9b, 0x4, "ddb582fa301ee04aa97e815085ab08ce572cb52fae350932e951f3ffa4e034e3d2a4029e42edd147cbb276c0094de00d3bc091f7765ef1781b5e8bd9c153831a60c8cb2600bee91ec7f15e161de25cc668059f400da0056b8f5d29590a471db3bd3c31bd6c8ab541e3410192ab4850b982faf9f84b4468e064602b048705b9fd588d033c34212547161d232e51dfdb2d38ac7a61109e55"}, @ETHTOOL_A_BITSET_VALUE={0xdf, 0x4, "a46aa4e906d9e035eda763a41168f7bb70c979f28c40383db46e128e6c7f426c53e0f68fb8a38eb4da53662ead87b6e20fd6b8ec05b8aed71e7a145d286d759faec45c422a87e3fdcf4233f0b9bc25c1fda1c80a47fb4d26033f199ef0b4006603a2af68e5eafa7301470aa03fab3b244279db88e1e2ec4faa582c6039a50726492b29ad10007b55118507d492fea83131884e4f1e6717cfdb24df367c515cd579f4b95705959d5b97a00189253b1d4f3ec0eace48f3ff1e68e10682e700dce90245d7ca47dc650c487cadc846a7d804a3d3be98055eadf5b09ea3"}, @ETHTOOL_A_BITSET_BITS={0x168, 0x3, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, 'c\xaf^.&{+./]\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xe3\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000000}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '%$\'\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x3}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '!\\\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '(!/m$*\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xda81849a}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffffffb}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x62}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '^\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x79d}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '\x02$*\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\x8e\x00'}]}, {0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfff}]}]}, @ETHTOOL_A_BITSET_BITS={0x40, 0x3, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9ca}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}]}]}, @ETHTOOL_A_BITSET_BITS={0x70, 0x3, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xdc12}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, 'wlan0\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x48}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4c}]}]}, @ETHTOOL_A_BITSET_VALUE={0xea, 0x4, "460a634d48abc932db5a04121415d9287e663fdf55d951c8fae3b9841cd6adca747c5f9e3e80fd378608e8576ef6c681b0edc6fe3ff9ef6e3e96b472c166f36e30633861a03c19dbd8a331b400ec9dc8c4c325fc1bce6fa726a3a63c417c408d7dcdffa513b3bf59ec30e828ac67c56c7ee7490bfe8cd65e4f2b4d542da854d2067c3302b00c77bef6c66f1e2fa3fa944289bab74a8ab1a60b35d859de527f32e0c9cdb71455368176cd04a2c001a9d244de7ebdd16e62a0371aafe97a2e59e237191c9d5cffb17422f2290d6c1d09b48f60cb5bc3939ad695f371528e77ae63af45d115cada"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_MASK={0x78, 0x5, "4995769391f11a88127ef60c18821059452b51854ebb3238ac8c55906c3e2b68d0b9c176810f520c2d5ce8fd21d32ae1a1b932ee86bccfd391b7413c10c4a13fc11c00f501884ef514ede8ab204873e6bbc9b213266ab9475f0ba1f1b62521c31df51d5507b9c7e421af09faf7a4c6a1d075c2ec"}]}, @ETHTOOL_A_EEE_HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0x6a4}, 0x1, 0x0, 0x0, 0x8801}, 0x4000880) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r2, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x1c, 0x0, 0x20, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4841}, 0x24000080) 15:08:07 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:07 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 42) [ 900.777669] FAULT_INJECTION: forcing a failure. [ 900.777669] name failslab, interval 1, probability 0, space 0, times 0 [ 900.779097] CPU: 1 PID: 11270 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 900.779947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 900.780963] Call Trace: [ 900.781294] dump_stack+0x107/0x167 [ 900.781743] should_fail.cold+0x5/0xa [ 900.782280] ? create_object.isra.0+0x3a/0xa20 [ 900.782848] should_failslab+0x5/0x20 [ 900.783343] kmem_cache_alloc+0x5b/0x310 [ 900.783844] ? mark_held_locks+0x9e/0xe0 [ 900.784347] create_object.isra.0+0x3a/0xa20 [ 900.784885] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 900.785510] kmem_cache_alloc+0x159/0x310 [ 900.786042] xas_alloc+0x336/0x440 [ 900.786480] xas_create+0x34a/0x10d0 [ 900.786945] ? kernel_text_address+0xf2/0x120 [ 900.787497] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 900.788141] xas_store+0x8c/0x1c40 [ 900.788585] __xa_store+0x164/0x2d0 [ 900.789036] ? xa_delete_node+0x280/0x280 [ 900.789552] ? trace_hardirqs_on+0x5b/0x180 [ 900.790105] xa_store+0x31/0x50 [ 900.790514] __io_uring_add_tctx_node+0x1cf/0x520 [ 900.791109] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 900.791754] ? alloc_fd+0x2e7/0x670 [ 900.792211] io_uring_setup+0x1fbb/0x2980 [ 900.792726] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 900.793354] ? wait_for_completion_io+0x270/0x270 [ 900.793984] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 900.794628] ? syscall_enter_from_user_mode+0x1d/0x50 [ 900.795310] do_syscall_64+0x33/0x40 [ 900.795771] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 900.796434] RIP: 0033:0x7fdf712e8b19 15:08:07 executing program 1: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 900.796891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 900.803163] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 900.804089] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 900.804955] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 900.805878] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 900.806782] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 900.807650] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:08:07 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:07 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:07 executing program 3: r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x847c0, 0x0) r1 = clone3(&(0x7f0000000340)={0x23040180, 0x0, 0x0, 0x0, {0x24}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r2}, &(0x7f0000000000)) clone3(&(0x7f00000002c0)={0x200000000, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000000140), {0x11}, &(0x7f0000000180)=""/117, 0x75, &(0x7f0000000200)=""/79, &(0x7f0000000280)=[r2, r1, 0xffffffffffffffff], 0x3, {r0}}, 0x58) 15:08:07 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r1, r0, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = dup2(r4, r4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r6 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r0, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:08:07 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 43) [ 900.958080] FAULT_INJECTION: forcing a failure. [ 900.958080] name failslab, interval 1, probability 0, space 0, times 0 [ 900.959607] CPU: 0 PID: 11398 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 900.960499] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 900.961518] Call Trace: [ 900.961858] dump_stack+0x107/0x167 [ 900.962314] should_fail.cold+0x5/0xa [ 900.962787] ? xas_alloc+0x336/0x440 [ 900.963250] should_failslab+0x5/0x20 [ 900.963726] kmem_cache_alloc+0x5b/0x310 [ 900.964229] xas_alloc+0x336/0x440 [ 900.964669] xas_create+0x34a/0x10d0 [ 900.965135] ? kernel_text_address+0xf2/0x120 [ 900.965691] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 900.966355] xas_store+0x8c/0x1c40 [ 900.966803] __xa_store+0x164/0x2d0 [ 900.967253] ? xa_delete_node+0x280/0x280 [ 900.967769] ? trace_hardirqs_on+0x5b/0x180 [ 900.968305] xa_store+0x31/0x50 [ 900.968764] __io_uring_add_tctx_node+0x1cf/0x520 [ 900.969384] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 900.970060] ? alloc_fd+0x2e7/0x670 [ 900.970522] io_uring_setup+0x1fbb/0x2980 [ 900.971038] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 900.971661] ? wait_for_completion_io+0x270/0x270 [ 900.972269] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 900.972915] ? syscall_enter_from_user_mode+0x1d/0x50 [ 900.973552] do_syscall_64+0x33/0x40 [ 900.974025] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 900.974656] RIP: 0033:0x7fdf712e8b19 [ 900.975114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 900.977408] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 900.978362] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 900.979237] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 900.980156] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 900.981067] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 900.981968] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:08:07 executing program 2: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) io_setup(0x0, &(0x7f0000000000)=0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = fcntl$dupfd(r2, 0x0, r3) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4050}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r9 = fcntl$dupfd(r6, 0x0, r7) sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="05000000cde61220ec09adeb92ad0498b9f29284f633338def39ec0405e6d7f2ecf27fafaef78713c4ff1b009fb89a4e66b2e4a91216fcd6a59db5a645725e2325b0a417a2e88fb998bf57920fd3a6a97ecf04c389dfefff1be237d3bff5f72b266a87a1f37f12c2", @ANYRES16=r5, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r8, @ANYBLOB="0806a01f6e1b9ad59613d21e006b00000000000a0018000303030303030000"], 0x30}}, 0x0) ioctl$PTP_PIN_GETFUNC(r9, 0xc0603d06, &(0x7f0000000180)={'\x00', 0x4, 0x0, 0xac}) io_submit(r1, 0x0, &(0x7f0000000140)) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x80, 0x1, 0x44, 0x9, 0xe5, 0x0, 0x1000, 0x2000, 0xd, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x2, @perf_config_ext={0xded0, 0x32}, 0x100, 0x1, 0x400, 0x4, 0x7dbe8590, 0x5, 0x2117, 0x0, 0x7ff, 0x0, 0x7}, r0, 0x4, 0xffffffffffffffff, 0x2) [ 901.566274] audit: type=1326 audit(1748272088.562:327): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11255 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:08:21 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:21 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x40049409, &(0x7f00000000c0)) 15:08:21 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:08:21 executing program 1: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:08:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 44) 15:08:21 executing program 2: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(r0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r1}, &(0x7f0000000000)) perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x40, 0xc5, 0x9, 0x1, 0x0, 0x8000, 0x800, 0x5, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x401, 0x1, @perf_config_ext={0x2, 0x5}, 0x41041, 0x7fffffff, 0x80000001, 0x3, 0x2, 0x4, 0x8, 0x0, 0x1000, 0x0, 0x8}, r1, 0x3, 0xffffffffffffffff, 0x9) 15:08:21 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$netlink(0x10, 0x3, 0x15) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x100000001) ioctl$AUTOFS_IOC_PROTOVER(r1, 0x80049363, &(0x7f0000000080)) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r1) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001340)={&(0x7f00000012c0)={0x54, r3, 0x618, 0x70bd29, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x5}, {0x6, 0x16, 0x4}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x24004091) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="100025bd7000ffdbdf2517000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b003f00000006001600f001000005001200010000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000200000008000b0000000000060016000000000005001200000000000e0001006e65746465d9ac515f0000000f0002006e657464657673696d300000080003000300000008000b001300000006001600050000000500120000000000"], 0xd0}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) 15:08:21 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 914.719716] audit: type=1326 audit(1748272101.717:328): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11514 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 914.722775] FAULT_INJECTION: forcing a failure. [ 914.722775] name failslab, interval 1, probability 0, space 0, times 0 [ 914.724314] CPU: 0 PID: 11518 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 914.725199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 914.726586] Call Trace: [ 914.727335] dump_stack+0x107/0x167 [ 914.728324] should_fail.cold+0x5/0xa [ 914.729323] ? create_object.isra.0+0x3a/0xa20 [ 914.730284] should_failslab+0x5/0x20 [ 914.730752] kmem_cache_alloc+0x5b/0x310 [ 914.731248] ? mark_held_locks+0x9e/0xe0 [ 914.731745] create_object.isra.0+0x3a/0xa20 [ 914.732280] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 914.732906] kmem_cache_alloc+0x159/0x310 [ 914.733416] xas_alloc+0x336/0x440 [ 914.733852] xas_create+0x34a/0x10d0 [ 914.734410] ? kernel_text_address+0xf2/0x120 [ 914.735000] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 914.735701] xas_store+0x8c/0x1c40 [ 914.736180] __xa_store+0x164/0x2d0 [ 914.736667] ? xa_delete_node+0x280/0x280 [ 914.737219] ? trace_hardirqs_on+0x5b/0x180 [ 914.737802] xa_store+0x31/0x50 [ 914.738659] __io_uring_add_tctx_node+0x1cf/0x520 [ 914.739936] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 914.741327] ? alloc_fd+0x2e7/0x670 [ 914.742387] io_uring_setup+0x1fbb/0x2980 [ 914.743545] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 914.744942] ? wait_for_completion_io+0x270/0x270 [ 914.746360] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 914.747718] ? syscall_enter_from_user_mode+0x1d/0x50 [ 914.748956] do_syscall_64+0x33/0x40 [ 914.749824] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 914.751305] RIP: 0033:0x7fdf712e8b19 [ 914.752194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 914.755325] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 914.756246] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 914.757108] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 914.757972] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 914.758869] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 914.759736] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:08:21 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) [ 914.814170] audit: type=1326 audit(1748272101.811:329): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11525 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 15:08:21 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:21 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:08:21 executing program 3: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = socket$netlink(0x10, 0x3, 0x15) splice(r1, &(0x7f0000000000)=0x4, r1, &(0x7f0000000040)=0x5, 0x8, 0x2) clone3(&(0x7f0000000400)={0x2000, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), {0x22}, &(0x7f00000001c0)=""/252, 0xfc, &(0x7f00000002c0)=""/253, &(0x7f00000003c0)=[r0], 0x1}, 0x58) 15:08:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 45) 15:08:21 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:08:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000cc0), r0) sendmsg$NET_DM_CMD_STOP(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x0, 0x20, 0x70bd27, 0x25dfdbfe, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x24008005) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) dup2(r1, r2) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000b00)={0x8, 0x4, 0x6, 0xffff, 0x1}) lseek(r3, 0x9, 0x3) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) write$binfmt_elf64(r4, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0xc1, 0x3, 0x6, 0xffffffffffff1f1f, 0x3, 0x6, 0x20, 0x119, 0x40, 0x358, 0x1, 0xe5, 0x38, 0x1, 0x7ff, 0x1, 0xe46}, [{0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x20, 0x1}], "d6c7c3694baaa2178f7b4c5d76ef8fd58fd565bf52ec55ae9bc7912fdaadcfe4932b57655fefbd6c4dfd0c0826ee0973e771a7e2d01c8ceff6c1700a61d5ed744d400346fb87fa918701aac63b986dcd6da9846d4631f46a987ba3069f37c2dba89a74b123017b31b13d62a73b3818bb9e4430d274af63bded143d149fa547d9d147925018130a7bfac479238b996aa1802fc55e66882410151dd218b6b120a08cf324c871ab83f8", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x920) perf_event_open(0x0, 0x0, 0xb, 0xffffffffffffffff, 0x0) [ 915.029067] FAULT_INJECTION: forcing a failure. [ 915.029067] name failslab, interval 1, probability 0, space 0, times 0 [ 915.034658] CPU: 0 PID: 11749 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 915.035561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 915.036610] Call Trace: [ 915.036945] dump_stack+0x107/0x167 [ 915.037394] should_fail.cold+0x5/0xa [ 915.037864] ? xas_alloc+0x336/0x440 [ 915.038342] should_failslab+0x5/0x20 [ 915.038811] kmem_cache_alloc+0x5b/0x310 [ 915.039318] xas_alloc+0x336/0x440 [ 915.039757] xas_create+0x34a/0x10d0 [ 915.040262] ? kernel_text_address+0xf2/0x120 [ 915.040823] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 915.041499] xas_store+0x8c/0x1c40 [ 915.041950] __xa_store+0x164/0x2d0 [ 915.042422] ? xa_delete_node+0x280/0x280 [ 915.042935] ? trace_hardirqs_on+0x5b/0x180 [ 915.043468] xa_store+0x31/0x50 [ 915.043875] __io_uring_add_tctx_node+0x1cf/0x520 [ 915.044465] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 915.045106] ? alloc_fd+0x2e7/0x670 [ 915.045559] io_uring_setup+0x1fbb/0x2980 [ 915.046091] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 915.046716] ? wait_for_completion_io+0x270/0x270 [ 915.047320] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 915.047963] ? syscall_enter_from_user_mode+0x1d/0x50 [ 915.048596] do_syscall_64+0x33/0x40 [ 915.049052] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 915.049681] RIP: 0033:0x7fdf712e8b19 [ 915.050154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 915.052409] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 915.053355] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 915.054282] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 915.055161] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 915.056035] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 915.056910] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 915.063027] audit: type=1326 audit(1748272102.060:330): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11744 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 15:08:22 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:08:22 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) [ 915.554465] audit: type=1326 audit(1748272102.551:331): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11514 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:08:36 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 929.053571] FAULT_INJECTION: forcing a failure. [ 929.053571] name failslab, interval 1, probability 0, space 0, times 0 [ 929.055020] CPU: 1 PID: 11974 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 929.055873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 929.056955] Call Trace: [ 929.057304] dump_stack+0x107/0x167 [ 929.057778] should_fail.cold+0x5/0xa 15:08:36 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:08:36 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x40082102, &(0x7f00000000c0)) 15:08:36 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 46) 15:08:36 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000000)={'ipvlan1\x00'}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:08:36 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 929.058298] ? create_object.isra.0+0x3a/0xa20 [ 929.059046] should_failslab+0x5/0x20 [ 929.059524] kmem_cache_alloc+0x5b/0x310 [ 929.060033] ? mark_held_locks+0x9e/0xe0 [ 929.060542] create_object.isra.0+0x3a/0xa20 [ 929.061090] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 929.061726] kmem_cache_alloc+0x159/0x310 [ 929.062267] xas_alloc+0x336/0x440 [ 929.062808] xas_create+0x34a/0x10d0 [ 929.063359] ? kernel_text_address+0xf2/0x120 [ 929.063980] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 929.064706] xas_store+0x8c/0x1c40 [ 929.065210] __xa_store+0x164/0x2d0 [ 929.065710] ? xa_delete_node+0x280/0x280 [ 929.066302] ? trace_hardirqs_on+0x5b/0x180 [ 929.066846] xa_store+0x31/0x50 [ 929.067262] __io_uring_add_tctx_node+0x1cf/0x520 [ 929.067863] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 929.068514] ? alloc_fd+0x2e7/0x670 [ 929.068974] io_uring_setup+0x1fbb/0x2980 [ 929.069536] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 929.070189] ? wait_for_completion_io+0x270/0x270 [ 929.070895] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 929.072056] ? syscall_enter_from_user_mode+0x1d/0x50 [ 929.073130] do_syscall_64+0x33/0x40 [ 929.074399] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 929.075125] RIP: 0033:0x7fdf712e8b19 [ 929.076334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 929.080277] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 929.081623] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 929.082790] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 929.083676] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 929.084561] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 929.085447] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 929.087321] audit: type=1326 audit(1748272116.084:332): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11984 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 15:08:36 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) stat(&(0x7f0000000900)='.\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r1, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x8004, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@nodevmap}], [{@smackfstransmute={'smackfstransmute', 0x3d, '&({$'}}, {@uid_eq={'uid', 0x3d, r1}}, {@fowner_lt={'fowner<', 0xee01}}]}}) socket$netlink(0x10, 0x3, 0x15) [ 929.114537] audit: type=1326 audit(1748272116.112:333): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11983 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:08:36 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 47) [ 929.176749] FAULT_INJECTION: forcing a failure. [ 929.176749] name failslab, interval 1, probability 0, space 0, times 0 [ 929.178213] CPU: 0 PID: 12095 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 929.179070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 929.180093] Call Trace: [ 929.180426] dump_stack+0x107/0x167 [ 929.180927] should_fail.cold+0x5/0xa [ 929.181403] ? xas_alloc+0x336/0x440 [ 929.181899] should_failslab+0x5/0x20 [ 929.182391] kmem_cache_alloc+0x5b/0x310 [ 929.182891] xas_alloc+0x336/0x440 [ 929.183326] xas_create+0x34a/0x10d0 [ 929.183788] ? kernel_text_address+0xf2/0x120 [ 929.184338] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 929.184983] xas_store+0x8c/0x1c40 [ 929.185426] __xa_store+0x164/0x2d0 [ 929.185871] ? xa_delete_node+0x280/0x280 [ 929.186396] ? trace_hardirqs_on+0x5b/0x180 [ 929.186975] xa_store+0x31/0x50 [ 929.187384] __io_uring_add_tctx_node+0x1cf/0x520 [ 929.188004] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 929.188642] ? alloc_fd+0x2e7/0x670 [ 929.189092] io_uring_setup+0x1fbb/0x2980 [ 929.189604] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 929.190231] ? wait_for_completion_io+0x270/0x270 [ 929.190840] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 929.191480] ? syscall_enter_from_user_mode+0x1d/0x50 [ 929.192111] do_syscall_64+0x33/0x40 [ 929.192569] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 929.193241] RIP: 0033:0x7fdf712e8b19 [ 929.193731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 929.195981] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 929.196914] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 929.197784] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 929.198672] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 929.199540] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 929.200456] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:08:36 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:36 executing program 2: ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000000)={{0x2, 0x4e21, @empty}, {0x1, @multicast}, 0x2a, {0x2, 0x4e22, @local}, 'veth0_to_batadv\x00'}) r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$BTRFS_IOC_BALANCE(0xffffffffffffffff, 0x5000940c, 0x0) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, r0, 0x8, 0xffffffffffffffff, 0x0) 15:08:36 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:08:36 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:08:36 executing program 3: socket$netlink(0x10, 0x3, 0x15) [ 929.946893] audit: type=1326 audit(1748272116.944:334): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=11983 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:08:49 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:49 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x40086602, &(0x7f00000000c0)) 15:08:49 executing program 4: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) 15:08:49 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:08:49 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:08:49 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_procfs(0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r2}, &(0x7f0000000000)) r3 = socket$inet_icmp(0x2, 0x2, 0x1) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) r5 = fcntl$getown(r1, 