executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 31) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:17:02 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:17:02 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x0, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:17:02 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0xc, 0x0, 0x0) [ 1564.562347] FAULT_INJECTION: forcing a failure. [ 1564.562347] name failslab, interval 1, probability 0, space 0, times 0 [ 1564.564927] CPU: 0 PID: 10057 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1564.566442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1564.568270] Call Trace: [ 1564.568848] dump_stack+0x107/0x167 [ 1564.569634] should_fail.cold+0x5/0xa [ 1564.570474] ? create_object.isra.0+0x3a/0xa20 [ 1564.571463] should_failslab+0x5/0x20 [ 1564.572286] kmem_cache_alloc+0x5b/0x310 [ 1564.573166] ? mark_held_locks+0x9e/0xe0 [ 1564.574063] create_object.isra.0+0x3a/0xa20 [ 1564.575020] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1564.576124] kmem_cache_alloc_bulk+0x168/0x320 [ 1564.577120] io_submit_sqes+0x6fe6/0x8610 [ 1564.578052] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1564.579146] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1564.580191] ? lock_downgrade+0x6d0/0x6d0 [ 1564.581085] ? find_held_lock+0x2c/0x110 [ 1564.581984] ? io_submit_sqes+0x8610/0x8610 [ 1564.582934] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1564.583985] ? wait_for_completion_io+0x270/0x270 [ 1564.585041] ? rcu_read_lock_any_held+0x75/0xa0 [ 1564.586063] ? vfs_write+0x354/0xb10 [ 1564.586873] ? fput_many+0x2f/0x1a0 [ 1564.587664] ? ksys_write+0x1a9/0x260 [ 1564.588491] ? __ia32_sys_read+0xb0/0xb0 [ 1564.589370] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1564.590518] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1564.591643] do_syscall_64+0x33/0x40 [ 1564.592447] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1564.593561] RIP: 0033:0x7fe637263b19 [ 1564.594376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1564.598403] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1564.600053] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1564.601607] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1564.603169] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1564.604716] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1564.606276] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:17:03 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 30) [ 1564.643434] FAULT_INJECTION: forcing a failure. 02:17:03 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1564.643434] name failslab, interval 1, probability 0, space 0, times 0 [ 1564.646447] CPU: 0 PID: 10070 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1564.647947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1564.649738] Call Trace: [ 1564.650324] dump_stack+0x107/0x167 [ 1564.651116] should_fail.cold+0x5/0xa [ 1564.651939] ? create_object.isra.0+0x3a/0xa20 [ 1564.652927] should_failslab+0x5/0x20 [ 1564.653747] kmem_cache_alloc+0x5b/0x310 [ 1564.654639] ? mark_held_locks+0x9e/0xe0 [ 1564.655520] create_object.isra.0+0x3a/0xa20 [ 1564.656470] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1564.657572] kmem_cache_alloc_bulk+0x168/0x320 [ 1564.658576] io_submit_sqes+0x6fe6/0x8610 [ 1564.659490] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1564.660566] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1564.661609] ? lock_downgrade+0x6d0/0x6d0 [ 1564.662514] ? find_held_lock+0x2c/0x110 [ 1564.663395] ? io_submit_sqes+0x8610/0x8610 [ 1564.664334] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1564.665387] ? wait_for_completion_io+0x270/0x270 [ 1564.666443] ? rcu_read_lock_any_held+0x75/0xa0 [ 1564.667450] ? vfs_write+0x354/0xb10 [ 1564.668254] ? fput_many+0x2f/0x1a0 [ 1564.669040] ? ksys_write+0x1a9/0x260 [ 1564.669864] ? __ia32_sys_read+0xb0/0xb0 [ 1564.670755] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1564.671891] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1564.673024] do_syscall_64+0x33/0x40 [ 1564.673830] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1564.674955] RIP: 0033:0x7f1a7fffbb19 [ 1564.675757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1564.679769] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1564.681410] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1564.682969] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1564.684515] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1564.686069] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1564.687613] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1577.640729] FAULT_INJECTION: forcing a failure. [ 1577.640729] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.641752] CPU: 1 PID: 10091 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1577.642356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.643080] Call Trace: [ 1577.643321] dump_stack+0x107/0x167 [ 1577.643649] should_fail.cold+0x5/0xa [ 1577.643987] ? __alloc_skb+0x6d/0x5b0 [ 1577.644326] should_failslab+0x5/0x20 [ 1577.644680] kmem_cache_alloc_node+0x55/0x330 [ 1577.645089] __alloc_skb+0x6d/0x5b0 [ 1577.645415] alloc_skb_with_frags+0x92/0x570 [ 1577.645807] ? trace_hardirqs_on+0x5b/0x180 [ 1577.646197] ? kmem_cache_free+0xa7/0x2d0 [ 1577.646569] sock_alloc_send_pskb+0x7af/0x930 [ 1577.646969] ? sk_alloc+0x350/0x350 [ 1577.647301] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1577.647766] ? trace_hardirqs_on+0x5b/0x180 [ 1577.648149] ? __dev_queue_xmit+0xe4e/0x2710 [ 1577.648538] ? __local_bh_enable_ip+0x9d/0x100 [ 1577.648947] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1577.649397] ? ip6_mtu+0x1bb/0x3d0 [ 1577.649711] ? lock_downgrade+0x6d0/0x6d0 [ 1577.650086] ? ip_frag_init+0x350/0x350 [ 1577.650438] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1577.650834] ? ip6_mtu+0x1e9/0x3d0 [ 1577.651137] ? ip6_setup_cork+0xfb7/0x1740 [ 1577.651503] ip6_make_skb+0x2de/0x4e0 [ 1577.651825] ? ip_frag_init+0x350/0x350 [ 1577.652166] ? ip_frag_init+0x350/0x350 [ 1577.652506] ? ip6_push_pending_frames+0xf0/0xf0 [ 1577.652912] ? ip6_dst_check+0x389/0x8d0 [ 1577.653256] ? sk_dst_check+0x235/0x4c0 [ 1577.653601] udpv6_sendmsg+0x20d3/0x2ad0 [ 1577.653949] ? ip_frag_init+0x350/0x350 [ 1577.654313] ? udp_v6_push_pending_frames+0x360/0x360 [ 1577.654786] ? lock_acquire+0x197/0x470 [ 1577.655137] ? find_held_lock+0x2c/0x110 [ 1577.655506] ? sock_has_perm+0x1ea/0x280 [ 1577.655877] ? __import_iovec+0x458/0x590 [ 1577.656243] ? udp_v6_push_pending_frames+0x360/0x360 [ 1577.656697] inet6_sendmsg+0x105/0x140 [ 1577.657037] ? inet6_compat_ioctl+0x320/0x320 [ 1577.657432] __sock_sendmsg+0xf2/0x190 [ 1577.657778] ____sys_sendmsg+0x334/0x870 [ 1577.658147] ? sock_write_iter+0x3d0/0x3d0 [ 1577.658519] ? do_recvmmsg+0x6d0/0x6d0 [ 1577.658864] ? __lock_acquire+0x1657/0x5b00 [ 1577.659250] ___sys_sendmsg+0xf3/0x170 [ 1577.659591] ? sendmsg_copy_msghdr+0x160/0x160 [ 1577.660001] ? __fget_files+0x2cf/0x520 [ 1577.660354] ? lock_acquire+0x197/0x470 [ 1577.660703] ? find_held_lock+0x2c/0x110 [ 1577.661059] ? __might_fault+0xd3/0x180 [ 1577.661409] ? lock_downgrade+0x6d0/0x6d0 [ 1577.661790] __sys_sendmmsg+0x195/0x470 [ 1577.662154] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1577.662536] ? lock_downgrade+0x6d0/0x6d0 [ 1577.662918] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1577.663342] ? wait_for_completion_io+0x270/0x270 [ 1577.663772] ? rcu_read_lock_any_held+0x75/0xa0 [ 1577.664184] ? vfs_write+0x354/0xb10 [ 1577.664514] ? fput_many+0x2f/0x1a0 [ 1577.664840] ? ksys_write+0x1a9/0x260 [ 1577.665180] ? __ia32_sys_read+0xb0/0xb0 [ 1577.665545] __x64_sys_sendmmsg+0x99/0x100 [ 1577.665917] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.666382] do_syscall_64+0x33/0x40 [ 1577.666708] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.667157] RIP: 0033:0x7f862c37fb19 [ 1577.667485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.669083] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1577.669752] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1577.670392] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1577.671023] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.671642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1577.672477] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1577.702381] FAULT_INJECTION: forcing a failure. [ 1577.702381] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.703609] CPU: 0 PID: 10095 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1577.704224] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.704949] Call Trace: [ 1577.705198] dump_stack+0x107/0x167 [ 1577.705527] should_fail.cold+0x5/0xa [ 1577.705880] ? create_object.isra.0+0x3a/0xa20 [ 1577.706316] should_failslab+0x5/0x20 [ 1577.706667] kmem_cache_alloc+0x5b/0x310 [ 1577.706949] FAULT_INJECTION: forcing a failure. [ 1577.706949] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.707041] ? mark_held_locks+0x9e/0xe0 [ 1577.708361] create_object.isra.0+0x3a/0xa20 [ 1577.708761] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.709222] kmem_cache_alloc_bulk+0x168/0x320 [ 1577.709647] io_submit_sqes+0x6fe6/0x8610 [ 1577.710046] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1577.710509] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1577.710950] ? lock_downgrade+0x6d0/0x6d0 [ 1577.711322] ? find_held_lock+0x2c/0x110 [ 1577.711700] ? io_submit_sqes+0x8610/0x8610 [ 1577.712095] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1577.712532] ? wait_for_completion_io+0x270/0x270 [ 1577.712972] ? rcu_read_lock_any_held+0x75/0xa0 [ 1577.713388] ? vfs_write+0x354/0xb10 [ 1577.713730] ? fput_many+0x2f/0x1a0 [ 1577.714066] ? ksys_write+0x1a9/0x260 [ 1577.714416] ? __ia32_sys_read+0xb0/0xb0 [ 1577.714793] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.715261] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.715731] do_syscall_64+0x33/0x40 [ 1577.716069] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.716528] RIP: 0033:0x7f1a7fffbb19 [ 1577.716867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.718508] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1577.719198] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1577.719856] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1577.720506] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.721136] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1577.721783] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1577.722458] CPU: 1 PID: 10103 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1577.723063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.723759] Call Trace: [ 1577.723993] dump_stack+0x107/0x167 [ 1577.724308] should_fail.cold+0x5/0xa [ 1577.724641] ? create_object.isra.0+0x3a/0xa20 [ 1577.725034] should_failslab+0x5/0x20 [ 1577.725363] kmem_cache_alloc+0x5b/0x310 [ 1577.725714] ? mark_held_locks+0x9e/0xe0 [ 1577.726081] create_object.isra.0+0x3a/0xa20 [ 1577.726467] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.726906] kmem_cache_alloc_bulk+0x168/0x320 [ 1577.727307] io_submit_sqes+0x6fe6/0x8610 [ 1577.727690] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1577.728116] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1577.728538] ? lock_downgrade+0x6d0/0x6d0 [ 1577.728891] ? find_held_lock+0x2c/0x110 [ 1577.729242] ? io_submit_sqes+0x8610/0x8610 [ 1577.729624] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1577.730037] ? wait_for_completion_io+0x270/0x270 [ 1577.730462] ? rcu_read_lock_any_held+0x75/0xa0 [ 1577.730862] ? vfs_write+0x354/0xb10 [ 1577.731179] ? fput_many+0x2f/0x1a0 [ 1577.731488] ? ksys_write+0x1a9/0x260 [ 1577.731819] ? __ia32_sys_read+0xb0/0xb0 [ 1577.732166] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.732612] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.733047] do_syscall_64+0x33/0x40 [ 1577.733363] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.733802] RIP: 0033:0x7fe637263b19 [ 1577.734136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.735669] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1577.736308] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1577.737052] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1577.737645] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.738252] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1577.738843] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:17:16 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 25) 02:17:16 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 31) 02:17:16 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x0, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:17:16 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x0, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:17:16 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:17:16 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 29) [ 1577.753764] FAULT_INJECTION: forcing a failure. [ 1577.753764] name failslab, interval 1, probability 0, space 0, times 0 [ 1577.754896] CPU: 0 PID: 10096 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1577.755526] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1577.756260] Call Trace: [ 1577.756510] dump_stack+0x107/0x167 [ 1577.756849] should_fail.cold+0x5/0xa [ 1577.757199] ? create_object.isra.0+0x3a/0xa20 [ 1577.757620] should_failslab+0x5/0x20 [ 1577.757965] kmem_cache_alloc+0x5b/0x310 [ 1577.758355] create_object.isra.0+0x3a/0xa20 [ 1577.758766] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1577.759232] kmem_cache_alloc_bulk+0x168/0x320 [ 1577.759664] io_submit_sqes+0x6fe6/0x8610 [ 1577.760061] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1577.760506] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1577.760941] ? lock_downgrade+0x6d0/0x6d0 [ 1577.761318] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1577.761806] ? io_submit_sqes+0x8610/0x8610 [ 1577.766205] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1577.766653] ? vfs_write+0x5cc/0xb10 [ 1577.767011] ? wait_for_completion_io+0x270/0x270 [ 1577.767449] ? rcu_read_lock_any_held+0x75/0xa0 [ 1577.767880] ? vfs_write+0x354/0xb10 [ 1577.768227] ? fput_many+0x2f/0x1a0 [ 1577.768570] ? ksys_write+0x1a9/0x260 [ 1577.768929] ? __ia32_sys_read+0xb0/0xb0 [ 1577.769323] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1577.769799] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1577.770298] do_syscall_64+0x33/0x40 [ 1577.770646] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1577.771110] RIP: 0033:0x7f6110e13b19 [ 1577.771452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1577.773087] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1577.773774] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1577.774433] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1577.775081] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1577.775723] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1577.776363] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:17:16 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x22, 0x0, 0x0) 02:17:16 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 32) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:17:28 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 30) 02:17:28 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x30e, 0x0, 0x0) 02:17:28 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:17:28 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 32) 02:17:28 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 26) 02:17:28 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, 0x0, &(0x7f0000000140)) 02:17:28 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 33) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:17:28 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x0, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1590.557676] FAULT_INJECTION: forcing a failure. [ 1590.557676] name failslab, interval 1, probability 0, space 0, times 0 [ 1590.558742] CPU: 1 PID: 10133 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1590.559187] FAULT_INJECTION: forcing a failure. [ 1590.559187] name failslab, interval 1, probability 0, space 0, times 0 [ 1590.559356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.560971] Call Trace: [ 1590.561205] dump_stack+0x107/0x167 [ 1590.561521] should_fail.cold+0x5/0xa [ 1590.561853] ? create_object.isra.0+0x3a/0xa20 [ 1590.562251] should_failslab+0x5/0x20 [ 1590.562587] kmem_cache_alloc+0x5b/0x310 [ 1590.562937] ? mark_held_locks+0x9e/0xe0 [ 1590.563341] create_object.isra.0+0x3a/0xa20 [ 1590.563806] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1590.564334] kmem_cache_alloc+0x159/0x310 [ 1590.564779] xas_alloc+0x336/0x440 [ 1590.565144] xas_create+0x34a/0x10d0 [ 1590.565540] ? kernel_text_address+0xf2/0x120 [ 1590.566011] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1590.566500] xas_store+0x8c/0x1c40 [ 1590.566823] __xa_store+0x164/0x2d0 [ 1590.567134] ? xa_delete_node+0x280/0x280 [ 1590.567495] ? trace_hardirqs_on+0x5b/0x180 [ 1590.567875] xa_store+0x31/0x50 [ 1590.568159] __io_uring_add_tctx_node+0x1cf/0x520 [ 1590.568573] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1590.569028] __do_sys_io_uring_enter+0x1489/0x18c0 [ 1590.569444] ? lock_downgrade+0x6d0/0x6d0 [ 1590.569803] ? find_held_lock+0x2c/0x110 [ 1590.570151] ? io_submit_sqes+0x8610/0x8610 [ 1590.570585] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.571069] ? wait_for_completion_io+0x270/0x270 [ 1590.571556] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.572033] ? vfs_write+0x354/0xb10 [ 1590.572454] ? fput_many+0x2f/0x1a0 [ 1590.572843] ? ksys_write+0x1a9/0x260 [ 1590.573237] ? __ia32_sys_read+0xb0/0xb0 [ 1590.573668] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1590.574211] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.574721] do_syscall_64+0x33/0x40 [ 1590.575093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.575611] RIP: 0033:0x7f6110e13b19 [ 1590.575991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.577883] RSP: 002b:00007f610e368188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1590.578654] RAX: ffffffffffffffda RBX: 00007f6110f27020 RCX: 00007f6110e13b19 [ 1590.579369] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1590.580086] RBP: 00007f610e3681d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.580822] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1590.581549] R13: 00007ffcd49ba00f R14: 00007f610e368300 R15: 0000000000022000 [ 1590.582321] CPU: 0 PID: 10122 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1590.583080] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.583962] Call Trace: [ 1590.584260] dump_stack+0x107/0x167 [ 1590.584660] should_fail.cold+0x5/0xa [ 1590.585081] ? create_object.isra.0+0x3a/0xa20 [ 1590.585588] should_failslab+0x5/0x20 [ 1590.585969] kmem_cache_alloc+0x5b/0x310 [ 1590.586377] ? mark_held_locks+0x9e/0xe0 [ 1590.586757] create_object.isra.0+0x3a/0xa20 [ 1590.587165] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1590.587635] kmem_cache_alloc_bulk+0x168/0x320 [ 1590.588062] io_submit_sqes+0x6fe6/0x8610 [ 1590.588472] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.588935] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.589385] ? lock_downgrade+0x6d0/0x6d0 [ 1590.589765] ? find_held_lock+0x2c/0x110 [ 1590.590147] ? io_submit_sqes+0x8610/0x8610 [ 1590.590566] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.591017] ? wait_for_completion_io+0x270/0x270 [ 1590.591462] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.591880] ? vfs_write+0x354/0xb10 [ 1590.592211] ? fput_many+0x2f/0x1a0 [ 1590.592536] ? ksys_write+0x1a9/0x260 [ 1590.592885] ? __ia32_sys_read+0xb0/0xb0 [ 1590.593250] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1590.593727] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.594205] do_syscall_64+0x33/0x40 [ 1590.594552] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.595008] RIP: 0033:0x7f1a7fffbb19 [ 1590.595346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.596963] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1590.597644] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1590.598296] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1590.598933] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.599569] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1590.600200] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1590.600323] FAULT_INJECTION: forcing a failure. [ 1590.600323] name failslab, interval 1, probability 0, space 0, times 0 [ 1590.601808] CPU: 1 PID: 10136 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1590.602446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.603185] Call Trace: [ 1590.603431] dump_stack+0x107/0x167 [ 1590.603771] should_fail.cold+0x5/0xa [ 1590.604128] should_failslab+0x5/0x20 [ 1590.604473] __kmalloc_node_track_caller+0x74/0x3b0 [ 1590.604931] ? alloc_skb_with_frags+0x92/0x570 [ 1590.605366] __alloc_skb+0xb1/0x5b0 [ 1590.605709] alloc_skb_with_frags+0x92/0x570 [ 1590.606108] ? trace_hardirqs_on+0x5b/0x180 [ 1590.606526] ? kmem_cache_free+0xa7/0x2d0 [ 1590.606922] sock_alloc_send_pskb+0x7af/0x930 [ 1590.607407] ? sk_alloc+0x350/0x350 [ 1590.607773] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1590.608253] ? trace_hardirqs_on+0x5b/0x180 [ 1590.608647] ? __dev_queue_xmit+0xe4e/0x2710 [ 1590.609056] ? __local_bh_enable_ip+0x9d/0x100 [ 1590.609493] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1590.609967] ? ip6_mtu+0x1bb/0x3d0 [ 1590.610319] ? lock_downgrade+0x6d0/0x6d0 [ 1590.610701] ? ip_frag_init+0x350/0x350 [ 1590.611087] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1590.611519] ? ip6_mtu+0x1e9/0x3d0 [ 1590.611851] ? ip6_setup_cork+0xfb7/0x1740 [ 1590.612256] ip6_make_skb+0x2de/0x4e0 [ 1590.612613] ? ip_frag_init+0x350/0x350 [ 1590.612983] ? ip_frag_init+0x350/0x350 [ 1590.613364] ? ip6_push_pending_frames+0xf0/0xf0 [ 1590.613791] ? ip6_dst_check+0x389/0x8d0 [ 1590.614148] ? sk_dst_check+0x235/0x4c0 [ 1590.614551] udpv6_sendmsg+0x20d3/0x2ad0 [ 1590.614929] ? ip_frag_init+0x350/0x350 [ 1590.615302] ? udp_v6_push_pending_frames+0x360/0x360 [ 1590.615805] ? lock_acquire+0x197/0x470 [ 1590.616169] ? find_held_lock+0x2c/0x110 [ 1590.616554] ? sock_has_perm+0x1ea/0x280 [ 1590.616960] ? __import_iovec+0x458/0x590 [ 1590.617341] ? udp_v6_push_pending_frames+0x360/0x360 [ 1590.617820] inet6_sendmsg+0x105/0x140 [ 1590.618188] ? inet6_compat_ioctl+0x320/0x320 [ 1590.618615] __sock_sendmsg+0xf2/0x190 [ 1590.618988] ____sys_sendmsg+0x334/0x870 [ 1590.619366] ? sock_write_iter+0x3d0/0x3d0 [ 1590.619753] ? do_recvmmsg+0x6d0/0x6d0 [ 1590.620127] ? __lock_acquire+0x1657/0x5b00 [ 1590.620533] ___sys_sendmsg+0xf3/0x170 [ 1590.620894] ? sendmsg_copy_msghdr+0x160/0x160 [ 1590.621329] ? __fget_files+0x2cf/0x520 [ 1590.621701] ? lock_acquire+0x197/0x470 [ 1590.622065] ? find_held_lock+0x2c/0x110 [ 1590.622486] ? __might_fault+0xd3/0x180 [ 1590.622854] ? lock_downgrade+0x6d0/0x6d0 [ 1590.623267] __sys_sendmmsg+0x195/0x470 [ 1590.623658] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1590.624053] ? lock_downgrade+0x6d0/0x6d0 [ 1590.624471] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.624919] ? wait_for_completion_io+0x270/0x270 [ 1590.625373] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.625823] ? vfs_write+0x354/0xb10 [ 1590.626168] ? fput_many+0x2f/0x1a0 [ 1590.626524] ? ksys_write+0x1a9/0x260 [ 1590.626897] ? __ia32_sys_read+0xb0/0xb0 [ 1590.627282] __x64_sys_sendmmsg+0x99/0x100 [ 1590.627684] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.628162] do_syscall_64+0x33/0x40 [ 1590.628507] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.628997] RIP: 0033:0x7f862c37fb19 [ 1590.629337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.631029] RSP: 002b:00007f86298d4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1590.631726] RAX: ffffffffffffffda RBX: 00007f862c493020 RCX: 00007f862c37fb19 [ 1590.632396] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1590.633037] RBP: 00007f86298d41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.633701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1590.634384] R13: 00007ffd1a0e155f R14: 00007f86298d4300 R15: 0000000000022000 [ 1590.638750] FAULT_INJECTION: forcing a failure. [ 1590.638750] name failslab, interval 1, probability 0, space 0, times 0 [ 1590.639763] CPU: 1 PID: 10132 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1590.640366] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.641097] Call Trace: [ 1590.641334] dump_stack+0x107/0x167 [ 1590.641670] should_fail.cold+0x5/0xa [ 1590.642015] ? create_object.isra.0+0x3a/0xa20 [ 1590.642456] should_failslab+0x5/0x20 [ 1590.642812] kmem_cache_alloc+0x5b/0x310 [ 1590.643191] ? mark_held_locks+0x9e/0xe0 [ 1590.643566] create_object.isra.0+0x3a/0xa20 [ 1590.643969] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1590.644446] kmem_cache_alloc_bulk+0x168/0x320 [ 1590.644877] io_submit_sqes+0x6fe6/0x8610 [ 1590.645301] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.645761] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.646210] ? lock_downgrade+0x6d0/0x6d0 [ 1590.646600] ? find_held_lock+0x2c/0x110 [ 1590.646975] ? io_submit_sqes+0x8610/0x8610 [ 1590.647389] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.647859] ? wait_for_completion_io+0x270/0x270 [ 1590.648304] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.648752] ? vfs_write+0x354/0xb10 [ 1590.649096] ? fput_many+0x2f/0x1a0 [ 1590.649431] ? ksys_write+0x1a9/0x260 [ 1590.649809] ? __ia32_sys_read+0xb0/0xb0 [ 1590.650186] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1590.650677] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.651176] do_syscall_64+0x33/0x40 [ 1590.651527] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.652018] RIP: 0033:0x7fe637263b19 [ 1590.652359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.654024] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1590.654749] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1590.655416] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1590.656055] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.656707] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1590.657363] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:17:29 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:17:29 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2) 02:17:29 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:17:29 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 34) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:17:29 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, 0x0, &(0x7f0000000140)) [ 1590.796830] FAULT_INJECTION: forcing a failure. [ 1590.796830] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1590.798048] CPU: 0 PID: 10152 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1590.798695] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.799436] Call Trace: [ 1590.799687] dump_stack+0x107/0x167 [ 1590.800024] should_fail.cold+0x5/0xa [ 1590.800381] __alloc_pages_nodemask+0x182/0x600 [ 1590.800814] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1590.801380] alloc_pages_current+0x187/0x280 [ 1590.801790] allocate_slab+0x26f/0x380 [ 1590.802153] ___slab_alloc+0x470/0x700 [ 1590.802528] ? io_submit_sqes+0x6fe6/0x8610 [ 1590.802939] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 1590.803369] kmem_cache_alloc_bulk+0x1ec/0x320 [ 1590.803793] io_submit_sqes+0x6fe6/0x8610 [ 1590.804188] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.804643] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.805087] ? lock_downgrade+0x6d0/0x6d0 [ 1590.805462] ? find_held_lock+0x2c/0x110 [ 1590.805837] ? io_submit_sqes+0x8610/0x8610 [ 1590.806252] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.806698] ? wait_for_completion_io+0x270/0x270 [ 1590.807130] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.807548] ? vfs_write+0x354/0xb10 [ 1590.807891] ? fput_many+0x2f/0x1a0 [ 1590.808229] ? ksys_write+0x1a9/0x260 [ 1590.808584] ? __ia32_sys_read+0xb0/0xb0 [ 1590.808966] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1590.809442] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.809913] do_syscall_64+0x33/0x40 [ 1590.810263] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.810731] RIP: 0033:0x7fe637263b19 [ 1590.811073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.812694] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1590.813382] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1590.814021] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1590.814673] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.815297] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1590.815939] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:17:29 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 31) 02:17:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 27) 02:17:29 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 33) [ 1590.870221] FAULT_INJECTION: forcing a failure. [ 1590.870221] name failslab, interval 1, probability 0, space 0, times 0 [ 1590.872633] CPU: 1 PID: 10159 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1590.873906] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.875752] Call Trace: [ 1590.876251] dump_stack+0x107/0x167 [ 1590.876930] should_fail.cold+0x5/0xa [ 1590.877654] should_failslab+0x5/0x20 [ 1590.878393] kmem_cache_alloc_bulk+0x4b/0x320 [ 1590.879197] io_submit_sqes+0x6fe6/0x8610 [ 1590.879970] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.880878] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.881764] ? lock_downgrade+0x6d0/0x6d0 [ 1590.882629] ? find_held_lock+0x2c/0x110 [ 1590.883390] ? io_submit_sqes+0x8610/0x8610 [ 1590.884207] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.885089] ? wait_for_completion_io+0x270/0x270 [ 1590.885964] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.886979] ? vfs_write+0x354/0xb10 [ 1590.887668] ? fput_many+0x2f/0x1a0 [ 1590.888324] ? ksys_write+0x1a9/0x260 [ 1590.889041] ? __ia32_sys_read+0xb0/0xb0 [ 1590.889809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1590.890499] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.890933] do_syscall_64+0x33/0x40 [ 1590.891248] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.891675] RIP: 0033:0x7f6110e13b19 [ 1590.891989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.893515] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1590.894152] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1590.895765] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1590.897104] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.898536] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1590.899875] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1590.911689] FAULT_INJECTION: forcing a failure. [ 1590.911689] name failslab, interval 1, probability 0, space 0, times 0 [ 1590.914160] CPU: 1 PID: 10166 Comm: syz-executor.1 Not tainted 5.10.226 #1 02:17:29 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, 0x0, &(0x7f0000000140)) [ 1590.915817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.922744] Call Trace: [ 1590.923196] dump_stack+0x107/0x167 [ 1590.923910] should_fail.cold+0x5/0xa [ 1590.924627] ? create_object.isra.0+0x3a/0xa20 [ 1590.925462] should_failslab+0x5/0x20 [ 1590.926159] kmem_cache_alloc+0x5b/0x310 [ 1590.926570] create_object.isra.0+0x3a/0xa20 [ 1590.926962] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1590.927411] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1590.927868] ? alloc_skb_with_frags+0x92/0x570 [ 1590.927954] FAULT_INJECTION: forcing a failure. [ 1590.927954] name failslab, interval 1, probability 0, space 0, times 0 [ 1590.928266] __alloc_skb+0xb1/0x5b0 [ 1590.929480] alloc_skb_with_frags+0x92/0x570 [ 1590.929862] ? trace_hardirqs_on+0x5b/0x180 [ 1590.930241] ? kmem_cache_free+0xa7/0x2d0 [ 1590.930615] sock_alloc_send_pskb+0x7af/0x930 [ 1590.931002] ? sk_alloc+0x350/0x350 [ 1590.931318] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1590.931766] ? trace_hardirqs_on+0x5b/0x180 [ 1590.932135] ? mark_lock+0xf5/0x2df0 [ 1590.932462] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1590.932905] ? ip6_mtu+0x1bb/0x3d0 [ 1590.933212] ? lock_downgrade+0x6d0/0x6d0 [ 1590.933578] ? ip_frag_init+0x350/0x350 [ 1590.933929] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1590.934345] ? ip6_mtu+0x1e9/0x3d0 [ 1590.934661] ? ip6_setup_cork+0xfb7/0x1740 [ 1590.935021] ip6_make_skb+0x2de/0x4e0 [ 1590.935345] ? ip_frag_init+0x350/0x350 [ 1590.935695] ? ip_frag_init+0x350/0x350 [ 1590.936034] ? ip6_push_pending_frames+0xf0/0xf0 [ 1590.936440] ? ip6_dst_check+0x389/0x8d0 [ 1590.936798] ? sk_dst_check+0x235/0x4c0 [ 1590.937142] udpv6_sendmsg+0x20d3/0x2ad0 [ 1590.937491] ? ip_frag_init+0x350/0x350 [ 1590.937847] ? udp_v6_push_pending_frames+0x360/0x360 [ 1590.938304] ? perf_event_task_disable+0x390/0x390 [ 1590.938731] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1590.939141] ? lock_acquire+0x197/0x470 [ 1590.939477] ? find_held_lock+0x2c/0x110 [ 1590.939841] ? sock_has_perm+0x1ea/0x280 [ 1590.940200] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1590.940661] ? trace_hardirqs_on+0x5b/0x180 [ 1590.941029] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1590.941489] ? udp_v6_push_pending_frames+0x360/0x360 [ 1590.941939] inet6_sendmsg+0x105/0x140 [ 1590.942288] ? inet6_compat_ioctl+0x320/0x320 [ 1590.942681] __sock_sendmsg+0xf2/0x190 [ 1590.943013] ____sys_sendmsg+0x334/0x870 [ 1590.943360] ? sock_write_iter+0x3d0/0x3d0 [ 1590.943733] ? do_recvmmsg+0x6d0/0x6d0 [ 1590.944076] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1590.944522] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1590.945005] ? trace_hardirqs_on+0x5b/0x180 [ 1590.945377] ___sys_sendmsg+0xf3/0x170 [ 1590.945722] ? sendmsg_copy_msghdr+0x160/0x160 [ 1590.946110] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1590.946505] ? _raw_spin_unlock_irq+0x27/0x30 [ 1590.946893] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1590.947271] ? finish_task_switch+0x126/0x5d0 [ 1590.947656] ? finish_task_switch+0xef/0x5d0 [ 1590.948027] ? __switch_to+0x572/0xf70 [ 1590.948355] ? __switch_to_asm+0x3a/0x60 [ 1590.948707] ? __switch_to_asm+0x34/0x60 [ 1590.949056] ? __schedule+0x82c/0x1ea0 [ 1590.949393] ? io_schedule_timeout+0x140/0x140 [ 1590.949797] __sys_sendmmsg+0x195/0x470 [ 1590.950139] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1590.950528] ? lock_downgrade+0x6d0/0x6d0 [ 1590.950899] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.951309] ? wait_for_completion_io+0x270/0x270 [ 1590.951728] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.952119] ? vfs_write+0x354/0xb10 [ 1590.952435] ? fput_many+0x2f/0x1a0 [ 1590.952754] ? ksys_write+0x1a9/0x260 [ 1590.953079] ? __ia32_sys_read+0xb0/0xb0 [ 1590.953429] __x64_sys_sendmmsg+0x99/0x100 [ 1590.953798] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.954242] do_syscall_64+0x33/0x40 [ 1590.954574] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.955006] RIP: 0033:0x7f862c37fb19 [ 1590.955325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.956862] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1590.957503] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1590.958110] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1590.958731] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.959327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1590.959932] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1590.960567] CPU: 0 PID: 10167 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1590.961180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1590.961909] Call Trace: [ 1590.962156] dump_stack+0x107/0x167 [ 1590.962500] should_fail.cold+0x5/0xa [ 1590.962844] ? create_object.isra.0+0x3a/0xa20 [ 1590.963255] should_failslab+0x5/0x20 [ 1590.963600] kmem_cache_alloc+0x5b/0x310 [ 1590.963969] ? find_held_lock+0x2c/0x110 [ 1590.964342] create_object.isra.0+0x3a/0xa20 [ 1590.964742] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1590.965203] __kmalloc_node+0x1ae/0x420 [ 1590.965573] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1590.966043] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1590.966527] kmem_cache_alloc_bulk+0x182/0x320 [ 1590.966947] io_submit_sqes+0x6fe6/0x8610 [ 1590.967351] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.967805] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1590.968241] ? lock_downgrade+0x6d0/0x6d0 [ 1590.968612] ? find_held_lock+0x2c/0x110 [ 1590.968989] ? io_submit_sqes+0x8610/0x8610 [ 1590.969387] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1590.969828] ? wait_for_completion_io+0x270/0x270 [ 1590.970274] ? rcu_read_lock_any_held+0x75/0xa0 [ 1590.970698] ? vfs_write+0x354/0xb10 [ 1590.971040] ? fput_many+0x2f/0x1a0 [ 1590.971373] ? ksys_write+0x1a9/0x260 [ 1590.971721] ? __ia32_sys_read+0xb0/0xb0 [ 1590.972094] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1590.972565] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1590.973032] do_syscall_64+0x33/0x40 [ 1590.973370] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1590.973835] RIP: 0033:0x7f1a7fffbb19 [ 1590.974177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1590.975810] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1590.976486] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1590.977119] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1590.977752] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1590.978403] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1590.979037] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:17:29 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5) 02:17:29 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:17:43 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:17:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 28) 02:17:43 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 34) 02:17:43 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 32) 02:17:43 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 35) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:17:43 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), 0x0) 02:17:43 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x0, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:17:43 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8) [ 1605.097920] FAULT_INJECTION: forcing a failure. [ 1605.097920] name failslab, interval 1, probability 0, space 0, times 0 [ 1605.099136] CPU: 0 PID: 10190 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1605.099774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1605.100533] Call Trace: [ 1605.100792] dump_stack+0x107/0x167 [ 1605.101136] should_fail.cold+0x5/0xa [ 1605.101497] ? create_object.isra.0+0x3a/0xa20 [ 1605.101927] should_failslab+0x5/0x20 [ 1605.102287] kmem_cache_alloc+0x5b/0x310 [ 1605.102689] ? mark_held_locks+0x9e/0xe0 [ 1605.103074] create_object.isra.0+0x3a/0xa20 [ 1605.103484] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1605.103963] kmem_cache_alloc_bulk+0x168/0x320 [ 1605.104399] io_submit_sqes+0x6fe6/0x8610 [ 1605.104816] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1605.105266] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1605.105694] ? lock_downgrade+0x6d0/0x6d0 [ 1605.106065] ? find_held_lock+0x2c/0x110 [ 1605.106463] ? io_submit_sqes+0x8610/0x8610 [ 1605.106862] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1605.107316] ? wait_for_completion_io+0x270/0x270 [ 1605.107762] ? rcu_read_lock_any_held+0x75/0xa0 [ 1605.108191] ? vfs_write+0x354/0xb10 [ 1605.108532] ? fput_many+0x2f/0x1a0 [ 1605.108862] ? ksys_write+0x1a9/0x260 [ 1605.109201] ? __ia32_sys_read+0xb0/0xb0 [ 1605.109580] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1605.110057] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1605.110547] do_syscall_64+0x33/0x40 [ 1605.110886] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1605.111342] RIP: 0033:0x7f6110e13b19 [ 1605.111687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1605.113323] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1605.114018] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1605.114695] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1605.115348] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1605.116000] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1605.116655] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1605.128093] FAULT_INJECTION: forcing a failure. [ 1605.128093] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1605.129267] CPU: 0 PID: 10197 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1605.129885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1605.130645] Call Trace: [ 1605.130895] dump_stack+0x107/0x167 [ 1605.131233] should_fail.cold+0x5/0xa [ 1605.131591] __alloc_pages_nodemask+0x182/0x600 [ 1605.132020] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1605.132580] alloc_pages_current+0x187/0x280 [ 1605.132993] allocate_slab+0x26f/0x380 [ 1605.133356] ___slab_alloc+0x470/0x700 [ 1605.133719] ? io_submit_sqes+0x6fe6/0x8610 [ 1605.134126] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 1605.134580] kmem_cache_alloc_bulk+0x1ec/0x320 [ 1605.135002] io_submit_sqes+0x6fe6/0x8610 [ 1605.135406] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1605.135853] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1605.136288] ? lock_downgrade+0x6d0/0x6d0 [ 1605.136662] ? find_held_lock+0x2c/0x110 [ 1605.137041] ? io_submit_sqes+0x8610/0x8610 [ 1605.137442] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1605.137879] ? wait_for_completion_io+0x270/0x270 [ 1605.138313] ? rcu_read_lock_any_held+0x75/0xa0 [ 1605.138755] ? vfs_write+0x354/0xb10 [ 1605.139101] ? fput_many+0x2f/0x1a0 [ 1605.139425] ? ksys_write+0x1a9/0x260 [ 1605.139779] ? __ia32_sys_read+0xb0/0xb0 [ 1605.140155] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1605.140628] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1605.141100] do_syscall_64+0x33/0x40 [ 1605.141446] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1605.141914] RIP: 0033:0x7fe637263b19 [ 1605.142254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1605.143906] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1605.144600] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1605.145257] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1605.145915] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1605.146590] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1605.147246] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1605.149277] FAULT_INJECTION: forcing a failure. [ 1605.149277] name failslab, interval 1, probability 0, space 0, times 0 02:17:43 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1605.150334] CPU: 0 PID: 10195 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1605.150967] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1605.151669] Call Trace: [ 1605.151894] dump_stack+0x107/0x167 [ 1605.152212] should_fail.cold+0x5/0xa [ 1605.152558] should_failslab+0x5/0x20 [ 1605.154562] kmem_cache_alloc_bulk+0x4b/0x320 [ 1605.155018] io_submit_sqes+0x6fe6/0x8610 [ 1605.155463] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1605.155947] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1605.156456] ? lock_downgrade+0x6d0/0x6d0 [ 1605.156898] ? find_held_lock+0x2c/0x110 [ 1605.157327] ? io_submit_sqes+0x8610/0x8610 [ 1605.157779] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1605.158290] ? wait_for_completion_io+0x270/0x270 [ 1605.158756] ? rcu_read_lock_any_held+0x75/0xa0 [ 1605.159177] ? vfs_write+0x354/0xb10 [ 1605.159521] ? fput_many+0x2f/0x1a0 [ 1605.159856] ? ksys_write+0x1a9/0x260 [ 1605.160207] ? __ia32_sys_read+0xb0/0xb0 [ 1605.160585] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1605.161059] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1605.161533] do_syscall_64+0x33/0x40 [ 1605.161889] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1605.162363] RIP: 0033:0x7f1a7fffbb19 [ 1605.162791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1605.164655] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1605.165458] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1605.166220] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1605.166909] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1605.167572] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1605.168222] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1605.188372] FAULT_INJECTION: forcing a failure. [ 1605.188372] name failslab, interval 1, probability 0, space 0, times 0 [ 1605.189536] CPU: 0 PID: 10212 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1605.190153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1605.191023] Call Trace: [ 1605.191304] dump_stack+0x107/0x167 [ 1605.191689] should_fail.cold+0x5/0xa [ 1605.192096] ? create_object.isra.0+0x3a/0xa20 [ 1605.192592] should_failslab+0x5/0x20 [ 1605.193001] kmem_cache_alloc+0x5b/0x310 [ 1605.193436] create_object.isra.0+0x3a/0xa20 [ 1605.193905] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1605.194487] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1605.194961] ? alloc_skb_with_frags+0x92/0x570 [ 1605.195393] __alloc_skb+0xb1/0x5b0 [ 1605.195734] alloc_skb_with_frags+0x92/0x570 [ 1605.196132] ? trace_hardirqs_on+0x5b/0x180 [ 1605.196530] ? kmem_cache_free+0xa7/0x2d0 [ 1605.196919] sock_alloc_send_pskb+0x7af/0x930 [ 1605.197341] ? sk_alloc+0x350/0x350 [ 1605.197693] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1605.198175] ? trace_hardirqs_on+0x5b/0x180 [ 1605.198634] ? __dev_queue_xmit+0xe4e/0x2710 [ 1605.199036] ? __local_bh_enable_ip+0x9d/0x100 [ 1605.199462] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1605.199929] ? ip6_mtu+0x1bb/0x3d0 [ 1605.200255] ? lock_downgrade+0x6d0/0x6d0 [ 1605.200632] ? ip_frag_init+0x350/0x350 [ 1605.201002] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1605.201422] ? ip6_mtu+0x1e9/0x3d0 [ 1605.201755] ? ip6_setup_cork+0xfb7/0x1740 [ 1605.202145] ip6_make_skb+0x2de/0x4e0 [ 1605.202544] ? ip_frag_init+0x350/0x350 [ 1605.202917] ? ip_frag_init+0x350/0x350 [ 1605.203255] ? ip6_push_pending_frames+0xf0/0xf0 [ 1605.203664] ? ip6_dst_check+0x389/0x8d0 [ 1605.204048] ? sk_dst_check+0x235/0x4c0 [ 1605.204418] udpv6_sendmsg+0x20d3/0x2ad0 [ 1605.204795] ? ip_frag_init+0x350/0x350 [ 1605.205164] ? udp_v6_push_pending_frames+0x360/0x360 [ 1605.205653] ? lock_acquire+0x197/0x470 [ 1605.206021] ? find_held_lock+0x2c/0x110 [ 1605.206420] ? sock_has_perm+0x1ea/0x280 [ 1605.206811] ? __import_iovec+0x458/0x590 [ 1605.207203] ? udp_v6_push_pending_frames+0x360/0x360 [ 1605.207682] inet6_sendmsg+0x105/0x140 [ 1605.208043] ? inet6_compat_ioctl+0x320/0x320 [ 1605.208460] __sock_sendmsg+0xf2/0x190 [ 1605.208817] ____sys_sendmsg+0x334/0x870 [ 1605.209189] ? sock_write_iter+0x3d0/0x3d0 [ 1605.209573] ? do_recvmmsg+0x6d0/0x6d0 [ 1605.209934] ? __lock_acquire+0x1657/0x5b00 [ 1605.210338] ___sys_sendmsg+0xf3/0x170 [ 1605.210761] ? sendmsg_copy_msghdr+0x160/0x160 [ 1605.211185] ? __fget_files+0x2cf/0x520 [ 1605.211559] ? lock_acquire+0x197/0x470 [ 1605.211934] ? find_held_lock+0x2c/0x110 [ 1605.212308] ? __might_fault+0xd3/0x180 [ 1605.212673] ? lock_downgrade+0x6d0/0x6d0 [ 1605.213069] __sys_sendmmsg+0x195/0x470 [ 1605.213441] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1605.213840] ? lock_downgrade+0x6d0/0x6d0 [ 1605.214246] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1605.214737] ? wait_for_completion_io+0x270/0x270 [ 1605.215190] ? rcu_read_lock_any_held+0x75/0xa0 [ 1605.215613] ? vfs_write+0x354/0xb10 [ 1605.215953] ? fput_many+0x2f/0x1a0 [ 1605.216290] ? ksys_write+0x1a9/0x260 [ 1605.216641] ? __ia32_sys_read+0xb0/0xb0 [ 1605.217020] __x64_sys_sendmmsg+0x99/0x100 [ 1605.217402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1605.217829] do_syscall_64+0x33/0x40 [ 1605.218164] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1605.218677] RIP: 0033:0x7f862c37fb19 [ 1605.219028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1605.220701] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1605.221404] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1605.222058] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1605.222755] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1605.223409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1605.224065] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:17:43 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x20e) 02:17:56 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 33) 02:17:56 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), 0x0) 02:17:56 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x0, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:17:56 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 29) 02:17:56 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500) 02:17:56 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x0) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:17:56 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 35) 02:17:56 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 36) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1618.214925] FAULT_INJECTION: forcing a failure. [ 1618.214925] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1618.216068] CPU: 0 PID: 10233 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1618.216710] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.217485] Call Trace: [ 1618.217740] dump_stack+0x107/0x167 [ 1618.218091] should_fail.cold+0x5/0xa [ 1618.218463] ? lock_chain_count+0x20/0x20 [ 1618.218871] __alloc_pages_nodemask+0x182/0x600 [ 1618.219312] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1618.219889] ? kmem_cache_alloc+0x301/0x310 [ 1618.220300] alloc_pages_current+0x187/0x280 [ 1618.220732] allocate_slab+0x26f/0x380 [ 1618.221115] ___slab_alloc+0x470/0x700 [ 1618.221499] ? skb_clone+0x14f/0x3d0 [ 1618.221865] ? ipv6_chk_mcast_addr+0x25c/0x720 [ 1618.222307] ? lock_downgrade+0x6d0/0x6d0 [ 1618.222720] ? skb_clone+0x14f/0x3d0 [ 1618.223086] ? kmem_cache_alloc+0x301/0x310 [ 1618.223504] ? skb_clone+0x14f/0x3d0 [ 1618.223866] kmem_cache_alloc+0x301/0x310 [ 1618.224276] skb_clone+0x14f/0x3d0 [ 1618.224629] ip6_finish_output2+0x1225/0x1fe0 [ 1618.224953] FAULT_INJECTION: forcing a failure. [ 1618.224953] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.225077] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1618.226613] ip6_output+0x3b8/0x7e0 [ 1618.226973] ip6_local_out+0xb4/0x1a0 [ 1618.227295] ip6_send_skb+0x112/0x460 [ 1618.227621] udp_v6_send_skb+0x7aa/0x15b0 [ 1618.228024] udpv6_sendmsg+0x2116/0x2ad0 [ 1618.228368] ? ip_frag_init+0x350/0x350 [ 1618.228710] ? udp_v6_push_pending_frames+0x360/0x360 [ 1618.229189] ? perf_event_task_disable+0x390/0x390 [ 1618.229607] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1618.230057] ? lock_acquire+0x197/0x470 [ 1618.230391] ? find_held_lock+0x2c/0x110 [ 1618.230755] ? sock_has_perm+0x1ea/0x280 [ 1618.231166] ? __import_iovec+0x458/0x590 [ 1618.231516] ? udp_v6_push_pending_frames+0x360/0x360 [ 1618.231997] inet6_sendmsg+0x105/0x140 [ 1618.232327] ? inet6_compat_ioctl+0x320/0x320 [ 1618.232706] __sock_sendmsg+0xf2/0x190 [ 1618.233079] ____sys_sendmsg+0x334/0x870 [ 1618.233423] ? sock_write_iter+0x3d0/0x3d0 [ 1618.235897] ? do_recvmmsg+0x6d0/0x6d0 [ 1618.236237] ? __lock_acquire+0x1657/0x5b00 [ 1618.236690] ___sys_sendmsg+0xf3/0x170 [ 1618.237066] ? sendmsg_copy_msghdr+0x160/0x160 [ 1618.237625] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.238107] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1618.238588] ? trace_hardirqs_on+0x5b/0x180 [ 1618.239010] ? lock_acquire+0x197/0x470 [ 1618.239342] ? find_held_lock+0x2c/0x110 [ 1618.239817] ? __might_fault+0xd3/0x180 [ 1618.240161] ? lock_downgrade+0x6d0/0x6d0 [ 1618.240511] ? io_schedule_timeout+0x140/0x140 [ 1618.240950] __sys_sendmmsg+0x195/0x470 [ 1618.241288] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1618.241652] ? lock_downgrade+0x6d0/0x6d0 [ 1618.242056] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.242462] ? wait_for_completion_io+0x270/0x270 [ 1618.242968] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.243357] ? vfs_write+0x354/0xb10 [ 1618.243671] ? fput_many+0x2f/0x1a0 [ 1618.243976] ? ksys_write+0x1a9/0x260 [ 1618.244297] ? __ia32_sys_read+0xb0/0xb0 [ 1618.244644] __x64_sys_sendmmsg+0x99/0x100 [ 1618.244998] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.245426] do_syscall_64+0x33/0x40 [ 1618.245739] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.246166] RIP: 0033:0x7f862c37fb19 [ 1618.246479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.248027] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1618.248662] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1618.249251] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1618.249844] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.250436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1618.251053] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1618.251671] CPU: 1 PID: 10239 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1618.252236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.252885] Call Trace: [ 1618.253105] dump_stack+0x107/0x167 [ 1618.253400] should_fail.cold+0x5/0xa [ 1618.253708] ? create_object.isra.0+0x3a/0xa20 [ 1618.254073] should_failslab+0x5/0x20 [ 1618.254378] kmem_cache_alloc+0x5b/0x310 [ 1618.254729] ? mark_held_locks+0x9e/0xe0 [ 1618.255058] create_object.isra.0+0x3a/0xa20 [ 1618.255515] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.255927] kmem_cache_alloc_bulk+0x168/0x320 [ 1618.256292] io_submit_sqes+0x6fe6/0x8610 [ 1618.256701] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.257093] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.257526] ? lock_downgrade+0x6d0/0x6d0 [ 1618.257855] ? find_held_lock+0x2c/0x110 [ 1618.258179] ? io_submit_sqes+0x8610/0x8610 [ 1618.258601] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.258993] ? wait_for_completion_io+0x270/0x270 [ 1618.259508] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.259889] ? vfs_write+0x354/0xb10 [ 1618.260184] ? fput_many+0x2f/0x1a0 [ 1618.260532] ? ksys_write+0x1a9/0x260 [ 1618.260836] ? __ia32_sys_read+0xb0/0xb0 [ 1618.261163] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.261625] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.262034] do_syscall_64+0x33/0x40 [ 1618.262329] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.262802] RIP: 0033:0x7fe637263b19 [ 1618.263100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.264616] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.265216] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1618.265778] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.266331] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.266907] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.267462] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1618.281206] FAULT_INJECTION: forcing a failure. [ 1618.281206] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.282364] CPU: 0 PID: 10238 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1618.282971] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.283671] Call Trace: [ 1618.283907] dump_stack+0x107/0x167 [ 1618.284225] should_fail.cold+0x5/0xa [ 1618.284557] ? create_object.isra.0+0x3a/0xa20 [ 1618.284949] should_failslab+0x5/0x20 [ 1618.285274] kmem_cache_alloc+0x5b/0x310 [ 1618.285621] ? mark_held_locks+0x9e/0xe0 [ 1618.285972] create_object.isra.0+0x3a/0xa20 [ 1618.286348] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.286802] kmem_cache_alloc_bulk+0x168/0x320 [ 1618.287197] io_submit_sqes+0x6fe6/0x8610 [ 1618.287576] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.288000] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.288419] ? lock_downgrade+0x6d0/0x6d0 [ 1618.288770] ? find_held_lock+0x2c/0x110 [ 1618.289122] ? io_submit_sqes+0x8610/0x8610 [ 1618.289496] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.289910] ? wait_for_completion_io+0x270/0x270 [ 1618.290321] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.290736] ? vfs_write+0x354/0xb10 [ 1618.291054] ? fput_many+0x2f/0x1a0 [ 1618.291371] ? ksys_write+0x1a9/0x260 [ 1618.291697] ? __ia32_sys_read+0xb0/0xb0 [ 1618.292044] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.292487] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.292927] do_syscall_64+0x33/0x40 [ 1618.293243] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.293676] RIP: 0033:0x7f1a7fffbb19 [ 1618.293998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.295552] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.296193] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1618.296791] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.297391] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.297990] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.298602] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1618.300975] FAULT_INJECTION: forcing a failure. [ 1618.300975] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.301988] CPU: 1 PID: 10229 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1618.302539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.303239] Call Trace: [ 1618.303455] dump_stack+0x107/0x167 [ 1618.303753] should_fail.cold+0x5/0xa [ 1618.304129] ? create_object.isra.0+0x3a/0xa20 [ 1618.304491] should_failslab+0x5/0x20 [ 1618.304794] kmem_cache_alloc+0x5b/0x310 [ 1618.305225] ? find_held_lock+0x2c/0x110 [ 1618.305551] create_object.isra.0+0x3a/0xa20 [ 1618.305899] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.306301] __kmalloc_node+0x1ae/0x420 [ 1618.306640] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1618.307048] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1618.307449] kmem_cache_alloc_bulk+0x182/0x320 [ 1618.307816] io_submit_sqes+0x6fe6/0x8610 [ 1618.308164] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.308559] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.308943] ? lock_downgrade+0x6d0/0x6d0 [ 1618.309272] ? find_held_lock+0x2c/0x110 [ 1618.309599] ? io_submit_sqes+0x8610/0x8610 [ 1618.309947] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.310331] ? wait_for_completion_io+0x270/0x270 [ 1618.310740] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.311108] ? vfs_write+0x354/0xb10 [ 1618.311405] ? fput_many+0x2f/0x1a0 [ 1618.311696] ? ksys_write+0x1a9/0x260 [ 1618.311998] ? __ia32_sys_read+0xb0/0xb0 [ 1618.312324] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.312738] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.313147] do_syscall_64+0x33/0x40 [ 1618.313443] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.313845] RIP: 0033:0x7f6110e13b19 [ 1618.314141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.315601] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.316200] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1618.316761] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.317438] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.318062] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.318640] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:17:56 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe02) 02:17:56 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x0) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:17:56 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 36) [ 1618.425902] FAULT_INJECTION: forcing a failure. [ 1618.425902] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.427086] CPU: 1 PID: 10258 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1618.427683] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.428326] Call Trace: [ 1618.428601] dump_stack+0x107/0x167 [ 1618.428893] should_fail.cold+0x5/0xa [ 1618.429198] ? create_object.isra.0+0x3a/0xa20 [ 1618.429611] should_failslab+0x5/0x20 [ 1618.429919] kmem_cache_alloc+0x5b/0x310 [ 1618.430245] ? mark_held_locks+0x9e/0xe0 [ 1618.430668] create_object.isra.0+0x3a/0xa20 [ 1618.431019] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.431476] kmem_cache_alloc_bulk+0x168/0x320 [ 1618.431846] io_submit_sqes+0x6fe6/0x8610 [ 1618.432193] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.432651] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.433036] ? lock_downgrade+0x6d0/0x6d0 [ 1618.433363] ? find_held_lock+0x2c/0x110 [ 1618.433741] ? io_submit_sqes+0x8610/0x8610 [ 1618.434091] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.434565] ? wait_for_completion_io+0x270/0x270 [ 1618.434953] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.435320] ? vfs_write+0x354/0xb10 [ 1618.435668] ? fput_many+0x2f/0x1a0 [ 1618.435963] ? ksys_write+0x1a9/0x260 [ 1618.436269] ? __ia32_sys_read+0xb0/0xb0 [ 1618.436655] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.437069] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.437527] do_syscall_64+0x33/0x40 [ 1618.437824] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.438228] RIP: 0033:0x7f1a7fffbb19 [ 1618.440511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.442001] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.442710] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1618.443269] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.443880] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.444495] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.445057] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:17:56 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), 0x0) 02:17:56 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 37) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:17:56 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 34) [ 1618.521798] FAULT_INJECTION: forcing a failure. [ 1618.521798] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.522945] CPU: 1 PID: 10268 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1618.523574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.524219] Call Trace: [ 1618.524482] dump_stack+0x107/0x167 [ 1618.524774] should_fail.cold+0x5/0xa [ 1618.525080] ? create_object.isra.0+0x3a/0xa20 [ 1618.525503] should_failslab+0x5/0x20 [ 1618.525809] kmem_cache_alloc+0x5b/0x310 [ 1618.526138] ? mark_held_locks+0x9e/0xe0 [ 1618.526518] create_object.isra.0+0x3a/0xa20 [ 1618.526884] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.527289] kmem_cache_alloc_bulk+0x168/0x320 [ 1618.527737] io_submit_sqes+0x6fe6/0x8610 [ 1618.528086] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.528532] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.528920] ? lock_downgrade+0x6d0/0x6d0 [ 1618.529249] ? find_held_lock+0x2c/0x110 [ 1618.529632] ? io_submit_sqes+0x8610/0x8610 [ 1618.529983] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.530367] ? wait_for_completion_io+0x270/0x270 [ 1618.530816] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.531186] ? vfs_write+0x354/0xb10 [ 1618.531560] ? fput_many+0x2f/0x1a0 [ 1618.531855] ? ksys_write+0x1a9/0x260 [ 1618.532158] ? __ia32_sys_read+0xb0/0xb0 [ 1618.532534] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.532953] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.533361] do_syscall_64+0x33/0x40 [ 1618.533715] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.534120] RIP: 0033:0x7fe637263b19 [ 1618.534461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.535989] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.536644] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1618.537203] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.537818] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.538438] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.539020] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1618.570274] FAULT_INJECTION: forcing a failure. [ 1618.570274] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.571611] CPU: 0 PID: 10272 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1618.572230] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.572971] Call Trace: [ 1618.573215] dump_stack+0x107/0x167 [ 1618.573543] should_fail.cold+0x5/0xa [ 1618.573904] ? create_object.isra.0+0x3a/0xa20 [ 1618.574313] should_failslab+0x5/0x20 [ 1618.574677] kmem_cache_alloc+0x5b/0x310 [ 1618.575056] ? mark_held_locks+0x9e/0xe0 [ 1618.575422] create_object.isra.0+0x3a/0xa20 [ 1618.575825] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.576287] kmem_cache_alloc_bulk+0x168/0x320 [ 1618.576706] io_submit_sqes+0x6fe6/0x8610 [ 1618.577113] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.577558] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.578010] ? lock_downgrade+0x6d0/0x6d0 [ 1618.578379] ? find_held_lock+0x2c/0x110 [ 1618.578770] ? io_submit_sqes+0x8610/0x8610 [ 1618.579181] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.579619] ? wait_for_completion_io+0x270/0x270 [ 1618.580067] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.580479] ? vfs_write+0x354/0xb10 [ 1618.580825] ? fput_many+0x2f/0x1a0 [ 1618.581163] ? ksys_write+0x1a9/0x260 [ 1618.581506] ? __ia32_sys_read+0xb0/0xb0 [ 1618.581890] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.582353] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.582840] do_syscall_64+0x33/0x40 [ 1618.583178] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.583630] RIP: 0033:0x7f6110e13b19 [ 1618.583978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.585597] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.586286] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1618.586943] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.587569] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.588206] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.588851] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:17:56 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 37) 02:17:57 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000) [ 1618.624095] FAULT_INJECTION: forcing a failure. [ 1618.624095] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.625111] CPU: 1 PID: 10277 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1618.625755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.626449] Call Trace: [ 1618.626688] dump_stack+0x107/0x167 [ 1618.626980] should_fail.cold+0x5/0xa [ 1618.627285] ? create_object.isra.0+0x3a/0xa20 02:17:57 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x0) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1618.627696] should_failslab+0x5/0x20 [ 1618.642770] kmem_cache_alloc+0x5b/0x310 [ 1618.643166] ? mark_held_locks+0x9e/0xe0 [ 1618.643548] create_object.isra.0+0x3a/0xa20 [ 1618.643951] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.644422] kmem_cache_alloc_bulk+0x168/0x320 [ 1618.644850] io_submit_sqes+0x6fe6/0x8610 [ 1618.645257] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.645708] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.646158] ? lock_downgrade+0x6d0/0x6d0 [ 1618.646545] ? find_held_lock+0x2c/0x110 [ 1618.646927] ? io_submit_sqes+0x8610/0x8610 [ 1618.647332] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.647776] ? wait_for_completion_io+0x270/0x270 [ 1618.648220] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.648643] ? vfs_write+0x354/0xb10 [ 1618.648989] ? fput_many+0x2f/0x1a0 [ 1618.649325] ? ksys_write+0x1a9/0x260 [ 1618.649677] ? __ia32_sys_read+0xb0/0xb0 [ 1618.650054] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.650543] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.651015] do_syscall_64+0x33/0x40 [ 1618.651359] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.651830] RIP: 0033:0x7f1a7fffbb19 [ 1618.652175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.653811] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.654513] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1618.655169] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.655816] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.656456] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.657099] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:17:57 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x0, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:17:57 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 38) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1618.765631] FAULT_INJECTION: forcing a failure. [ 1618.765631] name failslab, interval 1, probability 0, space 0, times 0 [ 1618.766764] CPU: 1 PID: 10292 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1618.767377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1618.768119] Call Trace: [ 1618.768369] dump_stack+0x107/0x167 [ 1618.768704] should_fail.cold+0x5/0xa [ 1618.769057] ? create_object.isra.0+0x3a/0xa20 [ 1618.769478] should_failslab+0x5/0x20 [ 1618.769833] kmem_cache_alloc+0x5b/0x310 [ 1618.770208] ? mark_held_locks+0x9e/0xe0 [ 1618.770604] create_object.isra.0+0x3a/0xa20 [ 1618.771011] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1618.771480] kmem_cache_alloc_bulk+0x168/0x320 [ 1618.771905] io_submit_sqes+0x6fe6/0x8610 [ 1618.772311] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.772764] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1618.773208] ? lock_downgrade+0x6d0/0x6d0 [ 1618.773586] ? find_held_lock+0x2c/0x110 [ 1618.773964] ? io_submit_sqes+0x8610/0x8610 [ 1618.774372] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1618.774833] ? wait_for_completion_io+0x270/0x270 [ 1618.775276] ? rcu_read_lock_any_held+0x75/0xa0 [ 1618.775703] ? vfs_write+0x354/0xb10 [ 1618.776048] ? fput_many+0x2f/0x1a0 [ 1618.776387] ? ksys_write+0x1a9/0x260 [ 1618.776743] ? __ia32_sys_read+0xb0/0xb0 [ 1618.777127] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1618.777606] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1618.778084] do_syscall_64+0x33/0x40 [ 1618.778427] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1618.778920] RIP: 0033:0x7fe637263b19 [ 1618.779267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1618.780942] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1618.781632] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1618.782288] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1618.782960] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1618.783605] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1618.784265] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:18:09 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 30) 02:18:09 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 39) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:18:09 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 35) 02:18:09 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:18:09 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x23d7) 02:18:09 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:18:09 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 38) [ 1631.437115] FAULT_INJECTION: forcing a failure. [ 1631.437115] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.438210] CPU: 1 PID: 10300 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1631.438842] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.439553] Call Trace: [ 1631.439790] dump_stack+0x107/0x167 [ 1631.440101] should_fail.cold+0x5/0xa [ 1631.440424] ? create_object.isra.0+0x3a/0xa20 [ 1631.440809] should_failslab+0x5/0x20 [ 1631.441130] kmem_cache_alloc+0x5b/0x310 [ 1631.441472] ? mark_held_locks+0x9e/0xe0 [ 1631.441816] create_object.isra.0+0x3a/0xa20 [ 1631.442185] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.442612] kmem_cache_alloc_bulk+0x168/0x320 [ 1631.443031] io_submit_sqes+0x6fe6/0x8610 [ 1631.443396] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.443811] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.444219] ? lock_downgrade+0x6d0/0x6d0 [ 1631.444564] ? find_held_lock+0x2c/0x110 [ 1631.444906] ? io_submit_sqes+0x8610/0x8610 [ 1631.445273] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1631.445677] ? wait_for_completion_io+0x270/0x270 [ 1631.446082] ? rcu_read_lock_any_held+0x75/0xa0 [ 1631.446469] ? vfs_write+0x354/0xb10 [ 1631.448817] FAULT_INJECTION: forcing a failure. [ 1631.448817] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1631.462827] ? fput_many+0x2f/0x1a0 [ 1631.462841] ? ksys_write+0x1a9/0x260 [ 1631.462853] ? __ia32_sys_read+0xb0/0xb0 [ 1631.462867] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.462879] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.462892] do_syscall_64+0x33/0x40 [ 1631.462903] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.462911] RIP: 0033:0x7fe637263b19 [ 1631.462923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.462929] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1631.462942] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1631.462949] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1631.462955] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.462962] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1631.462968] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1631.479782] CPU: 0 PID: 10303 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1631.480354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.481037] Call Trace: [ 1631.481263] dump_stack+0x107/0x167 [ 1631.481570] should_fail.cold+0x5/0xa [ 1631.481895] _copy_from_user+0x2e/0x1b0 [ 1631.482235] __copy_msghdr_from_user+0x91/0x4b0 [ 1631.482627] ? __ia32_sys_shutdown+0x80/0x80 [ 1631.483014] ? udp_v6_push_pending_frames+0x360/0x360 [ 1631.483449] ? inet6_sendmsg+0xbd/0x140 [ 1631.483784] ? inet6_compat_ioctl+0x320/0x320 [ 1631.484159] ? __sock_sendmsg+0x55/0x190 [ 1631.484505] sendmsg_copy_msghdr+0xa1/0x160 [ 1631.484868] ? do_recvmmsg+0x6d0/0x6d0 [ 1631.485198] ? __lock_acquire+0x1657/0x5b00 [ 1631.485568] ___sys_sendmsg+0xc6/0x170 [ 1631.485898] ? sendmsg_copy_msghdr+0x160/0x160 [ 1631.486284] ? __fget_files+0x2cf/0x520 [ 1631.486622] ? lock_acquire+0x197/0x470 [ 1631.486973] ? find_held_lock+0x2c/0x110 [ 1631.487317] ? __might_fault+0xd3/0x180 [ 1631.487651] ? lock_downgrade+0x6d0/0x6d0 [ 1631.488016] __sys_sendmmsg+0x195/0x470 [ 1631.488354] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1631.488716] ? lock_downgrade+0x6d0/0x6d0 [ 1631.489075] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1631.489481] ? wait_for_completion_io+0x270/0x270 [ 1631.489888] ? rcu_read_lock_any_held+0x75/0xa0 [ 1631.490276] ? vfs_write+0x354/0xb10 [ 1631.490588] ? fput_many+0x2f/0x1a0 [ 1631.490910] ? ksys_write+0x1a9/0x260 [ 1631.491237] ? __ia32_sys_read+0xb0/0xb0 [ 1631.491583] __x64_sys_sendmmsg+0x99/0x100 [ 1631.491938] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.492367] do_syscall_64+0x33/0x40 [ 1631.492658] FAULT_INJECTION: forcing a failure. [ 1631.492658] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.492684] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.494025] RIP: 0033:0x7f862c37fb19 [ 1631.494338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.495868] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1631.496501] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1631.497093] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1631.497684] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.498276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1631.498887] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1631.499502] CPU: 1 PID: 10304 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1631.500206] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.500898] Call Trace: [ 1631.501122] dump_stack+0x107/0x167 [ 1631.501431] should_fail.cold+0x5/0xa [ 1631.501753] ? create_object.isra.0+0x3a/0xa20 [ 1631.502137] should_failslab+0x5/0x20 [ 1631.502458] kmem_cache_alloc+0x5b/0x310 [ 1631.505316] ? mark_held_locks+0x9e/0xe0 [ 1631.505662] create_object.isra.0+0x3a/0xa20 [ 1631.506039] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.506469] kmem_cache_alloc_bulk+0x168/0x320 [ 1631.506920] io_submit_sqes+0x6fe6/0x8610 [ 1631.507290] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.507714] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.508120] ? lock_downgrade+0x6d0/0x6d0 [ 1631.508468] ? find_held_lock+0x2c/0x110 [ 1631.508812] ? io_submit_sqes+0x8610/0x8610 [ 1631.509180] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1631.509586] ? wait_for_completion_io+0x270/0x270 [ 1631.509991] ? rcu_read_lock_any_held+0x75/0xa0 [ 1631.510379] ? vfs_write+0x354/0xb10 [ 1631.510788] ? fput_many+0x2f/0x1a0 [ 1631.511143] ? ksys_write+0x1a9/0x260 [ 1631.511465] ? __ia32_sys_read+0xb0/0xb0 [ 1631.511808] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.512288] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.512722] do_syscall_64+0x33/0x40 [ 1631.513085] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.513511] RIP: 0033:0x7f6110e13b19 [ 1631.513824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.515462] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1631.516141] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1631.516734] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1631.517368] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.518030] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1631.518623] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1631.527407] FAULT_INJECTION: forcing a failure. [ 1631.527407] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.528407] CPU: 0 PID: 10312 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1631.528992] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.529689] Call Trace: [ 1631.529919] dump_stack+0x107/0x167 [ 1631.530235] should_fail.cold+0x5/0xa [ 1631.530563] ? create_object.isra.0+0x3a/0xa20 [ 1631.530972] should_failslab+0x5/0x20 [ 1631.531300] kmem_cache_alloc+0x5b/0x310 [ 1631.531656] create_object.isra.0+0x3a/0xa20 [ 1631.532033] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1631.532477] kmem_cache_alloc_bulk+0x168/0x320 [ 1631.532873] io_submit_sqes+0x6fe6/0x8610 [ 1631.533251] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.533678] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.534097] ? lock_downgrade+0x6d0/0x6d0 [ 1631.534454] ? find_held_lock+0x2c/0x110 [ 1631.534824] ? io_submit_sqes+0x8610/0x8610 [ 1631.535200] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1631.535617] ? wait_for_completion_io+0x270/0x270 [ 1631.536032] ? rcu_read_lock_any_held+0x75/0xa0 [ 1631.536429] ? vfs_write+0x354/0xb10 [ 1631.536750] ? fput_many+0x2f/0x1a0 [ 1631.537063] ? ksys_write+0x1a9/0x260 [ 1631.537391] ? __ia32_sys_read+0xb0/0xb0 [ 1631.537744] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.538192] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.538636] do_syscall_64+0x33/0x40 [ 1631.542975] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.543402] RIP: 0033:0x7f1a7fffbb19 [ 1631.543716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.545244] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1631.545879] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1631.546471] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1631.547081] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.547672] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1631.548263] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:18:09 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 40) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:18:09 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:18:09 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), 0x0) 02:18:10 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 31) [ 1631.610216] FAULT_INJECTION: forcing a failure. [ 1631.610216] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.611431] CPU: 1 PID: 10325 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1631.612058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.612756] Call Trace: [ 1631.613050] dump_stack+0x107/0x167 [ 1631.613361] should_fail.cold+0x5/0xa [ 1631.613689] should_failslab+0x5/0x20 [ 1631.614083] kmem_cache_alloc_bulk+0x4b/0x320 [ 1631.614467] io_submit_sqes+0x6fe6/0x8610 [ 1631.614891] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.615315] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.615727] ? lock_downgrade+0x6d0/0x6d0 [ 1631.616118] ? find_held_lock+0x2c/0x110 [ 1631.616465] ? io_submit_sqes+0x8610/0x8610 [ 1631.616882] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1631.617299] ? wait_for_completion_io+0x270/0x270 [ 1631.617708] ? rcu_read_lock_any_held+0x75/0xa0 [ 1631.618263] ? vfs_write+0x354/0xb10 [ 1631.618578] ? fput_many+0x2f/0x1a0 [ 1631.618964] ? ksys_write+0x1a9/0x260 [ 1631.619286] ? __ia32_sys_read+0xb0/0xb0 [ 1631.619630] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.620115] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.620550] do_syscall_64+0x33/0x40 [ 1631.620922] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.621350] RIP: 0033:0x7fe637263b19 [ 1631.621665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.623314] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1631.623993] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1631.624585] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1631.625229] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.625820] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1631.626476] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:18:10 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00) 02:18:10 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 36) 02:18:10 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1631.709126] FAULT_INJECTION: forcing a failure. [ 1631.709126] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.710297] CPU: 1 PID: 10343 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1631.710888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.711579] Call Trace: [ 1631.711811] dump_stack+0x107/0x167 [ 1631.712122] should_fail.cold+0x5/0xa [ 1631.712449] ? create_object.isra.0+0x3a/0xa20 [ 1631.712841] should_failslab+0x5/0x20 [ 1631.713167] kmem_cache_alloc+0x5b/0x310 [ 1631.713516] ? mark_held_locks+0x9e/0xe0 [ 1631.713865] create_object.isra.0+0x3a/0xa20 [ 1631.714240] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 02:18:10 executing program 6: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x0, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1631.714687] kmem_cache_alloc_bulk+0x168/0x320 [ 1631.715088] io_submit_sqes+0x6fe6/0x8610 [ 1631.715459] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.715882] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1631.716295] ? lock_downgrade+0x6d0/0x6d0 [ 1631.716647] ? find_held_lock+0x2c/0x110 [ 1631.716996] ? io_submit_sqes+0x8610/0x8610 [ 1631.717371] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1631.717790] ? wait_for_completion_io+0x270/0x270 [ 1631.718203] ? rcu_read_lock_any_held+0x75/0xa0 [ 1631.730919] ? vfs_write+0x354/0xb10 [ 1631.731235] ? fput_many+0x2f/0x1a0 [ 1631.731545] ? ksys_write+0x1a9/0x260 [ 1631.731867] ? __ia32_sys_read+0xb0/0xb0 [ 1631.732212] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1631.732650] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.733084] do_syscall_64+0x33/0x40 [ 1631.733397] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.733826] RIP: 0033:0x7f6110e13b19 [ 1631.734140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.735678] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1631.736316] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1631.736911] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1631.737507] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.738101] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1631.738709] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1631.768046] FAULT_INJECTION: forcing a failure. [ 1631.768046] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.769121] CPU: 1 PID: 10340 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1631.769741] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1631.770481] Call Trace: [ 1631.770762] dump_stack+0x107/0x167 [ 1631.771103] should_fail.cold+0x5/0xa [ 1631.771458] ? __alloc_skb+0x6d/0x5b0 [ 1631.771819] should_failslab+0x5/0x20 [ 1631.772170] kmem_cache_alloc_node+0x55/0x330 [ 1631.772573] __alloc_skb+0x6d/0x5b0 [ 1631.772917] alloc_skb_with_frags+0x92/0x570 [ 1631.773317] ? trace_hardirqs_on+0x5b/0x180 [ 1631.773688] ? kmem_cache_free+0xa7/0x2d0 [ 1631.774061] sock_alloc_send_pskb+0x7af/0x930 [ 1631.774471] ? sk_alloc+0x350/0x350 [ 1631.774835] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1631.775309] ? trace_hardirqs_on+0x5b/0x180 [ 1631.775706] ? __dev_queue_xmit+0xe4e/0x2710 [ 1631.776106] ? __local_bh_enable_ip+0x9d/0x100 [ 1631.776533] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1631.777003] ? ip6_mtu+0x1bb/0x3d0 [ 1631.777333] ? lock_downgrade+0x6d0/0x6d0 [ 1631.777713] ? ip_frag_init+0x350/0x350 [ 1631.778089] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1631.778514] ? ip6_mtu+0x1e9/0x3d0 [ 1631.778862] ? ip6_setup_cork+0xfb7/0x1740 [ 1631.779253] ip6_make_skb+0x2de/0x4e0 [ 1631.779609] ? ip_frag_init+0x350/0x350 [ 1631.779975] ? ip_frag_init+0x350/0x350 [ 1631.780347] ? ip6_push_pending_frames+0xf0/0xf0 [ 1631.780794] ? ip6_dst_check+0x389/0x8d0 [ 1631.781174] ? sk_dst_check+0x235/0x4c0 [ 1631.781553] udpv6_sendmsg+0x20d3/0x2ad0 [ 1631.781940] ? ip_frag_init+0x350/0x350 [ 1631.782322] ? udp_v6_push_pending_frames+0x360/0x360 [ 1631.782819] ? mark_lock+0xf5/0x2df0 [ 1631.783179] ? lock_acquire+0x197/0x470 [ 1631.783551] ? find_held_lock+0x2c/0x110 [ 1631.783943] ? sock_has_perm+0x1ea/0x280 [ 1631.784344] ? __import_iovec+0x458/0x590 [ 1631.784734] ? udp_v6_push_pending_frames+0x360/0x360 [ 1631.785219] inet6_sendmsg+0x105/0x140 [ 1631.785586] ? inet6_compat_ioctl+0x320/0x320 [ 1631.786007] __sock_sendmsg+0xf2/0x190 [ 1631.786372] ____sys_sendmsg+0x334/0x870 [ 1631.786770] ? sock_write_iter+0x3d0/0x3d0 [ 1631.787153] ? do_recvmmsg+0x6d0/0x6d0 [ 1631.787512] ? __lock_acquire+0x1657/0x5b00 [ 1631.787907] ___sys_sendmsg+0xf3/0x170 [ 1631.788268] ? sendmsg_copy_msghdr+0x160/0x160 [ 1631.788686] ? __fget_files+0x2cf/0x520 [ 1631.789053] ? lock_acquire+0x197/0x470 [ 1631.789422] ? find_held_lock+0x2c/0x110 [ 1631.789799] ? __might_fault+0xd3/0x180 [ 1631.790165] ? lock_downgrade+0x6d0/0x6d0 [ 1631.790560] __sys_sendmmsg+0x195/0x470 [ 1631.794961] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1631.795375] ? setup_APIC_eilvt+0x2f0/0x2f0 [ 1631.795772] ? clockevents_program_event+0x131/0x360 [ 1631.796237] ? tick_program_event+0xa8/0x140 [ 1631.796643] ? hrtimer_interrupt+0x771/0x9b0 [ 1631.797061] __x64_sys_sendmmsg+0x99/0x100 [ 1631.797452] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1631.797894] do_syscall_64+0x33/0x40 [ 1631.798209] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1631.798651] RIP: 0033:0x7f862c37fb19 [ 1631.798976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1631.800498] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1631.801166] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1631.801803] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1631.802451] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1631.803104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1631.803743] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:18:23 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:18:23 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 37) 02:18:23 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 32) 02:18:23 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 39) 02:18:23 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 41) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:18:23 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000) 02:18:23 executing program 6: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x40000000, 0x2, 0x0, 0x0) [ 1645.029914] FAULT_INJECTION: forcing a failure. 02:18:23 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1645.029914] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.030003] FAULT_INJECTION: forcing a failure. [ 1645.030003] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.030941] CPU: 0 PID: 10370 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1645.030950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.030954] Call Trace: [ 1645.030972] dump_stack+0x107/0x167 [ 1645.030987] should_fail.cold+0x5/0xa [ 1645.031005] should_failslab+0x5/0x20 [ 1645.031027] kmem_cache_alloc_bulk+0x4b/0x320 [ 1645.047373] io_submit_sqes+0x6fe6/0x8610 [ 1645.047746] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.048167] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.048580] ? lock_downgrade+0x6d0/0x6d0 [ 1645.048929] ? find_held_lock+0x2c/0x110 [ 1645.049277] ? io_submit_sqes+0x8610/0x8610 [ 1645.049652] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1645.050060] ? wait_for_completion_io+0x270/0x270 [ 1645.050470] ? rcu_read_lock_any_held+0x75/0xa0 [ 1645.050879] ? vfs_write+0x354/0xb10 [ 1645.051194] ? fput_many+0x2f/0x1a0 [ 1645.051504] ? ksys_write+0x1a9/0x260 [ 1645.051829] ? __ia32_sys_read+0xb0/0xb0 [ 1645.052174] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.052620] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.053055] do_syscall_64+0x33/0x40 [ 1645.053370] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.053802] RIP: 0033:0x7f6110e13b19 [ 1645.054120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.055666] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1645.056304] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1645.056901] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1645.057497] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.058096] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1645.058696] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1645.059326] CPU: 1 PID: 10360 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1645.059925] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.060614] Call Trace: [ 1645.060848] dump_stack+0x107/0x167 [ 1645.061170] should_fail.cold+0x5/0xa [ 1645.061497] ? create_object.isra.0+0x3a/0xa20 [ 1645.061891] should_failslab+0x5/0x20 [ 1645.062214] kmem_cache_alloc+0x5b/0x310 [ 1645.062559] ? mark_held_locks+0x9e/0xe0 [ 1645.062939] create_object.isra.0+0x3a/0xa20 [ 1645.063311] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.063742] kmem_cache_alloc_bulk+0x168/0x320 [ 1645.064132] io_submit_sqes+0x6fe6/0x8610 [ 1645.064499] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.064916] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.065322] ? lock_downgrade+0x6d0/0x6d0 [ 1645.065669] ? find_held_lock+0x2c/0x110 [ 1645.066021] ? io_submit_sqes+0x8610/0x8610 [ 1645.066391] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1645.066816] ? wait_for_completion_io+0x270/0x270 [ 1645.067261] ? rcu_read_lock_any_held+0x75/0xa0 [ 1645.067656] ? vfs_write+0x354/0xb10 [ 1645.067969] ? fput_many+0x2f/0x1a0 [ 1645.068277] ? ksys_write+0x1a9/0x260 [ 1645.068605] ? __ia32_sys_read+0xb0/0xb0 [ 1645.068956] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.069401] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.069839] do_syscall_64+0x33/0x40 [ 1645.070153] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.070586] RIP: 0033:0x7f1a7fffbb19 [ 1645.070942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.072449] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1645.073085] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1645.073678] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1645.074266] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.074884] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1645.075482] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1645.088637] FAULT_INJECTION: forcing a failure. [ 1645.088637] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.089641] CPU: 1 PID: 10371 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1645.090220] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.090942] Call Trace: [ 1645.091168] dump_stack+0x107/0x167 [ 1645.091480] should_fail.cold+0x5/0xa [ 1645.091802] ? create_object.isra.0+0x3a/0xa20 [ 1645.092189] should_failslab+0x5/0x20 [ 1645.092513] kmem_cache_alloc+0x5b/0x310 [ 1645.092856] ? mark_held_locks+0x9e/0xe0 [ 1645.093202] create_object.isra.0+0x3a/0xa20 [ 1645.093579] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.094009] kmem_cache_alloc_bulk+0x168/0x320 [ 1645.094396] io_submit_sqes+0x6fe6/0x8610 [ 1645.094771] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.095220] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.095633] ? lock_downgrade+0x6d0/0x6d0 [ 1645.095983] ? find_held_lock+0x2c/0x110 [ 1645.096329] ? io_submit_sqes+0x8610/0x8610 [ 1645.096705] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1645.097114] ? wait_for_completion_io+0x270/0x270 [ 1645.097520] ? rcu_read_lock_any_held+0x75/0xa0 [ 1645.097912] ? vfs_write+0x354/0xb10 [ 1645.098226] ? fput_many+0x2f/0x1a0 [ 1645.098536] ? ksys_write+0x1a9/0x260 [ 1645.098894] ? __ia32_sys_read+0xb0/0xb0 [ 1645.099248] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.099688] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.100133] do_syscall_64+0x33/0x40 [ 1645.100447] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.100878] RIP: 0033:0x7fe637263b19 [ 1645.101194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.102728] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1645.103397] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1645.103996] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1645.104593] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.105189] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1645.105782] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1645.111711] FAULT_INJECTION: forcing a failure. [ 1645.111711] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.112741] CPU: 0 PID: 10379 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1645.113323] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.114018] Call Trace: [ 1645.114251] dump_stack+0x107/0x167 [ 1645.114565] should_fail.cold+0x5/0xa [ 1645.114908] ? __alloc_skb+0x6d/0x5b0 [ 1645.115237] should_failslab+0x5/0x20 [ 1645.115565] kmem_cache_alloc_node+0x55/0x330 [ 1645.115952] __alloc_skb+0x6d/0x5b0 [ 1645.116268] alloc_skb_with_frags+0x92/0x570 [ 1645.116642] ? trace_hardirqs_on+0x5b/0x180 [ 1645.117009] ? kmem_cache_free+0xa7/0x2d0 [ 1645.117367] sock_alloc_send_pskb+0x7af/0x930 [ 1645.117757] ? sk_alloc+0x350/0x350 [ 1645.118076] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1645.118517] ? trace_hardirqs_on+0x5b/0x180 [ 1645.118910] ? __dev_queue_xmit+0xe4e/0x2710 [ 1645.119283] ? __local_bh_enable_ip+0x9d/0x100 [ 1645.119681] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1645.120110] ? ip6_mtu+0x1bb/0x3d0 [ 1645.120411] ? lock_downgrade+0x6d0/0x6d0 [ 1645.120766] ? ip_frag_init+0x350/0x350 [ 1645.121111] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1645.121506] ? ip6_mtu+0x1e9/0x3d0 [ 1645.121810] ? ip6_setup_cork+0xfb7/0x1740 [ 1645.122168] ip6_make_skb+0x2de/0x4e0 [ 1645.122489] ? ip_frag_init+0x350/0x350 [ 1645.122845] ? ip_frag_init+0x350/0x350 [ 1645.123191] ? ip6_push_pending_frames+0xf0/0xf0 [ 1645.123597] ? ip6_dst_check+0x389/0x8d0 [ 1645.123940] ? sk_dst_check+0x235/0x4c0 [ 1645.124281] udpv6_sendmsg+0x20d3/0x2ad0 [ 1645.124630] ? ip_frag_init+0x350/0x350 [ 1645.124971] ? udp_v6_push_pending_frames+0x360/0x360 [ 1645.125416] ? lock_acquire+0x197/0x470 [ 1645.125752] ? find_held_lock+0x2c/0x110 [ 1645.126102] ? lock_chain_count+0x20/0x20 [ 1645.126453] ? sock_has_perm+0x1ea/0x280 [ 1645.126819] ? __import_iovec+0x458/0x590 [ 1645.127176] ? udp_v6_push_pending_frames+0x360/0x360 [ 1645.127612] inet6_sendmsg+0x105/0x140 [ 1645.127942] ? inet6_compat_ioctl+0x320/0x320 [ 1645.128321] __sock_sendmsg+0xf2/0x190 [ 1645.128650] ____sys_sendmsg+0x334/0x870 [ 1645.128995] ? sock_write_iter+0x3d0/0x3d0 [ 1645.129352] ? do_recvmmsg+0x6d0/0x6d0 [ 1645.129683] ? find_held_lock+0x2c/0x110 [ 1645.130033] ___sys_sendmsg+0xf3/0x170 [ 1645.130366] ? sendmsg_copy_msghdr+0x160/0x160 [ 1645.130755] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.131211] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1645.131588] ? trace_hardirqs_on+0x5b/0x180 [ 1645.131950] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1645.132327] ? finish_task_switch+0x126/0x5d0 [ 1645.132704] ? finish_task_switch+0xef/0x5d0 [ 1645.133075] ? __switch_to+0x572/0xf70 [ 1645.133403] ? __switch_to_asm+0x3a/0x60 [ 1645.133746] ? __switch_to_asm+0x34/0x60 [ 1645.134094] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.134535] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1645.135023] ? trace_hardirqs_on+0x5b/0x180 [ 1645.135402] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1645.135871] ? __sys_sendmmsg+0x249/0x470 [ 1645.136223] __sys_sendmmsg+0x195/0x470 [ 1645.136568] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1645.136933] ? lock_downgrade+0x6d0/0x6d0 [ 1645.137293] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1645.137705] ? wait_for_completion_io+0x270/0x270 [ 1645.138112] ? rcu_read_lock_any_held+0x75/0xa0 [ 1645.138506] ? vfs_write+0x354/0xb10 [ 1645.138842] ? fput_many+0x2f/0x1a0 [ 1645.139151] ? ksys_write+0x1a9/0x260 [ 1645.139473] ? __ia32_sys_read+0xb0/0xb0 [ 1645.139826] __x64_sys_sendmmsg+0x99/0x100 [ 1645.140186] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.140619] do_syscall_64+0x33/0x40 [ 1645.140933] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.141364] RIP: 0033:0x7f862c37fb19 [ 1645.141683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.143230] RSP: 002b:00007f86298d4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1645.143869] RAX: ffffffffffffffda RBX: 00007f862c493020 RCX: 00007f862c37fb19 [ 1645.144465] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1645.145063] RBP: 00007f86298d41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.145663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1645.146259] R13: 00007ffd1a0e155f R14: 00007f86298d4300 R15: 0000000000022000 02:18:23 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:18:23 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:18:23 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 42) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:18:23 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:18:23 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xd723) 02:18:23 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 40) [ 1645.275099] FAULT_INJECTION: forcing a failure. [ 1645.275099] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.276213] CPU: 1 PID: 10397 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1645.276797] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.277491] Call Trace: [ 1645.277728] dump_stack+0x107/0x167 [ 1645.278040] should_fail.cold+0x5/0xa [ 1645.278368] ? create_object.isra.0+0x3a/0xa20 [ 1645.278763] should_failslab+0x5/0x20 [ 1645.279104] kmem_cache_alloc+0x5b/0x310 [ 1645.279454] ? mark_held_locks+0x9e/0xe0 [ 1645.279806] create_object.isra.0+0x3a/0xa20 [ 1645.280183] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.280623] kmem_cache_alloc_bulk+0x168/0x320 [ 1645.281026] io_submit_sqes+0x6fe6/0x8610 [ 1645.281399] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.281827] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.282243] ? lock_downgrade+0x6d0/0x6d0 [ 1645.282598] ? find_held_lock+0x2c/0x110 [ 1645.282959] ? io_submit_sqes+0x8610/0x8610 [ 1645.283335] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1645.283754] ? wait_for_completion_io+0x270/0x270 [ 1645.284168] ? rcu_read_lock_any_held+0x75/0xa0 [ 1645.284563] ? vfs_write+0x354/0xb10 [ 1645.284885] ? fput_many+0x2f/0x1a0 [ 1645.285204] ? ksys_write+0x1a9/0x260 [ 1645.285531] ? __ia32_sys_read+0xb0/0xb0 [ 1645.285882] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.286327] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.286767] do_syscall_64+0x33/0x40 [ 1645.287109] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.287547] RIP: 0033:0x7fe637263b19 [ 1645.288235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.291146] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1645.291788] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1645.292385] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1645.292980] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.293582] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1645.294179] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:18:23 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 38) [ 1645.335380] FAULT_INJECTION: forcing a failure. [ 1645.335380] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.336626] CPU: 1 PID: 10406 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1645.337205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.337897] Call Trace: [ 1645.338128] dump_stack+0x107/0x167 [ 1645.338439] should_fail.cold+0x5/0xa [ 1645.338764] ? create_object.isra.0+0x3a/0xa20 [ 1645.339195] should_failslab+0x5/0x20 [ 1645.339521] kmem_cache_alloc+0x5b/0x310 [ 1645.339867] ? mark_held_locks+0x9e/0xe0 [ 1645.340213] create_object.isra.0+0x3a/0xa20 [ 1645.340588] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.341020] kmem_cache_alloc_bulk+0x168/0x320 [ 1645.341408] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 1645.341849] io_submit_sqes+0x6fe6/0x8610 [ 1645.342221] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.342640] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.343094] ? lock_downgrade+0x6d0/0x6d0 [ 1645.343444] ? find_held_lock+0x2c/0x110 [ 1645.343798] ? io_submit_sqes+0x8610/0x8610 [ 1645.344169] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1645.344584] ? wait_for_completion_io+0x270/0x270 [ 1645.344992] ? rcu_read_lock_any_held+0x75/0xa0 [ 1645.345381] ? vfs_write+0x354/0xb10 [ 1645.345701] ? fput_many+0x2f/0x1a0 [ 1645.346009] ? ksys_write+0x1a9/0x260 [ 1645.346330] ? __ia32_sys_read+0xb0/0xb0 [ 1645.346680] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.347185] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.347621] do_syscall_64+0x33/0x40 [ 1645.347937] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.348367] RIP: 0033:0x7f6110e13b19 [ 1645.348682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.350215] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1645.350882] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1645.351495] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1645.352097] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.352691] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1645.353301] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1645.357472] FAULT_INJECTION: forcing a failure. [ 1645.357472] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.358626] CPU: 0 PID: 10401 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1645.359238] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1645.359942] Call