0x9) sendmsg$nl_generic(r1, &(0x7f00000019c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001980)={&(0x7f0000001400)={0x568, 0x16, 0x800, 0x70bd2b, 0x25dfdbfd, {0x1f}, [@typed={0x8, 0x36, 0x0, 0x0, @pid=r2}, @nested={0x259, 0x7f, 0x0, 0x1, [@typed={0x8, 0x51, 0x0, 0x0, @uid=0xee01}, @typed={0xc, 0x4, 0x0, 0x0, @u64=0xafb}, @typed={0x8, 0x15, 0x0, 0x0, @u32=0x1}, @generic="212f5a27013b05d4c0e0ae741e40d4d56c5653f3406e740933b542a8373246e157a7cde5bcdb489b2f0445e5a8c82c2491ab83fe3c2fc621a430973a7a613b20e41e63b05e5baad23830d4b040c7045816f5910cc0ac6d4fa6d3aad4c384b3bb2315f3f18ce70abbf631ff15a64edbc38e0d42c3398a7a529d04ccd6b71e2e8e6ec9842bea13be6861506b106983b2e7781b566718a4698826bd353535178deba59bcc4ff9a19e0c", @generic="3fede2ecf1164d43dbdde1dd275d9b28cda94f78be197ba60816f90c350606af7f60fddc30bad3df12f6e8c890bd921b2f2d37bdc3387ab6a4e26b8f888caed5b0ba60987bdfdab6ab8af9f430129c369989fa5d2fd427b79ab8a119793275bb784a1e3153a070c3e4f0f9672229d476ff3bbaa0edf0a5c78ae05e0dec0ba81e3b13212b4282bb0745dd1fd04d9dd748c99f499c4820579c4142e9c8b293ce2a4995e18356972ea28f", @generic="61acfedb131f1998212388587fb3b54001059bd01143f5d21d850f848cfea5a03e9162a176a29afade3e77735c059c93c1383c5c2934e11a6e8656d684d0dc68e599469c020298b4c6ca44ccad5efabbe63c847e76951e0abfa1b756638aee7bb26d85a68f8f98ddadd8ea0f0c8768e3df74ad164eac556211ce10f224008880698a83a68a7a4d0ecc22b40d72158fe84f9055748866ac1cbbf3730601ad98934f59df188e24d43fc3ed5bf92091e380d18ddf34d55ffbabde9551a7cf2312e5313200f693a0d020c845d59cd27642d0ea22d2be321fdcab1396fbed8222c4fb7e3641e97cc89aa7"]}, @generic="350124c64111d61684bae3d77088488018a1907afb3f952d6889a586f256a3ca6ad0a8415a73fa53f3ef0578777b99ee28bf74b64743074489d62ac452f540674641cf43d7474a3fcfbf8b8ac175b08cccbd37f1", @typed={0x8, 0xc, 0x0, 0x0, @fd=r3}, @typed={0x8, 0x6, 0x0, 0x0, @fd=r4}, @nested={0x1cb, 0x12, 0x0, 0x1, [@typed={0x8, 0x1a, 0x0, 0x0, @pid=r5}, @typed={0x14, 0x73, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x1a}}, @generic="314dcddd83f50eae81c7f1561f7b425958be7cb3167f02e14e0046942f8bde454e7e954b8dc58a1d59cc40af65d77f870e7e9195829ae6d1f41514342975902c4f9b8bcbe797891d99e50c2f9fbf5a89434496fec288dce4560b514b48b0f209796762d22f674f0f7bc2b8e600399d0a896ef6230d0cee25c43f38c53a87819845e6f24dfbdafd1f39e17117eaea27d3dbec8b4b070a52effbb520f715f39b00d121a2ebfa979738ad93fe68aaa0369ed7bb37d15f57fee3022ed992128568814c25bed7445c48a4798cb2cbd41fc0ae1c173954a90ddf9345ac0e2da863cb99", @typed={0x14, 0x52, 0x0, 0x0, @ipv6=@private1}, @typed={0xc, 0x5f, 0x0, 0x0, @u64=0xfffffffffffffffd}, @generic="0b72c46962a415285d989db1968afe71082b1273c6909c82f976bba8b1774fc372dc7e69877eb3271a2cf98c62de1b83551c446eba0c27f4ebc4c4f041a2da2aecb379d406da251edddba607928020baec9ab80379835a59a4ad8b20bc8abe3ad2afd29e8a6cc53aeeebe09a", @generic="5825313d556b19f25a82aa491e13fcb9e6c36e7e71b56687420a5fd641736e", @typed={0x8, 0x72, 0x0, 0x0, @u32=0x1}, @typed={0xe, 0x2c, 0x0, 0x0, @str='/dev/zero\x00'}, @typed={0x8, 0x80, 0x0, 0x0, @ipv4=@multicast2}]}, @generic="aec226625c683f4a6e7b37092c902651738a4cdba548e4fca2598a60bc145b9452cc80b11a7c3e166aeecfeed0cdc751b4fd3850dcca192659a05bb01c4af5b615d2fb99f73326276c63b2953272d8bf551ae28d246a15525d05b9d816428ee970097ffedf0650749f4731bb2cfd3da2157a4c0597fd0f80e97af4335a62797c6c7236fea3e0a6030fb257d2b59677cc117b35e60c73ebbb5f9b154001e8ab43b93445d3dc19d557c40a229ed8be8167de5e7dd0ba43cf3978a62414f1eb98d4"]}, 0x568}, 0x1, 0x0, 0x0, 0x8800}, 0x1) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x111081, 0x0) io_uring_setup(0x4cc2, &(0x7f0000000100)={0x0, 0x1f0d, 0x8, 0x0, 0x3ab, 0x0, r6}) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r0, 0x8030942b, &(0x7f00000001c0)={0x1f, {0x20, 0x9, 0xfffffffffffffff8, 0x4, 0x5}}) perf_event_open(0x0, 0x0, 0x3, 0xffffffffffffffff, 0x1) 15:08:49 executing program 3: shmctl$SHM_LOCK(0x0, 0xb) shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffd000/0x3000)=nil) r0 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil) shmctl$IPC_STAT(r0, 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) r2 = shmget(0x3, 0x2000, 0x2, &(0x7f0000ffc000/0x2000)=nil) shmctl$SHM_UNLOCK(0x0, 0xc) shmat(0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000300)=""/78) shmctl$SHM_INFO(r2, 0xe, &(0x7f0000000100)=""/104) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0) signalfd4(r3, &(0x7f00000001c0)={[0x98d0]}, 0x8, 0x800) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x20201, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x4}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_ID(r4, 0x80082407, &(0x7f0000000000)) semget$private(0x0, 0x6, 0x0) semop(0x0, &(0x7f0000000200)=[{0x4, 0xfff, 0x1000}, {0x0, 0xfff9}], 0x2) semtimedop(0x0, &(0x7f0000001280)=[{0x0, 0x7}, {0x3, 0x4, 0x1000}, {0x2, 0x4, 0x1000}, {0x4, 0x2, 0x800}, {0x1, 0x8}, {0x3, 0xfff, 0x800}], 0x6, &(0x7f00000012c0)={0x77359400}) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x5, 0x8a, 0x40, 0x0, 0x0, 0xffffffffffff0068, 0x10800, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x4, @perf_bp={&(0x7f0000000240), 0x5}, 0x18, 0x8001, 0x4224, 0x2, 0x9, 0x5, 0x1ff, 0x0, 0x1000, 0x0, 0x4}, r1, 0x7, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:08:49 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 48) [ 943.052686] FAULT_INJECTION: forcing a failure. [ 943.052686] name failslab, interval 1, probability 0, space 0, times 0 [ 943.054236] CPU: 1 PID: 12342 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 943.055149] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 943.056225] Call Trace: [ 943.056590] dump_stack+0x107/0x167 [ 943.057079] should_fail.cold+0x5/0xa [ 943.057589] ? xas_alloc+0x336/0x440 [ 943.058077] should_failslab+0x5/0x20 [ 943.058596] kmem_cache_alloc+0x5b/0x310 [ 943.059142] xas_alloc+0x336/0x440 [ 943.059596] xas_create+0x34a/0x10d0 [ 943.060096] ? kernel_text_address+0xf2/0x120 [ 943.060689] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 943.061373] xas_store+0x8c/0x1c40 [ 943.061851] __xa_store+0x164/0x2d0 [ 943.062346] ? xa_delete_node+0x280/0x280 [ 943.062905] ? trace_hardirqs_on+0x5b/0x180 [ 943.063460] xa_store+0x31/0x50 [ 943.063897] __io_uring_add_tctx_node+0x1cf/0x520 [ 943.064538] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 943.065233] ? alloc_fd+0x2e7/0x670 [ 943.065720] io_uring_setup+0x1fbb/0x2980 [ 943.066268] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 943.066952] ? wait_for_completion_io+0x270/0x270 [ 943.067605] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 943.068297] ? syscall_enter_from_user_mode+0x1d/0x50 [ 943.068973] do_syscall_64+0x33/0x40 [ 943.069464] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 943.070125] RIP: 0033:0x7fdf712e8b19 [ 943.070609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 943.072864] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 943.073807] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 943.074705] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 943.075582] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 943.076458] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 943.077333] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 943.091201] audit: type=1326 audit(1748272130.087:335): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=12324 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:08:50 executing program 4: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) 15:08:50 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:08:50 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:50 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$netlink(0x10, 0x3, 0x15) r1 = accept(r0, &(0x7f0000000000)=@l2, &(0x7f0000000100)=0x80) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f0000000080)={0x20, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}, @ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0x3}]}]}, 0x20}}, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000180)={@multicast1, @initdev, 0x0}, &(0x7f00000001c0)=0xc) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080029bd700001800000010000000900030073797a300000000005000400010000000900030073797a32000000000900010073797a32000000000900030073797a31000000000900010073797a30000000000900010073797a30000000000900030073797a31000000000f2ec210c778ed96ec12415454a2b71bf0a20e2dfe225885a1fd6235ec0aa5d77315ff6af215d4381af4484a023d3b9b9f7ce0e39e4700bacb3cbaf700ef89c1d55a2064b48f3825cdfd9248f9d0ad09b26bd32ebdc741926b5f6a8f1ea73aa8b27aa116e60e349fff472f74d866af0fe81e2e613d1f11cb000c1aab68a09eb4f32abe5a279def9db3a188d5ad14aaf1c37a0ac34f5b6567843e4d439add91f0a22fe26a3800c7258c413efd539de9308ed8f76efecba1c3157849908b509e9fc103f1435daa1cce2febd262d466ebef9b9d9f801fd63ad059e331118d85ad5cd2ff60"], 0x70}, 0x1, 0x0, 0x0, 0x10}, 0x400c080) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000700)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="10092bbd7000fbdbdf2514000000080009000700000008000800ff0f000008000a000400000008001000060000000800070098b2000005000b000000000008000800030000002000018008000100", @ANYRES32=r4, @ANYBLOB="14000200776730000000000000d85a94c9bb10699300afcb164794d8bb8825645cbf09000400000008000a00010000002d2ec1d241715e849db541afe98036b6c343296b99ebf7c187fd934d1d39631f16062356d3d8306058f43e74419d6c09beab7804288363eef5d4813cd2dab2271545069c51387d8d7f93a98e47d46be76a6902d67d7a5357eed86477d263e7dbff001236b6e10ffe22f99bc399beee791fbaf91308073750e57c29fe392b12a55cc4e1d42dd9efe7a386e2485bd2ef508484a903ebdc0bc9352eb83bd9c7dd6a544a5b1a913e194d264c"], 0x7c}, 0x1, 0x0, 0x0, 0x24000001}, 0x8080) 15:08:50 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 49) [ 943.177115] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 15:08:50 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 943.231418] FAULT_INJECTION: forcing a failure. [ 943.231418] name failslab, interval 1, probability 0, space 0, times 0 [ 943.232968] CPU: 0 PID: 12507 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 943.233877] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 943.235018] Call Trace: [ 943.235376] dump_stack+0x107/0x167 [ 943.235859] should_fail.cold+0x5/0xa [ 943.236323] ? xas_alloc+0x336/0x440 [ 943.236816] should_failslab+0x5/0x20 [ 943.237313] kmem_cache_alloc+0x5b/0x310 [ 943.237818] xas_alloc+0x336/0x440 [ 943.238252] xas_create+0x34a/0x10d0 [ 943.238741] ? kernel_text_address+0xf2/0x120 [ 943.239288] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 943.239925] xas_store+0x8c/0x1c40 [ 943.240379] __xa_store+0x164/0x2d0 [ 943.240823] ? xa_delete_node+0x280/0x280 [ 943.241338] ? trace_hardirqs_on+0x5b/0x180 [ 943.241871] xa_store+0x31/0x50 [ 943.242279] __io_uring_add_tctx_node+0x1cf/0x520 [ 943.242883] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 943.243524] ? alloc_fd+0x2e7/0x670 [ 943.243978] io_uring_setup+0x1fbb/0x2980 [ 943.244493] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 943.245106] ? wait_for_completion_io+0x270/0x270 [ 943.245716] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 943.246363] ? syscall_enter_from_user_mode+0x1d/0x50 [ 943.246994] do_syscall_64+0x33/0x40 [ 943.247448] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 943.248067] RIP: 0033:0x7fdf712e8b19 [ 943.248521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 943.250754] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 943.251679] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 943.252541] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 943.253405] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 943.254268] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 943.255169] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:08:50 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) 15:08:50 executing program 4: ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0x541b, &(0x7f00000000c0)) 15:08:50 executing program 2: syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 943.295234] audit: type=1326 audit(1748272130.291:336): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=12546 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 [ 943.838756] audit: type=1326 audit(1748272130.835:337): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=12324 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:09:04 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {0x41000}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7a}, 0x58) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, @out_args}, './file0\x00'}) execveat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)=[&(0x7f0000000100)='(\x00', &(0x7f0000000140)='\xd3]\x00', &(0x7f0000000180)='+\x0f)+/\x00', &(0x7f00000001c0)='/[\x00', &(0x7f0000000200)='5@K&^@\\-[\x00', &(0x7f0000000240)='\x00'], &(0x7f0000000400)=[&(0x7f00000002c0)='.[{(*\x00', &(0x7f0000000300)='$#+(]#{+\x00', &(0x7f0000000340)='-:\x00', &(0x7f0000000380)='-}\'\xce((\x00', &(0x7f00000003c0)='*/+&\x00'], 0x1000) socket$netlink(0x10, 0x3, 0x15) 15:09:04 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) 15:09:04 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x40087602, &(0x7f00000000c0)) 15:09:04 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:04 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:09:04 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 50) [ 957.063052] audit: type=1326 audit(1748272144.059:338): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=12679 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 957.071644] audit: type=1326 audit(1748272144.068:339): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=12687 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 [ 957.086536] FAULT_INJECTION: forcing a failure. [ 957.086536] name failslab, interval 1, probability 0, space 0, times 0 [ 957.087992] CPU: 0 PID: 12681 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 957.088839] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 957.089854] Call Trace: [ 957.090193] dump_stack+0x107/0x167 [ 957.090698] should_fail.cold+0x5/0xa [ 957.091194] ? xas_alloc+0x336/0x440 [ 957.091664] should_failslab+0x5/0x20 [ 957.092133] kmem_cache_alloc+0x5b/0x310 [ 957.092636] xas_alloc+0x336/0x440 [ 957.093074] xas_create+0x34a/0x10d0 [ 957.093540] ? kernel_text_address+0xf2/0x120 15:09:04 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:04 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x10001}}, './file0\x00'}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 957.094092] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 957.102767] xas_store+0x8c/0x1c40 [ 957.103211] __xa_store+0x164/0x2d0 [ 957.103658] ? xa_delete_node+0x280/0x280 [ 957.104168] ? trace_hardirqs_on+0x5b/0x180 [ 957.104698] xa_store+0x31/0x50 [ 957.105104] __io_uring_add_tctx_node+0x1cf/0x520 [ 957.105743] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 957.106417] ? alloc_fd+0x2e7/0x670 [ 957.106885] io_uring_setup+0x1fbb/0x2980 [ 957.107398] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 957.108017] ? wait_for_completion_io+0x270/0x270 [ 957.108619] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 957.109260] ? syscall_enter_from_user_mode+0x1d/0x50 [ 957.109891] do_syscall_64+0x33/0x40 [ 957.110345] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 957.110984] RIP: 0033:0x7fdf712e8b19 [ 957.111485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 957.113745] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 957.114686] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 957.115556] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 957.116426] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 957.117295] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 957.118165] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 957.166388] audit: type=1326 audit(1748272144.117:340): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=12686 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 15:09:04 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = socket$netlink(0x10, 0x3, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) stat(&(0x7f0000000900)='.\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0x0, r2, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r1, {r2, r3}}, './file0\x00'}) mount$9p_fd(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f00000004c0), 0x2088080, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="2c70726976706f72742c63616368653d6673636163652c6e6f6578748bb135de79149c7b656e28e86f626a5f726f6c653d25402d2c657569643d00", @ANYRESDEC=r4, @ANYBLOB=',uid>', @ANYRESDEC=r2, @ANYBLOB=',defcontext=root,seclabel,smackfsroot=nl80211\x00,smackfstransmute=,smackfstransmute=,\x00']) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r5) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/random', 0x157a80, 0x99) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r6, 0x8983, &(0x7f00000002c0)={0x1, 'veth0_to_team\x00', {}, 0x771e}) r7 = fcntl$dupfd(r1, 0x0, r5) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000000)=0x4, 0x4) sendto(r7, &(0x7f0000000100)="abdaad1f2ac74c0ec1b27843b2ea866b898236454cd9ab3af6777767f371eb5ae7f3bed15e4bc40cd8b14351fbe666baeb95623268b4f08e6604bfa180b08b383dce024af7d66286c60f03f6e4e3b9aa1ab32ff3fb0672b518f36b08eedb7f41dd616b7122542f862cec28560c5c9e47dc350ef3639823b21d2ba02f763bf10adabab8fcdcc06a78696d35f21d01fc5dfda7eb8b6e15ce56cab63c62628f1d84b30148111236583bdd983dfaf505c273186725cc9a7f88e464db40026087ad8e5ea372384b861b7d2209af9c76ab6cb6d44ce3404ff28d1d736a1057f5445d", 0xdf, 0x20000894, &(0x7f0000000200)=@rc={0x1f, @any, 0x9}, 0x80) 15:09:04 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:04 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 51) 15:09:04 executing program 2: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = fcntl$dupfd(r2, 0x0, r3) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) sendmsg$nl_netfilter(r5, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000001204010829bd7000fcdbdf25b4b6990c00000308002e00", @ANYRES32=r0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x840}, 0x18081) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 957.299194] FAULT_INJECTION: forcing a failure. [ 957.299194] name failslab, interval 1, probability 0, space 0, times 0 [ 957.300643] CPU: 1 PID: 12915 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 957.301495] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 957.302525] Call Trace: [ 957.302915] dump_stack+0x107/0x167 [ 957.303373] should_fail.cold+0x5/0xa [ 957.303876] ? xas_alloc+0x336/0x440 [ 957.304339] should_failslab+0x5/0x20 [ 957.304809] kmem_cache_alloc+0x5b/0x310 [ 957.305314] xas_alloc+0x336/0x440 [ 957.305755] xas_create+0x34a/0x10d0 [ 957.306222] ? kernel_text_address+0xf2/0x120 [ 957.307274] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 957.308935] xas_store+0x8c/0x1c40 [ 957.310095] __xa_store+0x164/0x2d0 [ 957.311278] ? xa_delete_node+0x280/0x280 [ 957.312564] ? trace_hardirqs_on+0x5b/0x180 [ 957.313915] xa_store+0x31/0x50 [ 957.314947] __io_uring_add_tctx_node+0x1cf/0x520 [ 957.316455] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 957.318168] ? alloc_fd+0x2e7/0x670 [ 957.319325] io_uring_setup+0x1fbb/0x2980 [ 957.320619] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 957.322204] ? wait_for_completion_io+0x270/0x270 [ 957.323734] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 957.325420] ? syscall_enter_from_user_mode+0x1d/0x50 [ 957.327066] do_syscall_64+0x33/0x40 [ 957.328227] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 957.329824] RIP: 0033:0x7fdf712e8b19 [ 957.330988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 957.336883] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 957.339277] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 957.341552] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 957.343830] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 957.346055] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 957.348349] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x15) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r5 = fcntl$dupfd(r2, 0x0, r3) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f00000039c0)={&(0x7f0000003880)={0x10, 0x0, 0x0, 0xc59577a280548106}, 0xc, &(0x7f0000003980)={&(0x7f00000038c0)={0x90, 0x0, 0x2, 0x70bd29, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0xc, 0x8f, 0xd5}, {0xc, 0x90, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}, {0xc, 0x8f, 0x200}, {0xc, 0x90, 0x100}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4c090}, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000003840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000003800)={&(0x7f0000000040)={0x37bc, r1, 0x200, 0x70bd27, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7fffffff, 0x44}}}}, [@NL80211_ATTR_CSA_IES={0x3758, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_PRESP={0x14, 0xbb, [0x11f5, 0x877, 0x1ff, 0xf801, 0x3, 0x0, 0x20, 0x8000]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x16, 0xbb, [0x7fff, 0xffc0, 0xfff, 0x94, 0x20, 0x8001, 0x4cf0, 0x2, 0x3]}, @beacon_params=[@NL80211_ATTR_IE_PROBE_RESP={0x14e, 0x7f, [@mesh_chsw={0x76, 0x6, {0x58, 0x7f, 0x1d, 0x7f}}, @dsss={0x3, 0x1, 0xa5}, @perr={0x84, 0x2, {0x3f}}, @tim={0x5, 0x80, {0x0, 0xc8, 0x1f, "25f9c39b66aa19619dea3032cf929f0b0aba73e151f3df73718fd6c8bb029a88dcb5ac5a69d66b20ab5e345711410cce049e3bb7240daf67cefbcb84ac0e6f68f537f9192cb0963d977dcdad09d8c4313258035531f7c41009a3a7ceaa863770e61f8f0e1497826183d1a5a8da9dc69a08ad5d3340a51a2e1ff0d3cb8e"}}, @fast_bss_trans={0x37, 0x96, {0xa2, 0x3, "d75b2be6d5d0cacf8ed1a327eba37d17", "eda1bf9a7e51415d3a63655f49953415e119a437f5be48909ea5e01f00441a1a", "eeac830f4ecda7a5aaac94141e20dcf4179093512af2fe9d0296528f6886fba6", [{0x1, 0x18, "8b58630f5e2e23f2bb9ea85e95d78f7f2dc2c38252ac5b93"}, {0x3, 0x2, "b016"}, {0x3, 0x24, "39f3a0b10db4fda20eef7cddc542145d4d43a5b34ac8647b88ad472e7de65ae00c4b35c9"}]}}, @sec_chan_ofs={0x3e, 0x1, 0x1}, @gcr_ga={0xbd, 0x6, @device_b}, @peer_mgmt={0x75, 0x8, {0x1, 0x7, @val=0x8, @val=0xb, @void}}, @mesh_config={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x8, 0x29}}, @dsss={0x3, 0x1}]}, @NL80211_ATTR_BEACON_HEAD={0x22c, 0xe, {@wo_ht={{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x2ff6}, @device_a, @broadcast, @from_mac=@device_b, {0x8, 0x3}}, 0x6, @default, 0x10, @val={0x0, 0x8, @random="255a68ef788a833e"}, @val={0x1, 0x7, [{0x48}, {0x5, 0x1}, {0x6c}, {0xc, 0x1}, {0x36}, {0xb, 0x1}, {0x1, 0x1}]}, @void, @void, @val={0x6, 0x2, 0x7}, @void, @void, @val={0x2a, 0x1, {0x1, 0x1}}, @void, @void, @val={0x72, 0x6}, @void, @void, [{0xdd, 0xd9, "f435e6e54214f706ae386ce36c7df72da37daad67347b8d0de444b92c40ee094357401d2becb44a73b0c6c9a7c90a54e964aa45c63d3116a84a8d5b43d6ebe6437eac8623173ab026b7faea84efef11ca6a6f68c62241b361bc815789f926416956bc36d76c5a8545ec9a8f79d3732bcac37e82122eb0658d6080bbe440ddd70a7cbce4ce524b49777b42b0c17632d0155c6e8e3e0131e73a878dd08b98828b68bb63566a6772402cae1b367c774cf529c95871088a5fca7a40febe753ad23ec7b059839941352c63993410fd5b1e615c61cba2ca517029708"}, {0xdd, 0xe3, "b7e9d64c60bde1c496fb04a43c99f2c24722e80be698c9a68d66deeea9ecf858bcb0cd29d82b0926cd648f099ab9ff0e5283648f6a2e2887964fc9f5a8bc28e8c131bf0c8af1c04f89bd101c4b67f192c142f53a7441bf369b605751b1b18e855b3a41094be84172cd87491558c5274834e5015660ebf90dc79816d9b3dc0ad9ac9b2dfd38a5518242987983cc0232ba83c8a72db833d27d701132af21bd8e138f3c66ae653c160f251d07b9f7902c4dcc110630bb3c50381f235f02ed1cadf7066ff9c9533a5a6278dfbe006991095bd54dbc10a753852070333be6fd644baaf369f2"}, {0xdd, 0x20, "ebe490370c5d96756e1e7e191c18609c04e61c61ba7720a282ba9959ef25a1ed"}]}}, @NL80211_ATTR_BEACON_TAIL={0x1fb, 0xf, [@supported_rates={0x1, 0x5, [{0x36, 0x1}, {0x3, 0x1}, {}, {0x16, 0x1}, {0x3}]}, @ibss={0x6, 0x2, 0x1}, @measure_req={0x26, 0x72, {0x7, 0x7, 0x1, "83f095ec795d250907ee71644f7fa23ca96141574cd4682f76cfe6ca5b8cb8d609c302b13b8151c03b993f3ec842225fa6f68b46d03b21bf9ec4111fc07756a4c9d17ae37bc4cafa6858c71894f7c8635cdca1ba059049b4b86ebc8d580ba3358bfcf90a9979e336888c61cc4469bc"}}, @preq={0x82, 0x3b, @not_ext={{0x0, 0x0, 0x1}, 0x20, 0x3, 0x2, @broadcast, 0x5, "", 0x32ea, 0x338, 0x3, [{{0x0, 0x0, 0x1}}, {{0x0, 0x0, 0x1}, @broadcast, 0x8001}, {{0x0, 0x0, 0x1}, @broadcast, 0x4}]}}, @fast_bss_trans={0x37, 0x6e, {0x40, 0x1, "cd5ace00eef912b2ed0279b629c5acfa", "442b3554d64347223b8e72623f7a7a4a755bf15be686ec1de1b513ae52bbe4ae", "5929ad4487642796a28a4890f90bfeda3a471e20bbdf22183d85ffe1ef0cd809", [{0x2, 0x1a, "ef1024b4ce678beab446813a0881a916b054c23a330482da17b4"}]}}, @erp={0x2a, 0x1, {0x1, 0x1, 0x1}}, @mesh_id={0x72, 0x6}, @random_vendor={0xdd, 0x6d, "3fd6e43a7c66012d4ce0518915794ebde0d52915916519c2a4d8a78c75719723f4c446c1cd09540117e2dcfb398d7196671c864de8300c18c8a9583fb8ec2447d48bdc3544312bd650877392ef00c3328c45013468080d69d3e74ed943b5091791ae8046ec4ad0feaa5c7aab6d"}, @tim={0x5, 0x4f, {0x9, 0xa1, 0xbe, "7e311f108378e7d4a8dec9134b97472a48970e4e63e9a5f528cb52641b675aa2e7709c10b9a0a57b6d22da4a09952fb7f671294fbd574b25d81161c4c06d6a78b32099b1e8632ddef917bdc4"}}]}, @NL80211_ATTR_BEACON_TAIL={0xd1, 0xf, [@measure_req={0x26, 0xb5, {0x8, 0xff, 0x5, "556fff2106dcfe83f02c0745403b98580e89c888190e394d92e21fdf296b3559d06870ed347bd7cb8b4fa9428820bbcd273cc78b1f1acc38d9f4b36c1cf950b225b887b6f86703cc1560f46fa7c1869704bd59dffa71f202f0ce7209d68cde31e5c5878536b04a5c22b044cd9575af2868b463b154b8fcab8b396fa8c99fb614d33334558213d538ac95b801f8470374dee7d973db84545bcaf3306dd8cc3089a1e38d00065c3a4f941ac8884e51c8b315c2"}}, @challenge={0x10, 0x1, 0xf2}, @mesh_chsw={0x76, 0x6, {0x80, 0xf9, 0x0, 0x5}}, @challenge={0x10, 0x1, 0xa9}, @cf={0x4, 0x6, {0x1, 0x2, 0x3, 0x3ff}}]}, @NL80211_ATTR_PROBE_RESP={0x7eb, 0x91, "9f8df28af403b807f0ffc5a132c93a92ffe36153e4faf3001f9a625499dc5c1c03bbf0add5ac10b5bdf24bf181bbce50ed40a5dcd8db7319eb284570a1ee882ccc579414518b30984e602aa1aef11219ca6c3491c0c805d720eb60dc9cdafe09f000e9ade2c5b4b6aadac608721c721898a5c72bc08fa0916bc72dcfd2ec2fa7cf496590426186290812dbb055b494b43b6a314b696c0f98bd5a05d0d7770cdce1f8846c5ba159fec3c5515875f5cab56e1511c5f1320fb7bbc1fd3da26a8ce53fbe495f9769a6a4bd9283f48a6549760914ad5d3191ad8f2ce3893e9fed778e53f34e482b81d4179792821ce03cbf005d38ec767c41569e2e3136b362b036c5a9ee3fcb85c3f8014da5da96ab769014127336d054084e504f1b485cb0802d2437f50c2da548165b5bc182d3f1aa96fdc27f29128820b6a6e574e8bd1bd179259c1219b63d9d9ce08363dc650953d7ec5aab51acd1153704289bbcb0951eb66709ba11b40b75724548199eb64c9cfb05e6ef84dad9e90bf5f24233d5923ba48b27d2f3590edf6fcafca121fe3842d96322a614f0dfeba30e49c4e003ed1c40b3ce07a30a401dd82c920e0d2b885f2d0443e5c49acd501001c0495d5616ced5c42761170294643ce64399f3e3022aefc3968a1b6b10dc363c1a6cbaeca8ed179d2e06c03997a139772fe2f75c72d442faa1292bfbdde383cc5f9b076103bab09b84b294b769adae2f6b5fbbd796f0b13c22e43ed4e64e4c46521559ef58adedb6c1ac733a39e3ffc9d1815061edf0fadcbd7708fd533d99bc93a6a31336765c6158aa1c78fa1a1a43533ce44993e028f9f7726f7395f92f5d3ce8ef4273a67e777a4c3645af8a1d2703ed3cee79cfb1b54b6a0ef5affe7691dfab6d3792a8b8ffc0d69c5a86e99ec9e73d33b491608c91ccccaecc3581f85af24211c3edc06fa6bbb7bb667c1083f16f74668ef500360a1f039963d346f4f917f2eaaa0587691d052d92a6608206badc8652d07288e76d6aee8dd89234f6a7ae7069c5cf31d1bf0cfc1a5dcd96053f4ef51d10a03da252085f512aa5a63af6d135b3cfd37eb023f22695879d37e14692b0f47c56cd701fb0967786ea796469f0699c5d4222d6f0fb6b44d53d8df20ad9d609e355a123f6cb6f0aa5cce6722cac5ac0f04f657f4ed00bbf337e2754314f16c38450f576ba9a452198b951b9497489f046fac9a6d2e8363ef4378efa7c02177e9ab803ba91eab01d8a4dfeda6c434b4aec6ea6f4e8aa5797b33ec55ad153617e5ee129a57b7ee9e9247a3d8f833dd0fb4f850a8628a4e583eb69d1627cbecea71b16c5adc9510c638c7bb314ac8c2b24fbacab673fc531b8a4d8458b3d12b5a93746018c4f0d89076c906b77f8fd0f5ce40b17140f405e489bb701fef249d06fa108a895f46521ecfa4870a54f032ef90b2ce1f07059ab6a92477ed2cc05de603b2e0182f409b7c062d8ae38a18ff0060a4b2b929780c8990bea265fa703e34c9e8832e66d7b17d654b274c90d7694c2b2d16c3f51fc8ba9a147065da20ea4b632c5915f2077fb079c1602f4b3cd5677c73e0090fb6c2efd8b45688025a82f618637ab05c8b6260b254383d44d925c07d647a5ba7c3e5eeb566d4dc8abed94ad37dc6983b15fb355eaf0d781ee77f675b4d53e8afe269b61e33f9580e3c0221a8e30ae037d9a145918e5992e9f64ad101bc1953c27168752131798db1899c91a9ecb5d60b2a9d32667a34fd76be880ed3cdfff004c26a9e38d552e345f3631c4ed4597a9e0dbee2a7d1db05bf0345b935c62774f50ab2087680acc6215c369bdee0b63eb1074f20e3ed83c77eabfef8866c2971f87229c5e20e4de681428e1c079933399fd850da02b40e0ce0e186da91bd059f1f2699574a4ebb7b3180394a463ef73be47b14eb64f4881fd2fd8c1738ab076b552470d83a4d3f7488764c1d2ce94ae204191e4b4e705aad1708e448da4a90d9c0133fbfc48b2358eae239b3f5c776b9c85ec4803b73de0797506ad84fc9c5cb853bd1fe6d4124509d0043b7bc6aa4cf9244447331b35f9def56db0691458d680ebb4d90990a6e01531b7e247c91f7c2627d73312a011f2051e63e4b58944bf460b0a4187642cfd202acd66decf65857a7e360fcd5ecbe5b1723032804af7ccbf4ec55fda934e802c1abedc76aa221040a05d0fad031c1f78ef40e864699972a2b0412c96e78363798aa06926ce674fe72c112908ee8c5cd7662484c6cc90a842d95bcda9582c3ed317de870eb1c4654d56145590bd149106b746fc9fd144dfe418f21ce0fdcd1a4e020d39fda28b336bbe0a086f5b520c98d8776bcc1efa2745a1092bf09f0e6551d554dae315d68f7a17180a50aebc7b430442e64e11c9b7bd991095ea4abe9b838819bce0498efc7c2f4fc4bcfcd606f9d6267c02bac73a47655341d37983b51e8725ce37a0c05e9e3712bffe4c147b2da88dbeb98f6ed9f96485c28a80edd99df3b2111b92f2c870a6be5f2c783caeeb9821431bb40def84a11998f30df34cc972944ac1b0f8fb495a621e77bf2c7d1f91c7cff7383f5e375628af23c49cf73712b85b862fc7fa254c8468933a365bcf610a8da506cd679b0dd5f4b75d1cc1bb0e97e8720c6439881ec8864ac708882f087272e4712913b6f9779cbe9b8a77a6ca2103eaaa342ff0590a015ab83945050ef2969fbf3aaaba8d5a6828543abb20c1ba38e460519425cbafaa563080dc736942fef6b36fc782e3ad8dae3b6570934699e6493d8588fe6fe7c7e532ccbbca5b4a8d4790bf434fc43cd36990f41f8e5d98f94a9769e77cd94a0828d8245526acccb372e1ae5d5fd2320e08b182a229"}], @NL80211_ATTR_CSA_C_OFF_BEACON={0x14, 0xba, [0x3c0b, 0x1, 0x100, 0x7, 0x1, 0x2, 0x400, 0x64]}, @beacon_params=[@NL80211_ATTR_BEACON_HEAD={0x311, 0xe, {@wo_ht={{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x173f}, @broadcast, @device_b, @random="0bcdc0375685", {0x1, 0x3}}, 0x8, @default, 0x80, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x5}, {0x16, 0x1}, {0x4}, {0x36, 0x1}, {0x5, 0x1}]}, @val={0x3, 0x1, 0xd}, @void, @val={0x6, 0x2, 0x7c}, @val={0x5, 0x2e, {0x9, 0x5, 0x6, "393d4ac3cd6c28da4239b88d1c6aa0f18cc7c5b24d1bbdd8944730d3c32b0259ccac2fbb9c8df706c86417"}}, @void, @void, @void, @void, @void, @void, @val={0x76, 0x6, {0x7, 0x0, 0x18, 0xff}}, [{0xdd, 0xfe, "b46bda6cf382a10a45b61da56cd556d000486d680abcc737dd245a67045a9e1f7725b0f9bd33b7c49acdeb3b952d9f07efaeca0bd215bb3d0e5495c9ad1201d79460b5c490ba840a6e22eea7dfe39d6afa11e9ff6a10b047ce0c40c83602c82b64227eea6df562461666c66abcdc225c65b9c0ddc32ce93cd3f1151f4239b6357d4323659b19db1e3aeb14d9331c1f336eaa2facc06dc173776c20b92db78d69ae90b13607e4200a0b9e5b67c4d6c3d9ced0b69533f8d8d43a733749de2ce3ecbd0dc3abf2e780fef7522aaf6f34076b7d7eb85dc1f5016977bd4eb23eacc569d9e47a372f5b6a2713b0df6c797d643711f30d22048bbf2335c00b415381"}, {0xdd, 0x3b, "e7288b3660c9a0f42e403af7a81141e0042f173f5c129629d414b59fb76dbfb87c22b7703394eb8c04d1271a773b4c7cd6f7e308c5e43a67c41f2f"}, {0xdd, 0xa4, "9b124e9477944cde1ca45df93600bbcaef82b08e7b69c4f94150ec12c243e8a89d710fdad24d1d38b71a104263c6951b4fa44c20b3551c140289c53d3a7955f3d7c2ebc94a181360a0dee98d0b8e2604a5448374b07168d91275bf87dcc29027ab7c547d4c4f14f00441ab5961d15f21668d36df2fd9217d6740ad8c4051e1dd454283e5bfbad2d493d7a15aeacf4cb001c39e40494cdac59cb1c7f7a1c8d43a168d544a"}, {0xdd, 0xb6, "aab27b980294334421cdfc4765139032deda7b0803d1be29387df4308a47604f4f8c8f5d9b4e7a0b0fecce0ed8b553fb1316bcb106d581277bd56ce25dfcc46e18af2321dadc1ab7fc2c6e400127f1186ad161b67f58d7e3c1ac75f14ed466c58a11ff0f3057c1e8954654b6bd100f6885410194c75ab782587f5b5d1c82fe0bcf3ff86d927f979ab9a8e5de77e58e155416dc747747bd64b492755445dde60de1aed07500d267195ce3858df69b60d3506ff573b33a"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x15, 0x7f, [@gcr_ga={0xbd, 0x6, @device_b}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x9, 0x34, 0xff}}, @sec_chan_ofs={0x3e, 0x1, 0x1}]}], @beacon_params=[@NL80211_ATTR_IE={0x1144, 0x2a, [@perr={0x84, 0xe9, {0x71, 0xf, [@not_ext={{}, @device_a, 0x1, "", 0x2e}, @ext={{}, @device_a, 0x0, @broadcast, 0xd}, @ext={{}, @device_b, 0x0, @device_b, 0x33}, @not_ext={{}, @device_a, 0x4, "", 0x1f}, @not_ext={{}, @device_a, 0x0, "", 0xf}, @ext={{}, @broadcast, 0x100, @broadcast, 0x2f}, @not_ext={{}, @device_b, 0x6, "", 0x9}, @ext={{}, @broadcast, 0x401, @device_a, 0x34}, @not_ext={{}, @device_b, 0x7fffffff, "", 0xd}, @not_ext={{}, @device_a, 0x6a60, "", 0x2f}, @not_ext={{}, @broadcast, 0xffffffff, "", 0x12}, @not_ext={{}, @device_b, 0x100, "", 0x15}, @ext={{}, @device_b, 0x400, @device_a, 0x24}, @not_ext={{}, @device_b, 0x1, "", 0xd}, @ext={{}, @device_a, 0x81, @device_b, 0x12}]}}, @measure_req={0x26, 0x1003, {0x5, 0x4, 0x5, "4a002ec84e78bc4c45ed9112f84fc3282ac6b1b99774433c3b6fbf0fa363bbe69484fd3e094f1fcc85cccd78fe238e6e273a063dde578d75187d970518c0a985c6458a336a809114ccfc2c59b276c52a5fbb6b3adb06a66270acd260882a4a43a0204d9d93ff379c7854286f06075dabac1d1e75fc09646037bb868612e1210db910022aca73a2b0b2781d6c59ca8fe87d1b12073295ef84eec52b761750e67e9e2f1ae18739cbf7c0c41aede93de83331c9b2262f880083f462979905737580a52722b7419f132ddb4757a34766f2190d0825ee2a14f36e80f28a944962354e68dade661673bc98a42f31c7c8bd450910e34ba87cc7b75aab93ea469ba39fd8115e841886a5844ae70f675adea9abfaf4cf8e2564ae4c0dbc3a61444c17dfc1c130c0f9be026ab68471d3267763c3b60851ea512566507b8a974f410761bc19f4b04727890293f509e784af4e3533e7c8c548eadc5525a0bb51e9edf6d5fc4758a5a26f153e2ea062f872738b471252ec61dd4da96f80c3be97f17a9e53c80a7b0bcc9ce2f4baa14aaf93f64dba63241407bac9e90aacc73ab240c5e6d32888b677aecbd2ce69e99057ac8deb21da7977f1545a0178ffa4872d36ee06721d090a42b32b58b1e4410277a3bb92daaf915345aa350aa2c5fceead52a72820f73f1c3b8667e29becfde8f03559524b2bf987ec6554c2f5845d91b73c54f8ffc3a07a34ebe19195eab73bc54087d95a9c51097acbbc662970cb925aff0b64616f5f6925ea93b04ded3d0389290bf843005e420bc435aa8767a179b8baf9d1c7cbc02239e923f32bfb07f15aeb357c2ce0a649c759069df23bd3e862f2c541ec467ee7f68e966399a26a8d4d63e13db9fe270e0a5e39e4587b6a0f220816d7462da6d6e9a0e69dc83b06908b0fef9d2dc1f0458148aaf46f69d31fe1b4abb7f7402a699f3b24497a1e79c3660cf23bacfe884321b18ad27831d99562b735b735657a99c48fe759391577f8b09c3df5631eca2628b7af34bc111bfc89fdb69db3e868a1567075a9ad5277750c1aab72b709745a2e42b9fcd120dbc213664daa38c9c929a1ceed8d8eed4522aba52692e132f46a2d5b1a699219df1ad35f46fa4edb42792b310d5b7a574c13eafe4771567a7d688e1414a7a3bb6d2f8d1e726d2d9169382171daa867200cd1aa8082b717d1dba36ee265eaaa85a79bdca086d91c04f104cde0dfac213d22e24fbcd16eece73a4e751bf245b0a65ea5ef91b0f91c7bc057ce031d3c4e0fffdbe2487f799afc35f8c13bc64ded44c69ddfcd17505a47b5a08ca9d1ac886572baa39103e0ebde08f0b18a177a6f1adacaac5402c838f4572de591c6c8011893d208d6437cca8752dc77123856dafcd30eea2b3a90be6e99d5f2c59aa4ef5e5ccb8f7f4b7100d7fd6f5b1f597f56748d29b5d1017f9b40bfeb09fa148866bbb0326fa0516e85b241bb7dfcd0658d3274725999ac99afeb3d361d58b3cb4ed31b57be8ef120a9e02e8724613caf207745fa65922668689597b8eef5f7b094a0a35d65e771be992718569e7534d02dc4b1c40eff79817ab74b108e5073fbd462c06ddc6379e1766d0e6cd08947091dedcf7ce25a2132de4c51603809cc4032edaae8cefa89f3f97bbecb1b03ada5a4f089b895dc1a47455a1f6ee1e42ef148f53520881449433101907df99347c4e75b4dd5ad68d3f02669c6ff7e48edb01dd9a8272d8e92bcc65f02618c1f761f446b28b5da1fad89a9715e3b7c5eaf0192e18c5f1ed9c96851afb31b1d9db90a0dc27d3d803b3742b12b419caa8069d39ecf37f436a70dad7d2383e19d93cd8db9405113eaa45887d4ff4c054b6455097b052b250f968f10b7791165eecd8c70dd6ad0a555742ba509118184f7990be90298ec51151004de71ddf0c6fba7f2c9d16f63b7c4b292aa886250ba248b03c2bd72e75c6934915ab46f22786ca8ba0515b47c93cc225dc8bcb8e63a9edde4c1616a00ba7a2acc78ad5bb4df744cb170fba01d38064168b78462b3df3df6ac14c5b0c133381793311820fd8e5047cfd876ef9111c10fee654823065d5dd94068010a3e9d927ed7bfd761b73c1b718e9d577c7e97b9dd87af3787b6d064aa5cc52e43470bfe5a984786de69207643ab9d45597e6c2c352a24af075040c4ef494270807d20cf831b2321ba1bf226c2fbd8ed7899e349386f45a1d5516973635ccea64c125aea2d20220e26dcc31883bb30064f1415504a274e7e504e042b88717cce39366025a0e62c7c0681dda45018625d8fc2a123168f9f1e31c9fac1102f598482a2d3571520175cc91ecdb6f4f191f532e541f616ce4046f1a53fd11f7409d8310b3a22be4307a8eb3f0a9cda8c0539a764664ca092350e4514a3d56bfd45119ffe821f77ff01df9db8525571c7d9d97774cf33b1990ee964318cdec343a43b375c6d743bf064d3568fd6e6a4e35d56d18621f7b3b0b50b28c1f045e7b1c18b01644d9143d1802af552d2d4124f00b5b8fbdce719a1dda2a64d4b05a534f4937a79078176785b253f854ad40bb3319dbe562a88a273428ce7b9993b147319b195a0c771dbf436a4a336de89e983a03ace02ed7997b7ca946d615922c8854e1193ae32ee19b279fd326c6ba1e5937f3f4b77b69b5ce39858bda22c5e0d23b7319484f84830c30dc3a213668d8e9de999d5958c77b09df417a8cf69320cfe6c962057f4d7862685ba5757940d5d905173a9d660af4e634c192a7037a4a7c48e9d25f97976517f0413fe0b0f4bc834ceb57456c234b12188642f57dddd5834844cc1d3de04c40c4d7d0bdd9d3499c95858b7cb2990d204ad1cb9912eb3cb6644c7578b014bc42b5e10c008363df657ac61a8396b8ffafb55e3ded590c9802715b176eb34f47b4abafe9f349d92d47eabe4248c3b166fdbc07f2b9ce2231474b53bdc5be8a85f624ba34423d40ac9b2ca95302d5aa5f98b2cbd5a749b88e5afb2e381d9014711df3da9fd8dd89ccd65caa790ffdb67193d61814e73305beb270300bc6c4639b67f045273b0c9ef59e51130cb78cd31b77565e2150b86cae95c4436ab2f80b998d2ac1bf36ce7eded3d04bbaa36a83effd4a5d6085b821d7eda5e8aa909fb01967be0529a071487bd09211e5fc71c8f06f19d36dcf9cd1f7a21b9505848aed855c87e5182fc0ed2cfe929b73102caf5d205523f234baebda8a2a28963f2ede7d4d9ad985cc42d0840d0a0eb2cbdd8a1ddfa39a32463dda13a3c684c602a59e28ffbdaf39b302a02905a018c26461fe58e89341e302c1361d578b9e34192007607d3ae170f0183870672ca87c2fd539c59156e74643469bbbb8a3dccf97ebf9d7679b522102d49aed8e6646adf5ec11ae9ef81e3f649927ed1c1f94521988051e07563a00698483c0f1dc5c156e6f5e9adf80cec0c0decdd627297a7d093eaa926ee190919f395704d8997123899a818706266197d4c8eaf723c4e976add25c2f178d2d84274fd68b0fe19aa0260a457e42ed39ef5c76521ab743bb6a2580f4c5313b53f4942865bbd64ba8fe6e4c05e7549df2720eb2f1ad03b804a0f25da501b57bfaa97b8580c4dfa164b5fc3a23b4b20f3d7099368d4cccf6ec5e4a5332a21e20d38af34aea6d609f2dda3225e0a04175f094b790e833615a6c260044ae3f2db073ffbce60ac2b2ed171ae6a23d37bb5f068a83db54fee4b392213c34817c8b7252e7c9a71601368ece505640db999cc5d94f8a0f6cad6ed97db5614533c65a3ed211894db67fc7ca51dd25cafef2da1f48e3de9bc5cb1c458a11c3f8e544bf89c510fe018b6902c07c8d42b38e33452ab747eb57c7a20006d18ec3ae0baf7ae0b64a755e85c153de3df9745453e0052fa204c73cfe88fb3fed517499a5bd7e981464fbeb6bf07bca4072f6f89c7c1b9f5ca4bd00d70b8019a66be669e58312165d39308d81c58d5f72a80b764d924c12ec70619d5d7e6ac85c0545ac538b62b738ede1d1a25deeeedce8d0035391cbe18e9317c5329c790594b2551fbb3d38368e206594bdd6d60ccd7c52af91ce8441b2a8baa8b094fcdb734639b52f7ad284e4c2dd546f5208e3666dfeb652611025b4a925a3cac9d7bb54c105f479cb574bff8c522a28724d77abd2175fae1c699c21e4d2bf6b1e0b55fe6b0d2d3b6c3dbb80390c171c3ce7b4b1b9f6fdbe769ba6c0086799cd340cdf8014693c9af5dea75bba1c7635561846a4d76ad54caa9799202ae3ad3ba1e0e820477179725b363f300b994b0df05557554bb0c324754e4d68e543b9b19329e63759a1918afb6dbc20fbee1415afa4f13d2ff677e0fbb983be21f22b74a59a66c6107a5795652f79a713c038286d5ff578720f9b2aa678ac96855443fc69a1aa590269c4d894dd1fe622cb8d8118d821f4030e5b070fdb3aa89ce35741b19eeaadcfd9f7a1574a7efb2e3e3b6d903651916f805d79d18a00057df95aa12c48e541b0b131686081e3b0b7f410013b58f59586f6f694cb3157d0b71d3a6d99ccb9adac26b58ecbccdd9beecaed821dfb1260e51d3a64f6cb344614045105f0e089e5fdee787a49f8fe8e99bf7d9b03c2db3fe66544c627bba7e6d5c98913942f860c161c9e9ba6d979baa968aa2cf36c42c54612607c4c6a7f230ea76f061a45ef691944a607e40f035e66e6cf12c463a6738a0d3fd4d02614f40c43a5b615b6767000de02276bdc7fde238087fcd873c8604a74ce379a84d18e6e40cec113ad4d56ed0ba548a94e9d118260c0347823e21d400af640e42439b4a333928901227e8dea6ce3ee29262863e91a652ccf010182b9362799fd7a26ff5ccb8ba9d8689256e71be3e8ec88b2edf75fabb8801b15ce11c414d324521086c87d26ac7a30fdb7eaa6a233dcf1cf78465bcb1143969a25f04bc884131d8f8656878b827ef97e689aaa3ca5377baff7136863a30ed456e7d4b440e99a6fbda7b43d7a4762bf179c35daef002d63bb34390ff1fb611bcb681365cabb05430b6e9d58d3b828596abdd2735ddcaa07fab82f15b39bfddf07995016f32ca38acf0bb5f0b4032f93f3badcb69825b37771df107278fbde6c5b5dead61aacbf050c9ab1d0bc29ddb0a41fd1c3f7297dd9b4ed17a94ebf166af29917a0301a96e6a772554c22535e6e6b3bcee195f1bea05525a2b749422df26fae84625def97acd45a66049f1ab735d7220d10db8cc977113acf84e3e909cdd1046672468a51892f48323b5c155a3a642837e69cb9a04448434255fe3f84ac34f0b645bda21f179a5c5bad9d8ca02e445a0ff7fd1fce9208adb481e51bc8c08aedf8f8141e3f37712df07e199ffbf41617a9061ca17b7e10659bc44ea5906854ae933c7faa4175446251737d8bb81ab9778ed8f48687e2eeea298adae1b34aba5fcb0cd84497de4e0ebc802ba48c87b4f587d8814d25a21968bb338bb7c5fad3da10118ccfe15b5e479899961d2b5468617a8971c18638cfa6035bfdbf962085fa3242304393fcfcc38476bf68f505d40bddbdb824199a350e69146ee6b704d1f5490ec66617c3945169487d6ef8a472607c9689c9cc078af7dafe01679e8f9611a6db5876119af58f8b8e45f7864724ce100bcaefc8eeaab1b9027fc4494c47a4232e3780ddda08eb76e4df0f62032a1f6daa23d6d8477b8376c0ca6c8db1b10d902791fa99e5815569403bbd845b276209dce100a6e215787dac26a9ab01b227dbcdd941038c04e8e2c260c8e68e103f5535605cac00ed9abe2c84b1225240b9c3475d07a407793561a50"}}, @ht={0x2d, 0x1a, {0x10, 0x3, 0x3, 0x0, {0x7fff, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x1, 0xd4bd, 0x5}}, @chsw_timing={0x68, 0x4, {0xb1f, 0x2}}, @erp={0x2a, 0x1, {0x1}}, @ibss={0x6, 0x2, 0x9}, @prep={0x83, 0x25, @ext={{}, 0x6b, 0xdc, @broadcast, 0x2, @device_a, 0x82ff, 0xffff, @broadcast, 0x2}}]}, @NL80211_ATTR_PROBE_RESP={0x8f4, 0x91, "e502651d66060f00ddb55de22a4881695b92fe621230faba2b0270d01c1b1be71cb99bb83ac91e18805eb81a264d3ce1e6bb45b61ab2050ea4d39358b556f8de440573299c62a57a3d9b180d41f39ea0e787789854bcf473ed101f5651b8ed67502e77f64466d39385ba924df76ac40a1b0671ba9bca52dc756c0d61a661fac5d1e15e1474165d5df90c02f2e9efb289fb67a2d99cd38f591e4eb0b56cb9c2a4634a9731f881ee10ac5265d01d26e4b54dbcbbc59f37bc0d7e9c8d760c350a95545e4b6b8999d61bc14ecaf44ece2271c941e001dc841512e9ad4ed895e84dfd038a115d53be14b5e69ff6fa033c57cf6b868c9718e7ea598c656bdffae3cd1ba15d1a8b34c9a0c83e83332624684adfa26744fec1b6eca146cc21cd304a9c1155c2f37a9c58478e4202f1fa184222e44fb8555b30ea46cdf996d7a0148767aa966e1c5f6673abbdf3044cf7cb0138f99af3010213487d35a139dfacd1bc35d1835f955538e37362c1de063f89f3aec70a8d9bfb6efc9d40a02c836d690843c7833baf1013b021e7df314452141c819793e1ebcd36cb9d372063a6b30d0c6d6f679077db99ea61bb7f2adc199770ae16fa68155740d12dd1d8f7648af429c2182b1e37fc3c328dd75e533a40904285aa11765a4fe9dfb1491ef3f6582c4768bffcebfcad36795e796a9894bdb107849def1e2e4c264d338d5e36128666cbf9cb23b2f6d5b18eb7d8cacec6fceddf6aa61d8e02d3768788334a6a56b2f017a977ed482233882067dd73beb5cc792b355a249c60cc14c8a585b386bfa73a3e168c58834442e554b7cf3f77875cca0b05c18ae3d319c6e6453961c9cb7484cec81dfb0010680922485bebff1c0af55325916381c2a886339d9f6531ae235aa5daca80a546d5c48c151d9e5946a9bba5e92a83c9f2cac318bfc6ba728afaa90cfbc69d070b882fdb46dbd33970e8a6acac54f6df28cc988e5e4fcc9f812ed184d8fe44725f59bd1465b28b6b455cf4b934de1f9dd8d2c68f0e03436bb5e1a18b07568c708acf65463daa5520e5df48ded064279fc49881c5d27dc71a4e017674abe7e8864f26cd155ddfdfc40630ad4a814688df78950c6d9c36745744d332f775bf0469fa8b6d4ca24982145ea581138873b8cd4afeb89e33508bc2974bb5c62838e536fab38a287d8c25aa81c2e3910e8113e51b5d29d0ad4334aa5681409727a61fa46f08e366af84bc94f0f0dccfae6b8440fed11ff5c48f280dcc4c5491657b5357fc5f01cdc2dfa2572bc6667d892a82d60176bf0b590eb376fa5a31234f80989f28583d6fd5b2cb066a55fce10595b99f0a1ed1ad11e814b3e642a4dc7e30b38c3561af0cf11f2ed2de0a21804ce28ce06ecd565b5405df0fd9ae643880b71aceaeeb83e877ed3488bec9fe23239a38783dc19b037e5e0efbd3f3ecb54e37f49f7b5d83e38152a8a334e671248aa650fdde90f7fae636d7444efb597063ac64bfdbb5c89a44fa89af97d515b7a286365fb8e36b1e95c03d786d8aecead3855eb47b807717179de81f7f49523964185613832100beb5dcc23730e78edc5d313409bbcdebe1a87711fba64461aa3e45352178e58f6c9af9ee1347e10786469bb3a77387f186d3374eded9457789ec8918b4241127a653756661fe66057d0ae2aec718e7ca77db99853bd2c46637e4da636bb9ef3f83a8377c967aee24c5ff0196c90713411a09fce730bedb95ca6ee2b17635bb944dab5651dcf639affc4bcd87d2b6335a6b78f25f25b894544e6204810c99710342ae3260be8367d5f9e9c0a243016d9ce1df51977ee47aa0980944161d6b13ece1334df129d2066b4923cf19af569ca45cad72a21da043b48d4f824a3d91a245d69d88663e9039601d0d2ff7c12e1e2aa9c9ebe12358b669bd4efa25234dfd464a94deb83721f6bdfe214c9fa63950365e9d95a1c968de310f23e510ad9fc83b87171ccf55ced83cd66a42ae30ade53232b51c0e4db8c9f490f9ff69fda52b2624d65ef9e5298f0ca0c2d2c01267ae39a533791fe823e1f713fe1dc8c92542b777ba0f43dcbd125c8edd047fd3749d55ee0864cb6c8757bdd2308342949a260805a9310ab47d136dfa45c13aaed63689562d4dad7da25cb63926cea38948763eb47a2c685980eab8a4cffba3a965d7e0d9f57939ca147f48db8fa260ac61d21badcaf3057dc189561fc9bdd14c7e1a1fdd016120d034f386b72cafb0877dacf7f8628c817bcb057c35456951f828148abcc4d11124078e5c83b846a83482c922a807d7e6b417446bb7f44299a080d0e1c89c3c82ec1d921a48a471497d36314b1d9575d9f0c5c14e94bc88a4ec6368628082a1cc672be390de5da0a167131903c8f3f3947cd8a5b3c81658b4e57e1d433dc2be7d792e7cc970b819e64433686cef82f6b050cfb1be554533278497102360efcc0aea211ebd9ad31325f7b80309f0e8f678134d8fdd046ee42bb51c8caddb3df70fe4faf49d5a845d755ebffddddccc93aeabe3a8d9c01cd495bc7013ed194dff673a1de7219d7e33665d98a45a89107110b3b9384447dd256b67bfa3ec24aab124c3585654c4027b3406071367cb33523e1609e3efd185b38266bad71870ebc1b23a102054de39c676ea6a2c5739ef2590948cdd8746445a89aaa21fab01f99e56cb2eb7dd75fc0b6005b46cb114158e6554f288dc3e18be21a01ada8ef98f37927a33794f9d1706c5358ea83f0008e9df5ca08b009e0e5461d0853dc2cdb3d417ed32416201c33b7b01e2c567d71c7af69f6feb7aeabc57bf209469c70a8523bf192e01c1e23a56e0c74cd2983a7dbf22d9c35df427dd8143d3dceb36bf0cf74431dc421fd703d7e2d0e142b1833936dc397306945f2c4570dd0df9a31055eb7bd28ddbbbd8dee59ebbfe288ba72991dc254d7a75ffa1fe06dbfaee9362eddcde970b770b75cb1fba068ec7a89656b466a1d6c6519a863c290a3c906a9419e1d0e173bf1d169f283dcbdcf98c929c541a3324c8c423dadd70dbc24b054cb328efa413d4b916e9a406eb7cbdcd75f5fe1b175485d7a632ce57df20d44ab376365e9a48794008eec8459f4d12d3f08511b25e7fb0af950668feee4a196503d21a0de7eafd0fb8e4b688e49aa8e6c9a49a892e319df957445ddcfcd1c38d04149e6713318a341f5c06d5f551e0875c7f5e1384da7c967d6adf42442faf531bdb49264dbc533c52c87f"}, @NL80211_ATTR_BEACON_TAIL={0x8, 0xf, [@ibss={0x6, 0x2, 0x4}]}, @NL80211_ATTR_IE_PROBE_RESP={0xb3, 0x7f, [@mesh_chsw={0x76, 0x6, {0x92, 0x7, 0x7, 0x4}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0x1, 0xaf, 0x13}}, @fast_bss_trans={0x37, 0x8a, {0x4, 0x3, "66ef2b26e87b7a59f6d5d6923ba3e58d", "967320d6f8fc9be8081a6c3628c88cb3894d803aeb35e5addeca12d992048f38", "4356413b09801dd415bec3dca8dd581c963b550cc58e69e177271ac2746ea849", [{0x3, 0xa, "7e384ac5bc702e007765"}, {0x1, 0x5, "e95c7d5369"}, {0x4, 0x23, "724454136d602a0345aadf68fa66b7e60e12f563a462916983d8a3937af3599b0ec84c"}]}}, @sec_chan_ofs={0x3e, 0x1, 0x3}, @sec_chan_ofs={0x3e, 0x1}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x3, 0xb7}}, @mesh_config={0x71, 0x7, {0x1, 0x0, 0x0, 0x0, 0x2, 0x3, 0x21}}]}, @NL80211_ATTR_FTM_RESPONDER={0x408, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0xcd, 0x2, "569ad2aa15c4eb739d97cc6e46c07f513bc7b71943bfdc1c699f0c662bd24d1c68daa8e1ab2ac222a49b1a8e45255f1f89f0e3d669723c6a6f29dcb38f4407425c1c36f71380c1f19c5be71fe9cde8b6f55b9b8d36ff372c8dbb983abf43d0164a7111ef5d1db95ed695c0279b4ee9eef93b0bf903f82013cd6b6f8c43f769c7cc5815b420ed067c1808c26e7e882df81959dde7d0bb9fde8312ba3dbdb445c4ba838265b3374ed9f1143bd3dc17b614221df402a4d05f28467058f7aebf2115821f5feb5272827612"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xda, 0x3, "012f0fe9177b78520286f8c0435790d52b4ea88b63b45a103a554c88a82a4e833a7a2d84ff946a05cc5d4afae7e2c2984a9931fc655b80374f60e3ca93968afb71b2ad86b35e3e778ce7b96d5b797cf0370e9cb5dc99b60193cc745448de784b60a60b2023cad231c85ef01f65be46326489bfbc045fe4e670e66c6de6c8d857ce381bfb3ad690d928e1c882d09b6327df8ccceed6301c8d9dc5ee520b5a963bccb133792c5c944582eb891e0da8d63a1fd3a71ad60cdc8b24a30586b5f2864daa02d6d8328835abca58c1e51a8b14c48205dee747c9"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x1e, 0x3, "760a05313d02265992731da2d4274322955a856483977309ee2c"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xef, 0x3, "3a003ea79be524ac6702093c8944625a122fc15be04d683edfce554df37a8ddf120f3b57ed8b2eafe79771762c01e16afe64d8abfd17a5a54924018f46c95e6b1d6b15b884f3f527bc8785e13126c120423561c53c411b8c17a7ec47ee9cf1aec30cd936a53aeaea6a846f121d8393c5182ea8381cf7e8c83c6493299d1f313fc82060661e7c7d25c7a519bba2ad690ac610ffc10377bfad36c9901bb562a743e631950c38f63cd1547edea8b2a3a6591525561fb6ea1d0518633307f6c40fb67e83484847fa4e7fb916faf9c9aac638cdecb24a27482540e1cfe874cbbadea06c1e470174707539323fa6"}, @NL80211_FTM_RESP_ATTR_LCI={0xd, 0x2, "d427bf901497e7812e"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x7, 0x2, "e39631"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x81, 0x3, "9f5aee4423b3ede61be68b3635a39d3f42e2eb6139645f237b9c839b11aefe1045c6468931df9f6982c4ae288b4e1fd56da33438d34487fe9df8e422a5c8e8bd5670dd972e979686eca4fe5be26035ab37beaeb3c8c23adbcf6e37c2723d457c117767ea71fa86729394d2f34c98b118c4ad98ad057942e2af1f262b73"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xa4, 0x3, "98b67f5f47b95e30142d545bf0be244f764eea312d08af458152c4ff5d207fe897a0046a911a33f7290859aec77ddff787e714da3c6bd6a9656c7f84cbbbde682eb92d67bb6681ee51c801c6c173a47c8c720810a8107c3210535786cc769c3bd49e395ec8448dd6e1235e5497d766686d417c9eb5f42a04fd2664757d252875ddca1a568a9988b8729a62becfb0288f990e7c74d301a7fa4fb93a8285870b2b"}]}, @NL80211_ATTR_BEACON_HEAD={0x37d, 0xe, {@wo_ht={{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x61f}, @broadcast, @device_a, @random="b422be951778", {0x9, 0x6}}, 0xffffffffffff2ef9, @default, 0x20, @void, @void, @void, @void, @val={0x6, 0x2, 0x2}, @void, @val={0x25, 0x3, {0x1, 0x8c, 0x81}}, @val={0x2a, 0x1, {0x1, 0x0, 0x1}}, @val={0x3c, 0x4, {0x1, 0x80, 0xb3}}, @void, @void, @void, @val={0x76, 0x6, {0x4, 0x7, 0x42, 0xab0f}}, [{0xdd, 0x53, "31b54671a097e772fb9a6cfd0ca974cbdb0bb34623358985c9b869bc2d851f585e82b6192732fac1351bf3006d71bcd8189a0fa09381811c619b8cbb6272b6e134bd55a2ea1bc50997daeea3ce0c9f3e91138f"}, {0xdd, 0x7b, "e17a6555d24a42098798223fbb60a0a7f750b21d8e4d82997f08d32be4a74f15efe8b78b547cacd93b2c6a395fe4132c162c3d84fc2ac55a53f261537db62dc0cdd93b0f621ed1d5013414092c32b82d964e14047053b1d52cda4ba9bc84ebd35435dd90f8de76520bbd223193c0ce9a22c27099ac5cd3d2b24ef3"}, {0xdd, 0xe3, "0bb8687263bf843ad0e3278758fd8369e87d91ad5db3e2748ed31d8dc0b28c36c729747dd4cb64718db5fa060b7f0c8d91946ae55a21cab121e9b56b345fbef6b721eaac7258bbece6a44a79356d25e63d4c3de233913549b4b56d34329bed8dc28c9e7a4501d6d1699c2aea3fd401908fe54982e3230e3038eee5bff2dccdd2d4fa6f1d9063518bdfa3abd99d59581cf60f7c3fcefc2d38b2b04a0336d833e5649dcd5bc63043b6c260649a5e5dc46c60c1b052a6873b7c0c46e8b8a03e3b06df62e550aec20b085593762d4e41da7fea870878a2b12aac155561596e46e6cc993b7d"}, {0xdd, 