Trace: [ 1645.360186] dump_stack+0x107/0x167 [ 1645.360513] should_fail.cold+0x5/0xa [ 1645.360844] ? create_object.isra.0+0x3a/0xa20 [ 1645.361240] should_failslab+0x5/0x20 [ 1645.361568] kmem_cache_alloc+0x5b/0x310 [ 1645.361915] ? mark_held_locks+0x9e/0xe0 [ 1645.362260] create_object.isra.0+0x3a/0xa20 [ 1645.362635] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1645.363093] kmem_cache_alloc_bulk+0x168/0x320 [ 1645.363488] io_submit_sqes+0x6fe6/0x8610 [ 1645.363861] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.364285] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1645.364696] ? lock_downgrade+0x6d0/0x6d0 [ 1645.365047] ? find_held_lock+0x2c/0x110 [ 1645.365394] ? io_submit_sqes+0x8610/0x8610 [ 1645.365769] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1645.366181] ? wait_for_completion_io+0x270/0x270 [ 1645.366593] ? rcu_read_lock_any_held+0x75/0xa0 [ 1645.367004] ? vfs_write+0x354/0xb10 [ 1645.367321] ? fput_many+0x2f/0x1a0 [ 1645.367634] ? ksys_write+0x1a9/0x260 [ 1645.367958] ? __ia32_sys_read+0xb0/0xb0 [ 1645.368313] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1645.368764] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1645.369205] do_syscall_64+0x33/0x40 [ 1645.369524] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1645.369959] RIP: 0033:0x7f1a7fffbb19 [ 1645.370275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1645.371837] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1645.372480] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1645.373081] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1645.373683] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1645.374282] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1645.374900] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:18:38 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:18:38 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 41) 02:18:38 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000) 02:18:38 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 43) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:18:38 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 33) 02:18:38 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, 0x0, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:18:38 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:18:38 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 39) [ 1659.951238] FAULT_INJECTION: forcing a failure. [ 1659.951238] name failslab, interval 1, probability 0, space 0, times 0 [ 1659.953319] CPU: 1 PID: 10424 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1659.955009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1659.956766] Call Trace: [ 1659.956998] dump_stack+0x107/0x167 [ 1659.957308] should_fail.cold+0x5/0xa [ 1659.958723] should_failslab+0x5/0x20 [ 1659.959067] __kmalloc_node_track_caller+0x74/0x3b0 [ 1659.960099] FAULT_INJECTION: forcing a failure. [ 1659.960099] name failslab, interval 1, probability 0, space 0, times 0 [ 1659.960552] ? alloc_skb_with_frags+0x92/0x570 [ 1659.960569] __alloc_skb+0xb1/0x5b0 [ 1659.960584] alloc_skb_with_frags+0x92/0x570 [ 1659.960595] ? trace_hardirqs_on+0x5b/0x180 [ 1659.960608] ? kmem_cache_free+0xa7/0x2d0 [ 1659.960622] sock_alloc_send_pskb+0x7af/0x930 [ 1659.960640] ? sk_alloc+0x350/0x350 [ 1659.960660] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1659.960670] ? trace_hardirqs_on+0x5b/0x180 [ 1659.960683] ? __dev_queue_xmit+0xe4e/0x2710 [ 1659.960694] ? __local_bh_enable_ip+0x9d/0x100 [ 1659.960713] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1659.960733] ? ip6_mtu+0x1bb/0x3d0 [ 1659.960744] ? lock_downgrade+0x6d0/0x6d0 [ 1659.960755] ? ip_frag_init+0x350/0x350 [ 1659.960775] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1659.960787] ? ip6_mtu+0x1e9/0x3d0 [ 1659.960799] ? ip6_setup_cork+0xfb7/0x1740 [ 1659.960812] ip6_make_skb+0x2de/0x4e0 [ 1659.960822] ? ip_frag_init+0x350/0x350 [ 1659.960836] ? ip_frag_init+0x350/0x350 [ 1659.960848] ? ip6_push_pending_frames+0xf0/0xf0 [ 1659.960865] ? ip6_dst_check+0x389/0x8d0 [ 1659.960876] ? sk_dst_check+0x235/0x4c0 [ 1659.960894] udpv6_sendmsg+0x20d3/0x2ad0 [ 1659.960909] ? ip_frag_init+0x350/0x350 [ 1659.960927] ? udp_v6_push_pending_frames+0x360/0x360 [ 1659.960952] ? lock_acquire+0x197/0x470 [ 1659.960963] ? find_held_lock+0x2c/0x110 [ 1659.960983] ? sock_has_perm+0x1ea/0x280 [ 1659.961008] ? __import_iovec+0x458/0x590 [ 1659.961021] ? udp_v6_push_pending_frames+0x360/0x360 [ 1659.961035] inet6_sendmsg+0x105/0x140 [ 1659.961047] ? inet6_compat_ioctl+0x320/0x320 [ 1659.961059] __sock_sendmsg+0xf2/0x190 [ 1659.961071] ____sys_sendmsg+0x334/0x870 [ 1659.961084] ? sock_write_iter+0x3d0/0x3d0 [ 1659.961094] ? do_recvmmsg+0x6d0/0x6d0 [ 1659.961107] ? __lock_acquire+0x1657/0x5b00 [ 1659.961127] ___sys_sendmsg+0xf3/0x170 [ 1659.961140] ? sendmsg_copy_msghdr+0x160/0x160 [ 1659.961155] ? __fget_files+0x2cf/0x520 [ 1659.961170] ? lock_acquire+0x197/0x470 [ 1659.961180] ? find_held_lock+0x2c/0x110 [ 1659.961195] ? __might_fault+0xd3/0x180 [ 1659.961206] ? lock_downgrade+0x6d0/0x6d0 [ 1659.961229] __sys_sendmmsg+0x195/0x470 [ 1659.961244] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1659.961256] ? lock_downgrade+0x6d0/0x6d0 [ 1659.961280] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1659.961295] ? wait_for_completion_io+0x270/0x270 [ 1659.961310] ? rcu_read_lock_any_held+0x75/0xa0 [ 1659.961321] ? vfs_write+0x354/0xb10 [ 1659.961333] ? fput_many+0x2f/0x1a0 [ 1659.961345] ? ksys_write+0x1a9/0x260 [ 1659.962425] ? __ia32_sys_read+0xb0/0xb0 [ 1659.962447] __x64_sys_sendmmsg+0x99/0x100 [ 1659.962462] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1659.962473] do_syscall_64+0x33/0x40 [ 1659.962484] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1659.962493] RIP: 0033:0x7f862c37fb19 [ 1659.962505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1659.962511] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1659.962525] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1659.962533] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1659.962540] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1659.962547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1659.962554] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1659.968777] FAULT_INJECTION: forcing a failure. [ 1659.968777] name failslab, interval 1, probability 0, space 0, times 0 [ 1659.969490] CPU: 0 PID: 10433 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1659.969497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1659.969501] Call Trace: [ 1659.969513] dump_stack+0x107/0x167 [ 1659.969526] should_fail.cold+0x5/0xa [ 1659.969538] ? create_object.isra.0+0x3a/0xa20 [ 1659.969551] should_failslab+0x5/0x20 [ 1659.969563] kmem_cache_alloc+0x5b/0x310 [ 1659.969578] create_object.isra.0+0x3a/0xa20 [ 1659.969591] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1659.969607] kmem_cache_alloc_bulk+0x168/0x320 [ 1659.969624] io_submit_sqes+0x6fe6/0x8610 [ 1659.969654] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1659.969666] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1659.969681] ? lock_downgrade+0x6d0/0x6d0 [ 1659.969691] ? find_held_lock+0x2c/0x110 [ 1659.969706] ? io_submit_sqes+0x8610/0x8610 [ 1659.969724] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1659.969739] ? wait_for_completion_io+0x270/0x270 [ 1659.969752] ? rcu_read_lock_any_held+0x75/0xa0 [ 1659.969763] ? vfs_write+0x354/0xb10 [ 1659.969774] ? fput_many+0x2f/0x1a0 [ 1659.969787] ? ksys_write+0x1a9/0x260 [ 1659.969799] ? __ia32_sys_read+0xb0/0xb0 [ 1659.969814] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1659.969826] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1659.969839] do_syscall_64+0x33/0x40 [ 1659.969851] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1659.969859] RIP: 0033:0x7f6110e13b19 [ 1659.969870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1659.969877] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1659.969889] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1659.969896] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1659.969903] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1659.969909] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1659.969916] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1659.980217] FAULT_INJECTION: forcing a failure. [ 1659.980217] name failslab, interval 1, probability 0, space 0, times 0 [ 1659.980234] CPU: 0 PID: 10438 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1660.025317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.026213] Call Trace: [ 1660.026500] dump_stack+0x107/0x167 [ 1660.026902] should_fail.cold+0x5/0xa [ 1660.027290] ? create_object.isra.0+0x3a/0xa20 [ 1660.027788] ? create_object.isra.0+0x3a/0xa20 [ 1660.028297] should_failslab+0x5/0x20 [ 1660.028712] kmem_cache_alloc+0x5b/0x310 [ 1660.035175] ? mark_held_locks+0x9e/0xe0 [ 1660.035612] create_object.isra.0+0x3a/0xa20 [ 1660.036069] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.036608] kmem_cache_alloc_bulk+0x168/0x320 [ 1660.037090] io_submit_sqes+0x6fe6/0x8610 [ 1660.037546] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.038070] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.038571] ? lock_downgrade+0x6d0/0x6d0 [ 1660.039015] ? find_held_lock+0x2c/0x110 [ 1660.039922] ? io_submit_sqes+0x8610/0x8610 [ 1660.047643] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1660.048732] ? wait_for_completion_io+0x270/0x270 [ 1660.049842] ? rcu_read_lock_any_held+0x75/0xa0 [ 1660.050886] ? vfs_write+0x354/0xb10 [ 1660.051735] ? fput_many+0x2f/0x1a0 [ 1660.052557] ? ksys_write+0x1a9/0x260 [ 1660.053418] ? __ia32_sys_read+0xb0/0xb0 [ 1660.054342] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.055557] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.056717] do_syscall_64+0x33/0x40 [ 1660.057559] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.058709] RIP: 0033:0x7f1a7fffbb19 [ 1660.059570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.063735] RSP: 002b:00007f1a7d550188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1660.065499] RAX: ffffffffffffffda RBX: 00007f1a8010f020 RCX: 00007f1a7fffbb19 [ 1660.067252] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1660.068912] RBP: 00007f1a7d5501d0 R08: 0000000000000000 R09: 0000000000000000 [ 1660.070558] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1660.072237] R13: 00007ffddc6a717f R14: 00007f1a7d550300 R15: 0000000000022000 [ 1660.073909] CPU: 1 PID: 10426 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1660.075590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.077547] Call Trace: [ 1660.078205] dump_stack+0x107/0x167 [ 1660.079086] should_fail.cold+0x5/0xa [ 1660.079421] ? create_object.isra.0+0x3a/0xa20 [ 1660.079805] should_failslab+0x5/0x20 [ 1660.080125] kmem_cache_alloc+0x5b/0x310 [ 1660.080466] ? mark_held_locks+0x9e/0xe0 [ 1660.080810] create_object.isra.0+0x3a/0xa20 [ 1660.081180] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.081607] kmem_cache_alloc_bulk+0x168/0x320 [ 1660.081993] io_submit_sqes+0x6fe6/0x8610 [ 1660.082360] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.082776] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.083246] ? lock_downgrade+0x6d0/0x6d0 [ 1660.083636] ? find_held_lock+0x2c/0x110 [ 1660.084029] ? io_submit_sqes+0x8610/0x8610 [ 1660.084440] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1660.084893] ? wait_for_completion_io+0x270/0x270 [ 1660.085344] ? rcu_read_lock_any_held+0x75/0xa0 [ 1660.085779] ? vfs_write+0x354/0xb10 [ 1660.086131] ? fput_many+0x2f/0x1a0 [ 1660.086472] ? ksys_write+0x1a9/0x260 [ 1660.086834] ? __ia32_sys_read+0xb0/0xb0 [ 1660.087663] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.088104] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.088535] do_syscall_64+0x33/0x40 [ 1660.088847] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.089273] RIP: 0033:0x7fe637263b19 [ 1660.089586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.091447] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1660.092084] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1660.092674] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1660.093264] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1660.093853] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1660.094443] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:18:38 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 40) 02:18:38 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 34) 02:18:38 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1660.204340] FAULT_INJECTION: forcing a failure. 02:18:38 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1660.204340] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.206755] CPU: 1 PID: 10446 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1660.208600] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.209641] Call Trace: [ 1660.210008] dump_stack+0x107/0x167 [ 1660.211007] should_fail.cold+0x5/0xa [ 1660.211939] ? create_object.isra.0+0x3a/0xa20 [ 1660.213021] should_failslab+0x5/0x20 [ 1660.213960] kmem_cache_alloc+0x5b/0x310 [ 1660.214374] ? mark_held_locks+0x9e/0xe0 [ 1660.214787] create_object.isra.0+0x3a/0xa20 [ 1660.215702] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.216948] kmem_cache_alloc_bulk+0x168/0x320 [ 1660.218044] io_submit_sqes+0x6fe6/0x8610 [ 1660.219200] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.220575] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.222092] ? lock_downgrade+0x6d0/0x6d0 [ 1660.223446] ? find_held_lock+0x2c/0x110 [ 1660.224749] ? io_submit_sqes+0x8610/0x8610 [ 1660.225923] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1660.227118] ? wait_for_completion_io+0x270/0x270 [ 1660.228372] ? rcu_read_lock_any_held+0x75/0xa0 [ 1660.229581] ? vfs_write+0x354/0xb10 [ 1660.230433] ? fput_many+0x2f/0x1a0 [ 1660.231297] ? ksys_write+0x1a9/0x260 [ 1660.232206] ? __ia32_sys_read+0xb0/0xb0 [ 1660.233219] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.234520] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.235810] do_syscall_64+0x33/0x40 [ 1660.236714] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.237899] RIP: 0033:0x7f6110e13b19 [ 1660.238759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.243276] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1660.245134] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1660.246889] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1660.248606] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1660.250320] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1660.252061] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1660.274408] FAULT_INJECTION: forcing a failure. [ 1660.274408] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.278632] CPU: 1 PID: 10452 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1660.280378] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.282343] Call Trace: [ 1660.282968] dump_stack+0x107/0x167 [ 1660.283840] should_fail.cold+0x5/0xa [ 1660.284735] ? create_object.isra.0+0x3a/0xa20 [ 1660.285886] should_failslab+0x5/0x20 [ 1660.286816] kmem_cache_alloc+0x5b/0x310 [ 1660.287853] create_object.isra.0+0x3a/0xa20 [ 1660.288941] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.290206] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1660.291469] ? alloc_skb_with_frags+0x92/0x570 [ 1660.292615] __alloc_skb+0xb1/0x5b0 [ 1660.293501] alloc_skb_with_frags+0x92/0x570 [ 1660.294581] ? trace_hardirqs_on+0x5b/0x180 [ 1660.295630] ? kmem_cache_free+0xa7/0x2d0 [ 1660.296664] sock_alloc_send_pskb+0x7af/0x930 [ 1660.297742] ? sk_alloc+0x350/0x350 [ 1660.298619] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1660.299832] ? trace_hardirqs_on+0x5b/0x180 [ 1660.300879] ? __dev_queue_xmit+0xe4e/0x2710 [ 1660.301946] ? __local_bh_enable_ip+0x9d/0x100 [ 1660.303078] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1660.304308] ? ip6_mtu+0x1bb/0x3d0 [ 1660.305174] ? lock_downgrade+0x6d0/0x6d0 [ 1660.306169] ? ip_frag_init+0x350/0x350 02:18:38 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 44) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1660.307126] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1660.308320] ? ip6_mtu+0x1e9/0x3d0 [ 1660.309179] ? ip6_setup_cork+0xfb7/0x1740 [ 1660.310216] ip6_make_skb+0x2de/0x4e0 [ 1660.311152] ? ip_frag_init+0x350/0x350 [ 1660.312112] ? ip_frag_init+0x350/0x350 [ 1660.313088] ? ip6_push_pending_frames+0xf0/0xf0 [ 1660.314236] ? ip6_dst_check+0x389/0x8d0 [ 1660.315226] ? sk_dst_check+0x235/0x4c0 [ 1660.316160] udpv6_sendmsg+0x20d3/0x2ad0 [ 1660.317114] ? ip_frag_init+0x350/0x350 [ 1660.318050] ? udp_v6_push_pending_frames+0x360/0x360 [ 1660.319338] ? perf_event_task_disable+0x390/0x390 [ 1660.320517] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1660.321672] ? lock_acquire+0x197/0x470 [ 1660.322648] ? find_held_lock+0x2c/0x110 [ 1660.323620] ? sock_has_perm+0x1ea/0x280 [ 1660.324585] ? __import_iovec+0x458/0x590 [ 1660.325541] ? udp_v6_push_pending_frames+0x360/0x360 [ 1660.326800] inet6_sendmsg+0x105/0x140 [ 1660.327752] ? inet6_compat_ioctl+0x320/0x320 [ 1660.328846] __sock_sendmsg+0xf2/0x190 [ 1660.329749] ____sys_sendmsg+0x334/0x870 [ 1660.330703] ? sock_write_iter+0x3d0/0x3d0 [ 1660.331733] ? do_recvmmsg+0x6d0/0x6d0 [ 1660.332698] ? __lock_acquire+0x1657/0x5b00 [ 1660.333722] ___sys_sendmsg+0xf3/0x170 [ 1660.334686] ? sendmsg_copy_msghdr+0x160/0x160 [ 1660.335811] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.337099] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1660.338202] ? trace_hardirqs_on+0x5b/0x180 [ 1660.339272] ? lock_acquire+0x197/0x470 [ 1660.340227] ? find_held_lock+0x2c/0x110 [ 1660.341233] ? __might_fault+0xd3/0x180 [ 1660.342157] ? lock_downgrade+0x6d0/0x6d0 [ 1660.343149] ? io_schedule_timeout+0x140/0x140 [ 1660.344269] __sys_sendmmsg+0x195/0x470 [ 1660.345267] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1660.346363] ? lock_downgrade+0x6d0/0x6d0 [ 1660.347422] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1660.348568] ? wait_for_completion_io+0x270/0x270 [ 1660.349753] ? rcu_read_lock_any_held+0x75/0xa0 [ 1660.350877] ? vfs_write+0x354/0xb10 [ 1660.351753] ? fput_many+0x2f/0x1a0 [ 1660.352588] ? ksys_write+0x1a9/0x260 [ 1660.353480] ? __ia32_sys_read+0xb0/0xb0 [ 1660.354454] __x64_sys_sendmmsg+0x99/0x100 [ 1660.354971] FAULT_INJECTION: forcing a failure. [ 1660.354971] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1660.355456] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.358004] do_syscall_64+0x33/0x40 [ 1660.358839] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.359998] RIP: 0033:0x7f862c37fb19 [ 1660.360840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.364972] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1660.366686] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1660.368267] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1660.369880] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1660.371481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1660.373115] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1660.374735] CPU: 0 PID: 10455 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1660.375593] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.376592] Call Trace: [ 1660.376928] dump_stack+0x107/0x167 [ 1660.377373] should_fail.cold+0x5/0xa [ 1660.377828] __alloc_pages_nodemask+0x182/0x600 [ 1660.378403] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1660.379142] alloc_pages_current+0x187/0x280 [ 1660.379687] allocate_slab+0x26f/0x380 [ 1660.380175] ___slab_alloc+0x470/0x700 [ 1660.380663] ? io_submit_sqes+0x6fe6/0x8610 [ 1660.381182] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.381828] ? trace_hardirqs_on+0x5b/0x180 [ 1660.382370] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 1660.382969] kmem_cache_alloc_bulk+0x1ec/0x320 [ 1660.383525] io_submit_sqes+0x6fe6/0x8610 [ 1660.384063] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.384685] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.385286] ? lock_downgrade+0x6d0/0x6d0 [ 1660.385801] ? find_held_lock+0x2c/0x110 [ 1660.386309] ? io_submit_sqes+0x8610/0x8610 [ 1660.386846] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1660.387429] ? wait_for_completion_io+0x270/0x270 [ 1660.388032] ? rcu_read_lock_any_held+0x75/0xa0 [ 1660.388599] ? vfs_write+0x354/0xb10 [ 1660.389056] ? fput_many+0x2f/0x1a0 [ 1660.389489] ? ksys_write+0x1a9/0x260 [ 1660.389942] ? __ia32_sys_read+0xb0/0xb0 [ 1660.390446] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.391076] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.391718] do_syscall_64+0x33/0x40 [ 1660.392182] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.392795] RIP: 0033:0x7fe637263b19 [ 1660.393257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.395467] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1660.396395] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1660.397263] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1660.398104] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1660.398979] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1660.399839] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:18:38 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000) 02:18:38 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:18:38 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:18:38 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 41) [ 1660.516048] FAULT_INJECTION: forcing a failure. [ 1660.516048] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.518102] CPU: 0 PID: 10472 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1660.519823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1660.520803] Call Trace: [ 1660.521432] dump_stack+0x107/0x167 [ 1660.522295] should_fail.cold+0x5/0xa [ 1660.523295] ? create_object.isra.0+0x3a/0xa20 [ 1660.523884] should_failslab+0x5/0x20 [ 1660.524883] kmem_cache_alloc+0x5b/0x310 [ 1660.525377] ? mark_held_locks+0x9e/0xe0 [ 1660.526387] create_object.isra.0+0x3a/0xa20 [ 1660.526937] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1660.528237] kmem_cache_alloc_bulk+0x168/0x320 [ 1660.528821] io_submit_sqes+0x6fe6/0x8610 [ 1660.529891] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.530507] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1660.531736] ? lock_downgrade+0x6d0/0x6d0 [ 1660.532234] ? find_held_lock+0x2c/0x110 [ 1660.533265] ? io_submit_sqes+0x8610/0x8610 [ 1660.533798] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1660.535007] ? wait_for_completion_io+0x270/0x270 [ 1660.535609] ? rcu_read_lock_any_held+0x75/0xa0 [ 1660.536779] ? vfs_write+0x354/0xb10 [ 1660.537245] ? fput_many+0x2f/0x1a0 [ 1660.538139] ? ksys_write+0x1a9/0x260 [ 1660.538623] ? __ia32_sys_read+0xb0/0xb0 [ 1660.539660] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1660.540324] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1660.541621] do_syscall_64+0x33/0x40 [ 1660.542073] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1660.543384] RIP: 0033:0x7f6110e13b19 [ 1660.543854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1660.548528] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1660.549465] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1660.551356] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1660.553194] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1660.555079] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1660.556974] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:18:54 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 35) 02:18:54 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:18:54 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 42) 02:18:54 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1675.733941] FAULT_INJECTION: forcing a failure. [ 1675.733941] name failslab, interval 1, probability 0, space 0, times 0 02:18:54 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000) 02:18:54 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:18:54 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 42) 02:18:54 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 45) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1675.734959] CPU: 0 PID: 10483 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1675.743546] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.744230] Call Trace: [ 1675.744457] dump_stack+0x107/0x167 [ 1675.744766] should_fail.cold+0x5/0xa [ 1675.745092] ? create_object.isra.0+0x3a/0xa20 [ 1675.745478] should_failslab+0x5/0x20 [ 1675.745819] kmem_cache_alloc+0x5b/0x310 [ 1675.746167] ? mark_held_locks+0x9e/0xe0 [ 1675.746511] create_object.isra.0+0x3a/0xa20 [ 1675.746885] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.747330] kmem_cache_alloc_bulk+0x168/0x320 [ 1675.747719] io_submit_sqes+0x6fe6/0x8610 [ 1675.748086] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.748506] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.748912] ? lock_downgrade+0x6d0/0x6d0 [ 1675.749260] ? find_held_lock+0x2c/0x110 [ 1675.749611] ? io_submit_sqes+0x8610/0x8610 [ 1675.749979] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1675.750386] ? wait_for_completion_io+0x270/0x270 [ 1675.750793] ? rcu_read_lock_any_held+0x75/0xa0 [ 1675.751187] ? vfs_write+0x354/0xb10 [ 1675.751509] ? fput_many+0x2f/0x1a0 [ 1675.751818] ? ksys_write+0x1a9/0x260 [ 1675.752139] ? __ia32_sys_read+0xb0/0xb0 [ 1675.752489] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.752927] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.753360] do_syscall_64+0x33/0x40 [ 1675.753673] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.754099] RIP: 