0x84, "34635a69a47428c1d4e014eb9461e9ff4e8ef6efcf5d0120ba88a1573a677db774a57562d4e2500df06c7337f5688fbb4bd0092559c631c6078875e771c0b00d307fcd2498c8ac4cb93de5331e471f43641e4eb341a6ac274f4acdf3cf595af847e99cada21fe27d33b4edeb3f2d1e35c1b4a27376d5680a82af2b52f9d901fb865b61c8"}, {0xdd, 0x87, "493cec8e09113c3992edf316f047623d6e3581cd20e47b8f70f58297b8f21774384d6e6abc6d6ab7fc615e34536e87e450a07b527f9446f837b95abed208a985edf15b175f5e0376ba31b0287f397d346dfe58eee2de11ed33429eefc3281c75f6e02522a46c7d2b9c66da15f5d20741de6108d8cb016ecd74fb6db69dee849929a68773908c30"}, {0xdd, 0x2d, "b6fdda7178a00d6924f504d34ced3d7cfb67311b3a976004cdb5b78377eb79e23a00c8543636cdc31e2d401031"}, {0xdd, 0x44, "1ca60a596ecf5df9bfb60b3586c42060e154f9ffe37168d1a5113968fbd71822db71597064d840e81ee4f0b63ff306541abc4ffb966529353f6c565ea3eda36f9198c9fb"}]}}, @NL80211_ATTR_IE_ASSOC_RESP={0x1c, 0x80, [@peer_mgmt={0x75, 0x16, {0x0, 0x896d, @void, @val=0x28, @val="fcc71538063f9c5922176b4c23277632"}}]}, @NL80211_ATTR_FTM_RESPONDER={0x148, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0xf8, 0x2, "0a37ddc89062c8d72d806e102b063a45737ab3e8b6d9a4044d8c9a4c5369785135fd8e3d3865c234fc637b8dd4821af942c9b51f92c2fce17c27467ec0cf6f6199fb5717550bcf6afbadae1d01a0255ccd0e0b2440eb5260c604d8176174cfd66479c9e6a5567ad329ba894150e9bc78d267e3309b08313af78238ce76f6a377104caea535b8b2e3a39fef720864c7b4b62a92fa3471f54ff884bb4af96e28a54649e590a59b51fb26a618ca41b7718493c989751f5733f767acca7c90314ba35596a87662beee5f397479b6f1902d96da75e9529e7daf64bd633d3ac6470241a9db6536344aa6296cbc522deab7a3793094c9bb"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x46, 0x3, "bfc40e6b06a4a9e71cf0cf82871484278bbc795535ae77ba6330c16a63c45e89e23644681884815f08bcf9f21336f141a28a93b5a7e787b6cbaf22b3f4332a7efa33"}]}, @NL80211_ATTR_FTM_RESPONDER={0x1a4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x7e, 0x3, "f943db5c99ec48b3c001154dd7ac9b030724566b8025ab26124e28266b8344620c92762c5750dea83cd5bd68acc4b743ad16c8a94c6a6d5eb359f789889d1833cea1d2972ea07e3881d918257aa7a38627de10558c618cfdf15b3d9d238765f44364ae8195bc720e350e6b3fe964f2898f78220e49e67b4ed289"}, @NL80211_FTM_RESP_ATTR_LCI={0x47, 0x2, "acdaa2ad93d1c768186773c3e9879437e039551a84105f608b8f9a2cf5882441d0c59fb83639aab96a124eec9f9f3022be4b482eab9d4f90e3614e79ba712484678cfe"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x33, 0x2, "19f7473473b8618c3957b70484750b43dffab13a6ceab381e696f1e34ecc03b5614f4d5642ea4757a76229824b4088"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x8f, 0x3, "dedc65913dbef7dfddde3a757331889266968760f09a8c0211dc442748b0992cc37fc0c930de3a64fba01187ec401191557ece8466a07c0e171b4a99fab0f6e75058fd0fdfd17c31307b86770e82d48d2e572d86e9caff6762de0fd9c6bb473dc6e30a8c4973afd851e540dfc6b24a01645f33a2f421396d91194a2ad13b2e1270248a753e78651519f8a2"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x7, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xa, 0xba, [0x20, 0xa5, 0x3b7]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xe, 0xbb, [0x2, 0x8739, 0x0, 0x2, 0x9]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x6, 0xbb, [0x0]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x38, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x6, 0xba, [0x2a6]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0xa, 0xbb, [0x3, 0x400, 0x7]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0xe, 0xba, [0x100, 0x4, 0x7, 0x6, 0x8]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x4000, 0x4]}, @NL80211_ATTR_CSA_C_OFF_PRESP={0x8, 0xbb, [0x6, 0x8]}]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x37bc}, 0x1, 0x0, 0x0, 0x804}, 0x60000080) 15:09:04 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 957.899680] audit: type=1326 audit(1748272144.897:341): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=12679 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:09:18 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 52) 15:09:18 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:09:18 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:18 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x4020940d, &(0x7f00000000c0)) 15:09:18 executing program 2: clone3(&(0x7f0000000080)={0xe6000, 0x0, 0x0, 0x0, {0xfffffffc}, 0x0, 0x16, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0) 15:09:18 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) lseek(0xffffffffffffffff, 0x401, 0x1) r0 = socket$netlink(0x10, 0x3, 0x15) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000040)='&\x00', 0x0, r0) [ 971.051130] audit: type=1326 audit(1748272158.045:342): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13036 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 15:09:18 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:18 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) [ 971.065408] audit: type=1326 audit(1748272158.060:343): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13039 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 971.070337] audit: type=1326 audit(1748272158.067:344): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13038 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 [ 971.078663] FAULT_INJECTION: forcing a failure. [ 971.078663] name failslab, interval 1, probability 0, space 0, times 0 [ 971.080150] CPU: 0 PID: 13046 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 971.081005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 971.082022] Call Trace: [ 971.082356] dump_stack+0x107/0x167 [ 971.082831] should_fail.cold+0x5/0xa [ 971.083304] ? create_object.isra.0+0x3a/0xa20 [ 971.083888] should_failslab+0x5/0x20 [ 971.084359] kmem_cache_alloc+0x5b/0x310 [ 971.084861] ? mark_held_locks+0x9e/0xe0 [ 971.085363] create_object.isra.0+0x3a/0xa20 [ 971.085902] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 971.086533] kmem_cache_alloc+0x159/0x310 [ 971.087065] xas_alloc+0x336/0x440 [ 971.087505] xas_create+0x34a/0x10d0 [ 971.088019] ? kernel_text_address+0xf2/0x120 [ 971.088605] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 971.089252] xas_store+0x8c/0x1c40 [ 971.089699] __xa_store+0x164/0x2d0 [ 971.090148] ? xa_delete_node+0x280/0x280 [ 971.090681] ? trace_hardirqs_on+0x5b/0x180 [ 971.091221] xa_store+0x31/0x50 [ 971.091632] __io_uring_add_tctx_node+0x1cf/0x520 [ 971.092226] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 971.092876] ? alloc_fd+0x2e7/0x670 [ 971.093332] io_uring_setup+0x1fbb/0x2980 [ 971.093886] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 971.094524] ? wait_for_completion_io+0x270/0x270 [ 971.095171] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 971.095821] ? syscall_enter_from_user_mode+0x1d/0x50 [ 971.096456] do_syscall_64+0x33/0x40 [ 971.096913] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 971.097542] RIP: 0033:0x7fdf712e8b19 [ 971.098002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 971.100291] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 971.101263] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 971.102138] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 971.107049] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 971.107922] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 971.108792] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:18 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 53) [ 971.154426] FAULT_INJECTION: forcing a failure. [ 971.154426] name failslab, interval 1, probability 0, space 0, times 0 [ 971.156066] CPU: 0 PID: 13083 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 971.156923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 971.157956] Call Trace: [ 971.158291] dump_stack+0x107/0x167 [ 971.158762] should_fail.cold+0x5/0xa [ 971.159238] ? xas_alloc+0x336/0x440 [ 971.159711] should_failslab+0x5/0x20 [ 971.160186] kmem_cache_alloc+0x5b/0x310 [ 971.160693] xas_alloc+0x336/0x440 [ 971.161136] xas_create+0x34a/0x10d0 [ 971.161605] ? kernel_text_address+0xf2/0x120 [ 971.162221] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 971.162909] xas_store+0x8c/0x1c40 [ 971.163361] __xa_store+0x164/0x2d0 [ 971.163818] ? xa_delete_node+0x280/0x280 [ 971.164345] ? trace_hardirqs_on+0x5b/0x180 [ 971.164891] xa_store+0x31/0x50 [ 971.165307] __io_uring_add_tctx_node+0x1cf/0x520 [ 971.165912] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 971.166567] ? alloc_fd+0x2e7/0x670 [ 971.167043] io_uring_setup+0x1fbb/0x2980 [ 971.167563] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 971.168194] ? wait_for_completion_io+0x270/0x270 [ 971.168841] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 971.169509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 971.170185] do_syscall_64+0x33/0x40 [ 971.170662] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 971.171312] RIP: 0033:0x7fdf712e8b19 [ 971.171782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 971.174066] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 971.175084] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 971.176011] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 971.176891] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 971.177778] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 971.178668] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:18 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, 0x0, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:18 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 54) 15:09:18 executing program 3: r0 = clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x9, 0x100010, 0xffffffffffffffff, 0xc5538000) r1 = socket$netlink(0x10, 0x3, 0x15) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x1c7a3000) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r6 = fcntl$dupfd(r3, 0x0, r4) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x7c, r2, 0x2, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "786827f98ae95c3598885793d2a14939142fe8555b88e4d6"}, @NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}]]}, 0x7c}, 0x1, 0x0, 0x0, 0x48}, 0x2004004) sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB="00000004", @ANYRES16=r2, @ANYBLOB="0100000000000000006d0000000008000300", @ANYRES32=r5, @ANYBLOB="08006b00000000000a0018000303030303030000"], 0x30}}, 0x0) sendmsg$nl_generic(r6, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000580)={0x16c, 0x2b, 0x20, 0x70bd29, 0x25dfdbfc, {0x8}, [@generic="9db224cd70", @nested={0x14e, 0x26, 0x0, 0x1, [@generic="5ea37042f5821f339ae52fb38bf23b6f1c8271aa21b6fc35aaaafa81e2655ad9842a7c86abd077e9257179280e04c02e097bbc11a242c7428171e68fdd74c34e33e2fc25d309f3cf86dac9a29b6e0eb701b07e2623d6ec4ee82c7e706cbb0054a5b2dd5b15825c6f71bab58cb6b0441e10b6a38bab08f90fdd578113392fae34faef713fe472f5a3da8de3ff4054bd2beb42cc5823d67d1f34241d5361f9bd4ee06cc75075c8323af309bcdae0668cf4f2547588ac4b2198551414799e2a1336b2f74ee191", @generic="f3d89bf20bef663a3c168aff7236e009ea70bb367b4253ef9719d65acee5bb24c3ea47889608c47f6e3afca9fd", @generic="bd47985a67ccfc062afb83897a87dc95d57a8089ab811b74e08e18ba3367f294ded9c7b143f473fa0cbd2e4b2c4ef4df1b8147854f62ed9f733b3807ee53e4f2184246091ad39113f9495810", @typed={0x8, 0x37, 0x0, 0x0, @pid=r0}, @typed={0x4, 0x35}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x801}, 0x90) 15:09:18 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)={0x48, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x4}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x80000000}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x6}]}, 0x48}}, 0x0) syz_io_uring_setup(0x6e94, &(0x7f0000000000)={0x0, 0x65ec, 0x8, 0x1, 0x25, 0x0, r4}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000140)) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 971.265762] FAULT_INJECTION: forcing a failure. [ 971.265762] name failslab, interval 1, probability 0, space 0, times 0 [ 971.267326] CPU: 0 PID: 13264 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 971.268224] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 971.269281] Call Trace: [ 971.269616] dump_stack+0x107/0x167 [ 971.270081] should_fail.cold+0x5/0xa [ 971.270564] ? create_object.isra.0+0x3a/0xa20 [ 971.271149] should_failslab+0x5/0x20 [ 971.271628] kmem_cache_alloc+0x5b/0x310 [ 971.272134] ? mark_held_locks+0x9e/0xe0 [ 971.272645] create_object.isra.0+0x3a/0xa20 [ 971.273191] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 971.273829] kmem_cache_alloc+0x159/0x310 [ 971.274358] xas_alloc+0x336/0x440 [ 971.274825] xas_create+0x34a/0x10d0 [ 971.275321] ? kernel_text_address+0xf2/0x120 [ 971.275882] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 971.276535] xas_store+0x8c/0x1c40 [ 971.276986] __xa_store+0x164/0x2d0 [ 971.277439] ? xa_delete_node+0x280/0x280 [ 971.277960] ? trace_hardirqs_on+0x5b/0x180 [ 971.278501] xa_store+0x31/0x50 [ 971.278948] __io_uring_add_tctx_node+0x1cf/0x520 [ 971.279542] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 971.280182] ? alloc_fd+0x2e7/0x670 [ 971.280641] io_uring_setup+0x1fbb/0x2980 [ 971.281152] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 971.281778] ? wait_for_completion_io+0x270/0x270 [ 971.282382] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 971.283052] ? syscall_enter_from_user_mode+0x1d/0x50 [ 971.283692] do_syscall_64+0x33/0x40 [ 971.284146] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 971.284781] RIP: 0033:0x7fdf712e8b19 [ 971.285236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 971.287558] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 971.288535] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 971.289414] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 971.290292] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 971.291188] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 971.292067] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:18 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, 0x0, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:18 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:18 executing program 3: clone3(&(0x7f0000000080)={0x49040900, 0x0, 0x0, 0x0, {0x5}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x2) 15:09:18 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 55) [ 971.416168] FAULT_INJECTION: forcing a failure. [ 971.416168] name failslab, interval 1, probability 0, space 0, times 0 [ 971.417720] CPU: 1 PID: 13370 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 971.418572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 971.419661] Call Trace: [ 971.419995] dump_stack+0x107/0x167 [ 971.420452] should_fail.cold+0x5/0xa [ 971.420924] ? xas_alloc+0x336/0x440 [ 971.421390] should_failslab+0x5/0x20 [ 971.421861] kmem_cache_alloc+0x5b/0x310 [ 971.422379] xas_alloc+0x336/0x440 [ 971.422845] xas_create+0x34a/0x10d0 [ 971.423323] ? kernel_text_address+0xf2/0x120 [ 971.423888] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 971.424539] xas_store+0x8c/0x1c40 [ 971.424988] __xa_store+0x164/0x2d0 [ 971.425441] ? xa_delete_node+0x280/0x280 [ 971.425965] ? trace_hardirqs_on+0x5b/0x180 [ 971.426503] xa_store+0x31/0x50 [ 971.426940] __io_uring_add_tctx_node+0x1cf/0x520 [ 971.427540] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 971.428183] ? alloc_fd+0x2e7/0x670 [ 971.428642] io_uring_setup+0x1fbb/0x2980 [ 971.429159] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 971.429835] ? wait_for_completion_io+0x270/0x270 [ 971.430487] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 971.431149] ? syscall_enter_from_user_mode+0x1d/0x50 [ 971.431786] do_syscall_64+0x33/0x40 [ 971.432243] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 971.432874] RIP: 0033:0x7fdf712e8b19 [ 971.433339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 971.435597] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 971.436579] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 971.437488] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 971.438361] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 971.439256] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 971.440131] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 971.901569] audit: type=1326 audit(1748272158.896:345): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13039 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:09:31 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) [ 984.858468] audit: type=1326 audit(1748272171.837:346): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13466 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 984.862377] audit: type=1326 audit(1748272171.858:347): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13477 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 sendmsg$nl_generic(r4, &(0x7f0000002800)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x26dc, 0x35, 0xb4de2b03d0321765, 0x70bd2a, 0x25dfdbfc, {0x9}, [@generic="eb4577832454456c5949de751192a2c39e568b3c7a0c2dc449ca4ec700d29fbd456cfe50ca25918c627cd382b871d2c80c74bd7dae6e24a28da55bdba515d37667a058501509d9f9f140b11de24269e6cf64fca1cb06f68e076d513c3881ea", @generic="2f52182e0adcd459db1a66f055125a53ec15ead4a44428b3efefae5614d5c60225d0a14b4a36a8c3e000eced7ddecb659f1a42113ccc690f3c4ba213aeb799edc8986480069f8b9d1bb40b4b60e499d9912180b27f9d17a4ed4ab39ea89a490fd3f93f96e43a59a0566e04a1973614c1a44414edc3d4c8533d9b976549b6643835971c725c0cb0f7bafef128e6b7ab49459cb3d2e1147972aae9ab57579be8f9315e2788136e85bd8f5f", @nested={0x1294, 0x1a, 0x0, 0x1, [@typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@private2}, @typed={0x1004, 0x57, 0x0, 0x0, @binary="039a4c4ea366a1f898426612f87da7f286f65fd15312a80fcae8f8eff72715af3733605de10100e749cc45cb17af87092ce7a21f11de4b00fba45792e1f045dd79417f557cdd03fc4e8df993be5395f323fcb5d081aaa3645ed7234d6e675415af18e8ef573bcecf416e0b89a2358b8c36c48b9bd57bc02e3dcf5e4680d81a6d33c443d2746709b0e99faa203ef043514a09736197c9d73b68006f5495bb6317a08a811f95a89ce309a8edf36eb4fa9a666411ceaa9103745389c7e4a0eb493b4534dfd4f1e5ad7ab057abade4e4b09641c98ed48bdf42696527ed28edbe295a3522a27b1251704145591f981b35d37b9dbfb26eb5b9d907633a1a4f40a2b9d398576c47a2fa4c84e77de5daccf5ec1fd48a8cb0ed186461639591aa829a9915a68a3b7da00ec8a9fb29d33d667a4c6af4a38daa3c5712938a0d6b9c5653299337f1306c6dd8de1ea0b8e9c49031bb6a6e05a3fc29ff9574ce169a6e503b020417c58a5b2c5d50b938d53ec3a5be7d5eefa90929a0741d1038283e708644009282c4cbf8ed12b34118d4910875d3f148770f999cad8fcdfa05fbfafe0c53da18f68f32275086772e4f3dc77279665dae61d633440095958a61e873539389f70bd733cd210bf53417220a23b4ac3850ca41e4bf7defa5f0f9da94f0843f06656216dee133c2d592e0120070fdfce7febf3e707b43d1815511d97b6ee13c5f49c13e728705ab50503f511a9f5285d8bf2b2fa5076301a1eb746a9f292f2069a8be00e803ff5ad6c4bbb8ff7d8adbe0c22128140ff90cff3878e185b828f8ec5ad905791a0eb6823280b1fde222219727d4eae8930731070e4c5a9678bd1feb02be05ba534763cbf82db6352892ebf82e88fb7696dd6dd56c1aa131c436ebbb6db5915007eb2aa15c67dc7ef3551f0d4d2d7925e3ddd63812aee5706673f9bbb06a8af765157ab08c1b87ff8eb851a246fd14ab5fb3d1f4ebd605728b35d9ce7c0dc64ac58a7fce65d7f86c7116881f152dcf62cea39dcb2472e68050a38dc6a5838e84b634e4f955d99984b52e748257af6c8a3f78fc9910fae0825406b95ffe9e4ac09010ec6d655fb9c76fdd9636fab02550413297afc4a3c918fe3f3dcf13045f0f79f848af1b9ccb164c0e14d0ffea888fbd8ede9d3f2ae3a6286a49053af843cb8f224a7c407dd2011dd35dcb68f899b7e7cfc8908a96bbcb4d22c5da6ac02c572f36017d8bf5c9407045b30b0ad648916b4060c72c5cc247dfaa2d840ed41337f436eb367e6844756e2bb0372562591efa43423c34e674481a4aa948a1851eaa9150b6b457b367cf34f7a5b4261f6f2ef48e150f245a31226ddff453a75ec39e078c1122ad24ac443631f4572c6bb7d07366ff9dde9dff37dcf85a89b198f19b5bbbb5510d3d467889c6777e0f1d93272164c4b2f35bd59382c2824f9b4e3e9eb190ff74c86038a8f4cd6c170e60747d0490a682f7c6472c1a02668d42d1e3f2724c27ccc6e6adeccdab788e9955e81f8c699e39a8f530bc9a8b147a3216c96ac27f64717d522a54a4255247c57968bf0f60a39f8d1af940e25a33a78ca76b20bd931f18cfdbb05a1ed3fa84059a6534bb31d8edf1f695f36f91ae5bca0bbe4c91c5172583e45b3fd2ba8bf0a636e82330003523ae60edfd9d67180b112bdb732db1c575bde6e4566b3be1d01d8c6db1b1c357c401b249e08c54e2a8732bdac37657590d3dda8f5ab559d722dca3d5597c74617e3d4f55717a21ed620cbebbbebb9d075b04bb1bf38dfc05a8b62abed47831f4c800f3adacec828127e89a15f83d9c1450ce7b5b644cd465c94daffa9e528284eb4bced3c3dece9ce824d5ab3908845f0b59f032b942a2217cba1134b2950f184c3ead67fe8f5a721d1227d99f547163f413417ae6eb0f0e6c299fa008e3bf19756c5ed47e5a5e8551e60f39f9cffbce08ff46e1681d78912e57b1f7ac525443e3bc98f4af995ca20e8965a9de2d03e1f389bd0ce1028361ae46529b7cdb6f63564f668b84aa1bc0c6e8ea0278457a7c76a181610bd1fb338004aae2c342f541500b78b2327930164c904ae39de8b340e3bacaf2ba263f5fed7ebcbd4504d61f866900226e05e2dee5f7f0dac99068aae0e682c4c49c2b5913c465dcb502feda3c427803363d3645a72dd4d54f252ee64c7b67c2e2a49237a74758c80a8753ab39abff9ec84340280c28104e012a63a5320ff71209f4d225c854dba61ea007213da959280fb19d2bd215acad8f6d4b6026898425f0c407d8823ba54ffb031824574fe9d5fda86d5ea9ba683d5199e234e1d5a406c84cc77594b25a8c3e8a767dc6cf4773fb6a8406d3003ba46af97a2009ca6a85c15b11ea3b6371843648cb3d89e9ba79a66d16fd94c40fbc5efb3fe0e0a979ba2faafd63853f51a911d9e91a0a909ac2436505a2c0276fca9f57610e112bbcd3d00574b51be7f57e9ecec0a032d94fbe614bd59b29f93d084e0b1bfba36bc53ff52990d3841ce0130ac9c58c5940d37f622bb5376a3ea0d80a67c873982226cf6f711f0662349a8686127df2e7fec5484f36863aaad3211c3f61e160e9143a5a53221a6304b0fd6aca768ce2e28164698d2be13532860f9a62bca76325f9c44cb50bb745e1fdd38025c16214611937311173462fc11c519e8c971869f2d2ab4d21d10d37ac59b4078fd41dcd7fb0a868e496e8af99695d9495c2e981d7b60200b69d8c00c1e535ed3a7a12c65fb63168151bcd2ffc633d10d8a7abbf50cb64a065b67c82273364189f1d15b54c3e7df7158d2f4e4994794b780ca7f219517202dfbcf634fa721f1b1df49a45cbaa206c6c2ca7823e8090d4aba2afb32af0e531c0e5ac83e17c94b9e4bd6e724b0af64aea11e956bc6e1e585985463c2ddba1df515d5e353b1520641b00a8187f11d459489f876c97ad17386e3a5360adb2f07f6e8e9573b867906721158168cae936a95f3600005af58bc7fa32216cc864452906b984f5fa9763c59c6097e4a59dfdfa8aeb505f73b6d222a654a8ae8fc8dc19d5a3aaee7619e55b26e0435115f271749062f91a5fbca7b532f37950dd77c3b25cb7bcb00375107c349ce3272b30df11b253c95f156d92c45b85db384fe3db212d1cf44f6aa2b23914f1cc030f3aa16148d314253d9070b5b18251f78af0454544dc03c300a421b7d5ef8a6dc160c46d6d64c2c934351689159715a310352fe1c77e17e3e6b005c61d77df399de46a8c9ed7e34047f138f2b5249e4f1cc4c526f4e7746f960d173032439f51cdc89de44457001e5caae0c0bb7d0eba443be4a55ebc55a3538d2bb6062edb8639fc7151ca442abf6df570df723c1124d390292cd3ef09851c3b089591c0bf7aac9ce4a854bbf0ef339a706d2c65d42f07cb6d6c6ca9f1b3930e3c5935234790ad55112b505cdd55c1983624bc07402d654f4cc496abc5feca5d26722cbed65bd141e050dd3eedee3713107238dcff0820ef7d941d6999ab5ce8eeb885bd993c528715ed94744bb56cbb403fd12c5bbed6ba87c232560ac17ff2970089cf50d1a732582adc2c8c9c2d5d38b67abe716124c3617a0bfa6483af69235003275e745a419e44fd94ad144623c1dd6ec93630050184cf421a590a74ac09d810cad9ea8d99bcdab42436be040f58903dd936b9a23fcb7ca13a8bfb907bc6fdb456c3da6464a750d2063f9324e362d759b6e205761f2d323776c70c3b01af549de1af5d2fc9da133dbd45c5f33b93611ad8fcec554d7b3505b3f02b0453ff8c6dd57d5341dc24b50cf4158960ab46aa938983f4429dd480bae6d096bc52ff573a3e6f0b169cf9abfa97ab20f3552421a54d2a9ec0176ae6096133e7869ad8add3d0c0a4a61dea077f6ec90c612f0b940d2e6c29052fa0eb913f62c1cf5117661f157d70b0472e17242c70697e26a8c9f4031f2d486ae5b5e298dd90123dda6d535de59c9203d514ced5597af0412e7ed6df60ae583663cc60f2e418b6f95cd5cf3acc466aa662cda25740979be562ba5b62c163dbd3de01b7b7e8366325c72e80c747f81966ad38e16304c030a705db95c9fad30f93466fcee9ea254329aa7f4f39ef7feae0accc091ab70ffd74f464783b30cb21f4f0cffbb22cdbd30b6bc5a5ba29cab5f332c08c06d24cd6e413bb097c8fc28f25818372619869178c614cd96f0fbdf1b4ef9ec4e5a53d8c2c3172944c63439b3fc8cc9a031cc75bfcebb5e164c8d63ba4bfbfa1fa506782f6080512a7ffc870148957b171225c1a9d8841b754be197e165af1476f9423590576d46e6042e3c0fc0bc5c2ea2b3bc6a499d487ca5ff16f29bbc2f4cf8615a322b0124a5266068c0f97f37d6780b663defab43c6f1bb2356d24f840aba750d4f7382d022af9a201f2689523ac18c08933e5ec89ab33699634feba2d435315949cdc41edf1296cbb7be1b83345e6b32a53f70902f33e5415aed844037cfd304804071949866af5816fafefe663252bbb064c042f5226be65decfa4f3317130eb2c9ca89fdb73cb09806fd3fa180163c89ce1c811cc56f3263676538ab1f5bc4d7964bb03bb7485dd1ee626158bf1e13e3b80ce5343a9920d7653058ae0c91003ef5e068dde511d23b7d9c572922555ba818276da90fb41a495c9954cc7fa830760481cca3b4901b7529615d718055075595cb012de6b587fb9a8065c6e0b1f90ebc63e21b2691f09d910c52428b70caf7ccf83e30bf70d23771617614773e1e56e7307e2a89920e1d659b538a26d77a2eb5d57427f9ba9e92f098dc2941696e631fcdaefa9d87cd47beae0530bd366536e092f9fd28dbb70918faf8d8cc0d7f558d2cde862a1968a797a3936e894b429a5dad65315ccd49be43c524627fac0101ec1a867f0b5029143df865bdc68d456b35a1c70e7d38d31b6b95136ffd8320acd7777910b9f66876da6453d74d738e5f7f9b3f4f23b5f6589ebef41cd9bee5533a0f90a840fcb87fd464fb8b6bc9c1c6eb503c0b6a80610567766cb45dffc39ce3c8cf269528a6625193cf6e430111069ad228bd9f83bb5a6f15afa7d55917ca7ccf0fd75210798488642097836671b7ca0a7a2e988a4c3c999b2bf748f3903b782e22ae2d36821accec78884a38e7f6eaf2a5ca1c218373cc7a124ccc5c67c18bfccb884635ba6f5f5cc78edcfdd3b800584a54e9a48a68f3edfafd92077880381538205d81aca08850d170e4223b6f00d0e3d0315d604ae72bae4de3968ab62d3dc014cb8cdc7047a60fe5fe783f3f60a4b539b5a4c3790fe0dc9aff2fd7033f4470e99538f08136fec961db3028502d67a6acf5fb5145fb1aac13ba5203dec11423a5ee8bdce1578d25366f857f5a237cf4b304274a956a13a8129e7a8c8b81755df3482b2868029727ecda8a7981b964e58495d79c1dd79a3eeeba07d8b7424b0dd005ed55a9ccd06e6eb5e94cdfd751f34a6082e7eeb4e1023d38839577a822e85f307ac5c9d8e0c44e5c94abb862d5c72262477feeb421b8e8307aaefc88b7a65a6a2796bcd519fb92a1c3b20d9c9d1ab24dde3154efb513b830d5fc801be26360e6da421b654620867e6d0f35886645e7a13fc91e11fe6548bef289129f8f0b6d724f7ad5d64aa5d5155db5309ba165c9cf6a2fdd1923cf415f6ceb5f0d1f9f42c182ec8217051189d15456c7a63931a9c55c42098c3fd7857f5a95b58d0bfdd0c66ea2e8f98e79255efcfc518c36558063383a10b67bff94d260975b74a9fc00132d4b889ddfc16e9fd3e5b22d5883cb2c1b46840d1607257ffb2751092"}, @generic="6722b617c5248675842818a3195fc45f458c0ed381dab3c76df67fa444728f2bc43a06c7e06fa4a80c7e43e52dfa1802d3045a5123e10318f81220c6c4b08a9d172738ffbf9517139dea17535ee158205c284c1c0ebc99e2eccac647cc2b752b9b9105ca71eb29dc69a96110bfb3316dbb6814d798a0ea87753ab14732e234a85fa9a86af7196f964154559179ef5b3474fe89762318d2f312d5729bbff79c97f39d0a2ac3f2324eba7576488f74bebd0601202b39149e49eecee599f3b61fcca5a5da0bbb7aab9a69660ec3f3e36a99a0497dc5cbbe9a3198f4c4b111d4fa871c6b661ee1d1", @generic="029e3a1a4d6964b796a6ab08e76e714f69e3219041cac7d82c687e255a85b54c8afdf8b9adc5449711e3f1bde5627386c662778bd62edad717df74ccd8d056ff3c42b0e6b91be6cdfebc2faf88375dbf625d7867df80992c468327f9cb791eaf466b6a233d726716bb1624a03c208b374ec818b2343bf5ed630e377ba38996", @generic="6d4ffbaa617aacb4d853aa42a35f972e54176b0fcffcc7acf9a0e25b70b5d2acd76ba9e11feb7b382b72a2093722bbbafb34f25a298613b8b3935e39acbde4809678a20dea9344d88e3723bb340de1ac85b633967412680987120908f6d0522d60acef4701ec8cfa65fbe30cd592591de5e7ea90c8fd4aa7cf1ba712a3ebae5160a8b3d2cb19585f7b15b0860ad179f7cb5248158bd509af44c04d53e9d4e3847f765462628ad6a5c073cfb5dd850b67095ea4dc54dd7ea439e08cab7a36eb1f69ab0f78394197112c9bd64e87a09ffd43e3bb72a4c3c914a62dede35a33489e0f391b48c16b8cb8da27ac4189b0d7a0641b0823da8acdd3dc4927b2a5b450", @typed={0x14, 0x2c, 0x0, 0x0, @ipv6=@mcast1}]}, @nested={0x327, 0x84, 0x0, 0x1, [@typed={0x8, 0x8d, 0x0, 0x0, @ipv4=@remote}, @generic="a4fb5483d6997188f646f846237af7c189b5a622390f18dd8c12b751d230c7702d412576842b4dc2eecea87c980f4a7960ff24dd6ef16b38e7a152dd263fa228fc917d30819a5f43e198a7ab94f7f27f6a7a4e29e7eb96d4431f05c787c1cae8ed9b25795e4a1058444bc5692483236d47ff408048c1874011061c8df535e8585f9741b7ba7d77359621080865e1603a1f691f4393cf5becc93d7c9e5b4470f87bbd446ffb9d303da59795a4a7b5f2fdb5d7cd8a3fd917914d202a3b6a751d8d9c5e33c316692f5104e221edd40bdd34ac618e14adcf5912e04d", @generic="be90c1ab9b396b17c87db8a6506b9861710369e3856b34cf8997fdfbc5f46d58b0231d7f5512b17e1be43bcfc99a29567e119c54c2aa9aee41bdaefb5e5db35d481b34e115edf4ea51c14d1982001a600aac6af9c39a3176f17b486c4f4855307162f4bc045fbc0bc309d648b79d", @typed={0xe1, 0x4c, 0x0, 0x0, @binary="59060824008322e3c0699488a29c0ae3e31f892f6ca5197f3a552821995809faf5c2b3652fde0a42b2bb46287b0c222ccd77bbd6851884967d47f260556794e41a2a667d980d9503cadd4447f4fb786079b6467d913bc7452a5f170a1ea9f3c05c46e31071b1ed0423cba384c0a847820a2c60a6d8f534eaae366be18533164796e084b3676df792947eadea89e69a7cb72dfdee352b3990a89f1c6d25d2258b80738d31df9202a98e0cdab76b250a31136c5370a088bd81fede1000d9885a508e550084913426e131a6bdddde73823a535cc5d2d6e82a87399143e786"}, @typed={0x8, 0x5a, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x37}}, @generic="ebc9c9c5b85a470b260239671239442c8af4315afa8480d8f01ee94ee2fd4f1c47a79ddb81f2492fc4d519fcc1ac9be6be784946ab826a4710dc3548b7b0820eab76198c2c1c464d597a1497055f5c29633fc439a54384de86e92f445d0bfe2443a28cf54a48be951ee363f74ef9658259c2890f134cb22f98073dd0b48a2ed5dbd571279113a2c440f008094a3d67c366eb69d2069502223ded94bfcc76a6bc70d2d9f3cf9e1609cd7a69d7a3f63b6bd4867d01a01ad9b194cdc2bbbe1924c6843ab89b8cc2b185f564e449a4ba739adbf3339f8c7b6f339d9fc4", @typed={0xc, 0x8b, 0x0, 0x0, @u64=0x101}]}, @generic="e817fb3dde20f2e00764836f894c32656d555a0060412521fc7ab8cd206348437aede338b05abca41e1ea3e202df55e17343f74f472b72df5fa6fddd5bacd0a4efb80f63083723ae26da49da2e9c011e82f5b1a446057986ceb0902400cb64dce87b81e820a609643d1d6e4e16f942ed5fa5be29b0cb2f6342354d810b82462762f689d3ea5a9f01c782807d660b9bd9fdde3834e60b3892fcff841aba0de01d872c6eba8eaee76cbe80c421c37f47fd68b1c567ea69b72207bf25490fb351739db637169212822ef31f1d2188763219b1dc18aa3982a45529089fce8bd5b4895d833e108259cc786f10a94b9368cfc6a1690a6d01a24ae536a40393c1509c119cb16c50dc05056fd87f9253733ec753ff87336863b0457d617af1b54f1b4edbf37a2f126b864c563469cd286da921ca4258fee31139b50c33731e2773360537131900d42dbbaead32bc6cd0b344d658dd81fbf6e9d1750a7af0122a743299520f9fd1879697785b419f0b00ffeb942ea2a0d6c8f346a843cc4f56b37aa1ee7448592a3f01a0e918b225329c9e5329e302e4e9d302af30b8fe882f1c642583e51fa860a37cf7e76edab3b006296684f9aab448b507e728fb04c4e0214a26bf0c360df549467153e66665ca246d5256de68e8fef6abb1f5e525411983a3e239bc29c429cbdad28ae125de93cda466aa25b1ee96e1d5c34ad581b94d100ef9533998a8fe0c903e8fdfa4021ba94f312376056b4f835aa9806f467c76cdbe47c444549fa20d19f77d08381f94157bd35506777f3ce09761eb309fd82340c3499c5469ced36d17aed8798c12cd01cdf13e38f7796b1f4020dcff4297f9805e769bbf6fd8beda17dcb27c6ffe5f9b76a79707a76a9f31c9bbb875d5f96d2b64472f0e1b85d98622b0ebc76170315892d08261b73fa9716b747f48bfb0038e486ff7199c1247f10a265d579347625db8654306dbd14da7a8f57eb51e6bd7b0d28d436c752b9c695c104c66187312f71a8c141eb1f437a51475d5961cb3e6d6a6b479b9d5f1bbe9514bb3bd68a5bf808e3ebb369a62f910d6136586e1aaf94edb848432511fa8258fbc30095646db119056f6bbea5e10e9764760979eca4c2a5da0a4c02c3d81e295dcd7738e649dfe44f16175216d4adc8fbe4ca711d7ed1fea2f5cb38ab68fbf3a64d95a404923b6a8920f3ebe733bd41062940f1e8fa58e516a03dbe964ca47254690b57ed4ea6dbe25c99a47a241218a5d5a13f760b3afb7c4828a82d77c0bb71511ecdea321dbd4861171671969eabfd8bc1e3a8097a48f9808967ab814d72d1922b1052c81b7d21fc7d59a980931c38031d747a671d78f52b853a5ac59e33e2151bf552a6cd69c66bbe50d4bf490af045419b66f278c9808015c78db343846fe8e88bb4e508529d0987c9dbec4bd988103b14597c123a51124dbdffb057507be81403a92b122b45f7d2ee69ad5b00db8b735cd366725374f622cc9e0a7565ac92ec7fc69eeb97db47f0ca82b332d938bc2fcb5a8e741e17ead8b3a4a3825ae1aa07286a4a5928595540da220976482853a5b148e5931affccba8e6bd7fcc13a04138113a39f4bf75e0084738e825f1a5b5d632f4a2a9b483691e3ae9af5a19076593328b762e820dcbf909beb7146ca345b1c502e3e52471db7a403b8781999851483107816596ced0ff0fe6d755f80a196449feacdf2d6ede36ad5972200d75fda0d5a741e87e265a60be45dd229ef79626b8c255d11ecc75d66be6d117409bccb589e7c8b95d1b6ab89c214d9facc6474d38bedc98f421e9358ee4b0cfe4f5d897f9a8f57a89e917ffac2ca2ae6a8574a0ab124383aff8cbf25a830331c15a1ed0a8df2d82b24b6d14210085bccb30604a7be33f956ef76d54fe6414847846482ba2742975809cb447ed335a0f3813a0811d7ff3811609c7a62d4b462620b28e90a1ef9fea87a6b8b606f6a6f6147437e0025e64979563350d45c91a7d01c818443bd0f3e79a15f88b8c85c53f1966af766b20aa615ddfc055b0997df17845fd86fae8b98c7734af99ed7c1098e32da76fd8d796d3cf9aa9ba64da2efc9b88bf9738336b6b04f70825d9ee7bfc7d6789f4008956f9ac01b1dc373b509538b0e475c9da9d2a572f3edcf0d5d190effcba0635218c575265b1e470b1f87ab9ce784c7ab976afb8bcf684cd9715734f15cd203d6b7f84cd413dbdac060fe1cfbb45c9ca18e9dfea6aded93e4f13b3361573d43fcf6cc68bb3a8e6ef5539ccba59b81b99cb68696506730b12c321ad067cf88ec36498ce87a4779343f3a862cdba53db14cea1a8e09438ae4003fb53ded8e85bc70915d73aead28296ae4d01bf423c3449f118e24b1470de3879f6ae09c4c5ceed2312d56547a132d5c4aa7459b9d9351b10b330f6b2ed637647fd0076b3a01114541a688843dd96576d4823382566b9a912cb5648afa2f1f24cff1fa2515ff28cdbdd20ee6e16430f89499504e3fabc8077b7d90678faba9aee4fbd387d61a978adbfc29b32aa7e1778566a294145eb0eb78623252365c1cb4806f184d233c14a2699a31d96f2a4dd40b823e84cb5a3c77f53feab27a2fb038928aed866e2fd8c20e907ac5f4149bf0f67534e02cbfdbc0889c9e1f56c45073df5e69201a7f0da75645c8a4e3c02efc29206a2de14f136b8df22b89fa424c0e5a112e7415affed575251a0ac8793314434bcaefda8903af58cc722a8fef4821c6a18311f8db717898686d9b9686f424dfd6ff552f06843169892711a8f8e6630d4e287fa3bf6b40e92c93abe581aaebd6e1eb305434201b43ea10f40f9e38dfd635c986f0669170ea961ba7ebde8ba0dca01e8ba959ac380c27736e7f9a2c8d5c863fbb35965dd2bd815b8c7ceab5418e0c80236045b92313937f74bcc98fa28103a98d0b11ec2a58a55bdcfddc99bf944a27944696bf5b6929d9b26bccc93593d368a7240b62c1e7800ff5c03d936541f615ebcdcacd82a4a4037ea3b321f90a056500809001e495fdb2f93dadcf600b7aeb50a4d21aa50251c1981d309990535e11b70ff515cb53dac64f55c502ad0c671ce2c0b2517d7363cbc7e85c5e244f76bd221d2e860a7bb187bcb8eee49bce82471e93b26827ff2ec8d4dc47b3264fa03ecede0b3ccdbe42037e9add2820e92a19cdbd54fc556b6725e726d991eaa114cf79b600b4c168b788be1c29091daff239fd4a44f5a2ff1f5752a5df661b1bcd3c6ae8982bdd55527bfd719cf677249221cd5e97576905bcfc7a62b45f25119577ba34818afac9ac27bd4e12305434b4860ff895b308efbd30560c0cf169a18e6f3d837f647d2d7800bb169cb55ddee4219852ec12de3f77f78f9179ec8861158dfbf66545998ede673e16853ab76fbc99896f317b8a46c85fe9454a524fcf13c80e8cb984843f442b30c26b04a52291e2dd114c7d1b0b3e9d406f160da537f9fd8b02a984501dfe39bfec844d54998456e9d1f8ef0e9709d0ee710952b3ea27b2518da159ce6dc7d3ac94fb43dc46a9de201df166bacfd9cbfdb0d6eb824217ae3f7dac3a618a7571ee5059fdd5367bf4aa02b9b01d9dead208ad545acfcf230432c8bbbd8e1b5cbafde99a0435f21b126b616cc995668c7414f6680ff3b55d11d58cc9d84085a958e20c0d9026070cc5cbfe649cdee4ea90275b76f21699fe4b86668a16adaefb551c2497bdde09c01a18973fa76094a0d67055431a01e40eaf672eb0bec06f9b04747a56bb6a84e148ee31bf88593d0e4324079637bbcb0949a49b4b6bc42fa2955dc5def9f699f6a81ea54c14fdae18f696fd8b90a8888b4906e8740e549b0b246d7e027b4f9b4dd5cb45d03c2904116cdd731e7d575a0e84e779d3dd750c59f30e9c40696e3ed5786733a8566c102f5ff0dd3e9ba73a5860ee2523ccca95861921c2c383f7f95efa6ee1cf29add5564d5a4aae8e3d4be39e11c898c42bdf25978af781f019520641a7e520d3acbcd43187459cc043e630e9e0669e3a87d779fb0ef21e88e92dcf2acf2a792f43b7bb808fbbade8413ad6768bccb335f5867da8bc5054949208d3eb85cb5c2d05bd065dfafb8ab2c99b462b02b0c31d0cc3109e581d4bba4ea415dbfdfe8619b48d6c056728c97bdd000c9b7d6fbcba520554bb813647fa7c705109324a4e544b816ff8a15ab748ab8509343b8e19b93265aed41d23b2e97f8caa139bf2fb524ddc929ac5d75a8aec552939dc209b79baf76b5f8362bdc5dd13f387e428f55e244d6c334848fe90387206d3f510b82c95a04b50125be1e3be392d35722a923ec80922c68837c068cbe1e6ea0d08662f37ac0f1629de980327c1a2cd600ab7a75b35a00418844a45ea310467df594eef41748080c672897906fdc450f7d1dd590a61a367bbe5eda0caf0cc0e986b64eaa9c929a9d0e9a9731ebd3f7089458cc0c3e068864600bb2463b51d06a43188ea386268043794ffc0a4d4ada18c7f7a588389372584b01d3f6f9bb5eb68b7c6c6af5de64e1174c8ff82e9c5c899e1fc8b9f3c958c0708386e946abbd77fbc50ec0346d67c2d391895426b9f21cb7b258a5dd34c1f29504dc4dd8e2c01425ca1cbc1d8e107152c92c51fcd9e076b9bb8f4a6b93a8f6729aa7980e66da8133f84c98dc6e2ba092742e52a2f2a15894135a5cabea6d25dadfc8a6c3972242df628f6d9d33d80448ab3000409b7b23fed349f235908ec89384bef5d26468a4743d83ca3a538bea068fda884bfb96bab77bfbb0f70c4816e051e20a36f6ea2761b9ea7ee908ac53a8f69d59a29fb2ae0678512cff00673e48f67e6cf024b41491209a89ff987f37dd800d4766a06c4fbd51535a71ca3ef49c45543a6d5be9e181aba023ffd744627a349065d3ec68515d1d71a7e5aee6609bf6d0a3a596041954d17f2120cd541ec6b9cca77685641a2dbe966a91994c177a7ebd220988691d29e88324d6e71a43c650a9c68e35a2a0fc86666492dee582fde987fd51c691b6728460af9fb74bbc5bf2416e9d1ef9fe26193d04aedcf8414c06ffe6a3353659392fa681b7982c40600877c17165d1e27295876d36c7e0367af059f653d4393d2cb56ff868eb89c4f470e290350ae3aa33c920c7a0fe871079ef9262a8b93be8c63a4456b4ac0e6dd5fe8cc69c0a4e0dd185a66b11157030d0af825b7810408335686ccbecf0630427c828fa871dfbb5bf0b954ee4ffd9087b81deb158ad1d62e4ab466aa379d6a61c33d6c417b36a67ff563b463e365302c054403f7193d5ee07acc80d397f4cf5fb3328bc769d9e997120debd27a832b52978ff08f846f0a832bb621d9011ddc66676890a6de4a13015cf70bbb8493f65449a47a382edeb2d1d68f15c42f6bffdce8ce2b599ad4f2fd63b3d5478f878bb3fe1db881a5b96f5c435d97171169eccd2d55b25a09552ed0c91d484b6798ac1453c564fa33179f6ac8e51a4fb47383200a74255cf334bf3f9bb00db8c11e1fb5e9b09f0f60f8c17a37f62fc35cc9e1a84a74235554911cffb2197ef4022d2e84d9ea4505dbf4c2d7060f3439eea1ab8db01b0c3f7f3333e577e5ba15b7ab9f689e6befb5fefc16ff342d6d0a170eae097560a2aacef68d5dddf5c3d77eb90b6f8ff3e0dba02dbcc21e9d5244eeb89fbf95eaee3df2442dc6758d8c80da1bd94ec7a9f18e12bb22fb90caadd55a6df0f3536c066a86596aefa8515d4e7cf057a0cbab1f66656c522dbb5f26f93fcabba9ad4ff1a8fea3e494b8e0fd70a29575bf39f2f874b9ec7a401565c5e21cd163e750c88"]}, 0x26dc}, 0x1, 0x0, 0x0, 0x850}, 0x10000000) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:09:31 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x80082102, &(0x7f00000000c0)) 15:09:31 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:09:31 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r0, 0x8, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000880}, 0x1) r4 = fcntl$dupfd(r1, 0x0, r2) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r9 = fcntl$dupfd(r6, 0x0, r7) sendmsg$NL80211_CMD_JOIN_MESH(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) ioctl$TIOCMBIS(r9, 0x5416, &(0x7f0000000180)=0x200) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) ioctl$KDADDIO(r4, 0x4b34, 0x3f) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) 15:09:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 56) 15:09:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, 0x0, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:31 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:31 executing program 5: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) [ 984.869405] audit: type=1326 audit(1748272171.865:348): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13476 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 [ 984.871482] FAULT_INJECTION: forcing a failure. [ 984.871482] name failslab, interval 1, probability 0, space 0, times 0 [ 984.873510] CPU: 1 PID: 13480 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 984.874363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 984.875513] Call Trace: [ 984.875863] dump_stack+0x107/0x167 [ 984.876314] should_fail.cold+0x5/0xa [ 984.876787] ? create_object.isra.0+0x3a/0xa20 [ 984.877352] should_failslab+0x5/0x20 [ 984.877823] kmem_cache_alloc+0x5b/0x310 [ 984.878324] ? mark_held_locks+0x9e/0xe0 [ 984.878847] create_object.isra.0+0x3a/0xa20 [ 984.879391] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 984.880127] kmem_cache_alloc+0x159/0x310 [ 984.880715] xas_alloc+0x336/0x440 [ 984.881154] xas_create+0x34a/0x10d0 [ 984.881678] ? kernel_text_address+0xf2/0x120 [ 984.882235] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 984.883003] xas_store+0x8c/0x1c40 [ 984.883451] __xa_store+0x164/0x2d0 [ 984.883953] ? xa_delete_node+0x280/0x280 [ 984.884465] ? trace_hardirqs_on+0x5b/0x180 [ 984.885071] xa_store+0x31/0x50 [ 984.885478] __io_uring_add_tctx_node+0x1cf/0x520 [ 984.886242] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 984.886966] ? alloc_fd+0x2e7/0x670 [ 984.887420] io_uring_setup+0x1fbb/0x2980 [ 984.887990] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 984.888661] ? wait_for_completion_io+0x270/0x270 [ 984.889264] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 984.890002] ? syscall_enter_from_user_mode+0x1d/0x50 [ 984.890716] do_syscall_64+0x33/0x40 [ 984.891184] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 984.891921] RIP: 0033:0x7fdf712e8b19 [ 984.892375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 984.894608] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 984.895552] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 984.896464] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 984.897336] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 984.898201] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 984.899074] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:31 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 57) 15:09:32 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:32 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) clone3(&(0x7f0000000000)={0x280800, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) r1 = socket$netlink(0x10, 0x3, 0x15) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1) syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r0) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400e7bed86615b5cd00790000", @ANYRES16=r2, @ANYBLOB="080025bd7000fbdbdf250c000000"], 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20000000) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r1) sendmsg$TIPC_CMD_GET_LINKS(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r3, 0x200, 0x70bd25, 0x25dfdbfd, {{}, {}, {0x8, 0x11, 0x1}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x48840}, 0x4c895) r4 = accept4$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14, 0x80800) readahead(r4, 0x400, 0xfffffffffffffff7) 15:09:32 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) openat$cgroup_int(r4, &(0x7f0000000000)='hugetlb.1GB.failcnt\x00', 0x2, 0x0) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 985.036009] FAULT_INJECTION: forcing a failure. [ 985.036009] name failslab, interval 1, probability 0, space 0, times 0 [ 985.037576] CPU: 0 PID: 13696 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 985.038476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 985.039546] Call Trace: [ 985.039948] dump_stack+0x107/0x167 [ 985.040397] should_fail.cold+0x5/0xa [ 985.040914] ? xas_alloc+0x336/0x440 [ 985.041375] should_failslab+0x5/0x20 [ 985.041897] kmem_cache_alloc+0x5b/0x310 [ 985.042399] xas_alloc+0x336/0x440 [ 985.042922] xas_create+0x34a/0x10d0 [ 985.043416] ? kernel_text_address+0xf2/0x120 [ 985.044050] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 985.044764] xas_store+0x8c/0x1c40 [ 985.045208] __xa_store+0x164/0x2d0 [ 985.045711] ? xa_delete_node+0x280/0x280 [ 985.046224] ? trace_hardirqs_on+0x5b/0x180 [ 985.046822] xa_store+0x31/0x50 [ 985.047236] __io_uring_add_tctx_node+0x1cf/0x520 [ 985.047881] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 985.048523] ? alloc_fd+0x2e7/0x670 [ 985.049047] io_uring_setup+0x1fbb/0x2980 [ 985.049559] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 985.050281] ? wait_for_completion_io+0x270/0x270 [ 985.050983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 985.051671] ? syscall_enter_from_user_mode+0x1d/0x50 [ 985.052315] do_syscall_64+0x33/0x40 [ 985.052828] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 985.053453] RIP: 0033:0x7fdf712e8b19 [ 985.053980] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 985.056335] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 985.057359] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 985.058312] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 985.059279] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 985.060199] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 985.061116] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:32 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:32 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 58) [ 985.216926] FAULT_INJECTION: forcing a failure. [ 985.216926] name failslab, interval 1, probability 0, space 0, times 0 [ 985.218845] CPU: 0 PID: 13915 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 985.219752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 985.220832] Call Trace: [ 985.221163] dump_stack+0x107/0x167 [ 985.221610] should_fail.cold+0x5/0xa [ 985.222158] ? xas_alloc+0x336/0x440 [ 985.222725] should_failslab+0x5/0x20 [ 985.223243] kmem_cache_alloc+0x5b/0x310 [ 985.223798] xas_alloc+0x336/0x440 [ 985.224236] xas_create+0x34a/0x10d0 [ 985.224758] ? kernel_text_address+0xf2/0x120 [ 985.225310] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 985.226023] xas_store+0x8c/0x1c40 [ 985.226470] __xa_store+0x164/0x2d0 [ 985.226992] ? xa_delete_node+0x280/0x280 [ 985.227507] ? trace_hardirqs_on+0x5b/0x180 [ 985.228089] xa_store+0x31/0x50 [ 985.228498] __io_uring_add_tctx_node+0x1cf/0x520 [ 985.229143] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 985.229858] ? alloc_fd+0x2e7/0x670 [ 985.230349] io_uring_setup+0x1fbb/0x2980 [ 985.230946] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 985.231600] ? wait_for_completion_io+0x270/0x270 [ 985.232254] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 985.232955] ? syscall_enter_from_user_mode+0x1d/0x50 [ 985.233589] do_syscall_64+0x33/0x40 [ 985.234116] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 985.234791] RIP: 0033:0x7fdf712e8b19 [ 985.235260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 985.237688] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 985.238683] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 985.239586] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 985.240505] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 985.241430] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 985.242352] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 985.668151] audit: type=1326 audit(1748272172.665:349): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13466 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:09:46 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000005, 0x8010, r0, 0xe9e50000) 15:09:46 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:46 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x80086601, &(0x7f00000000c0)) 15:09:46 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 999.227888] audit: type=1326 audit(1748272186.224:350): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13929 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:09:46 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:46 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 59) 15:09:46 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:09:46 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x8, 0x4, @tid=r0}, &(0x7f0000000000)) syz_open_procfs(r0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 999.242813] FAULT_INJECTION: forcing a failure. [ 999.242813] name failslab, interval 1, probability 0, space 0, times 0 [ 999.244497] CPU: 1 PID: 13959 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 999.245404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 999.246476] Call Trace: [ 999.246831] dump_stack+0x107/0x167 [ 999.247335] should_fail.cold+0x5/0xa [ 999.247883] ? xas_alloc+0x336/0x440 [ 999.248380] should_failslab+0x5/0x20 [ 999.248917] kmem_cache_alloc+0x5b/0x310 [ 999.249460] xas_alloc+0x336/0x440 [ 999.249935] xas_create+0x34a/0x10d0 [ 999.250442] ? kernel_text_address+0xf2/0x120 [ 999.251050] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 999.251749] xas_store+0x8c/0x1c40 [ 999.252240] __xa_store+0x164/0x2d0 [ 999.252728] ? xa_delete_node+0x280/0x280 [ 999.253282] ? trace_hardirqs_on+0x5b/0x180 [ 999.253864] xa_store+0x31/0x50 [ 999.254312] __io_uring_add_tctx_node+0x1cf/0x520 [ 999.254948] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 999.255659] ? alloc_fd+0x2e7/0x670 [ 999.256148] io_uring_setup+0x1fbb/0x2980 [ 999.256721] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 999.257381] ? wait_for_completion_io+0x270/0x270 [ 999.258043] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 999.258735] ? syscall_enter_from_user_mode+0x1d/0x50 [ 999.259438] do_syscall_64+0x33/0x40 [ 999.259936] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 999.260613] RIP: 0033:0x7fdf712e8b19 [ 999.261109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 999.263524] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 999.264553] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 999.265490] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 999.266427] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 999.267387] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 [ 999.268308] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:46 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:09:46 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:46 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 60) 15:09:46 executing program 3: r0 = clone3(&(0x7f0000000100)={0x171212980, 0x0, 0x0, 0x0, {0x29}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = socket$netlink(0x10, 0x3, 0x15) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) sendfile(r1, r2, &(0x7f0000000040)=0x800, 0x7ff) syz_open_procfs(r0, &(0x7f0000000080)='net/mcfilter\x00') 15:09:46 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x15) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000140)) r2 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) openat2(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={0x2000, 0x4, 0x1b}, 0x18) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000000)=0x2) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0) [ 999.425496] FAULT_INJECTION: forcing a failure. [ 999.425496] name failslab, interval 1, probability 0, space 0, times 0 [ 999.427195] CPU: 0 PID: 14149 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 999.428107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 999.429197] Call Trace: [ 999.429554] dump_stack+0x107/0x167 [ 999.430043] should_fail.cold+0x5/0xa [ 999.430555] ? create_object.isra.0+0x3a/0xa20 [ 999.431190] should_failslab+0x5/0x20 [ 999.431695] kmem_cache_alloc+0x5b/0x310 [ 999.432238] ? mark_held_locks+0x9e/0xe0 [ 999.432778] create_object.isra.0+0x3a/0xa20 [ 999.433407] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 999.434116] kmem_cache_alloc+0x159/0x310 [ 999.434669] xas_alloc+0x336/0x440 [ 999.435150] xas_create+0x34a/0x10d0 [ 999.435651] ? kernel_text_address+0xf2/0x120 [ 999.436245] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 999.436937] xas_store+0x8c/0x1c40 [ 999.437423] __xa_store+0x164/0x2d0 [ 999.437907] ? xa_delete_node+0x280/0x280 [ 999.438456] ? trace_hardirqs_on+0x5b/0x180 [ 999.439038] xa_store+0x31/0x50 [ 999.439487] __io_uring_add_tctx_node+0x1cf/0x520 [ 999.440127] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 999.440820] ? alloc_fd+0x2e7/0x670 [ 999.441363] io_uring_setup+0x1fbb/0x2980 [ 999.441931] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 999.442612] ? wait_for_completion_io+0x270/0x270 [ 999.443285] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 999.443984] ? syscall_enter_from_user_mode+0x1d/0x50 [ 999.444671] do_syscall_64+0x33/0x40 [ 999.445169] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 999.445845] RIP: 0033:0x7fdf712e8b19 [ 999.446342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 999.448783] RSP: 002b:00007fdf6e85e108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 999.449823] RAX: ffffffffffffffda RBX: 00007fdf713fbf60 RCX: 00007fdf712e8b19 [ 999.450749] RDX: 0000000020ffc000 RSI: 0000000020000140 RDI: 0000000000005853 [ 999.451704] RBP: 0000000020000140 R08: 0000000020000100 R09: 0000000020000100 [ 999.452641] R10: 00000000200001c0 R11: 0000000000000202 R12: 0000000020000100 15:09:46 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:09:46 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) [ 999.453559] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:09:46 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:09:46 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:09:46 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 1000.051187] audit: type=1326 audit(1748272187.044:351): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=13929 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:10:00 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x300100}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x17c, 0x2b, 0x8, 0x70bd25, 0x25dfdbfd, {0x16}, [@typed={0xc, 0xb, 0x0, 0x0, @u64=0x6}, @nested={0xb8, 0x5f, 0x0, 0x1, [@typed={0x8, 0x38, 0x0, 0x0, @uid=0xffffffffffffffff}, @generic="ec792091c7f9b3192993615c99d19554c135f3f26be67d46b0ef845b64b7ec475d08740f8683c1c1b6178679162176e826a90fab93938f716629e26ba5736e77c172b3d3d98dedd58799e244b74e45f9ebcc838e615feaded117bd8b4d58ba130b03f382a874cb38f31b74becbf40a4fbf85b4d932ddcd018a6b2db99349258e0e630fa96395cae9dc5e5b6869b48bf3e497d27b204dc5297e1a4efbfbacff28b0fd2a348b27235383233e10"]}, @generic="3455c12445fce1f482b23daffb9e0c1fd81eefd9c3a31714a1e25a8cf258e71d9083f1371e41e581327ecf2b0f240371327e526e5b34763aa8358456f3ffa6139b70ee87fdb2b50ddefa185331959243cc9784799d35cf606b1eb8037ca037cd3056beb9b5390d15f98e687d5824e026d7c12424dc07c0578b10db4ba94bd65166a09de895eff1f376bc63b9300482da8ebb936a30f3648f7d0ffdea63e84af60b"]}, 0x17c}}, 0x8000) 15:10:00 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 1013.892829] audit: type=1326 audit(1748272200.890:352): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=14380 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 [ 1013.918081] FAULT_INJECTION: forcing a failure. [ 1013.918081] name failslab, interval 1, probability 0, space 0, times 0 [ 1013.921836] CPU: 0 PID: 14383 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1013.923897] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1013.926324] Call Trace: [ 1013.927069] dump_stack+0x107/0x167 [ 1013.928143] should_fail.cold+0x5/0xa [ 1013.929227] ? vm_area_dup+0x78/0x290 [ 1013.930316] should_failslab+0x5/0x20 [ 1013.931427] kmem_cache_alloc+0x5b/0x310 [ 1013.932593] vm_area_dup+0x78/0x290 [ 1013.933622] ? lock_release+0x680/0x680 [ 1013.934759] ? mark_lock+0xf5/0x2df0 [ 1013.935838] ? lock_chain_count+0x20/0x20 [ 1013.937027] ? mark_lock+0xf5/0x2df0 [ 1013.938081] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1013.939599] ? lock_chain_count+0x20/0x20 [ 1013.940773] ? mark_lock+0xf5/0x2df0 [ 1013.941835] ? vm_area_alloc+0x110/0x110 [ 1013.942994] ? __lock_acquire+0x1657/0x5b00 [ 1013.944253] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1013.945743] ? vmacache_find+0x55/0x2a0 [ 1013.946877] __split_vma+0xa8/0x4e0 [ 1013.947916] __do_munmap+0x365/0x1260 [ 1013.949005] ? arch_get_unmapped_area+0x450/0x450 [ 1013.950386] ? lock_release+0x680/0x680 [ 1013.951533] mmap_region+0x7c8/0x1500 [ 1013.952615] do_mmap+0xcdb/0x11e0 [ 1013.953609] vm_mmap_pgoff+0x198/0x1f0 [ 1013.954710] ? randomize_page+0xb0/0xb0 [ 1013.955877] ksys_mmap_pgoff+0x41c/0x560 [ 1013.957032] ? find_mergeable_anon_vma+0x250/0x250 [ 1013.958438] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1013.959938] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1013.961452] do_syscall_64+0x33/0x40 [ 1013.962510] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1013.963997] RIP: 0033:0x7fdf712e8b62 [ 1013.965046] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1013.970558] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1013.972748] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1013.974813] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1013.976869] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1013.978921] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1013.980993] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:10:00 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x80087601, &(0x7f00000000c0)) 15:10:00 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:10:00 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 61) 15:10:00 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=ANY=[@ANYBLOB="28000029b2af00208bf3b009553b6c9b0000ffff3486ac7af05301a30d98a325b50ffbfb44611effb2df44454e24953586b173e22214eff8204000ad180b1c8a15f97a628de5cd2623916896de0ca348ea8e230627d4af194888a2f9cf2214703df6812a966c855df744b50e4591d9857b4b01a103002606816d00000000", @ANYRES32=0x0, @ANYBLOB="0c001100fb0300000000080055370fefc858d934b1fc98612d4b4c2d3c6b77dec4bdda5d6a056a835036df9795ab00000000000000000013e89d5e10c31c4895331e6c9062e6d19714413124927a70063ee48646ba815eee21568ca7d1c61a59ebab5c0109894757a4f503873c3b3b120fbd1b368d8fd86d6e2d30a0eebc77da844463f6262c43d3fa70e3a3bf832e75ff8e638862485199a31900718233e061b4cac99c4ba775d97bdb71cdd3e5e4"], 0x28}}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:10:00 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:00 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) fsetxattr$security_capability(r0, &(0x7f0000000040), &(0x7f0000000100)=@v1={0x1000000, [{0x7, 0x100}]}, 0xc, 0x1) 15:10:00 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:10:01 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:10:01 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480), &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 62) 15:10:01 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x2000}) socket$netlink(0x10, 0x3, 0x13) 15:10:01 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 1014.105040] FAULT_INJECTION: forcing a failure. [ 1014.105040] name failslab, interval 1, probability 0, space 0, times 0 [ 1014.112496] CPU: 0 PID: 14613 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1014.114487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1014.116974] Call Trace: [ 1014.117718] dump_stack+0x107/0x167 [ 1014.118761] should_fail.cold+0x5/0xa [ 1014.119857] ? create_object.isra.0+0x3a/0xa20 [ 1014.121178] should_failslab+0x5/0x20 [ 1014.122260] kmem_cache_alloc+0x5b/0x310 [ 1014.123436] create_object.isra.0+0x3a/0xa20 [ 1014.124685] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1014.126154] kmem_cache_alloc+0x159/0x310 [ 1014.127356] vm_area_dup+0x78/0x290 [ 1014.128403] ? lock_release+0x680/0x680 [ 1014.129528] ? mark_lock+0xf5/0x2df0 [ 1014.130599] ? lock_chain_count+0x20/0x20 [ 1014.131803] ? mark_lock+0xf5/0x2df0 [ 1014.132871] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1014.134360] ? lock_chain_count+0x20/0x20 [ 1014.135565] ? mark_lock+0xf5/0x2df0 [ 1014.136619] ? vm_area_alloc+0x110/0x110 [ 1014.137801] ? __lock_acquire+0x1657/0x5b00 [ 1014.139036] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1014.144592] ? vmacache_find+0x55/0x2a0 [ 1014.145721] __split_vma+0xa8/0x4e0 [ 1014.146763] __do_munmap+0x365/0x1260 [ 1014.147877] ? arch_get_unmapped_area+0x450/0x450 [ 1014.149265] ? lock_release+0x680/0x680 [ 1014.150388] mmap_region+0x7c8/0x1500 [ 1014.151505] do_mmap+0xcdb/0x11e0 [ 1014.152490] vm_mmap_pgoff+0x198/0x1f0 [ 1014.153617] ? randomize_page+0xb0/0xb0 [ 1014.154754] ksys_mmap_pgoff+0x41c/0x560 [ 1014.155940] ? find_mergeable_anon_vma+0x250/0x250 [ 1014.157334] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1014.158851] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1014.160333] do_syscall_64+0x33/0x40 [ 1014.161394] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1014.162862] RIP: 0033:0x7fdf712e8b62 [ 1014.164125] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1014.169484] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1014.175709] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1014.177763] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1014.179831] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1014.181886] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1014.183955] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:10:01 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:10:01 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 1014.734740] audit: type=1326 audit(1748272201.731:353): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=14380 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:10:15 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:10:15 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:15 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0045878, &(0x7f00000000c0)) 15:10:15 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 63) 15:10:15 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x0) 15:10:15 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:10:15 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:15 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000004c0), 0x4000, 0x0) r2 = dup2(r1, r0) r3 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000480)={r0, 0x100, 0x3, 0x3ff}) r4 = socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) sendmsg$nl_generic(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x18c, 0x2a, 0x400, 0x70bd26, 0x25dfdbff, {0x12}, [@nested={0x176, 0x18, 0x0, 0x1, [@typed={0x14, 0x38, 0x0, 0x0, @ipv6=@local}, @generic="46c08ffd40ed75201d77662805e6aec4ae5796a00aa908d9dc43b7e3", @typed={0x14, 0x70, 0x0, 0x0, @ipv6=@mcast1}, @typed={0x101, 0x7e, 0x0, 0x0, @binary="82d74c1bd79751c495836422c1016334d800405f8c64136395b384c5f8a61e226aeecbe8347307e66638023022b869632fce30e7a762ae81139fa3051a40b434d6b26d2e8224b3c3094526fa654035b22b955caa55ed1a78b65ee2629d10c657f8eefef80e4107f9feb7f332ea3f4231fb65ccd6038ec70faad766279c4fe7a00532cfcf6061c232e40535e90f8e8978a7173bcf0e61408bc3a82108c07566d62038c636c873f29b9d31fc5b7f286bd02cd588874ad48ea78d5311a6eb988dbd8433bc5d748c4a6f2d0e20bde0add938c5b33a4fe69f456773252247695b1574b7aceb88f994ba62255e4132dd509c9007a86ce9d4ae261521ad82dc80"}, @generic="c187fb500f19ba384fc722a890681a0910d035a84bc73d7921f0b5d1927b344ef6dcd7229e6bf23929f6", @generic]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x24000001}, 0x20000001) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ADD_TX_TS(r4, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x6c, 0x0, 0x200, 0x70bd2b, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x800}, @NL80211_ATTR_TSID={0x5, 0xd2, 0x5}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x7}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TSID={0x5, 0xd2, 0xc}]}, 0x6c}, 0x1, 0x0, 0x0, 0xc810}, 0x80) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000001c80), 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_CTL(r6, 0x40049421, 0x1) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), r2) [ 1028.184561] FAULT_INJECTION: forcing a failure. sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000001c40)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000001c00)={&(0x7f0000003340)={0x17d4, r7, 0x200, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1b0, 0x11d, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x40}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x62}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x164, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x3c}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xcb}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x134, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xdc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x1f, 0x1, 0x7, 0x2, 0xb9, 0x2, 0x3f]}}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x0, 0x9}, {0x1, 0x1}, {0x6, 0x7}, {0x1, 0x8}, {0x1, 0x4}, {0x5, 0xa}, {0x1, 0x5}, {0x0, 0x7}, {0x7, 0x6}, {0x4, 0x2}, {0x0, 0x4}, {0x3, 0x4}, {0x7, 0x8}, {0x1, 0x9}, {0x2, 0x2}, {0x1, 0x6}, {0x3}, {0x0, 0x5}, {0x4, 0x8}, {0x5, 0x8}, {0x3, 0x8}, {0x7, 0x4}, {0x6, 0x1}, {0x4, 0x9}, {0x2, 0x9}, {0x1, 0x5}, {0x4, 0x5}, {0x7}, {0x3, 0x7}, {0x1, 0x5}, {0x0, 0x5}, {0x0, 0x2}, {0x3}, {0x1, 0xa}, {0x0, 0x2}, {0x6, 0x5}, {0x1, 0x2}, {0x2, 0x8}, {0x3, 0x3}, {0x6}, {0x3, 0x3}, {0x0, 0x7}, {0x5, 0x5}, {0x3, 0x1}, {0x7, 0x6}, {0x0, 0x1}, {0x4, 0x2}, {0x7, 0x3}, {0x0, 0x6}, {0x2, 0x1}, {0x7, 0x7}, {0x6, 0x4}, {0x3, 0x3}, {0x4, 0x4}, {0x0, 0xa}, {0x5}, {0x1, 0x1}, {0x5, 0x7}, {0x0, 0x6}, {0x1}, {0x5, 0x7}, {0x6, 0x2}, {0x1, 0xa}, {0x1}, {0x5, 0x3}, {0x3, 0x1}, {0x6, 0xa}, {0x6, 0x3}, {0x1, 0x3}, {0x1, 0x9}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x0, 0x8, 0x2, 0x9, 0x7, 0x5, 0x7]}}, @NL80211_TXRATE_HT={0x46, 0x2, [{0x6}, {0x7, 0x2}, {0x5, 0x1}, {0x0, 0x2}, {0x7, 0x3}, {0x2, 0x1}, {0x4, 0x3}, {0x2, 0x1}, {0x1, 0x7}, {0x5, 0x3}, {0x7, 0xa}, {0x6, 0x9}, {0x0, 0x1}, {0x4, 0x4}, {0x1, 0x7}, {0x1, 0xa}, {0x4, 0x9}, {0x7, 0x6}, {0x7, 0x3}, {0x6, 0x6}, {0x0, 0x7}, {0x4, 0x6}, {0x4, 0x9}, {0x4, 0x8}, {0x0, 0x1}, {0x6, 0x4}, {}, {0x7, 0x5}, {0x4, 0x6}, {0x0, 0x7}, {0x5, 0x5}, {0x1}, {0x0, 0x2}, {0x5, 0x8}, {0x5, 0x2}, {0x7, 0x7}, {0x5, 0x6}, {0x5, 0x6}, {0x1, 0x1}, {0x5}, {0x6, 0x6}, {0x0, 0x4}, {0x7, 0xa}, {0x4, 0x9}, {0x1, 0x2}, {0x7, 0x3}, {0x7, 0x6}, {0x0, 0x3}, {0x3, 0x3}, {0x0, 0x6}, {0x3, 0x5}, {0x1, 0x5}, {0x4, 0x4}, {0x5, 0x5}, {0x1, 0x5}, {0x7, 0x2}, {0x7, 0x9}, {0x0, 0xa}, {0x0, 0x3}, {0x0, 0x7}, {0x1, 0x2}, {0x2, 0x4}, {0x4, 0x9}, {0x4, 0x3}, {0x0, 0x3}, {0x7, 0x6}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x929, 0x1, 0x4, 0x8, 0x5, 0x401, 0x3]}}]}, @NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x0]}, @NL80211_TXRATE_HT={0x3f, 0x2, [{0x4}, {0x5, 0x4}, {0x5, 0x2}, {0x4, 0x5}, {0x2, 0x5}, {0x4}, {0x2, 0x5}, {0x4, 0x9}, {0x5, 0x2}, {0x1, 0x7}, {0x0, 0x8}, {0x7, 0x3}, {0x6}, {0x4, 0x2}, {0x2}, {0x1, 0x2}, {0x0, 0x7}, {0x3, 0x8}, {0x3, 0x7}, {0x2, 0x7}, {0x1, 0x7}, {0x0, 0x9}, {0x7, 0x7}, {0x5, 0xa}, {0x4, 0x2}, {0x5, 0x2}, {0x7, 0xa}, {0x7, 0x7}, {0x5}, {0x7, 0x1}, {0x7, 0x1}, {0x1, 0x9}, {0x3, 0x4}, {0x1, 0x1}, {0x0, 0x7}, {0x4, 0x6}, {0x7, 0xa}, {0x0, 0x6}, {0x4, 0x3}, {0x0, 0x9}, {0x5}, {0x5, 0x9}, {0x5, 0x6}, {0x0, 0x9}, {}, {0x5, 0x3}, {0x6, 0x9}, {0x1, 0x6}, {0x0, 0x5}, {0x0, 0xa}, {0x1, 0x5}, {0x5, 0x5}, {0x4, 0x1}, {0x0, 0x8}, {0x7, 0x3}, {0x4, 0x7}, {0x0, 0xa}, {0x2}, {0x0, 0x3}]}]}]}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8b4d42960000000}]}]}, @NL80211_ATTR_TID_CONFIG={0x114, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xee}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0x38, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x23dd000000000000}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}]}, {0x54, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x24}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x2}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xdd}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x68}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x100000000}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}, @NL80211_ATTR_TID_CONFIG={0x4ac, 0x11d, 0x0, 0x1, [{0x64, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x1c, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x81, 0x5, 0x5, 0x4000, 0x0, 0x2, 0x5, 0xffff]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x1f}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x2}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x42}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0xb6fb614b7e29a2cd}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xaa0}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xd0}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x174, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x12c, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x8c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x6c, 0x36, 0x5, 0x3, 0x2, 0x1b, 0xc, 0x16, 0x1, 0x3, 0x12, 0x6, 0x6, 0x16, 0x1b, 0x24, 0x6, 0x60, 0x3, 0x1, 0x16, 0x60, 0x36, 0x30, 0x24, 0x18, 0x3]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x1, 0x100, 0x3, 0x1000, 0xfff, 0x5, 0xa5]}}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1b, 0x24, 0x4, 0x5, 0x3, 0x1b, 0x12, 0x6c, 0x48, 0xc, 0x12, 0x30, 0x16, 0x9, 0x3, 0x48, 0x3, 0x1, 0x36, 0x5]}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x6, 0x35, 0x5, 0x9, 0x5, 0x9, 0x6, 0x4, 0x3, 0x53, 0x3, 0x18, 0x4, 0x60, 0x36, 0x6, 0x2, 0x18, 0x16, 0x30, 0x6, 0x3]}, @NL80211_TXRATE_HT={0x15, 0x2, [{0x3, 0x8}, {0x7, 0x6}, {0x5, 0x1}, {0x0, 0x7}, {0x0, 0x7}, {0x1, 0x7}, {0x6, 0x1}, {0x3}, {0x1, 0x9}, {0x1, 0x3}, {0x5, 0x3}, {0x4, 0x4}, {0x0, 0x9}, {0x4, 0x8}, {0x4}, {0x1, 0x4}, {0x0, 0x5}]}]}, @NL80211_BAND_6GHZ={0x9c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x29, 0x2, [{0x0, 0x7}, {0x5, 0x8}, {0x0, 0xa}, {0x1, 0xa}, {0x3, 0x9}, {0x6}, {0x3, 0x3}, {0x3, 0x1}, {0x2, 0x8}, {0x0, 0x5}, {0x6, 0x9}, {0x2, 0x7}, {0x6, 0xa}, {0x7, 0x3}, {0x5, 0x3}, {0x0, 0xa}, {0x1, 0x6}, {0x3, 0x5}, {0x6, 0x4}, {0x1, 0x4}, {0x5, 0x6}, {0x3}, {0x0, 0x9}, {0x7, 0x7}, {0x5}, {0x2, 0x9}, {0x1, 0x3}, {0x7, 0x1}, {0x7, 0x1}, {0x3, 0x7}, {0x1, 0x4}, {0x6, 0x8}, {0x3, 0x6}, {0x7, 0x7}, {0x1, 0x8}, {0x1, 0x1}, {0x6, 0x6}]}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x48, 0x9, 0x24, 0xb, 0x1, 0x24, 0xc, 0x4, 0x5, 0x36, 0x6c, 0x24, 0x16, 0x4, 0x6c, 0x16, 0x60, 0x1b, 0x48, 0x14, 0x36, 0x6c]}, @NL80211_TXRATE_HT={0x1b, 0x2, [{0x1, 0x5}, {}, {0x5, 0x2}, {0x7, 0x8}, {0x6, 0x9}, {0x5, 0x1}, {0x6, 0x7}, {0x7, 0x2}, {0x4, 0x1}, {0x7, 0x3}, {0x5, 0x1}, {0x4, 0x2}, {0x7, 0x5}, {0x3, 0x6}, {0x1, 0x7}, {0x3, 0x8}, {0x7, 0x2}, {0x5, 0x4}, {0x7, 0xa}, {0x0, 0x7}, {0x2, 0x5}, {0x6, 0x7}, {0x5, 0x9}]}, @NL80211_TXRATE_HT={0x2c, 0x2, [{0x0, 0xa}, {0x2, 0x1}, {0x0, 0xa}, {0x0, 0x3}, {0x2, 0x8}, {0x0, 0xa}, {0x6, 0x2}, {0x6, 0xa}, {0x1, 0x3}, {0x0, 0x7}, {0x0, 0xa}, {0x7, 0x9}, {0x6, 0x3}, {0x0, 0x7}, {0x1, 0x2}, {0x3, 0x4}, {0x1, 0xa}, {0x4, 0x6}, {0x1, 0x9}, {0x7, 0x6}, {0x5, 0x8}, {0x6, 0x2}, {0x1, 0x5}, {0x7, 0x6}, {0x1, 0x3}, {0x0, 0x1}, {0x1, 0x7}, {0x0, 0x5}, {0x0, 0x9}, {0x6, 0x6}, {0x2, 0x9}, {0x2, 0x7}, {0x4, 0x2}, {0x0, 0x6}, {0x2, 0xa}, {0x6, 0x8}, {0x3, 0x7}, {0x6, 0x5}, {0x5, 0x1}, {0x4, 0x2}]}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xe2}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x9d}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x7f}]}, {0x58, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xe5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x3}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xb8}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x100000001}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x9}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xd4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x6}]}, {0x1d0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x1bc, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x90, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x35, 0x2, [{0x0, 0x3}, {0x6, 0xa}, {0x1, 0x3}, {0x0, 0xa}, {0x0, 0x8}, {0x4, 0x5}, {0x6, 0x6}, {0x1, 0x6}, {0x1, 0xa}, {0x4, 0x4}, {0x3, 0x1}, {0x2, 0x4}, {0x7, 0x3}, {0x2, 0x6}, {0x3, 0xa}, {0x0, 0x2}, {0x3, 0x3}, {0x3, 0x2}, {0x2}, {0x2, 0x7}, {0x6, 0xa}, {0x6, 0x4}, {0x6, 0xa}, {0x6, 0x8}, {0x0, 0x6}, {0x7, 0x6}, {0x2, 0x8}, {0x1, 0x2}, {0x5, 0xa}, {}, {0x0, 0xa}, {0x1, 0x6}, {0x2, 0x3}, {0x2, 0x4}, {0x5}, {0x6, 0x9}, {0x2, 0x9}, {0x1, 0x6}, {0x7, 0x9}, {0x1, 0x8}, {0x3, 0x9}, {0x6, 0x6}, {0x1, 0x6}, {0x1, 0x8}, {0x2}, {0x6, 0x5}, {0x3, 0xa}, {0x0, 0x1}, {0x3, 0x4}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x49, 0x2, [{0x1, 0x5}, {0x6, 0x9}, {0x1, 0x5}, {0x5, 0x9}, {0x7, 0x5}, {0x1, 0x5}, {0x6, 0x7}, {0x7, 0x6}, {0x6, 0x9}, {0x1}, {0x0, 0x5}, {0x1, 0x3}, {0x5, 0x3}, {0x1, 0x7}, {0x1, 0x5}, {0x1, 0x4}, {0x4, 0x8}, {0x5, 0x4}, {0x1, 0x8}, {0x6, 0x8}, {0x1, 0x1}, {0x2, 0x5}, {0x3, 0x1}, {0x3, 0x7}, {0x6, 0x6}, {0x3, 0x1}, {0x0, 0x2}, {0x6}, {0x0, 0x2}, {0x7, 0xa}, {0x1, 0x7}, {0x5, 0xa}, {0x6}, {0x2}, {0x1, 0x3}, {0x6, 0x4}, {0x6, 0x6}, {0x4, 0x7}, {0x3, 0x5}, {0x7}, {0x6, 0x3}, {0x1, 0x3}, {0x0, 0x5}, {0x3, 0x7}, {0x1, 0x2}, {0x1, 0x2}, {0x3, 0x3}, {0x1, 0x4}, {0x5, 0x4}, {0x1, 0x5}, {0x7, 0x7}, {0x1}, {0x3, 0x4}, {0x6, 0x9}, {0x2, 0xa}, {0x6, 0x8}, {0x2}, {0x7, 0x1}, {0x1, 0x8}, {0x4, 0x5}, {0x4, 0xa}, {0x6, 0x5}, {0x2, 0x5}, {0x3, 0x8}, {0x1, 0x9}, {0x5, 0x6}, {0x0, 0x2}, {0x1, 0x5}, {0x3, 0x4}]}]}, @NL80211_BAND_5GHZ={0x60, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7, 0x1c22, 0x1ff, 0x3, 0x5, 0x2, 0x7f]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x3f, 0x2, [{0x4, 0x5}, {0x6, 0xa}, {0x6, 0x2}, {0x5, 0x4}, {0x0, 0x5}, {0x6, 0x3}, {0x6, 0xa}, {0x4}, {0x6, 0x3}, {0x4, 0x3}, {0x4, 0xa}, {0x3, 0x4}, {0x1, 0x7}, {0x6, 0x7}, {0x3, 0x3}, {0x0, 0x4}, {0x4, 0x4}, {0x5, 0x7}, {0x2, 0x9}, {0x4, 0xa}, {0x1}, {0x6, 0x5}, {0x4}, {0x6, 0xa}, {0x3, 0x5}, {0x2, 0x1}, {0x7, 0x5}, {0x7, 0xa}, {0x7, 0x5}, {0x4, 0x2}, {0x6, 0x4}, {0x4, 0x4}, {0x1, 0x4}, {0x1, 0x5}, {0x4, 0xa}, {0x5, 0x8}, {0x5, 0x3}, {0x3, 0x3}, {0x7, 0x2}, {0x7, 0x3}, {0x1, 0x4}, {0x6, 0x7}, {0x7, 0x2}, {0x2, 0x7}, {0x4, 0x9}, {0x4, 0x7}, {0x0, 0xa}, {0x2, 0x8}, {0x0, 0x7}, {0x1, 0x8}, {0x2, 0x3}, {0x5, 0x2}, {0x3, 0x3}, {0x3, 0x6}, {0x1, 0x5}, {0x5, 0xf}, {0x1, 0x5}, {0x1, 0x9}, {0x1, 0xa}]}]}, @NL80211_BAND_60GHZ={0x50, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x43, 0x2, [{0x7, 0x5}, {0x4, 0x2}, {0x0, 0x4}, {0x1, 0x6}, {0x6, 0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x0, 0xa}, {0x2, 0x1}, {0x6, 0x6}, {0x7, 0x4}, {0x2, 0x7}, {}, {0x4, 0x8}, {0x2, 0x6}, {0x2, 0x3}, {0x4, 0x1}, {0x6, 0x8}, {0x2, 0xa}, {0x7, 0x7}, {0x2, 0x4}, {0x7, 0x5}, {0x0, 0x3}, {0x6, 0x1}, {0x1, 0x3}, {0x4, 0x3}, {0x3, 0x7}, {0x3, 0x3}, {0x1, 0x8}, {0x5, 0x9}, {0x3, 0x3}, {0x2, 0x9}, {0x4, 0x4}, {0x2, 0x6}, {0x2, 0x7}, {0x2, 0x7}, {0x7}, {0x1, 0x3}, {0x0, 0x8}, {0x2, 0x8}, {0x6}, {0x3}, {0x3, 0x6}, {0x2, 0x2}, {0x1, 0xa}, {0x2, 0x3}, {0x2, 0x6}, {0x4, 0x1}, {0x4, 0xa}, {0x0, 0xa}, {0x0, 0x6}, {}, {0x4, 0x4}, {0x4, 0x7}, {0x7, 0x7}, {0x0, 0x8}, {0x4, 0x4}, {0x3, 0x3}, {0x1, 0x9}, {0x2, 0x8}, {0x1, 0x1}, {0x6, 0x9}, {0x7, 0x2}]}]}, @NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x80, 0xb1, 0x8, 0x1, 0xb, 0x7, 0x80, 0x20]}}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x12, 0x3, 0x36, 0x6c, 0x1b, 0xc, 0x1b, 0x48, 0x0, 0x6c, 0x6, 0x24, 0x12, 0x36]}, @NL80211_TXRATE_HT={0x41, 0x2, [{0x6, 0x6}, {0x4, 0x5}, {0x5}, {0x1, 0x7}, {0x0, 0x9}, {0x2, 0x5}, {0x3, 0x5}, {0x7, 0x5}, {0x2}, {0x5, 0x9}, {0x2, 0x8}, {0x6, 0x6}, {0x6, 0x4}, {0x1, 0x8}, {0x3, 0x6}, {0x1, 0x2}, {0x0, 0x1}, {0x1, 0x5}, {0x1, 0x3}, {0x7, 0xa}, {0x3, 0x2}, {0x6, 0x7}, {0x4, 0xa}, {0x1, 0x3}, {0x1, 0xa}, {0x5, 0x4}, {0x0, 0x8}, {0x6, 0x4}, {0x6, 0x7}, {0x1, 0x1}, {0x6, 0x4}, {0x5}, {0x1, 0xa}, {0x6, 0xa}, {0x0, 0x2}, {0x5, 0x1}, {0x0, 0x6}, {0x5, 0x5}, {0x1}, {0x3, 0x9}, {0x6, 0x4}, {0x3, 0x3}, {0x1, 0x4}, {0x5, 0xa}, {0x6, 0x2}, {0x4, 0x7}, {0x5, 0x1}, {0x5, 0x1}, {0x1, 0x4}, {0x1, 0x3}, {0x3, 0xa}, {0x6, 0x3}, {0x4, 0x9}, {0x1, 0x7}, {}, {0x3, 0x2}, {0x5, 0xa}, {0x2, 0x3}, {0x2, 0x8}, {0x1, 0x2}, {0x1, 0x9}]}]}]}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0xc8, 0x11d, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x77}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x15}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x7d}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xc4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x5c}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x44}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xb4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x3}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xbf}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xa5}]}]}, @NL80211_ATTR_TID_CONFIG={0x16c, 0x11d, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x6}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xb65}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x77}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xffff}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x30}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x15}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xfa}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x732f}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x23}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x1f}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd8}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xfe}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0xb7}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x78}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x5b}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x7fff}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x7ff}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0x6c, 0x11d, 0x0, 0x1, [{0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x9d}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x20000000200000}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x9}]}]}, @NL80211_ATTR_TID_CONFIG={0x834, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xbf}]}, {0x194, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x9}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x170, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xd0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x38, 0x2, [{0x7, 0x8}, {0x3, 0x4}, {0x5, 0x8}, {0x0, 0x4}, {0x0, 0x8}, {0x5, 0x7}, {0x5, 0x7}, {0x4, 0x6}, {0x0, 0x1}, {0x0, 0x5}, {0x0, 0x3}, {0x3, 0x5}, {0x5, 0xa}, {0x2, 0x8}, {0x0, 0x2}, {0x2, 0x9}, {0x7, 0x7}, {0x0, 0x6}, {0x2, 0x9}, {0x6, 0xa}, {0x6, 0x4}, {0x7, 0x3}, {}, {0x1, 0x9}, {0x5, 0x1}, {}, {0x3, 0x7}, {0x5, 0x5}, {0x3}, {0x0, 0x5}, {0x5, 0x1}, {0x0, 0x5}, {0x4, 0x8}, {0x1, 0x2}, {0x1, 0x7}, {0x7, 0x5}, {0x3, 0x8}, {0x2, 0x5}, {0x1, 0x5}, {0x2}, {0x5}, {0x1}, {0x0, 0x3}, {0x1, 0x3}, {0x5, 0x9}, {0x7, 0x8}, {}, {0x4, 0x8}, {0x7, 0x7}, {0x1, 0x4}, {0x3, 0xa}, {0x3}]}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x3, 0x8}, {0x5, 0x4}, {0x1, 0x2}, {0x1, 0x3}, {0x4, 0x8}, {0x1, 0x9}, {0x5, 0x8}, {0x0, 0x2}, {0x2, 0x6}, {0x7, 0x2}, {0x7, 0x8}, {0x1, 0x8}, {0x1, 0x4}, {0x2, 0x9}, {0x6, 0x9}, {0x1, 0x2}, {0x0, 0x1}, {0x6, 0x2}, {0x7, 0x7}, {0x4, 0x5}, {0x0, 0x9}, {0x4, 0x1}, {0x3, 0xa}, {0x3}, {}, {0x0, 0x9}, {0x0, 0x4}, {0x4, 0x9}, {0x7, 0x8}, {0x4, 0x2}, {0x0, 0x6}, {0x3, 0x9}, {0x2, 0x2}, {0x1, 0x6}, {0x2, 0x1}, {0x5, 0x7}, {0x4, 0x2}, {0x4, 0x6}, {0x3, 0x3}, {0x4}, {0x1, 0x1}, {0x6, 0x3}, {0x6, 0x8}]}, @NL80211_TXRATE_HT={0x4e, 0x2, [{0x1, 0x8}, {0x6}, {0x7, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x4, 0xa}, {0x1, 0x3}, {0x0, 0x3}, {0x3, 0x2}, {0x1, 0xa}, {0x0, 0x9}, {0x4, 0x6}, {0x3, 0x6}, {0x0, 0x1}, {0x0, 0x2}, {0x5, 0x4}, {0x5, 0x3}, {0x1, 0x2}, {0x5, 0x5}, {0x0, 0xa}, {0x3, 0x9}, {0x0, 0x9}, {0x4, 0xa}, {0x2, 0x6}, {0x5, 0x1}, {0x0, 0xa}, {0x1, 0x7}, {0x3, 0x8}, {0x5, 0x7}, {0x5, 0x2}, {0x2, 0xa}, {0x5, 0x2}, {0x1, 0x8}, {0x6, 0xa}, {0x6, 0xa}, {0x5, 0x5}, {0x6, 0x4}, {0x5, 0x6}, {0x5, 0x3}, {0x0, 0x1}, {0x1, 0x4}, {0x5}, {0x7}, {0x1, 0x4}, {0x0, 0x4}, {0x1, 0x8}, {0x5, 0x8}, {0x0, 0x8}, {0x4, 0x1}, {0x3, 0x7}, {0x5, 0x8}, {0x4, 0x9}, {0x1, 0x2}, {0x6, 0x8}, {0x6, 0x9}, {0x6, 0x3}, {0x1, 0xa}, {0x0, 0x7}, {0x6, 0x7}, {0x1, 0x7}, {0x4, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x5, 0x7}, {0x6, 0x7}, {0x2, 0x7}, {0x5, 0x1}, {0x3, 0x3}, {0x0, 0x9}, {0x6, 0x4}, {0x4, 0x1}, {0x1, 0x9}, {0x6, 0xa}, {0x1, 0x1}]}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x1b, 0x4, 0x1, 0x0, 0x30, 0x2, 0x36, 0x36, 0x1b, 0x2, 0x4, 0x1b, 0x12, 0x2]}]}, @NL80211_BAND_60GHZ={0x9c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x4, 0x9, 0x18, 0x2, 0x5a, 0x9]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf57, 0x4, 0xa580, 0x3, 0x6, 0x2, 0x7, 0x3ff]}}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x6c, 0x3, 0x60, 0x1, 0x6c, 0x0, 0x6c, 0x14, 0x48, 0x9, 0x18, 0x1b, 0x2, 0x4, 0x60, 0x18, 0x30, 0x4, 0x3, 0xc, 0x5, 0x60, 0x6c, 0x18, 0x24, 0x48, 0x6c, 0xc, 0xb, 0x3, 0x48]}, @NL80211_TXRATE_LEGACY={0x10, 0x1, [0x12, 0xb, 0x30, 0x48, 0x16, 0x16, 0x4, 0x3, 0x4, 0xc, 0x0, 0x6c]}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x18, 0x6c, 0x24, 0x6c, 0x3, 0xb, 0x48, 0x3a, 0x41, 0x18, 0x60, 0x5, 0x48]}, @NL80211_TXRATE_HT={0x28, 0x2, [{0x5, 0x7}, {0x7, 0xa}, {0x6, 0x4}, {0x7, 0x4}, {0x5, 0x3}, {0x5, 0x5}, {0x3, 0x8}, {0x4, 0x6}, {0x0, 0x1}, {0x1}, {0x0, 0x5}, {0x5, 0x6}, {0x3, 0x3}, {0x2, 0x7}, {0x6, 0xa}, {0x1, 0x4}, {0x0, 0x1}, {0x3}, {0x7, 0x7}, {0x6, 0x4}, {0x5, 0x9}, {0x3, 0x3}, {0x1, 0x9}, {0x1, 0x1}, {0x3, 0x1}, {0x3, 0x7}, {0x6, 0x4}, {0x6, 0x6}, {0x1, 0x1}, {0x1, 0x3}, {0x1, 0x9}, {0x4, 0x5}, {0x7, 0x9}, {0x0, 0x3}, {0x1, 0x9}, {0x7, 0x4}]}]}]}]}, {0x5c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xa5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xdd}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x7}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x1dc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x1c0, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x4, 0x3b21, 0x8, 0x3ff, 0xff81, 0x7, 0x4]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9, 0x401, 0x8209, 0x3, 0x7, 0x63, 0xff00]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x101, 0x5, 0x8b, 0x8, 0x7f, 0x1, 0xf4bb, 0x8ce]}}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x10, 0x1, [0x0, 0x12, 0xb, 0x3, 0x18, 0xb, 0x1e, 0x1, 0x12, 0x30, 0x30, 0x3]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4e, 0x200, 0x7fff, 0x1, 0x9, 0xda7, 0x4, 0x400]}}]}, @NL80211_BAND_5GHZ={0x64, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x9, 0x0, 0x8, 0x471, 0x4d16, 0x4, 0x81]}}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x5, 0xa}, {0x0, 0x1}, {0x5, 0x5}, {0x3, 0x5}, {0x1, 0x1}, {0x3, 0x6}, {0x7}, {0x3, 0x3}, {0x3, 0x3}, {0x6}, {0x5, 0x1}, {0x1, 0x3}, {0x7, 0x4}, {0x7, 0x4}, {0x1, 0x5}, {0x6, 0x6}, {0x3, 0x1}, {0x1, 0x7}, {0x0, 0x4}, {0x0, 0x6}, {0x3, 0x9}, {0x1}, {0x7, 0x6}, {0x5, 0x5}, {0x0, 0x1}, {0x2, 0x3}, {0x5, 0x2}, {0x1, 0x5}, {0x5, 0x7}, {0x7, 0x1}, {0x0, 0x2}, {0x7, 0x5}, {0x0, 0x8}, {0x1, 0xa}, {0x1, 0x6}, {0x1, 0x1}, {0x2, 0x8}, {0x2, 0x6}, {0x0, 0xa}, {0x4, 0x4}, {0x5, 0x4}, {0x0, 0x5}, {0x0, 0x6}, {0x0, 0xa}, {0x0, 0xa}, {0x5, 0x7}, {0x7, 0x2}, {0x6, 0x4}, {0x6, 0x4}, {0x1, 0x1}, {0x1, 0x5}, {0x6, 0x9}, {0x5, 0x8}, {0x1, 0x4}, {0x7, 0x3}, {0x1, 0x9}, {0x5, 0xa}, {0x0, 0x2}, {0x6, 0xa}, {0x5, 0xa}, {0x1, 0x9}, {0x0, 0x1}]}]}, @NL80211_BAND_5GHZ={0x7c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x2f2, 0x0, 0x2, 0xfe81, 0xfffe, 0x9, 0x9400]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x3, 0x20, 0x7fff, 0x3, 0x7, 0x0, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8f43, 0x7f, 0x0, 0x9, 0x9, 0xff, 0x1, 0x4]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x3, 0x20, 0x5, 0xf800, 0x8, 0x862, 0x1000]}}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x1, 0x6, 0x1, 0x6, 0x1b, 0xc]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x3f, 0x1f, 0x6, 0x3, 0x4, 0x5, 0xe1]}}]}, @NL80211_BAND_60GHZ={0x68, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x1b, 0xb, 0x60, 0x5, 0x6b, 0xc, 0x16, 0x30, 0x16, 0x9, 0x36, 0xb, 0x0, 0x36, 0x1b, 0xc, 0xc, 0x1, 0x9, 0x3, 0x24, 0x60, 0x3, 0x2, 0x48, 0xc, 0x9, 0x16]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x400, 0x2, 0x8, 0x1, 0x80, 0x3, 0xbe7]}}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x3, 0x7}, {0x0, 0x9}, {0x6, 0xa}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x7}, {0x6, 0xa}, {0x4, 0x7}, {0x7, 0x1}, {0x7, 0x4}, {0x7}, {0x5}, {0x0, 0x2}, {0x4, 0x3}, {0x2, 0x6}, {0x2, 0x8}, {0x0, 0x7}, {0x0, 0x5}, {0x0, 0x8}, {0x0, 0x5}, {0x5, 0x8}, {0x6, 0x1}, {0x2}, {0x3, 0x4}, {0x5}, {0x1, 0x4}, {0x1, 0x7}, {0x7, 0x2}, {0x5, 0x5}, {0x4, 0x7}, {0x4}, {0x2, 0x5}, {0x5, 0x6}, {0x4, 0xa}, {0x7, 0x7}, {0x3, 0x7}, {0x4, 0x2}]}]}]}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x61}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x2e}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x88}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x3c4, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x38c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x80, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x1b, 0x6, 0x36, 0x24, 0x1b, 0x9, 0xc, 0x0, 0x69, 0x12, 0x30, 0xcc17b3247bdcf5bc, 0x24, 0x4, 0x9, 0x36, 0x12, 0x3, 0x77, 0x1, 0x15, 0x24]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x6, 0xff, 0x9, 0x8, 0x3ff, 0x501, 0x7a34]}}, @NL80211_TXRATE_LEGACY={0xb, 0x1, [0x9, 0x4, 0x48, 0x48, 0x24, 0x36, 0x36]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x400, 0x40, 0x5, 0x5, 0x1000, 0x401, 0x100]}}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x0, 0x7}, {0x5, 0x9}, {0x4, 0x8}, {0x6}, {0x4, 0x6}, {0x1, 0x2}, {0x1, 0x7}, {0x1}, {0x1}, {0x2, 0x3}, {0x7, 0x6}, {0x6, 0x5}, {0x0, 0x3}, {0x6, 0x8}, {0x6, 0x6}, {0x4, 0x2}, {0x3}, {0x1}, {0x5, 0x7}, {0x3, 0x6}, {0x7, 0xa}, {0x3, 0x5}, {0x4}, {0x6, 0x5}, {0x3, 0x5}, {0x0, 0x2}, {}, {0x4, 0xa}, {0x0, 0xa}, {0x4, 0x5}, {0x3, 0x6}, {0x3, 0x7}, {0x0, 0x5}, {0x7, 0x6}, {0x2, 0x4}, {0x5, 0x5}, {0x4, 0x8}]}]}, @NL80211_BAND_6GHZ={0x90, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x12, 0x2, [{0x7}, {0x0, 0x4}, {0x2, 0x7}, {0x1}, {0x5, 0x1}, {0x5, 0x5}, {0x2, 0xa}, {0x2, 0x3}, {0x0, 0x5}, {0x0, 0x1}, {0x0, 0x8}, {0x0, 0x6}, {0x0, 0x2}, {0x0, 0x6}]}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x6, 0xa}, {0x4, 0x7}, {0x4, 0x4}, {0x0, 0x7}, {0x6}, {0x6, 0x7}, {0x5, 0x2}, {0x3}, {0x5, 0x6}, {0x3}, {0x4, 0xa}, {0x0, 0x9}, {0x3, 0x7}, {0x6, 0x6}, {0x1, 0x3}, {0x6, 0x3}, {0x6, 0x3}, {0x0, 0x5}, {0x1, 0x1}, {0x0, 0xa}, {0x1, 0x6}, {0x1, 0x9}, {0x7}, {0x1, 0x3}, {0x2, 0x9}, {0x4, 0x6}, {0x0, 0x5}, {0x0, 0x4}, {0x4, 0x9}, {0x1, 0x2}, {0x2}, {0x4, 0x1}, {0x2, 0x3}, {0x0, 0x4}, {0x7, 0x4}, {0x6, 0x3}, {0x4, 0x2}, {0x6, 0x3}, {0x6, 0xa}, {0x5, 0x5}, {0x1, 0x7}, {0x5, 0x7}, {0x4, 0x8}, {0x1, 0x9}]}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0xc, 0x36, 0x9, 0x2, 0x48, 0x1, 0x6, 0xb, 0x18, 0x6, 0x3f, 0x1b, 0x9, 0x36, 0x36, 0xc, 0x2, 0x1, 0x4, 0x5, 0x60, 0x16, 0x5, 0xb, 0x36]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x9, 0x8, 0x7, 0xfff8, 0x401, 0x5dd6, 0x995]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xb6, 0xfffd, 0x1ff, 0x4, 0x7f, 0x1, 0x3, 0x2]}}]}, @NL80211_BAND_5GHZ={0xa4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0xb, 0x1, 0x3, 0x30, 0x1b, 0x1, 0xb, 0x5, 0x24, 0x0, 0x5e, 0x18, 0x2]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x0, 0x1, 0x912, 0x8, 0x6, 0x5, 0x3f]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0xc, 0x5, 0x16, 0x3, 0x2, 0x3, 0x1b, 0x2, 0x2]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x3a, 0x2, [{0x1, 0x9}, {0x3, 0x7}, {0x4, 0x5}, {0x5, 0x9}, {0x0, 0x8}, {0x4, 0x1}, {0x6, 0x2}, {0x1}, {0x7, 0x2}, {0x7, 0x4}, {0x1, 0x8}, {0x1, 0x5}, {0x7, 0x9}, {0x5, 0xa}, {0x1, 0x9}, {0x6, 0xa}, {0x4, 0x1}, {0x2, 0x1}, {0x1, 0x3}, {0x4, 0x5}, {0x0, 0xa}, {0x5, 0x3}, {0x7, 0x2}, {0x2, 0x2}, {0x6, 0xa}, {0x3}, {0x0, 0x6}, {0x5, 0xa}, {0x3, 0x3}, {0x7, 0x4}, {0x1, 0x5}, {0x6, 0x8}, {0x3, 0x9}, {0x2, 0x6}, {0x1, 0xa}, {0x2, 0x7}, {0x0, 0x6}, {0x2, 0x3}, {0x2, 0x4}, {0x1, 0x3}, {0x2, 0x4}, {0x3, 0x8}, {}, {0x6}, {0x6, 0x8}, {0x5, 0xa}, {0x6}, {0x3, 0x9}, {0x2, 0xa}, {0x0, 0xb}, {0x2, 0x9}, {0x7, 0x7}, {0x0, 0x8}, {0x2}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x97, 0x9, 0x9, 0xfff7, 0x3, 0x9, 0x7fff]}}]}, @NL80211_BAND_6GHZ={0x70, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2d, 0x2, [{0x3, 0x4}, {0x4, 0xa}, {0x0, 0x1}, {0x4}, {0x5, 0x8}, {0x3, 0x2}, {0x5, 0x9}, {0x3, 0x1}, {0x0, 0x3}, {0x6, 0x1}, {0x6, 0x6}, {0x7, 0x1}, {0x2, 0x1}, {0x1, 0x6}, {0x4, 0x4}, {0x4, 0x1}, {}, {0x5, 0x6}, {0x2, 0x6}, {0x6, 0xa}, {0x1, 0x8}, {0x3, 0x3}, {0x2, 0x8}, {0x0, 0x4}, {}, {0x5, 0x9}, {0x0, 0x5}, {0x0, 0x5}, {0x6, 0x5}, {0x6, 0x8}, {0x1, 0x5}, {0x5, 0x8}, {0x0, 0x9}, {0x1, 0x9}, {0x5, 0x4}, {0x0, 0x1}, {0x5, 0x1}, {0x1, 0x5}, {0x7, 0x1}, {0x2, 0x8}, {0x0, 0x2}]}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x30, 0xb, 0x1b, 0x24, 0x24, 0x60, 0x16, 0x12, 0x1, 0xb8f6f092e9abb2ff, 0x48, 0x4, 0x0, 0x16]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x6, 0x0, 0x18, 0x60, 0x18, 0x5, 0xb, 0xb, 0x4, 0x12, 0x1b, 0x3, 0x36, 0x6c, 0x6c, 0x36, 0x1b, 0x1b, 0x2, 0x30, 0x1b, 0x0, 0x2, 0x16, 0x24, 0x9]}]}, @NL80211_BAND_2GHZ={0x38, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x13, 0x1, [0x1b, 0x60, 0x9, 0x6c, 0xb, 0x1b, 0x1b, 0xb, 0x3, 0x48, 0x9, 0x12, 0x6c, 0xc, 0x12]}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x1b, 0x36, 0x48, 0x24, 0x3, 0x36, 0x60, 0xc, 0x55, 0x18, 0x6c, 0x24, 0x12, 0x5, 0x48, 0x16, 0x5, 0x12, 0x1b, 0x1b]}]}, @NL80211_BAND_60GHZ={0xb4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xdc1c, 0x6, 0x9, 0x9, 0x5946, 0x7, 0x7, 0x649d]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x3ff, 0x1a70, 0x3f, 0x21c6, 0xff, 0xffff, 0x6]}}, @NL80211_TXRATE_HT={0x12, 0x2, [{}, {0x3}, {0x5, 0xa}, {0x2, 0x8}, {0x0, 0xa}, {0x1, 0x4}, {0x2, 0x9}, {0x5, 0x8}, {0x5, 0x1}, {0x4, 0x2}, {0x7, 0x5}, {0x2, 0xa}, {0x5, 0x1}, {0x5, 0x4}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8001, 0x101, 0x1b85, 0x7ff, 0x1, 0x5, 0x0, 0x68a2]}}, @NL80211_TXRATE_LEGACY={0xb, 0x1, [0x9, 0x9, 0x2, 0xc, 0x6c, 0x12, 0x5]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x49, 0x2, [{0x0, 0x7}, {0x4, 0x6}, {0x2, 0x4}, {0x5, 0x8}, {0x1, 0x4}, {0x2, 0x1}, {0x1, 0x4}, {0x4, 0x4}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0xa}, {0x7, 0x5}, {0x6, 0xa}, {0x2, 0xa}, {0x6, 0x9}, {0x7, 0x9}, {0x7, 0x7}, {0x4, 0x8}, {0x6, 0x1}, {0x0, 0x8}, {0x3, 0x2}, {0x3}, {0x2}, {0x2, 0x8}, {0x2, 0x9}, {0x1, 0x9}, {}, {0x6, 0x7}, {0x3, 0x8}, {0x0, 0x3}, {0x0, 0x9}, {0x7, 0x9}, {0x6, 0x2}, {0x7, 0x6}, {0x7, 0x4}, {0x4}, {0x2, 0x5}, {0x6, 0x8}, {0x1, 0x3}, {0x0, 0x1}, {0x1, 0x5}, {0x2, 0xa}, {0x0, 0x3}, {0x4, 0x5}, {0x5, 0xa}, {0x5, 0x3}, {0x5, 0x8}, {0x7, 0x5}, {0x5, 0x7}, {0x0, 0x2}, {0x0, 0x4}, {0x3, 0x5}, {0x1, 0x3}, {0x7, 0x7}, {0x7, 0x2}, {0x4, 0x3}, {0x3}, {0x0, 0x9}, {0x2, 0x6}, {0x3, 0x2}, {0x0, 0x4}, {0x4, 0xa}, {0x4, 0x8}, {0x7, 0x4}, {0x3, 0x7}, {0x4, 0x9}, {0x1, 0x1}, {0x7}, {0x4, 0xa}]}]}, @NL80211_BAND_6GHZ={0xc, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_2GHZ={0x6c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x1d, 0x2, [{0x5, 0x1}, {0x0, 0x7}, {0x0, 0x8}, {0x6, 0x6}, {0x5, 0x8}, {0x1}, {0x7, 0x3}, {0x1, 0x3}, {0x5, 0x8}, {0x0, 0x8}, {0x1, 0x9}, {0x6, 0x9}, {0x0, 0x8}, {0x0, 0x5}, {0x6, 0x4}, {0x4}, {0x6, 0x7}, {0x4, 0x6}, {0x1, 0x4}, {0x4, 0x1}, {0x6}, {0x7, 0x7}, {0x4, 0x8}, {0x0, 0x9}, {0x2, 0xa}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x37, 0x2, [{0x0, 0x7}, {0x4, 0x8}, {0x0, 0xa}, {0x2, 0x2}, {0x6, 0x2}, {0x6, 0x9}, {0x6, 0x9}, {0x7, 0xa}, {0x6, 0x9}, {0x7, 0x1}, {0x3, 0x5}, {0x6, 0x3}, {0x7, 0x5}, {0x7, 0x8}, {0x6, 0xa}, {0x7}, {0x7, 0x2}, {0x1, 0x5}, {0x2, 0x5}, {0x5, 0xa}, {0x5}, {0x4, 0x9}, {0x0, 0x5}, {0x4, 0x1}, {0x5, 0x3}, {0x7, 0xa}, {0x3, 0x2}, {0x1, 0x7}, {}, {0x6, 0xa}, {0x6, 0x9}, {0x5, 0x2}, {0x6, 0x8}, {0x1, 0x1}, {0x2}, {0x5, 0x3}, {0x1, 0x6}, {0x1}, {0x5, 0x8}, {0x5}, {0x1, 0x4}, {0x7, 0x4}, {0x7, 0x6}, {0x3, 0x3}, {0x3}, {0x1, 0x6}, {0x6, 0x8}, {0x5, 0x9}, {0x0, 0x9}, {0x5, 0x9}, {0x3, 0xa}]}]}]}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x1}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x61}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}]}, {0x4}, {0x58, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x401}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x2a}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xcb}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x3f}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x24}]}]}, @NL80211_ATTR_TID_CONFIG={0x57c, 0x11d, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x9b}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x71}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}, {0x3c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x17}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xe}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x2d}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x40}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x39}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x58, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xe}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x897d}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x21}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x84}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8000}]}, {0x270, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x244, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x40, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x32, 0x2, [{0x7, 0x2}, {0x3, 0x6}, {0x0, 0x9}, {0x1}, {}, {0x7}, {0x5, 0x8}, {0x7, 0x9}, {0x6, 0xa}, {0x1, 0x9}, {0x4, 0x7}, {0x0, 0x7}, {0x0, 0xa}, {0x6, 0x2}, {0x1}, {0x7, 0xa}, {0x2, 0x6}, {0x1, 0x1}, {0x3, 0x5}, {0x0, 0x3}, {0x1, 0xa}, {0x2, 0x2}, {0x6}, {0x7, 0x8}, {0x3, 0x6}, {0x3, 0x3}, {0x7, 0x7}, {0x5, 0x1}, {0x2, 0x8}, {0x0, 0x3}, {0x4, 0x6}, {0x5, 0x6}, {0x4, 0x4}, {0x5}, {0x4, 0x2}, {0x3}, {0x1, 0x9}, {0x3, 0x3}, {0x6, 0x8}, {0x0, 0x7}, {0x3, 0x6}, {0x6, 0xa}, {0x0, 0x4}, {0x6, 0x5}, {0x5, 0xa}, {0x2}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_5GHZ={0x48, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x44, 0x2, [{0x1}, {0x5, 0x5}, {0x3, 0x3}, {0x1, 0xa}, {0x2, 0x3}, {0x1}, {0x3, 0x4}, {0x3, 0x3}, {0x4}, {0x7, 0x6}, {0x0, 0xa}, {0x4, 0x9}, {0x5, 0x8}, {0x0, 0x2}, {0x1, 0x8}, {0x2, 0x1}, {0x2, 0x6}, {0x1, 0x8}, {0x0, 0x9}, {0x2, 0x7}, {0x5, 0x8}, {0x4, 0xa}, {0x2, 0x4}, {0x5, 0xa}, {0x2, 0x7}, {0x2, 0x6}, {0x2, 0x1}, {0x3, 0xa}, {0x2, 0x4}, {0x2, 0x4}, {0x0, 0x8}, {0x0, 0x8}, {0x6, 0x8}, {0x5, 0x8}, {0x1, 0xa}, {0x6, 0x1}, {0x6, 0xa}, {0x1, 0x6}, {0x0, 0x2}, {0x6, 0x9}, {0x3, 0x3}, {0x6, 0x2}, {0x1, 0x3}, {0x0, 0x6}, {0x2, 0x3}, {0x2, 0x2}, {0x7, 0x8}, {}, {}, {0x1, 0x2}, {0x3, 0xa}, {0x2, 0x8}, {0x1, 0x6}, {0x4, 0x6}, {0x7, 0x7}, {0x0, 0x3}, {0x1, 0x3}, {0x0, 0x6}, {0x2, 0xa}, {0x0, 0x6}, {0x4, 0xa}, {0x0, 0x4}, {0x3, 0x5}, {0x6, 0x3}]}]}, @NL80211_BAND_2GHZ={0x5c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x300, 0xb4b1, 0x7, 0x792, 0x7, 0x3, 0x8, 0x400]}}, @NL80211_TXRATE_LEGACY={0x22, 0x1, [0x4, 0xc, 0x30, 0x2, 0x0, 0x0, 0x31e8e3b0ccb37854, 0x36, 0x9, 0x18, 0x3, 0x16, 0x12, 0x36, 0x60, 0x12, 0xb, 0x1, 0x3d, 0x12, 0x60, 0x12, 0x2, 0x0, 0x1b, 0x30, 0x16, 0x1b, 0x60, 0x24]}, @NL80211_TXRATE_LEGACY={0x1d, 0x1, [0x3, 0x16, 0x3, 0xc, 0x9, 0xc, 0x1b, 0x60, 0x18, 0x3, 0x9, 0x4, 0x1b, 0x4, 0x1, 0x36, 0x3, 0x5, 0xc, 0x18, 0x0, 0x1b, 0x24, 0x12, 0x6]}]}, @NL80211_BAND_5GHZ={0x4c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe5d, 0x1f, 0x8, 0x100, 0x213, 0x3, 0x6, 0xffff]}}, @NL80211_TXRATE_HT={0x2a, 0x2, [{0x6, 0x5}, {0x1, 0x2}, {0x2, 0x7}, {0x7, 0x8}, {0x0, 0x6}, {0x1, 0x3}, {0x5}, {0x6, 0x2}, {0x4}, {0x3, 0x8}, {0x0, 0x2}, {0x1, 0x9}, {0x2, 0x5}, {0x1, 0x6}, {0x3, 0x4}, {0x6, 0x1}, {0x1, 0x4}, {0x3, 0x2}, {0x4, 0x4}, {0x2, 0x7}, {0x0, 0x8}, {}, {0x0, 0xa}, {0x4, 0x4}, {}, {0x1, 0x7}, {0x5, 0x6}, {0x2, 0x9}, {0x1, 0x5}, {0x4, 0x5}, {0x1, 0x2}, {0x4, 0x6}, {0x7, 0x6}, {0x0, 0x6}, {0x2, 0x4}, {0x7}, {0x7}, {0x2, 0x6}]}]}, @NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x9d01, 0x7ff, 0x101, 0x4, 0x21, 0x1ff, 0x9, 0x2]}}]}, @NL80211_BAND_6GHZ={0x58, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2a, 0x2, [{0x0, 0x9}, {0x2, 0x9}, {0x1, 0x4}, {0x7, 0x7}, {0x0, 0x1}, {0x3, 0x5}, {0x4, 0x5}, {0x2, 0x3}, {0x6, 0x3}, {0x1, 0x4}, {0x0, 0x9}, {0x2}, {0x7, 0x6}, {0x7, 0x4}, {0x2, 0x9}, {0x1, 0x2}, {0x5}, {0x1, 0x2}, {0x2, 0x2}, {0x7, 0x1}, {0x1, 0x8}, {0x0, 0x2}, {0x5, 0x4}, {0x7, 0x6}, {0x5, 0x3}, {0x1, 0x2}, {0x5}, {0x5, 0x6}, {0x0, 0x3}, {0x1, 0x3}, {0x7, 0x2}, {0x0, 0x1e}, {0x0, 0x7}, {0x3, 0x4}, {0x0, 0x7}, {0x4, 0x1}, {0x1, 0x7}, {0x7, 0xa}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0x6, 0x30, 0x1b, 0x3, 0x3, 0xb, 0x48, 0x3, 0x1d, 0xc, 0xd, 0x60, 0x9, 0x12, 0xc, 0x3, 0x1b, 0x6, 0x12, 0x12, 0x5, 0x6c, 0x18, 0xb, 0x1, 0x4, 0x16]}]}, @NL80211_BAND_2GHZ={0x80, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xe, 0x5, 0x5, 0xde3, 0x5, 0x1, 0x8, 0x3]}}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0xc, 0x0, 0x36, 0x30, 0x9de169a535e9d290, 0x30, 0x5, 0x24, 0x1]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x6a8, 0x9, 0xb54, 0x6, 0x77, 0xffc0]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x1, 0x80, 0x3ff, 0x2, 0x2374, 0xbd, 0x455]}}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x5, 0xb, 0x5, 0x18, 0x0, 0x6c, 0x60, 0x6, 0x24, 0x1b, 0x4, 0x2, 0x16, 0x41, 0x9, 0x12, 0x6c, 0x6, 0x6, 0x60, 0x24, 0x77, 0x48, 0x1b, 0x6c, 0x1]}]}, @NL80211_BAND_2GHZ={0x20, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x4}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x4d}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x79}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}]}, {0x1dc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x1b4, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x54, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0x7f, 0x5, 0x60, 0x2, 0x30, 0x60, 0x18, 0x0, 0x60, 0x27, 0x30, 0x12, 0xb, 0x12, 0x6c, 0x12, 0x60, 0x4, 0x9, 0x1b, 0x9, 0x0, 0x3]}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x6c, 0x5, 0x1]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7, 0x8001, 0xca9, 0x12c, 0x9, 0x4, 0x5]}}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x1b]}]}, @NL80211_BAND_60GHZ={0xac, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x32, 0x2, [{0x4, 0x7}, {0x1, 0x8}, {0x5}, {0x2, 0xa}, {0x0, 0x6}, {0x1, 0x7}, {0x3, 0x9}, {0x4, 0x15}, {0x1, 0x8}, {0x2, 0x8}, {0x6, 0x7}, {0x5, 0x7}, {0x2}, {0x0, 0x4}, {}, {0x3, 0x4}, {0x4, 0x9}, {0x2, 0x2}, {0x2, 0x2}, {0x2, 0x5}, {0x1, 0x6}, {0x2, 0xa}, {0x5, 0x3}, {0x2, 0x3}, {0x0, 0x6}, {0x3, 0x3}, {0x2, 0x4}, {0x2, 0x4}, {0x5, 0x4}, {0x5, 0x3}, {0x4, 0x3}, {0x0, 0x8}, {0x6, 0x9}, {0x7, 0x8}, {0x5, 0x2}, {0x5, 0x2}, {0x1, 0x8}, {0x3, 0x2}, {0x0, 0x3}, {0x3, 0x7}, {0x3}, {0x2, 0xa}, {0x3, 0x7}, {0x0, 0x5}, {0x7, 0x9}, {0x7, 0xa}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffd, 0x1, 0xffff, 0x9, 0x6, 0xece2, 0x81, 0xfff8]}}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x5, 0xa}, {0x7, 0x8}, {0x6}, {0x4}, {0x0, 0x2}, {0x0, 0xa}, {0x2, 0x3}, {0x2, 0x3}, {0x7, 0x3}, {0x2, 0x2}, {0x3, 0x5}, {0x2, 0x1}, {0x0, 0x2}, {0x3, 0x1}, {0x7, 0x2}, {0x5, 0x6}, {0x0, 0x1}, {0x0, 0x2}, {0x5}, {0x7}, {0x0, 0x7}, {0x4, 0x6}, {0x1}, {0x1, 0x4}, {0x2, 0x5}, {0x0, 0x8}, {0x5, 0x3}, {0x2, 0x7}, {0x1, 0x3}, {0x6}, {0x7, 0x3}, {0x3, 0xa}, {0x4, 0x8}, {0x3, 0x6}, {0x1, 0x6}, {0x0, 0x1}, {0x2, 0x2}, {0x2, 0x4}, {0x2, 0x7}, {0x7}, {0x3, 0xa}, {0x6, 0x4}, {0x5}, {0x4, 0x6}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0xfca21cc56559f185}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0xb, 0x6c, 0x0, 0x12, 0x3, 0x6, 0x2, 0xb, 0x9, 0xc, 0x48, 0x24, 0x60, 0x12, 0x30, 0x5, 0x2, 0x3, 0x4, 0x12, 0x9, 0x4d, 0x1b, 0x6, 0x30, 0x1, 0xe2, 0xb]}]}, @NL80211_BAND_5GHZ={0xb0, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x6, 0x200, 0xff, 0x7fff, 0xfffe, 0x50, 0x1]}}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x3f, 0x9, 0x1]}, @NL80211_TXRATE_HT={0x3a, 0x2, [{0x3, 0x9}, {0x4, 0x7}, {0x4, 0x4}, {0x3, 0x8}, {0x6, 0x2}, {0x0, 0x5}, {0x1, 0xa}, {0x6, 0x4}, {0x1, 0x5}, {0x0, 0x9}, {0x0, 0x1}, {0x5, 0x6}, {0x3, 0x4}, {0x7, 0xa}, {0x2, 0x7}, {0x4, 0x3}, {0x2, 0x9}, {0x6, 0x9}, {0x4, 0x6}, {0x1, 0x6}, {0x0, 0x9}, {0x5, 0xa}, {0x1, 0x8}, {0x3, 0x5}, {0x4}, {0x1, 0x9}, {0x3}, {0x4}, {0x6, 0x8}, {0x3, 0xa}, {0x4, 0x5}, {0x5, 0x8}, {0x0, 0x5}, {0x1, 0x9}, {0x2, 0x8}, {0x3}, {0x7, 0x3}, {0x4, 0x3}, {0x7, 0x7}, {0x6, 0x5}, {0x0, 0x8}, {0x3, 0x8}, {}, {}, {0x3, 0x4}, {0x2, 0x4}, {0x3}, {0x0, 0x1}, {0x4, 0xa}, {0x7}, {0x6, 0x5}, {0x0, 0x7}, {0x0, 0x8}, {0x5, 0x18}]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x6, 0x4, 0x2, 0x48, 0x6c]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x14, 0x5, 0x37, 0x3, 0x3, 0x5, 0x2]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x1000, 0x4d1a, 0x20, 0x1, 0x1, 0x0, 0xfffd]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x1b, 0x9, 0x18, 0x36, 0x3, 0x30, 0x6c, 0x6c, 0x3, 0x9, 0x1b, 0xb, 0x2, 0x3, 0x4, 0x12, 0x60]}]}]}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x3ff}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x6}]}, {0x58, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_NOACK={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xe4}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x4c}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x4}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x6b}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x80000001}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0xffffffffffffffe1}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xe7}]}]}]}, 0x17d4}, 0x1, 0x0, 0x0, 0xc0}, 0x805) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 1028.184561] name failslab, interval 1, probability 0, space 0, times 0 [ 1028.203653] CPU: 1 PID: 14738 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1028.204502] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1028.205519] Call Trace: [ 1028.205852] dump_stack+0x107/0x167 [ 1028.206302] should_fail.cold+0x5/0xa [ 1028.206772] ? anon_vma_clone+0xdc/0x590 [ 1028.207281] should_failslab+0x5/0x20 [ 1028.207773] kmem_cache_alloc+0x5b/0x310 [ 1028.208281] anon_vma_clone+0xdc/0x590 [ 1028.208768] __split_vma+0x17c/0x4e0 [ 1028.209231] __do_munmap+0x365/0x1260 [ 1028.209708] ? arch_get_unmapped_area+0x450/0x450 [ 1028.210310] ? lock_release+0x680/0x680 [ 1028.210800] mmap_region+0x7c8/0x1500 [ 1028.211277] do_mmap+0xcdb/0x11e0 [ 1028.211728] vm_mmap_pgoff+0x198/0x1f0 [ 1028.212210] ? randomize_page+0xb0/0xb0 [ 1028.212708] ksys_mmap_pgoff+0x41c/0x560 [ 1028.213209] ? find_mergeable_anon_vma+0x250/0x250 [ 1028.213814] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1028.214460] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1028.215095] do_syscall_64+0x33/0x40 [ 1028.215571] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1028.216200] RIP: 0033:0x7fdf712e8b62 [ 1028.216658] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1028.218915] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1028.236657] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1028.238780] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1028.240879] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1028.242962] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1028.245044] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:10:15 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:15 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000080)}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) [ 1028.308745] audit: type=1326 audit(1748272215.304:354): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=14733 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:10:15 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:15 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) getsockopt$inet_mreqn(r4, 0x0, 0x24, &(0x7f0000000000)={@private, @remote}, &(0x7f0000000040)=0xc) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) socket$netlink(0x10, 0x3, 0x15) [ 1028.979704] audit: type=1326 audit(1748272215.977:355): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=14733 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:10:29 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:10:29 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0045878, &(0x7f00000000c0)) 15:10:29 executing program 3: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, r4) sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) r11 = fcntl$dupfd(r8, 0x0, r9) sendmsg$NL80211_CMD_JOIN_MESH(r11, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0xffffffb8, 0x0, 0x400, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, @NL80211_PKTPAT_PATTERN={0x9, 0x2, "c6ac7c9b45"}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x9}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x4}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x40050}, 0x44841) r12 = fcntl$dupfd(r1, 0x0, r2) sendmsg$NL80211_CMD_JOIN_MESH(r12, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x30}}, 0x0) clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r12}}, 0x58) process_madvise(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x11, 0x0) socket$netlink(0x10, 0x3, 0x15) 15:10:29 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:29 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:10:29 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x15) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x16, 0x800, 0x70bd25, 0x25dfdbfc, {0x19}, [@typed={0x14, 0x67, 0x0, 0x0, @ipv6=@private2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0xc1) ioctl$int_in(r1, 0x5452, &(0x7f0000000000)) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 15:10:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:29 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 64) [ 1042.234855] FAULT_INJECTION: forcing a failure. [ 1042.234855] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.236478] CPU: 0 PID: 15079 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1042.239487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1042.242190] Call Trace: [ 1042.242954] dump_stack+0x107/0x167 [ 1042.244027] should_fail.cold+0x5/0xa [ 1042.245150] ? create_object.isra.0+0x3a/0xa20 [ 1042.246535] should_failslab+0x5/0x20 [ 1042.247760] kmem_cache_alloc+0x5b/0x310 [ 1042.248930] create_object.isra.0+0x3a/0xa20 [ 1042.250201] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1042.251752] kmem_cache_alloc+0x159/0x310 [ 1042.253010] anon_vma_clone+0xdc/0x590 [ 1042.254140] __split_vma+0x17c/0x4e0 [ 1042.255219] __do_munmap+0x365/0x1260 [ 1042.256379] ? arch_get_unmapped_area+0x450/0x450 [ 1042.257793] ? lock_release+0x680/0x680 [ 1042.258973] mmap_region+0x7c8/0x1500 [ 1042.260130] do_mmap+0xcdb/0x11e0 [ 1042.261125] vm_mmap_pgoff+0x198/0x1f0 [ 1042.262277] ? randomize_page+0xb0/0xb0 [ 1042.263418] ksys_mmap_pgoff+0x41c/0x560 [ 1042.264745] ? find_mergeable_anon_vma+0x250/0x250 [ 1042.266225] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1042.267826] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.269376] do_syscall_64+0x33/0x40 [ 1042.270549] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1042.272125] RIP: 0033:0x7fdf712e8b62 [ 1042.273242] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1042.279015] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1042.281392] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1042.283625] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1042.285869] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1042.291872] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1042.292886] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 1042.324812] audit: type=1326 audit(1748272229.321:356): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=15088 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:10:29 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0), &(0x7f0000000080)=0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r2, r1, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r3, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r4}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r4}}, 0x2) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:29 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) [ 1042.391442] cgroup: fork rejected by pids controller in /syz1 15:10:29 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:10:29 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 65) 15:10:29 executing program 2: r0 = clone3(&(0x7f0000000080)={0x80000c80, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(r0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 1042.457881] FAULT_INJECTION: forcing a failure. [ 1042.457881] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.460461] CPU: 0 PID: 15311 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1042.462529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1042.464987] Call Trace: [ 1042.465737] dump_stack+0x107/0x167 [ 1042.466864] should_fail.cold+0x5/0xa [ 1042.468006] ? vm_area_alloc+0x1c/0x110 [ 1042.469157] should_failslab+0x5/0x20 [ 1042.470248] kmem_cache_alloc+0x5b/0x310 [ 1042.471425] vm_area_alloc+0x1c/0x110 [ 1042.472526] mmap_region+0x97e/0x1500 [ 1042.473636] do_mmap+0xcdb/0x11e0 [ 1042.474688] vm_mmap_pgoff+0x198/0x1f0 [ 1042.475863] ? randomize_page+0xb0/0xb0 [ 1042.477013] ksys_mmap_pgoff+0x41c/0x560 [ 1042.478221] ? find_mergeable_anon_vma+0x250/0x250 [ 1042.479645] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1042.481185] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.482740] do_syscall_64+0x33/0x40 [ 1042.483833] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1042.485311] RIP: 0033:0x7fdf712e8b62 [ 1042.486397] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1042.492045] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1042.494342] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1042.496553] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1042.498810] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1042.500988] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1042.503182] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:10:29 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:29 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) 15:10:29 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) [ 1043.087630] audit: type=1326 audit(1748272230.081:357): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=15088 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:10:43 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_procfs(0x0, 0x0) socket$netlink(0x10, 0x3, 0x15) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x22001, 0x0) fcntl$setlease(r0, 0x400, 0x1) 15:10:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:43 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0182101, &(0x7f00000000c0)) 15:10:43 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:43 executing program 4: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0x541b, &(0x7f00000000c0)) [ 1056.412220] audit: type=1326 audit(1748272243.408:358): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=15434 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 15:10:43 executing program 3: ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000000)) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0x2357, 0x0, 0x0, 0x8000000}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x1}, 0x1, {0x0, r3}}, 0x0) r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5, 0x4000010, 0xffffffffffffffff, 0x10000000) r5 = perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = syz_io_uring_setup(0x3a75, &(0x7f0000000300)={0x0, 0x2356}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, {}, 0x0, {0x0, r9}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r6, 0x0) r10 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r6, 0x8000000) syz_io_uring_submit(r10, r8, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x5}, 0x80000001) syz_io_uring_submit(r1, r8, &(0x7f0000000080)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x3, @fd=r5, 0x10001, 0x20, 0xff, 0x0, 0x0, {0x0, r3}}, 0xffffff7f) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r11}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x3, 0x6000, @fd=r5, 0xfffffffffffffffa, &(0x7f0000000100)=[{&(0x7f0000000180)=""/74, 0x4a}], 0x1, 0x12, 0x0, {0x0, r11}}, 0x1) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r11}}, 0x102) syz_io_uring_submit(r1, r4, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r11}}, 0x6) socket$netlink(0x10, 0x3, 0x15) 15:10:43 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) 15:10:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 66) 15:10:43 executing program 5: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6}]}) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) [ 1056.463875] audit: type=1326 audit(1748272243.459:359): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=15438 comm="syz-executor.4" exe="/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f54f0803b19 code=0x0 [ 1056.491944] audit: type=1326 audit(1748272243.488:360): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=15509 comm="syz-executor.5" exe="/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6e88230b19 code=0x0 [ 1056.498966] FAULT_INJECTION: forcing a failure. [ 1056.498966] name failslab, interval 1, probability 0, space 0, times 0 [ 1056.500536] CPU: 1 PID: 15537 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1056.501664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1056.502843] Call Trace: [ 1056.503204] dump_stack+0x107/0x167 [ 1056.503795] should_fail.cold+0x5/0xa [ 1056.504308] ? create_object.isra.0+0x3a/0xa20 [ 1056.504990] should_failslab+0x5/0x20 [ 1056.505495] kmem_cache_alloc+0x5b/0x310 [ 1056.506093] create_object.isra.0+0x3a/0xa20 [ 1056.506722] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1056.507386] kmem_cache_alloc+0x159/0x310 [ 1056.508061] vm_area_alloc+0x1c/0x110 [ 1056.508590] mmap_region+0x97e/0x1500 [ 1056.509214] do_mmap+0xcdb/0x11e0 [ 1056.509676] vm_mmap_pgoff+0x198/0x1f0 [ 1056.510190] ? randomize_page+0xb0/0xb0 [ 1056.510729] ksys_mmap_pgoff+0x41c/0x560 [ 1056.511265] ? find_mergeable_anon_vma+0x250/0x250 [ 1056.511942] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1056.512640] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1056.513337] do_syscall_64+0x33/0x40 [ 1056.513837] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1056.514501] RIP: 0033:0x7fdf712e8b62 [ 1056.514999] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1056.517383] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1056.518387] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1056.519311] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1056.520259] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1056.521196] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1056.522123] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 15:10:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a7b, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f00000001c0)=0x0, &(0x7f0000000080)=0x0) syz_io_uring_submit(r1, 0x0, 0x0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000e5feffff543900002d8fad1eb3beb2651d58332544a2d1c64d48ada48fab92105f07c0acbfde3f2ef89eb1af9739325faf2db4ee561a88d25facf841f26400144db3cb60417e4614694950917878ba8c052bb4b0de5ac4592cb37722c0e09f1dcd9997075433f657564795bb3826b62ca2a6a248dfe7972a58ccd5d4298ed82791bcad59160a69448c56cb3c3a82278a3237661cd271061ef4b06f86b7e368d58cb356dfb955af"]) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2000, @fd=r4, 0x5, 0x0, 0x0, 0x36, 0x1}, 0x4) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000004, 0x10, 0xffffffffffffffff, 0x0) clone3(&(0x7f0000000000)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3, r5}}, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r5}}, 0x8001) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100) 15:10:43 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x0, 0x0, 0x3955}) set_mempolicy(0x3, &(0x7f0000000040)=0x1, 0x20) set_mempolicy(0x0, &(0x7f0000000000)=0x101, 0x10000) syz_io_uring_setup(0x5853, &(0x7f0000000140)={0x0, 0x0, 0x1}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000100)) (fail_nth: 67) 15:10:43 executing program 6: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, r0, 0x1) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) close_range(r2, r1, 0x0) perf_event_open(&(0x7f0000000640)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_io_uring_setup(0x6e20, &(0x7f0000000380), &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f00000002c0)=0x0, &(0x7f0000000340)=0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = dup2(r5, r5) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000001c0)=@sco={0x1f, @fixed}}, 0x0) ftruncate(0xffffffffffffffff, 0x9) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x427, 0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x100000000}, &(0x7f0000000180)) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) io_submit(0x0, 0x2, &(0x7f0000000380)=[&(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x3000000}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) io_cancel(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000000)="03ce11b297a65313c6feb118f4bf7e6cdeebe8083aca9b47ff877bd2cde02e7f7a6575bec28306b18815aa3dea", 0x2d, 0x9, 0x0, 0x3}, &(0x7f0000000140)) io_uring_setup(0x6c70, &(0x7f0000000440)={0x0, 0x9fe0, 0x0, 0x2, 0xef}) [ 1056.649849] FAULT_INJECTION: forcing a failure. [ 1056.649849] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1056.651356] CPU: 0 PID: 15647 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1056.652227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1056.653258] Call Trace: [ 1056.653592] dump_stack+0x107/0x167 [ 1056.654052] should_fail.cold+0x5/0xa [ 1056.654533] __alloc_pages_nodemask+0x182/0x600 [ 1056.655111] ? do_raw_read_unlock+0x3b/0x70 [ 1056.655651] ? _raw_read_unlock+0x1a/0x30 [ 1056.656182] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1056.656928] ? walk_system_ram_range+0x171/0x1e0 [ 1056.657513] ? pat_enabled+0x20/0x20 [ 1056.657982] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 1056.658629] alloc_page_interleave+0x22/0x130 15:10:43 executing program 2: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003580)=[{{&(0x7f0000000100)=@abs, 0x6e, &(0x7f00000012c0)=[{&(0x7f0000000180)=""/191, 0xbf}, {&(0x7f0000000240)=""/121, 0x79}, {&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f0000000040)=""/7, 0x7}], 0x4, &(0x7f0000001300)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x150}}, {{&(0x7f0000001480)=@abs, 0x6e, &(0x7f00000016c0)=[{&(0x7f0000001500)=""/138, 0x8a}, {&(0x7f00000015c0)=""/170, 0xaa}, {&(0x7f0000001680)=""/21, 0x15}], 0x3, &(0x7f0000001700)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf8}}, {{&(0x7f0000001800), 0x6e, &(0x7f0000001a00)=[{&(0x7f0000001880)=""/162, 0xa2}, {&(0x7f0000001940)=""/140, 0x8c}], 0x2, &(0x7f0000001a40)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa8}}, {{&(0x7f0000001b00)=@abs, 0x6e, &(0x7f0000003040)=[{&(0x7f0000001b80)=""/230, 0xe6}, {&(0x7f0000001c80)=""/106, 0x6a}, {&(0x7f0000001d00)=""/237, 0xed}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f0000002e00)=""/13, 0xd}, {&(0x7f0000002e40)=""/163, 0xa3}, {&(0x7f0000002f00)=""/120, 0x78}, {&(0x7f0000002f80)=""/149, 0x95}], 0x8}}, {{&(0x7f00000030c0)=@abs, 0x6e, &(0x7f0000003140), 0x0, &(0x7f0000003180)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}, {{&(0x7f00000031c0)=@abs, 0x6e, &(0x7f0000003480)=[{&(0x7f0000003240)=""/122, 0x7a}, {&(0x7f00000032c0)=""/225, 0xe1}, {&(0x7f00000033c0)}, {&(0x7f0000003400)=""/76, 0x4c}], 0x4, &(0x7f00000034c0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb8}}], 0x6, 0x20, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000003140)) syz_open_procfs(r2, 0x0) socket$netlink(0x10, 0x3, 0x15) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) fcntl$dupfd(r3, 0x406, r1) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 1056.659188] ? __next_node_in+0x72/0x80 [ 1056.663902] alloc_pages_current+0x237/0x280 [ 1056.664443] pte_alloc_one+0x16/0x1a0 [ 1056.664910] __pte_alloc+0x1d/0x330 [ 1056.665358] remap_pfn_range_internal+0x9a3/0xf60 [ 1056.665951] ? lookup_memtype+0x5b/0x200 [ 1056.666455] ? apply_to_existing_page_range+0x40/0x40 [ 1056.667093] remap_pfn_range+0xcd/0x160 [ 1056.667581] ? remap_pfn_range_notrack+0x70/0x70 [ 1056.668195] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1056.668834] io_uring_mmap+0x398/0x530 [ 1056.669317] mmap_file+0x5e/0xe0 [ 1056.669732] mmap_region+0xc49/0x1500 [ 1056.670206] do_mmap+0xcdb/0x11e0 [ 1056.670636] vm_mmap_pgoff+0x198/0x1f0 [ 1056.671115] ? randomize_page+0xb0/0xb0 [ 1056.671610] ksys_mmap_pgoff+0x41c/0x560 [ 1056.672132] ? find_mergeable_anon_vma+0x250/0x250 [ 1056.672737] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1056.673389] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1056.674030] do_syscall_64+0x33/0x40 [ 1056.674485] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1056.675113] RIP: 0033:0x7fdf712e8b62 [ 1056.675568] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1056.677836] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1056.678783] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1056.679665] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1056.680545] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1056.681414] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1056.682286] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 1056.698937] ------------[ cut here ]------------ [ 1056.699615] WARNING: CPU: 0 PID: 15647 at arch/x86/mm/pat/memtype.c:1019 get_pat_info+0x216/0x270 [ 1056.700832] Modules linked in: [ 1056.701237] CPU: 0 PID: 15647 Comm: syz-executor.7 Not tainted 5.10.237 #1 [ 1056.702124] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 15:10:43 executing program 3: clone3(&(0x7f0000000080)={0x1040900, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) [ 1056.703181] RIP: 0010:get_pat_info+0x216/0x270 [ 1056.703776] Code: c1 ea 03 80 3c 02 00 75 71 49 89 1e eb 8e e8 61 86 2e 00 0f 0b e9 97 fe ff ff 41 bc ea ff ff ff e9 77 ff ff ff e8 4a 86 2e 00 <0f> 0b 41 bc ea ff ff ff e9 65 ff ff ff 4c 89 ff e8 15 8c 5a 00 e9 [ 1056.706070] RSP: 0018:ffff88804f8a7898 EFLAGS: 00010216 [ 1056.706758] RAX: 00000000000158fd RBX: ffff888051361a00 RCX: ffffc90002a14000 [ 1056.707664] RDX: 0000000000040000 RSI: ffffffff81123696 RDI: 0000000000000007 [ 1056.732300] RBP: ffff88804f8a7950 R08: 0000000000000000 R09: ffff88804f8a7820 [ 1056.736769] R10: 0000000000000020 R11: 0000000000000001 R12: 0000000000000028 [ 1056.737686] R13: 1ffff11009f14f13 R14: 0000000000000000 R15: ffff888051361a50 [ 1056.738590] FS: 00007fdf6e85e700(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 [ 1056.739601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1056.744353] CR2: 0000001b2d524000 CR3: 000000004c79e000 CR4: 0000000000350ef0 [ 1056.745231] Call Trace: [ 1056.745578] ? pgprot_writethrough+0xc0/0xc0 [ 1056.746120] ? finish_task_switch+0x126/0x5d0 [ 1056.746686] ? finish_task_switch+0xef/0x5d0 [ 1056.747305] untrack_pfn+0xdc/0x240 [ 1056.747775] ? track_pfn_insert+0x150/0x150 [ 1056.748360] ? lock_downgrade+0x6d0/0x6d0 [ 1056.748873] ? uprobe_munmap+0x1c/0x560 [ 1056.749386] unmap_single_vma+0x1bc/0x300 [ 1056.749901] zap_page_range_single+0x2ce/0x450 [ 1056.750481] ? unmap_single_vma+0x300/0x300 [ 1056.751013] ? remap_pfn_range_internal+0xc56/0xf60 [ 1056.751655] ? lookup_memtype+0x5b/0x200 [ 1056.752174] ? apply_to_existing_page_range+0x40/0x40 [ 1056.752835] remap_pfn_range+0x139/0x160 [ 1056.753401] ? remap_pfn_range_notrack+0x70/0x70 [ 1056.754007] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1056.754682] io_uring_mmap+0x398/0x530 [ 1056.755169] mmap_file+0x5e/0xe0 [ 1056.755605] mmap_region+0xc49/0x1500 [ 1056.756102] do_mmap+0xcdb/0x11e0 [ 1056.756556] vm_mmap_pgoff+0x198/0x1f0 [ 1056.757042] ? randomize_page+0xb0/0xb0 [ 1056.757563] ksys_mmap_pgoff+0x41c/0x560 [ 1056.758071] ? find_mergeable_anon_vma+0x250/0x250 [ 1056.758697] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1056.759363] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1056.760016] do_syscall_64+0x33/0x40 [ 1056.760544] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1056.761182] RIP: 0033:0x7fdf712e8b62 [ 1056.761660] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 1056.763977] RSP: 002b:00007fdf6e85e0f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 1056.764937] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007fdf712e8b62 [ 1056.765834] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ff9000 [ 1056.766744] RBP: 0000000020ff9000 R08: 0000000000000005 R09: 0000000000000000 [ 1056.767650] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 1056.768562] R13: 0000000020ffc000 R14: 00000000200001c0 R15: 0000000020ff9000 [ 1056.769466] irq event stamp: 1413 [ 1056.769897] hardirqs last enabled at (1421): [] console_unlock+0x92d/0xb40 [ 1056.770958] hardirqs last disabled at (1430): [] console_unlock+0x839/0xb40 [ 1056.772048] softirqs last enabled at (1010): [] asm_call_irq_on_stack+0x12/0x20 [ 1056.773162] softirqs last disabled at (901): [] asm_call_irq_on_stack+0x12/0x20 [ 1056.774269] ---[ end trace de895891bb04d4c1 ]--- [ 1057.255819] audit: type=1326 audit(1748272244.249:361): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=15434 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe89baddb19 code=0x0 VM DIAGNOSIS: 15:10:44 Registers: info registers vcpu 0 RAX=0000000000000030 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822e0031 RDI=ffffffff879f3140 RBP=ffffffff879f3100 RSP=ffff88804f8a72a8 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001 R12=0000000000000030 R13=0000000000000030 R14=ffffffff879f3100 R15=dffffc0000000000 RIP=ffffffff822e0088 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007fdf6e85e700 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b2d524000 CR3=000000004c79e000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000ff0000 XMM01=6a6e695f31313230385f7a7973006273 XMM02=000000000000000000ffffffff000000 XMM03=00007fdf713cf7c800007fdf713cf7c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000005 RBX=00000000172be715 RCX=0000000000000dc0 RDX=00000000efd3b03f RSI=ffffffff816c5f71 RDI=00000000f2aa977d RBP=ffff88800e945a40 RSP=ffff88804d2af750 R8 =000000005e2e1a91 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=ffff88804d2af7a0 R13=000000000000000b R14=000000000000000b R15=00000000000be715 RIP=ffffffff81fde3da RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 000055558c914400 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe4500000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1c2c13d438 CR3=000000004c434000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00007fad344377c000007fad344377c8 XMM02=00007fad344377e000007fad344377c0 XMM03=00007fad344377c800007fad344377c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000