0033:0x7f6110e13b19 [ 1675.754414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.755946] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1675.756580] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1675.757173] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1675.757766] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1675.758357] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1675.758947] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:18:54 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1675.764289] FAULT_INJECTION: forcing a failure. [ 1675.764289] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.765325] CPU: 0 PID: 10491 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1675.765912] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.766604] Call Trace: [ 1675.766831] dump_stack+0x107/0x167 [ 1675.767149] should_fail.cold+0x5/0xa [ 1675.767475] ? create_object.isra.0+0x3a/0xa20 [ 1675.767866] should_failslab+0x5/0x20 [ 1675.768190] kmem_cache_alloc+0x5b/0x310 [ 1675.768538] ? mark_held_locks+0x9e/0xe0 [ 1675.768888] create_object.isra.0+0x3a/0xa20 [ 1675.769263] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.769697] kmem_cache_alloc_bulk+0x168/0x320 [ 1675.775196] io_submit_sqes+0x6fe6/0x8610 [ 1675.775563] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.775978] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.776380] ? lock_downgrade+0x6d0/0x6d0 [ 1675.776725] ? find_held_lock+0x2c/0x110 [ 1675.777066] ? io_submit_sqes+0x8610/0x8610 [ 1675.777431] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1675.777839] ? wait_for_completion_io+0x270/0x270 [ 1675.778242] ? rcu_read_lock_any_held+0x75/0xa0 [ 1675.778629] ? vfs_write+0x354/0xb10 [ 1675.778941] ? fput_many+0x2f/0x1a0 [ 1675.779259] ? ksys_write+0x1a9/0x260 [ 1675.779580] ? __ia32_sys_read+0xb0/0xb0 [ 1675.779923] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.780359] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.780789] do_syscall_64+0x33/0x40 [ 1675.781101] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.781526] RIP: 0033:0x7fe637263b19 [ 1675.781838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.783356] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1675.783987] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1675.784581] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1675.785171] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1675.785765] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1675.786353] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1675.794771] FAULT_INJECTION: forcing a failure. [ 1675.794771] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.795749] CPU: 0 PID: 10485 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1675.796322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.797014] Call Trace: [ 1675.797238] dump_stack+0x107/0x167 [ 1675.797547] should_fail.cold+0x5/0xa [ 1675.797872] should_failslab+0x5/0x20 [ 1675.798194] __kmalloc_node_track_caller+0x74/0x3b0 [ 1675.798614] ? alloc_skb_with_frags+0x92/0x570 [ 1675.799002] __alloc_skb+0xb1/0x5b0 [ 1675.799326] alloc_skb_with_frags+0x92/0x570 [ 1675.799696] ? trace_hardirqs_on+0x5b/0x180 [ 1675.800062] ? kmem_cache_free+0xa7/0x2d0 [ 1675.800416] sock_alloc_send_pskb+0x7af/0x930 [ 1675.800807] ? sk_alloc+0x350/0x350 [ 1675.801119] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1675.801555] ? trace_hardirqs_on+0x5b/0x180 [ 1675.801916] ? __dev_queue_xmit+0xe4e/0x2710 [ 1675.802284] ? __local_bh_enable_ip+0x9d/0x100 [ 1675.802674] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1675.803100] ? ip6_mtu+0x1bb/0x3d0 [ 1675.803414] ? lock_downgrade+0x6d0/0x6d0 [ 1675.803770] ? ip_frag_init+0x350/0x350 [ 1675.804113] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1675.804505] ? ip6_mtu+0x1e9/0x3d0 [ 1675.804939] ? ip6_setup_cork+0xfb7/0x1740 [ 1675.805305] ip6_make_skb+0x2de/0x4e0 [ 1675.805627] ? ip_frag_init+0x350/0x350 [ 1675.805969] ? ip_frag_init+0x350/0x350 [ 1675.806306] ? ip6_push_pending_frames+0xf0/0xf0 [ 1675.806720] ? ip6_dst_check+0x389/0x8d0 [ 1675.807061] ? sk_dst_check+0x235/0x4c0 [ 1675.807419] udpv6_sendmsg+0x20d3/0x2ad0 [ 1675.807766] ? ip_frag_init+0x350/0x350 [ 1675.808108] ? udp_v6_push_pending_frames+0x360/0x360 [ 1675.808554] ? lock_acquire+0x197/0x470 [ 1675.808889] ? find_held_lock+0x2c/0x110 [ 1675.809241] ? sock_has_perm+0x1ea/0x280 [ 1675.809599] ? __import_iovec+0x458/0x590 [ 1675.809953] ? udp_v6_push_pending_frames+0x360/0x360 [ 1675.810397] inet6_sendmsg+0x105/0x140 [ 1675.810728] ? inet6_compat_ioctl+0x320/0x320 [ 1675.811106] __sock_sendmsg+0xf2/0x190 [ 1675.811450] ____sys_sendmsg+0x334/0x870 [ 1675.811796] ? sock_write_iter+0x3d0/0x3d0 [ 1675.812152] ? do_recvmmsg+0x6d0/0x6d0 [ 1675.812482] ? __lock_acquire+0x1657/0x5b00 [ 1675.812854] ___sys_sendmsg+0xf3/0x170 [ 1675.813185] ? sendmsg_copy_msghdr+0x160/0x160 [ 1675.813573] ? __fget_files+0x2cf/0x520 [ 1675.814025] ? lock_acquire+0x197/0x470 [ 1675.814359] ? find_held_lock+0x2c/0x110 [ 1675.814704] ? __might_fault+0xd3/0x180 [ 1675.815039] ? lock_downgrade+0x6d0/0x6d0 [ 1675.815416] __sys_sendmmsg+0x195/0x470 [ 1675.815764] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1675.816132] ? lock_downgrade+0x6d0/0x6d0 [ 1675.816493] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1675.816903] ? wait_for_completion_io+0x270/0x270 [ 1675.817311] ? rcu_read_lock_any_held+0x75/0xa0 [ 1675.817701] ? vfs_write+0x354/0xb10 [ 1675.818017] ? fput_many+0x2f/0x1a0 [ 1675.818326] ? ksys_write+0x1a9/0x260 [ 1675.818655] ? __ia32_sys_read+0xb0/0xb0 [ 1675.819004] __x64_sys_sendmmsg+0x99/0x100 [ 1675.819375] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.819809] do_syscall_64+0x33/0x40 [ 1675.820124] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.820556] RIP: 0033:0x7f862c37fb19 [ 1675.820872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.822408] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1675.823054] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1675.823661] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1675.824258] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1675.824855] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1675.825449] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1675.831166] FAULT_INJECTION: forcing a failure. [ 1675.831166] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.832157] CPU: 0 PID: 10505 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1675.832734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.833423] Call Trace: [ 1675.833649] dump_stack+0x107/0x167 [ 1675.833961] should_fail.cold+0x5/0xa [ 1675.834285] ? create_object.isra.0+0x3a/0xa20 [ 1675.834679] should_failslab+0x5/0x20 [ 1675.835004] kmem_cache_alloc+0x5b/0x310 [ 1675.835364] ? mark_held_locks+0x9e/0xe0 [ 1675.835715] create_object.isra.0+0x3a/0xa20 [ 1675.836092] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1675.836528] kmem_cache_alloc_bulk+0x168/0x320 [ 1675.836922] io_submit_sqes+0x6fe6/0x8610 [ 1675.837295] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.837721] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.838138] ? lock_downgrade+0x6d0/0x6d0 [ 1675.838492] ? find_held_lock+0x2c/0x110 [ 1675.838843] ? io_submit_sqes+0x8610/0x8610 [ 1675.839223] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1675.839645] ? wait_for_completion_io+0x270/0x270 [ 1675.840056] ? rcu_read_lock_any_held+0x75/0xa0 [ 1675.840452] ? vfs_write+0x354/0xb10 [ 1675.840772] ? fput_many+0x2f/0x1a0 [ 1675.841084] ? ksys_write+0x1a9/0x260 [ 1675.841411] ? __ia32_sys_read+0xb0/0xb0 [ 1675.841769] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.842217] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.842660] do_syscall_64+0x33/0x40 02:18:54 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 1) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1675.842979] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.843423] RIP: 0033:0x7f1a7fffbb19 [ 1675.851240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.852749] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1675.853382] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1675.853974] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1675.854564] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1675.855161] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1675.855757] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:18:54 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1675.904203] FAULT_INJECTION: forcing a failure. [ 1675.904203] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.905233] CPU: 1 PID: 10512 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1675.905821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.906525] Call Trace: [ 1675.906876] dump_stack+0x107/0x167 [ 1675.907200] should_fail.cold+0x5/0xa [ 1675.907529] should_failslab+0x5/0x20 [ 1675.907857] kmem_cache_alloc_bulk+0x4b/0x320 [ 1675.908240] io_submit_sqes+0x6fe6/0x8610 [ 1675.908590] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1675.909010] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.909428] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.909842] ? lock_downgrade+0x6d0/0x6d0 [ 1675.910189] ? find_held_lock+0x2c/0x110 [ 1675.910535] ? io_submit_sqes+0x8610/0x8610 [ 1675.910906] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1675.911345] ? wait_for_completion_io+0x270/0x270 [ 1675.911751] ? rcu_read_lock_any_held+0x75/0xa0 [ 1675.912140] ? vfs_write+0x354/0xb10 [ 1675.912453] ? fput_many+0x2f/0x1a0 [ 1675.912761] ? ksys_write+0x1a9/0x260 [ 1675.913081] ? __ia32_sys_read+0xb0/0xb0 [ 1675.913425] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.913985] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.914419] do_syscall_64+0x33/0x40 [ 1675.914732] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.915174] RIP: 0033:0x7f8c2e1fdb19 [ 1675.915498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.917014] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1675.917651] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1675.918243] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1675.918837] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1675.927450] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1675.928047] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:18:54 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:18:54 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 43) 02:18:54 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5000000) [ 1675.960026] FAULT_INJECTION: forcing a failure. [ 1675.960026] name failslab, interval 1, probability 0, space 0, times 0 [ 1675.961150] CPU: 0 PID: 10515 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1675.961735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1675.962430] Call Trace: [ 1675.962664] dump_stack+0x107/0x167 [ 1675.962980] should_fail.cold+0x5/0xa [ 1675.963334] should_failslab+0x5/0x20 [ 1675.963663] kmem_cache_alloc_bulk+0x4b/0x320 [ 1675.964055] io_submit_sqes+0x6fe6/0x8610 [ 1675.964427] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.964852] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1675.965271] ? lock_downgrade+0x6d0/0x6d0 [ 1675.965626] ? find_held_lock+0x2c/0x110 [ 1675.965979] ? io_submit_sqes+0x8610/0x8610 [ 1675.966356] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1675.966773] ? wait_for_completion_io+0x270/0x270 [ 1675.967199] ? rcu_read_lock_any_held+0x75/0xa0 [ 1675.967603] ? vfs_write+0x354/0xb10 [ 1675.967930] ? fput_many+0x2f/0x1a0 [ 1675.968246] ? ksys_write+0x1a9/0x260 [ 1675.968581] ? __ia32_sys_read+0xb0/0xb0 [ 1675.968934] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1675.969383] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1675.969823] do_syscall_64+0x33/0x40 [ 1675.970143] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1675.970579] RIP: 0033:0x7f6110e13b19 [ 1675.970900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1675.972453] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1675.973096] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1675.973694] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1675.974298] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 02:18:54 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 46) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1675.974895] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1675.975513] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:18:54 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 36) [ 1676.009750] FAULT_INJECTION: forcing a failure. [ 1676.009750] name failslab, interval 1, probability 0, space 0, times 0 [ 1676.011748] CPU: 0 PID: 10524 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1676.013270] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1676.015090] Call Trace: [ 1676.015680] dump_stack+0x107/0x167 [ 1676.016485] should_fail.cold+0x5/0xa [ 1676.017327] ? create_object.isra.0+0x3a/0xa20 [ 1676.018332] should_failslab+0x5/0x20 [ 1676.019181] kmem_cache_alloc+0x5b/0x310 [ 1676.020087] ? mark_held_locks+0x9e/0xe0 [ 1676.020995] create_object.isra.0+0x3a/0xa20 [ 1676.021970] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1676.023101] kmem_cache_alloc_bulk+0x168/0x320 [ 1676.024111] io_submit_sqes+0x6fe6/0x8610 [ 1676.025052] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1676.026147] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1676.027227] ? lock_downgrade+0x6d0/0x6d0 [ 1676.028142] ? find_held_lock+0x2c/0x110 [ 1676.029039] ? io_submit_sqes+0x8610/0x8610 [ 1676.029989] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1676.031063] ? wait_for_completion_io+0x270/0x270 [ 1676.032130] ? rcu_read_lock_any_held+0x75/0xa0 [ 1676.033154] ? vfs_write+0x354/0xb10 [ 1676.033969] ? fput_many+0x2f/0x1a0 [ 1676.034775] ? ksys_write+0x1a9/0x260 [ 1676.035617] ? __ia32_sys_read+0xb0/0xb0 [ 1676.036515] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1676.037664] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1676.038807] do_syscall_64+0x33/0x40 [ 1676.039631] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1676.040783] RIP: 0033:0x7fe637263b19 [ 1676.041600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1676.045686] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1676.047366] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1676.048935] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1676.050500] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1676.052082] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1676.053654] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:18:54 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 43) 02:18:54 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8000000) [ 1676.084177] FAULT_INJECTION: forcing a failure. [ 1676.084177] name failslab, interval 1, probability 0, space 0, times 0 [ 1676.085940] CPU: 1 PID: 10531 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1676.086590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1676.087368] Call Trace: [ 1676.087636] dump_stack+0x107/0x167 [ 1676.087987] should_fail.cold+0x5/0xa [ 1676.088358] ? create_object.isra.0+0x3a/0xa20 [ 1676.088794] should_failslab+0x5/0x20 [ 1676.089162] kmem_cache_alloc+0x5b/0x310 [ 1676.089555] create_object.isra.0+0x3a/0xa20 [ 1676.089976] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1676.091140] kmem_cache_alloc+0x159/0x310 [ 1676.092081] skb_clone+0x14f/0x3d0 [ 1676.092892] ip6_finish_output2+0x1225/0x1fe0 [ 1676.093882] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1676.094990] ip6_output+0x3b8/0x7e0 [ 1676.095795] ip6_local_out+0xb4/0x1a0 [ 1676.096635] ip6_send_skb+0x112/0x460 [ 1676.097576] udp_v6_send_skb+0x7aa/0x15b0 [ 1676.098502] udpv6_sendmsg+0x2116/0x2ad0 [ 1676.099399] ? ip_frag_init+0x350/0x350 [ 1676.100295] ? udp_v6_push_pending_frames+0x360/0x360 [ 1676.101415] ? perf_event_task_disable+0x390/0x390 [ 1676.102497] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1676.103558] ? lock_acquire+0x197/0x470 [ 1676.104429] ? find_held_lock+0x2c/0x110 [ 1676.105313] ? sock_has_perm+0x1ea/0x280 [ 1676.106215] ? __import_iovec+0x458/0x590 [ 1676.107113] ? udp_v6_push_pending_frames+0x360/0x360 [ 1676.108270] inet6_sendmsg+0x105/0x140 [ 1676.109104] ? inet6_compat_ioctl+0x320/0x320 [ 1676.110081] __sock_sendmsg+0xf2/0x190 [ 1676.110920] ____sys_sendmsg+0x334/0x870 [ 1676.111831] ? sock_write_iter+0x3d0/0x3d0 [ 1676.112741] ? do_recvmmsg+0x6d0/0x6d0 [ 1676.113597] ? __lock_acquire+0x1657/0x5b00 [ 1676.114534] ___sys_sendmsg+0xf3/0x170 [ 1676.115392] ? sendmsg_copy_msghdr+0x160/0x160 [ 1676.116376] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1676.117523] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1676.118486] ? trace_hardirqs_on+0x5b/0x180 [ 1676.119444] ? lock_acquire+0x197/0x470 [ 1676.120292] ? find_held_lock+0x2c/0x110 [ 1676.121183] ? __might_fault+0xd3/0x180 [ 1676.122040] ? lock_downgrade+0x6d0/0x6d0 [ 1676.122949] ? io_schedule_timeout+0x140/0x140 [ 1676.123953] __sys_sendmmsg+0x195/0x470 [ 1676.124832] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1676.125755] ? lock_downgrade+0x6d0/0x6d0 [ 1676.126669] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1676.127714] ? wait_for_completion_io+0x270/0x270 [ 1676.128770] ? rcu_read_lock_any_held+0x75/0xa0 [ 1676.129769] ? vfs_write+0x354/0xb10 [ 1676.130579] ? fput_many+0x2f/0x1a0 [ 1676.131368] ? ksys_write+0x1a9/0x260 [ 1676.132202] ? __ia32_sys_read+0xb0/0xb0 [ 1676.133076] __x64_sys_sendmmsg+0x99/0x100 [ 1676.133997] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1676.135105] do_syscall_64+0x33/0x40 [ 1676.135932] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1676.137035] RIP: 0033:0x7f862c37fb19 [ 1676.137845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1676.141893] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1676.143558] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1676.145091] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1676.146640] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1676.148187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1676.149753] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1676.176387] FAULT_INJECTION: forcing a failure. [ 1676.176387] name failslab, interval 1, probability 0, space 0, times 0 [ 1676.178944] CPU: 1 PID: 10537 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1676.180456] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1676.182247] Call Trace: [ 1676.182824] dump_stack+0x107/0x167 [ 1676.183616] should_fail.cold+0x5/0xa [ 1676.184455] should_failslab+0x5/0x20 [ 1676.185270] kmem_cache_alloc_bulk+0x4b/0x320 [ 1676.186266] io_submit_sqes+0x6fe6/0x8610 [ 1676.187180] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1676.188298] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1676.189360] ? lock_downgrade+0x6d0/0x6d0 [ 1676.190262] ? find_held_lock+0x2c/0x110 [ 1676.191145] ? io_submit_sqes+0x8610/0x8610 [ 1676.192103] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1676.193187] ? wait_for_completion_io+0x270/0x270 [ 1676.194290] ? rcu_read_lock_any_held+0x75/0xa0 [ 1676.195356] ? vfs_write+0x354/0xb10 [ 1676.196205] ? fput_many+0x2f/0x1a0 [ 1676.196995] ? ksys_write+0x1a9/0x260 [ 1676.197826] ? __ia32_sys_read+0xb0/0xb0 [ 1676.198698] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1676.199858] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1676.200987] do_syscall_64+0x33/0x40 [ 1676.201797] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1676.202898] RIP: 0033:0x7f1a7fffbb19 [ 1676.203725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1676.207741] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1676.209397] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1676.210935] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1676.212498] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1676.214036] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1676.215607] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:19:08 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 2) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:19:08 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 37) 02:19:08 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 44) 02:19:08 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:08 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 44) 02:19:08 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x0, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:08 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe020000) 02:19:08 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 47) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1689.701093] FAULT_INJECTION: forcing a failure. [ 1689.701093] name failslab, interval 1, probability 0, space 0, times 0 [ 1689.702236] CPU: 1 PID: 10553 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1689.702858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1689.703621] Call Trace: [ 1689.703881] dump_stack+0x107/0x167 [ 1689.704217] should_fail.cold+0x5/0xa [ 1689.704576] ? create_object.isra.0+0x3a/0xa20 [ 1689.704995] should_failslab+0x5/0x20 [ 1689.705342] kmem_cache_alloc+0x5b/0x310 [ 1689.705717] create_object.isra.0+0x3a/0xa20 [ 1689.706115] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1689.706581] kmem_cache_alloc_bulk+0x168/0x320 [ 1689.707007] io_submit_sqes+0x6fe6/0x8610 [ 1689.707414] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1689.707872] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.708328] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.708778] ? lock_downgrade+0x6d0/0x6d0 [ 1689.709163] ? find_held_lock+0x2c/0x110 [ 1689.709546] ? io_submit_sqes+0x8610/0x8610 [ 1689.709958] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1689.710406] ? wait_for_completion_io+0x270/0x270 [ 1689.710859] ? rcu_read_lock_any_held+0x75/0xa0 [ 1689.711292] ? vfs_write+0x354/0xb10 [ 1689.711649] ? fput_many+0x2f/0x1a0 [ 1689.711996] ? ksys_write+0x1a9/0x260 [ 1689.712352] ? __ia32_sys_read+0xb0/0xb0 [ 1689.712734] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1689.713217] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1689.713525] FAULT_INJECTION: forcing a failure. [ 1689.713525] name failslab, interval 1, probability 0, space 0, times 0 [ 1689.713674] do_syscall_64+0x33/0x40 [ 1689.713691] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1689.715371] RIP: 0033:0x7f8c2e1fdb19 [ 1689.715704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1689.717239] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1689.717888] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1689.718487] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1689.719092] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.719710] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1689.720304] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1689.720929] CPU: 0 PID: 10554 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1689.721548] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1689.722282] Call Trace: [ 1689.722538] dump_stack+0x107/0x167 [ 1689.722878] should_fail.cold+0x5/0xa [ 1689.723230] ? create_object.isra.0+0x3a/0xa20 [ 1689.727726] should_failslab+0x5/0x20 [ 1689.728089] kmem_cache_alloc+0x5b/0x310 [ 1689.728471] create_object.isra.0+0x3a/0xa20 [ 1689.728885] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1689.729343] kmem_cache_alloc+0x159/0x310 [ 1689.729732] skb_clone+0x14f/0x3d0 [ 1689.730070] ip6_finish_output2+0x1225/0x1fe0 [ 1689.730498] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1689.730957] ip6_output+0x3b8/0x7e0 [ 1689.731326] ip6_local_out+0xb4/0x1a0 [ 1689.731686] ip6_send_skb+0x112/0x460 [ 1689.732045] udp_v6_send_skb+0x7aa/0x15b0 [ 1689.732438] udpv6_sendmsg+0x2116/0x2ad0 [ 1689.732808] ? ip_frag_init+0x350/0x350 [ 1689.733179] ? udp_v6_push_pending_frames+0x360/0x360 [ 1689.733668] ? perf_event_task_disable+0x390/0x390 [ 1689.734124] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1689.734582] ? lock_acquire+0x197/0x470 [ 1689.734957] ? find_held_lock+0x2c/0x110 [ 1689.735362] ? sock_has_perm+0x1ea/0x280 [ 1689.735759] ? security_socket_sendmsg+0x22/0xb0 [ 1689.736197] ? udp_v6_push_pending_frames+0x360/0x360 [ 1689.736679] inet6_sendmsg+0x105/0x140 [ 1689.737060] ? inet6_compat_ioctl+0x320/0x320 [ 1689.737473] __sock_sendmsg+0xf2/0x190 [ 1689.737848] ____sys_sendmsg+0x334/0x870 [ 1689.738232] ? sock_write_iter+0x3d0/0x3d0 [ 1689.738621] ? do_recvmmsg+0x6d0/0x6d0 [ 1689.739009] ___sys_sendmsg+0xf3/0x170 [ 1689.739396] ? sendmsg_copy_msghdr+0x160/0x160 [ 1689.739825] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1689.740242] ? _raw_spin_unlock_irq+0x27/0x30 [ 1689.740661] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1689.741087] ? finish_task_switch+0x126/0x5d0 [ 1689.741504] ? finish_task_switch+0xef/0x5d0 [ 1689.741915] ? __switch_to+0x572/0xf70 [ 1689.742278] ? __switch_to_asm+0x3a/0x60 [ 1689.742654] ? __switch_to_asm+0x34/0x60 [ 1689.743037] ? __schedule+0x82c/0x1ea0 [ 1689.743430] ? io_schedule_timeout+0x140/0x140 [ 1689.743877] __sys_sendmmsg+0x195/0x470 [ 1689.744258] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1689.744662] ? lock_downgrade+0x6d0/0x6d0 [ 1689.745063] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1689.745502] ? wait_for_completion_io+0x270/0x270 [ 1689.745954] ? rcu_read_lock_any_held+0x75/0xa0 [ 1689.746380] ? vfs_write+0x354/0xb10 [ 1689.746727] ? fput_many+0x2f/0x1a0 [ 1689.747075] ? ksys_write+0x1a9/0x260 [ 1689.747447] ? __ia32_sys_read+0xb0/0xb0 [ 1689.747830] __x64_sys_sendmmsg+0x99/0x100 [ 1689.748224] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1689.748705] do_syscall_64+0x33/0x40 [ 1689.749050] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1689.749524] RIP: 0033:0x7f862c37fb19 [ 1689.749870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1689.755556] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1689.756258] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1689.756910] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1689.757549] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.758183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1689.758805] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1689.769911] FAULT_INJECTION: forcing a failure. [ 1689.769911] name failslab, interval 1, probability 0, space 0, times 0 [ 1689.770988] CPU: 0 PID: 10558 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1689.771607] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1689.772295] Call Trace: [ 1689.772525] dump_stack+0x107/0x167 [ 1689.772834] should_fail.cold+0x5/0xa [ 1689.773164] ? create_object.isra.0+0x3a/0xa20 [ 1689.773554] should_failslab+0x5/0x20 [ 1689.773878] kmem_cache_alloc+0x5b/0x310 [ 1689.774225] ? mark_held_locks+0x9e/0xe0 [ 1689.774570] create_object.isra.0+0x3a/0xa20 [ 1689.774943] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1689.775406] kmem_cache_alloc_bulk+0x168/0x320 [ 1689.775835] io_submit_sqes+0x6fe6/0x8610 [ 1689.776249] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.776711] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.777159] ? lock_downgrade+0x6d0/0x6d0 [ 1689.777534] ? find_held_lock+0x2c/0x110 [ 1689.777912] ? io_submit_sqes+0x8610/0x8610 [ 1689.778317] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1689.778765] ? wait_for_completion_io+0x270/0x270 [ 1689.779225] ? rcu_read_lock_any_held+0x75/0xa0 [ 1689.779662] ? vfs_write+0x354/0xb10 [ 1689.780009] ? fput_many+0x2f/0x1a0 [ 1689.780369] ? ksys_write+0x1a9/0x260 [ 1689.780724] ? __ia32_sys_read+0xb0/0xb0 [ 1689.781107] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1689.781601] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1689.782084] do_syscall_64+0x33/0x40 [ 1689.782433] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1689.782910] RIP: 0033:0x7fe637263b19 [ 1689.783257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1689.784917] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1689.785604] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1689.786243] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1689.786889] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.787554] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1689.788204] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1689.792156] FAULT_INJECTION: forcing a failure. [ 1689.792156] name failslab, interval 1, probability 0, space 0, times 0 [ 1689.793310] CPU: 1 PID: 10550 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1689.793950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1689.794710] Call Trace: [ 1689.794963] dump_stack+0x107/0x167 [ 1689.799341] should_fail.cold+0x5/0xa [ 1689.799695] ? create_object.isra.0+0x3a/0xa20 [ 1689.800121] should_failslab+0x5/0x20 [ 1689.800478] kmem_cache_alloc+0x5b/0x310 [ 1689.800858] ? mark_held_locks+0x9e/0xe0 [ 1689.801240] create_object.isra.0+0x3a/0xa20 [ 1689.801650] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1689.802130] kmem_cache_alloc_bulk+0x168/0x320 [ 1689.802563] io_submit_sqes+0x6fe6/0x8610 [ 1689.802982] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.803465] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.803922] ? lock_downgrade+0x6d0/0x6d0 [ 1689.804313] ? find_held_lock+0x2c/0x110 [ 1689.804700] ? io_submit_sqes+0x8610/0x8610 [ 1689.805116] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1689.805573] ? wait_for_completion_io+0x270/0x270 [ 1689.806030] ? rcu_read_lock_any_held+0x75/0xa0 [ 1689.806462] ? vfs_write+0x354/0xb10 [ 1689.806816] ? fput_many+0x2f/0x1a0 [ 1689.807167] ? ksys_write+0x1a9/0x260 [ 1689.807530] ? __ia32_sys_read+0xb0/0xb0 [ 1689.807876] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1689.808314] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1689.808748] do_syscall_64+0x33/0x40 [ 1689.809063] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1689.809490] RIP: 0033:0x7f1a7fffbb19 [ 1689.809804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1689.811355] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1689.812060] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1689.812715] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1689.813359] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.814000] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1689.814642] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1689.824398] FAULT_INJECTION: forcing a failure. [ 1689.824398] name failslab, interval 1, probability 0, space 0, times 0 [ 1689.825537] CPU: 1 PID: 10565 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1689.826165] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1689.826919] Call Trace: [ 1689.827172] dump_stack+0x107/0x167 [ 1689.827532] should_fail.cold+0x5/0xa [ 1689.827894] ? create_object.isra.0+0x3a/0xa20 [ 1689.828324] should_failslab+0x5/0x20 [ 1689.828682] kmem_cache_alloc+0x5b/0x310 [ 1689.829065] ? mark_held_locks+0x9e/0xe0 [ 1689.829450] create_object.isra.0+0x3a/0xa20 [ 1689.829865] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1689.830348] kmem_cache_alloc_bulk+0x168/0x320 [ 1689.830781] io_submit_sqes+0x6fe6/0x8610 [ 1689.831196] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.831653] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1689.832062] ? lock_downgrade+0x6d0/0x6d0 [ 1689.832411] ? find_held_lock+0x2c/0x110 [ 1689.832759] ? io_submit_sqes+0x8610/0x8610 [ 1689.833133] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1689.833542] ? wait_for_completion_io+0x270/0x270 [ 1689.833948] ? rcu_read_lock_any_held+0x75/0xa0 [ 1689.834340] ? vfs_write+0x354/0xb10 [ 1689.834655] ? fput_many+0x2f/0x1a0 [ 1689.834962] ? ksys_write+0x1a9/0x260 [ 1689.835313] ? __ia32_sys_read+0xb0/0xb0 [ 1689.835699] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1689.836241] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1689.836777] do_syscall_64+0x33/0x40 [ 1689.837173] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1689.837699] RIP: 0033:0x7f6110e13b19 [ 1689.838092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1689.839923] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1689.840628] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1689.841286] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1689.841941] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.842600] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1689.843258] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:19:08 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x20000000) 02:19:08 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:08 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x0, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:08 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:08 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 3) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:19:08 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 45) [ 1690.036940] FAULT_INJECTION: forcing a failure. [ 1690.036940] name failslab, interval 1, probability 0, space 0, times 0 [ 1690.038000] CPU: 0 PID: 10591 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1690.038625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1690.039363] Call Trace: [ 1690.039618] dump_stack+0x107/0x167 [ 1690.039953] should_fail.cold+0x5/0xa [ 1690.040302] ? create_object.isra.0+0x3a/0xa20 [ 1690.040715] should_failslab+0x5/0x20 [ 1690.041066] kmem_cache_alloc+0x5b/0x310 [ 1690.041447] create_object.isra.0+0x3a/0xa20 [ 1690.041850] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1690.042320] kmem_cache_alloc_bulk+0x168/0x320 [ 1690.042744] io_submit_sqes+0x6fe6/0x8610 [ 1690.043121] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1690.043588] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1690.044039] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1690.044483] ? lock_downgrade+0x6d0/0x6d0 [ 1690.044864] ? find_held_lock+0x2c/0x110 [ 1690.045243] ? io_submit_sqes+0x8610/0x8610 [ 1690.045649] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1690.046094] ? wait_for_completion_io+0x270/0x270 [ 1690.046541] ? rcu_read_lock_any_held+0x75/0xa0 [ 1690.046961] ? vfs_write+0x354/0xb10 [ 1690.047304] ? fput_many+0x2f/0x1a0 [ 1690.048052] ? ksys_write+0x1a9/0x260 [ 1690.048769] ? __ia32_sys_read+0xb0/0xb0 [ 1690.049540] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1690.050458] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1690.051460] do_syscall_64+0x33/0x40 [ 1690.052179] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1690.053151] RIP: 0033:0x7f8c2e1fdb19 [ 1690.053871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1690.057900] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1690.059354] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1690.060709] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1690.062075] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1690.063038] FAULT_INJECTION: forcing a failure. [ 1690.063038] name failslab, interval 1, probability 0, space 0, times 0 [ 1690.063446] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1690.063460] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1690.067078] CPU: 1 PID: 10593 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1690.067821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1690.068730] Call Trace: [ 1690.069026] dump_stack+0x107/0x167 [ 1690.069436] should_fail.cold+0x5/0xa [ 1690.069861] ? create_object.isra.0+0x3a/0xa20 [ 1690.070371] should_failslab+0x5/0x20 [ 1690.070793] kmem_cache_alloc+0x5b/0x310 [ 1690.071243] ? mark_held_locks+0x9e/0xe0 [ 1690.071683] create_object.isra.0+0x3a/0xa20 [ 1690.072172] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1690.072738] kmem_cache_alloc_bulk+0x168/0x320 [ 1690.073249] io_submit_sqes+0x6fe6/0x8610 [ 1690.073729] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1690.074278] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1690.074816] ? lock_downgrade+0x6d0/0x6d0 [ 1690.075280] ? find_held_lock+0x2c/0x110 [ 1690.075711] ? io_submit_sqes+0x8610/0x8610 [ 1690.076191] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1690.076728] ? wait_for_completion_io+0x270/0x270 [ 1690.077265] ? rcu_read_lock_any_held+0x75/0xa0 [ 1690.077777] ? vfs_write+0x354/0xb10 [ 1690.078187] ? fput_many+0x2f/0x1a0 [ 1690.078595] ? ksys_write+0x1a9/0x260 [ 1690.079021] ? __ia32_sys_read+0xb0/0xb0 [ 1690.079473] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1690.080054] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1690.080627] do_syscall_64+0x33/0x40 [ 1690.081045] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1690.081611] RIP: 0033:0x7f6110e13b19 [ 1690.082029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1690.084006] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1690.084776] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1690.085426] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1690.086075] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1690.086712] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1690.087366] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:19:21 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 48) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:19:21 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 38) 02:19:21 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 46) 02:19:21 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f000000) 02:19:21 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 45) 02:19:21 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:21 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x0, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:21 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 4) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1703.208434] FAULT_INJECTION: forcing a failure. [ 1703.208434] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.209586] CPU: 1 PID: 10604 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1703.210203] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.210936] Call Trace: [ 1703.211191] dump_stack+0x107/0x167 [ 1703.211549] should_fail.cold+0x5/0xa [ 1703.211905] ? create_object.isra.0+0x3a/0xa20 [ 1703.212333] should_failslab+0x5/0x20 [ 1703.212691] kmem_cache_alloc+0x5b/0x310 [ 1703.213072] ? mark_held_locks+0x9e/0xe0 [ 1703.213456] create_object.isra.0+0x3a/0xa20 [ 1703.213871] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.214349] kmem_cache_alloc_bulk+0x168/0x320 [ 1703.214782] io_submit_sqes+0x6fe6/0x8610 [ 1703.215198] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.215683] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.216137] ? lock_downgrade+0x6d0/0x6d0 [ 1703.216523] ? find_held_lock+0x2c/0x110 [ 1703.216911] ? io_submit_sqes+0x8610/0x8610 [ 1703.217326] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.217782] ? wait_for_completion_io+0x270/0x270 [ 1703.218239] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.218673] ? vfs_write+0x354/0xb10 [ 1703.219026] ? fput_many+0x2f/0x1a0 [ 1703.219365] ? ksys_write+0x1a9/0x260 [ 1703.219740] ? __ia32_sys_read+0xb0/0xb0 [ 1703.220120] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.220599] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.221069] do_syscall_64+0x33/0x40 [ 1703.221416] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.221882] RIP: 0033:0x7f6110e13b19 [ 1703.222231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.223896] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.224571] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1703.224820] FAULT_INJECTION: forcing a failure. [ 1703.224820] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.225181] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1703.225194] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.227308] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1703.227929] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1703.228554] CPU: 0 PID: 10621 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1703.229187] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.229926] Call Trace: [ 1703.230172] dump_stack+0x107/0x167 [ 1703.230526] should_fail.cold+0x5/0xa [ 1703.230880] ? create_object.isra.0+0x3a/0xa20 [ 1703.231317] should_failslab+0x5/0x20 [ 1703.231686] kmem_cache_alloc+0x5b/0x310 [ 1703.232066] ? mark_held_locks+0x9e/0xe0 [ 1703.232459] create_object.isra.0+0x3a/0xa20 [ 1703.232863] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.233320] kmem_cache_alloc_bulk+0x168/0x320 [ 1703.233779] io_submit_sqes+0x6fe6/0x8610 [ 1703.234185] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.234658] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.235110] ? lock_downgrade+0x6d0/0x6d0 [ 1703.235516] ? find_held_lock+0x2c/0x110 [ 1703.235931] ? io_submit_sqes+0x8610/0x8610 [ 1703.236334] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.236796] ? wait_for_completion_io+0x270/0x270 [ 1703.237269] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.237711] ? vfs_write+0x354/0xb10 [ 1703.238084] ? fput_many+0x2f/0x1a0 [ 1703.238405] ? ksys_write+0x1a9/0x260 [ 1703.238775] ? __ia32_sys_read+0xb0/0xb0 [ 1703.239180] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.239673] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.240174] do_syscall_64+0x33/0x40 [ 1703.240530] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.241009] RIP: 0033:0x7f1a7fffbb19 [ 1703.241377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.243023] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.243734] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1703.244392] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1703.245043] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.245710] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1703.246317] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1703.249963] FAULT_INJECTION: forcing a failure. [ 1703.249963] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.251213] CPU: 0 PID: 10615 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1703.251851] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.252603] Call Trace: [ 1703.252848] dump_stack+0x107/0x167 [ 1703.253185] should_fail.cold+0x5/0xa [ 1703.253551] ? create_object.isra.0+0x3a/0xa20 [ 1703.253966] should_failslab+0x5/0x20 [ 1703.254314] kmem_cache_alloc+0x5b/0x310 [ 1703.254700] ? mark_held_locks+0x9e/0xe0 [ 1703.255072] create_object.isra.0+0x3a/0xa20 [ 1703.255490] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.255985] kmem_cache_alloc_bulk+0x168/0x320 [ 1703.256417] io_submit_sqes+0x6fe6/0x8610 [ 1703.256827] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1703.257287] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.257749] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.258210] ? lock_downgrade+0x6d0/0x6d0 [ 1703.258596] ? find_held_lock+0x2c/0x110 [ 1703.258992] ? io_submit_sqes+0x8610/0x8610 [ 1703.259391] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.259859] ? wait_for_completion_io+0x270/0x270 [ 1703.260317] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.260744] ? vfs_write+0x354/0xb10 [ 1703.261108] ? fput_many+0x2f/0x1a0 [ 1703.261441] ? ksys_write+0x1a9/0x260 [ 1703.261786] ? __ia32_sys_read+0xb0/0xb0 [ 1703.262171] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.262654] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.263144] do_syscall_64+0x33/0x40 [ 1703.263516] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.263975] RIP: 0033:0x7f8c2e1fdb19 [ 1703.264332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.266002] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.266714] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1703.267377] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1703.268040] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.268310] FAULT_INJECTION: forcing a failure. [ 1703.268310] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.268671] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1703.268680] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1703.271116] CPU: 1 PID: 10606 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1703.271756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.272500] Call Trace: [ 1703.272752] dump_stack+0x107/0x167 [ 1703.273089] should_fail.cold+0x5/0xa [ 1703.273443] ? create_object.isra.0+0x3a/0xa20 [ 1703.273870] should_failslab+0x5/0x20 [ 1703.274225] kmem_cache_alloc+0x5b/0x310 [ 1703.274588] ? mark_held_locks+0x9e/0xe0 [ 1703.274955] create_object.isra.0+0x3a/0xa20 [ 1703.275348] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.275829] kmem_cache_alloc_bulk+0x168/0x320 [ 1703.276255] io_submit_sqes+0x6fe6/0x8610 [ 1703.276657] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.277110] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.277557] ? lock_downgrade+0x6d0/0x6d0 [ 1703.277935] ? find_held_lock+0x2c/0x110 [ 1703.278314] ? io_submit_sqes+0x8610/0x8610 [ 1703.278719] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.279164] ? wait_for_completion_io+0x270/0x270 [ 1703.279629] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.280052] ? vfs_write+0x354/0xb10 [ 1703.280396] ? fput_many+0x2f/0x1a0 [ 1703.280736] ? ksys_write+0x1a9/0x260 [ 1703.281087] ? __ia32_sys_read+0xb0/0xb0 [ 1703.281463] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.281952] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.282436] do_syscall_64+0x33/0x40 [ 1703.282788] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.283263] RIP: 0033:0x7fe637263b19 [ 1703.283631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.285302] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.286004] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1703.286664] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1703.287317] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.287975] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1703.288618] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1703.295206] FAULT_INJECTION: forcing a failure. [ 1703.295206] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.296301] CPU: 1 PID: 10608 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1703.296935] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.297691] Call Trace: [ 1703.297944] dump_stack+0x107/0x167 [ 1703.298287] should_fail.cold+0x5/0xa [ 1703.298648] ? __alloc_skb+0x6d/0x5b0 [ 1703.299010] should_failslab+0x5/0x20 [ 1703.299366] kmem_cache_alloc_node+0x55/0x330 [ 1703.299807] __alloc_skb+0x6d/0x5b0 [ 1703.300155] alloc_skb_with_frags+0x92/0x570 [ 1703.300563] ? trace_hardirqs_on+0x5b/0x180 [ 1703.300963] ? kmem_cache_free+0xa7/0x2d0 [ 1703.301332] sock_alloc_send_pskb+0x7af/0x930 [ 1703.301746] ? sk_alloc+0x350/0x350 [ 1703.302089] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1703.302566] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1703.303040] ? mark_lock+0xf5/0x2df0 [ 1703.303390] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1703.303873] ? ip6_mtu+0x1bb/0x3d0 [ 1703.304208] ? lock_downgrade+0x6d0/0x6d0 [ 1703.304592] ? ip_frag_init+0x350/0x350 [ 1703.304969] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1703.305392] ? ip6_mtu+0x1e9/0x3d0 [ 1703.305721] ? ip6_setup_cork+0xfb7/0x1740 [ 1703.306111] ip6_make_skb+0x2de/0x4e0 [ 1703.306463] ? ip_frag_init+0x350/0x350 [ 1703.306832] ? ip_frag_init+0x350/0x350 [ 1703.307189] ? ip6_push_pending_frames+0xf0/0xf0 [ 1703.307624] ? trace_hardirqs_on+0x5b/0x180 [ 1703.308022] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1703.308528] ? ip6_sk_dst_lookup_flow+0x57b/0x740 [ 1703.308975] ? ip6_sk_dst_lookup_flow+0x5b6/0x740 [ 1703.309420] udpv6_sendmsg+0x20d3/0x2ad0 [ 1703.309791] ? ip_frag_init+0x350/0x350 [ 1703.310167] ? udp_v6_push_pending_frames+0x360/0x360 [ 1703.310645] ? perf_event_task_disable+0x390/0x390 [ 1703.311098] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1703.311568] ? lock_acquire+0x197/0x470 [ 1703.311942] ? find_held_lock+0x2c/0x110 [ 1703.312334] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1703.312833] ? trace_hardirqs_on+0x5b/0x180 [ 1703.313236] ? sock_has_perm+0x1ea/0x280 [ 1703.313636] ? __import_iovec+0x458/0x590 [ 1703.314026] ? udp_v6_push_pending_frames+0x360/0x360 [ 1703.314508] inet6_sendmsg+0x105/0x140 [ 1703.314878] ? inet6_compat_ioctl+0x320/0x320 [ 1703.315296] __sock_sendmsg+0xf2/0x190 [ 1703.315682] ____sys_sendmsg+0x334/0x870 [ 1703.316065] ? sock_write_iter+0x3d0/0x3d0 [ 1703.316456] ? do_recvmmsg+0x6d0/0x6d0 [ 1703.316828] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.317305] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1703.317795] ? trace_hardirqs_on+0x5b/0x180 [ 1703.318180] ___sys_sendmsg+0xf3/0x170 [ 1703.318525] ? sendmsg_copy_msghdr+0x160/0x160 [ 1703.318931] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1703.319344] ? _raw_spin_unlock_irq+0x27/0x30 [ 1703.319772] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1703.320184] ? finish_task_switch+0x126/0x5d0 [ 1703.320593] ? finish_task_switch+0xef/0x5d0 [ 1703.320990] ? __switch_to+0x572/0xf70 [ 1703.321349] ? __switch_to_asm+0x3a/0x60 [ 1703.321720] ? __switch_to_asm+0x34/0x60 [ 1703.322095] ? __schedule+0x82c/0x1ea0 [ 1703.322460] ? io_schedule_timeout+0x140/0x140 [ 1703.322896] __sys_sendmmsg+0x195/0x470 [ 1703.323271] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1703.323684] ? lock_downgrade+0x6d0/0x6d0 [ 1703.324077] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.324524] ? wait_for_completion_io+0x270/0x270 [ 1703.324965] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.325386] ? vfs_write+0x354/0xb10 [ 1703.325735] ? fput_many+0x2f/0x1a0 [ 1703.326073] ? ksys_write+0x1a9/0x260 [ 1703.326424] ? __ia32_sys_read+0xb0/0xb0 [ 1703.326806] __x64_sys_sendmmsg+0x99/0x100 [ 1703.327194] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.327688] do_syscall_64+0x33/0x40 [ 1703.328032] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.328498] RIP: 0033:0x7f862c37fb19 [ 1703.328834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.330438] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1703.331122] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1703.331766] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1703.332398] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.333036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1703.333677] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:19:21 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x0, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:21 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:21 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 5) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:19:21 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 47) 02:19:21 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 46) 02:19:21 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 39) 02:19:21 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 49) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1703.461961] FAULT_INJECTION: forcing a failure. [ 1703.461961] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.463205] FAULT_INJECTION: forcing a failure. [ 1703.463205] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.464504] CPU: 0 PID: 10637 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1703.466892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.468699] Call Trace: [ 1703.469263] dump_stack+0x107/0x167 [ 1703.470054] should_fail.cold+0x5/0xa [ 1703.470875] ? create_object.isra.0+0x3a/0xa20 [ 1703.471868] should_failslab+0x5/0x20 [ 1703.472689] kmem_cache_alloc+0x5b/0x310 [ 1703.473561] ? mark_held_locks+0x9e/0xe0 [ 1703.474423] create_object.isra.0+0x3a/0xa20 [ 1703.475367] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.476462] kmem_cache_alloc_bulk+0x168/0x320 [ 1703.477445] io_submit_sqes+0x6fe6/0x8610 [ 1703.478356] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.479425] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.480462] ? lock_downgrade+0x6d0/0x6d0 [ 1703.481370] ? find_held_lock+0x2c/0x110 [ 1703.482287] ? io_submit_sqes+0x8610/0x8610 [ 1703.483225] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.484265] ? wait_for_completion_io+0x270/0x270 [ 1703.485298] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.486290] ? vfs_write+0x354/0xb10 [ 1703.487092] ? fput_many+0x2f/0x1a0 [ 1703.487888] ? ksys_write+0x1a9/0x260 [ 1703.488762] ? __ia32_sys_read+0xb0/0xb0 [ 1703.489443] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.490337] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.491215] do_syscall_64+0x33/0x40 [ 1703.491857] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.492728] RIP: 0033:0x7f6110e13b19 [ 1703.493351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.496764] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.498372] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1703.499903] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1703.501407] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.502930] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1703.504429] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1703.505666] CPU: 1 PID: 10634 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1703.506409] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.507307] Call Trace: [ 1703.507598] dump_stack+0x107/0x167 [ 1703.508012] should_fail.cold+0x5/0xa [ 1703.508429] ? create_object.isra.0+0x3a/0xa20 [ 1703.508938] should_failslab+0x5/0x20 [ 1703.509351] kmem_cache_alloc+0x5b/0x310 [ 1703.509807] ? mark_held_locks+0x9e/0xe0 [ 1703.510253] create_object.isra.0+0x3a/0xa20 [ 1703.510706] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.511253] kmem_cache_alloc_bulk+0x168/0x320 [ 1703.511703] io_submit_sqes+0x6fe6/0x8610 [ 1703.512096] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1703.512549] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.513020] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.513452] ? lock_downgrade+0x6d0/0x6d0 [ 1703.513831] ? find_held_lock+0x2c/0x110 [ 1703.514225] ? io_submit_sqes+0x8610/0x8610 [ 1703.514624] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.515082] ? wait_for_completion_io+0x270/0x270 [ 1703.515543] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.515966] ? vfs_write+0x354/0xb10 [ 1703.516322] ? fput_many+0x2f/0x1a0 [ 1703.516656] ? ksys_write+0x1a9/0x260 [ 1703.517005] ? __ia32_sys_read+0xb0/0xb0 [ 1703.517406] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.517882] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.518378] do_syscall_64+0x33/0x40 [ 1703.518720] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.519180] RIP: 0033:0x7f8c2e1fdb19 [ 1703.519548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.521185] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.521886] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1703.522545] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1703.523170] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.523881] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1703.524654] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:19:21 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x40000000) 02:19:21 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x0, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1703.570204] FAULT_INJECTION: forcing a failure. [ 1703.570204] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.570980] FAULT_INJECTION: forcing a failure. [ 1703.570980] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1703.571568] CPU: 1 PID: 10644 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1703.573541] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.574428] Call Trace: [ 1703.574725] dump_stack+0x107/0x167 [ 1703.575124] should_fail.cold+0x5/0xa [ 1703.575548] ? create_object.isra.0+0x3a/0xa20 [ 1703.576057] should_failslab+0x5/0x20 [ 1703.576473] kmem_cache_alloc+0x5b/0x310 [ 1703.576929] ? ___sys_sendmsg+0xf3/0x170 [ 1703.577365] ? __sys_sendmmsg+0x195/0x470 [ 1703.577818] create_object.isra.0+0x3a/0xa20 [ 1703.578299] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.578852] kmem_cache_alloc_node+0x169/0x330 [ 1703.579354] __alloc_skb+0x6d/0x5b0 [ 1703.579705] alloc_skb_with_frags+0x92/0x570 [ 1703.580080] ? trace_hardirqs_on+0x5b/0x180 [ 1703.580448] ? kmem_cache_free+0xa7/0x2d0 [ 1703.580814] sock_alloc_send_pskb+0x7af/0x930 [ 1703.581203] ? sk_alloc+0x350/0x350 [ 1703.581530] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1703.581974] ? trace_hardirqs_on+0x5b/0x180 [ 1703.582341] ? __dev_queue_xmit+0xe4e/0x2710 [ 1703.582724] ? __local_bh_enable_ip+0x9d/0x100 [ 1703.583122] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1703.583572] ? ip6_mtu+0x1bb/0x3d0 [ 1703.583897] ? lock_downgrade+0x6d0/0x6d0 [ 1703.584254] ? ip_frag_init+0x350/0x350 [ 1703.584615] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1703.585021] ? ip6_mtu+0x1e9/0x3d0 [ 1703.585329] ? ip6_setup_cork+0xfb7/0x1740 [ 1703.585701] ip6_make_skb+0x2de/0x4e0 [ 1703.586025] ? ip_frag_init+0x350/0x350 [ 1703.586367] ? ip_frag_init+0x350/0x350 [ 1703.586716] ? ip6_push_pending_frames+0xf0/0xf0 [ 1703.587123] ? ip6_dst_check+0x389/0x8d0 [ 1703.587485] ? sk_dst_check+0x235/0x4c0 [ 1703.587841] udpv6_sendmsg+0x20d3/0x2ad0 [ 1703.588190] ? ip_frag_init+0x350/0x350 [ 1703.588547] ? udp_v6_push_pending_frames+0x360/0x360 [ 1703.588991] ? perf_event_task_disable+0x390/0x390 [ 1703.589409] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1703.589832] ? lock_acquire+0x197/0x470 [ 1703.590170] ? find_held_lock+0x2c/0x110 [ 1703.590534] ? sock_has_perm+0x1ea/0x280 [ 1703.590901] ? __import_iovec+0x458/0x590 [ 1703.591254] ? udp_v6_push_pending_frames+0x360/0x360 [ 1703.591714] inet6_sendmsg+0x105/0x140 [ 1703.592048] ? inet6_compat_ioctl+0x320/0x320 [ 1703.592427] __sock_sendmsg+0xf2/0x190 [ 1703.592769] ____sys_sendmsg+0x334/0x870 [ 1703.593116] ? sock_write_iter+0x3d0/0x3d0 [ 1703.593476] ? do_recvmmsg+0x6d0/0x6d0 [ 1703.593818] ? __lock_acquire+0x1657/0x5b00 [ 1703.594192] ___sys_sendmsg+0xf3/0x170 [ 1703.594533] ? sendmsg_copy_msghdr+0x160/0x160 [ 1703.594925] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1703.595302] ? _raw_spin_unlock_irq+0x27/0x30 [ 1703.595756] ? lock_acquire+0x197/0x470 [ 1703.596197] ? find_held_lock+0x2c/0x110 [ 1703.596642] ? __might_fault+0xd3/0x180 [ 1703.597076] ? lock_downgrade+0x6d0/0x6d0 [ 1703.597526] ? io_schedule_timeout+0x140/0x140 [ 1703.598034] __sys_sendmmsg+0x195/0x470 [ 1703.598464] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1703.598942] ? lock_downgrade+0x6d0/0x6d0 [ 1703.599398] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.599902] ? wait_for_completion_io+0x270/0x270 [ 1703.600432] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.600937] ? vfs_write+0x354/0xb10 [ 1703.601341] ? fput_many+0x2f/0x1a0 [ 1703.601739] ? ksys_write+0x1a9/0x260 [ 1703.602150] ? __ia32_sys_read+0xb0/0xb0 [ 1703.602599] __x64_sys_sendmmsg+0x99/0x100 [ 1703.603058] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.603601] do_syscall_64+0x33/0x40 [ 1703.603993] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.604526] RIP: 0033:0x7f862c37fb19 [ 1703.604913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.606793] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1703.607558] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1703.608153] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1703.608761] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.609358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1703.609960] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1703.610585] CPU: 0 PID: 10641 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1703.611202] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.611968] Call Trace: [ 1703.612214] dump_stack+0x107/0x167 [ 1703.612567] should_fail.cold+0x5/0xa [ 1703.612917] __alloc_pages_nodemask+0x182/0x600 [ 1703.613345] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1703.613913] alloc_pages_current+0x187/0x280 [ 1703.614315] allocate_slab+0x26f/0x380 [ 1703.614703] ___slab_alloc+0x470/0x700 [ 1703.615068] ? io_submit_sqes+0x6fe6/0x8610 [ 1703.615484] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 1703.615913] kmem_cache_alloc_bulk+0x1ec/0x320 [ 1703.616320] io_submit_sqes+0x6fe6/0x8610 [ 1703.616727] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.617172] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.617612] ? lock_downgrade+0x6d0/0x6d0 [ 1703.618008] ? find_held_lock+0x2c/0x110 [ 1703.618383] ? io_submit_sqes+0x8610/0x8610 [ 1703.618781] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.619244] ? wait_for_completion_io+0x270/0x270 [ 1703.619701] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.620143] ? vfs_write+0x354/0xb10 [ 1703.620488] ? fput_many+0x2f/0x1a0 [ 1703.620825] ? ksys_write+0x1a9/0x260 [ 1703.621173] ? __ia32_sys_read+0xb0/0xb0 [ 1703.621540] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.622033] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.622347] FAULT_INJECTION: forcing a failure. [ 1703.622347] name failslab, interval 1, probability 0, space 0, times 0 [ 1703.622492] do_syscall_64+0x33/0x40 [ 1703.622507] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.622520] RIP: 0033:0x7f1a7fffbb19 [ 1703.624492] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.626028] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.626683] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1703.627271] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1703.627893] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.628501] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1703.629096] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1703.629729] CPU: 1 PID: 10647 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1703.630350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1703.631081] Call Trace: [ 1703.631327] dump_stack+0x107/0x167 [ 1703.631684] should_fail.cold+0x5/0xa [ 1703.632041] ? create_object.isra.0+0x3a/0xa20 [ 1703.632455] should_failslab+0x5/0x20 [ 1703.632802] kmem_cache_alloc+0x5b/0x310 [ 1703.633172] ? mark_held_locks+0x9e/0xe0 [ 1703.633543] create_object.isra.0+0x3a/0xa20 [ 1703.633940] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1703.634408] kmem_cache_alloc_bulk+0x168/0x320 [ 1703.634836] io_submit_sqes+0x6fe6/0x8610 [ 1703.635241] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.635716] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1703.636159] ? lock_downgrade+0x6d0/0x6d0 [ 1703.636540] ? find_held_lock+0x2c/0x110 [ 1703.636912] ? io_submit_sqes+0x8610/0x8610 [ 1703.637314] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1703.637773] ? wait_for_completion_io+0x270/0x270 [ 1703.638222] ? rcu_read_lock_any_held+0x75/0xa0 [ 1703.638652] ? vfs_write+0x354/0xb10 [ 1703.638999] ? fput_many+0x2f/0x1a0 [ 1703.639340] ? ksys_write+0x1a9/0x260 [ 1703.639714] ? __ia32_sys_read+0xb0/0xb0 [ 1703.640090] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1703.640566] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1703.641048] do_syscall_64+0x33/0x40 [ 1703.641396] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1703.641853] RIP: 0033:0x7fe637263b19 [ 1703.642196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1703.643830] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1703.644522] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1703.645180] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1703.645821] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1703.646471] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1703.647125] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:19:35 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 40) [ 1716.861744] FAULT_INJECTION: forcing a failure. [ 1716.861744] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.862842] CPU: 0 PID: 10665 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1716.863475] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.868256] Call Trace: [ 1716.868509] dump_stack+0x107/0x167 [ 1716.868846] should_fail.cold+0x5/0xa [ 1716.869213] ? __alloc_skb+0x6d/0x5b0 [ 1716.869577] should_failslab+0x5/0x20 [ 1716.869930] kmem_cache_alloc_node+0x55/0x330 [ 1716.870351] __alloc_skb+0x6d/0x5b0 [ 1716.870695] alloc_skb_with_frags+0x92/0x570 [ 1716.871098] ? trace_hardirqs_on+0x5b/0x180 [ 1716.871504] ? kmem_cache_free+0xa7/0x2d0 [ 1716.871911] sock_alloc_send_pskb+0x7af/0x930 [ 1716.872341] ? sk_alloc+0x350/0x350 [ 1716.872692] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1716.873019] FAULT_INJECTION: forcing a failure. [ 1716.873019] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.873158] ? trace_hardirqs_on+0x5b/0x180 [ 1716.873175] ? __dev_queue_xmit+0xe4e/0x2710 [ 1716.874818] ? __local_bh_enable_ip+0x9d/0x100 [ 1716.875219] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1716.875679] ? ip6_mtu+0x1bb/0x3d0 [ 1716.875990] ? lock_downgrade+0x6d0/0x6d0 [ 1716.876344] ? ip_frag_init+0x350/0x350 [ 1716.876700] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1716.877097] ? ip6_mtu+0x1e9/0x3d0 [ 1716.877403] ? ip6_setup_cork+0xfb7/0x1740 [ 1716.877774] ip6_make_skb+0x2de/0x4e0 [ 1716.878098] ? ip_frag_init+0x350/0x350 [ 1716.878440] ? ip_frag_init+0x350/0x350 [ 1716.878788] ? ip6_push_pending_frames+0xf0/0xf0 [ 1716.879202] ? ip6_dst_check+0x389/0x8d0 [ 1716.879557] ? sk_dst_check+0x235/0x4c0 [ 1716.879921] udpv6_sendmsg+0x20d3/0x2ad0 [ 1716.880270] ? ip_frag_init+0x350/0x350 [ 1716.880625] ? udp_v6_push_pending_frames+0x360/0x360 [ 1716.881077] ? lock_acquire+0x197/0x470 [ 1716.881414] ? find_held_lock+0x2c/0x110 [ 1716.881778] ? sock_has_perm+0x1ea/0x280 [ 1716.882142] ? __import_iovec+0x458/0x590 [ 1716.882500] ? udp_v6_push_pending_frames+0x360/0x360 [ 1716.882945] inet6_sendmsg+0x105/0x140 [ 1716.883278] ? inet6_compat_ioctl+0x320/0x320 [ 1716.883731] __sock_sendmsg+0xf2/0x190 [ 1716.884069] ____sys_sendmsg+0x334/0x870 [ 1716.884417] ? sock_write_iter+0x3d0/0x3d0 [ 1716.884784] ? do_recvmmsg+0x6d0/0x6d0 [ 1716.885118] ? __lock_acquire+0x1657/0x5b00 [ 1716.885499] ___sys_sendmsg+0xf3/0x170 [ 1716.885836] ? sendmsg_copy_msghdr+0x160/0x160 [ 1716.886228] ? __fget_files+0x2cf/0x520 [ 1716.886581] ? lock_acquire+0x197/0x470 [ 1716.886919] ? find_held_lock+0x2c/0x110 [ 1716.887270] ? __might_fault+0xd3/0x180 [ 1716.887627] ? lock_downgrade+0x6d0/0x6d0 [ 1716.887999] __sys_sendmmsg+0x195/0x470 [ 1716.888343] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1716.888719] ? lock_downgrade+0x6d0/0x6d0 [ 1716.889085] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.889501] ? wait_for_completion_io+0x270/0x270 [ 1716.889919] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.890313] ? vfs_write+0x354/0xb10 [ 1716.890637] ? fput_many+0x2f/0x1a0 [ 1716.890950] ? ksys_write+0x1a9/0x260 [ 1716.891276] ? __ia32_sys_read+0xb0/0xb0 [ 1716.891650] __x64_sys_sendmmsg+0x99/0x100 [ 1716.892011] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.892444] do_syscall_64+0x33/0x40 [ 1716.892771] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.893205] RIP: 0033:0x7f862c37fb19 [ 1716.893531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.895061] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1716.895729] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1716.896333] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1716.896962] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.897574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1716.898173] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1716.898798] CPU: 1 PID: 10668 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1716.899414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.900137] Call Trace: [ 1716.900385] dump_stack+0x107/0x167 [ 1716.900723] should_fail.cold+0x5/0xa [ 1716.901072] ? create_object.isra.0+0x3a/0xa20 [ 1716.901488] should_failslab+0x5/0x20 [ 1716.901832] kmem_cache_alloc+0x5b/0x310 [ 1716.902196] ? mark_held_locks+0x9e/0xe0 [ 1716.902566] create_object.isra.0+0x3a/0xa20 [ 1716.902961] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.903417] kmem_cache_alloc_bulk+0x168/0x320 [ 1716.903847] io_submit_sqes+0x6fe6/0x8610 [ 1716.904249] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.904694] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.905134] ? lock_downgrade+0x6d0/0x6d0 [ 1716.905504] ? find_held_lock+0x2c/0x110 [ 1716.905872] ? io_submit_sqes+0x8610/0x8610 [ 1716.906264] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.906699] ? wait_for_completion_io+0x270/0x270 [ 1716.907136] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.907548] ? vfs_write+0x354/0xb10 [ 1716.907899] ? fput_many+0x2f/0x1a0 [ 1716.915613] ? ksys_write+0x1a9/0x260 [ 1716.915969] ? __ia32_sys_read+0xb0/0xb0 [ 1716.916344] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.916818] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.917288] do_syscall_64+0x33/0x40 [ 1716.917631] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.918071] RIP: 0033:0x7fe637263b19 [ 1716.918402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.920015] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.920702] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 02:19:35 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 47) 02:19:35 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:35 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 50) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:19:35 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x0, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:35 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xd7230000) 02:19:35 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 48) 02:19:35 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 6) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1716.921332] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1716.927372] FAULT_INJECTION: forcing a failure. [ 1716.927372] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.927874] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.927884] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1716.927894] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1716.931120] CPU: 0 PID: 10680 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1716.935780] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.936521] Call Trace: [ 1716.936774] dump_stack+0x107/0x167 [ 1716.937110] should_fail.cold+0x5/0xa [ 1716.937462] ? create_object.isra.0+0x3a/0xa20 [ 1716.937880] should_failslab+0x5/0x20 [ 1716.938238] kmem_cache_alloc+0x5b/0x310 [ 1716.938618] ? mark_held_locks+0x9e/0xe0 [ 1716.939004] create_object.isra.0+0x3a/0xa20 [ 1716.939420] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.939913] kmem_cache_alloc_bulk+0x168/0x320 [ 1716.940348] io_submit_sqes+0x6fe6/0x8610 [ 1716.940765] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.941229] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.941679] ? lock_downgrade+0x6d0/0x6d0 [ 1716.942066] ? find_held_lock+0x2c/0x110 [ 1716.942455] ? io_submit_sqes+0x8610/0x8610 [ 1716.942869] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.943324] ? wait_for_completion_io+0x270/0x270 [ 1716.943790] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.944201] ? vfs_write+0x354/0xb10 [ 1716.944534] ? fput_many+0x2f/0x1a0 [ 1716.944868] ? ksys_write+0x1a9/0x260 [ 1716.945212] ? __ia32_sys_read+0xb0/0xb0 [ 1716.945592] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.946068] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.946543] do_syscall_64+0x33/0x40 [ 1716.946889] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.947354] RIP: 0033:0x7f6110e13b19 [ 1716.947718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.949361] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.950050] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1716.950692] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1716.951339] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.951997] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1716.952634] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1716.972322] FAULT_INJECTION: forcing a failure. [ 1716.972322] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.973559] CPU: 0 PID: 10673 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1716.974188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1716.974933] Call Trace: [ 1716.975190] dump_stack+0x107/0x167 [ 1716.975533] should_fail.cold+0x5/0xa [ 1716.975904] ? create_object.isra.0+0x3a/0xa20 [ 1716.976326] should_failslab+0x5/0x20 [ 1716.976679] kmem_cache_alloc+0x5b/0x310 [ 1716.977059] create_object.isra.0+0x3a/0xa20 [ 1716.977465] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1716.977935] kmem_cache_alloc_bulk+0x168/0x320 [ 1716.978361] io_submit_sqes+0x6fe6/0x8610 [ 1716.978768] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.979218] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1716.979680] ? lock_downgrade+0x6d0/0x6d0 [ 1716.980059] ? find_held_lock+0x2c/0x110 [ 1716.980440] ? io_submit_sqes+0x8610/0x8610 [ 1716.980840] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1716.981280] ? wait_for_completion_io+0x270/0x270 [ 1716.981725] ? rcu_read_lock_any_held+0x75/0xa0 [ 1716.982152] ? vfs_write+0x354/0xb10 [ 1716.982499] ? fput_many+0x2f/0x1a0 [ 1716.982833] ? ksys_write+0x1a9/0x260 [ 1716.983180] ? __ia32_sys_read+0xb0/0xb0 [ 1716.983555] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1716.984042] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1716.984503] do_syscall_64+0x33/0x40 [ 1716.984845] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1716.985309] RIP: 0033:0x7f1a7fffbb19 [ 1716.985655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1716.987290] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1716.987994] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1716.988642] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1716.989290] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1716.989917] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1716.990561] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1717.000097] FAULT_INJECTION: forcing a failure. [ 1717.000097] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.001287] CPU: 1 PID: 10678 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1717.001913] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1717.002663] Call Trace: [ 1717.002913] dump_stack+0x107/0x167 [ 1717.003250] should_fail.cold+0x5/0xa [ 1717.003614] ? create_object.isra.0+0x3a/0xa20 [ 1717.004043] should_failslab+0x5/0x20 [ 1717.004392] kmem_cache_alloc+0x5b/0x310 [ 1717.004769] ? mark_held_locks+0x9e/0xe0 [ 1717.005146] create_object.isra.0+0x3a/0xa20 [ 1717.005551] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1717.006019] kmem_cache_alloc_bulk+0x168/0x320 [ 1717.006444] io_submit_sqes+0x6fe6/0x8610 [ 1717.006827] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1717.007289] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.007767] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.008217] ? lock_downgrade+0x6d0/0x6d0 [ 1717.008597] ? find_held_lock+0x2c/0x110 [ 1717.008973] ? io_submit_sqes+0x8610/0x8610 [ 1717.009380] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1717.009821] ? wait_for_completion_io+0x270/0x270 [ 1717.010260] ? rcu_read_lock_any_held+0x75/0xa0 [ 1717.010675] ? vfs_write+0x354/0xb10 [ 1717.011015] ? fput_many+0x2f/0x1a0 [ 1717.011355] ? ksys_write+0x1a9/0x260 [ 1717.011728] ? __ia32_sys_read+0xb0/0xb0 [ 1717.012100] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1717.012564] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1717.013025] do_syscall_64+0x33/0x40 [ 1717.013368] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1717.013817] RIP: 0033:0x7f8c2e1fdb19 [ 1717.014165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1717.015820] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1717.016511] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1717.017158] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1717.017793] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1717.018428] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1717.019060] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:19:35 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:35 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 51) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:19:35 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:35 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 41) [ 1717.098179] FAULT_INJECTION: forcing a failure. [ 1717.098179] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.099333] CPU: 1 PID: 10697 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1717.099933] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1717.100670] Call Trace: [ 1717.100920] dump_stack+0x107/0x167 [ 1717.101256] should_fail.cold+0x5/0xa [ 1717.101616] ? create_object.isra.0+0x3a/0xa20 [ 1717.102039] should_failslab+0x5/0x20 [ 1717.102392] kmem_cache_alloc+0x5b/0x310 [ 1717.102770] ? mark_held_locks+0x9e/0xe0 [ 1717.103148] create_object.isra.0+0x3a/0xa20 [ 1717.103548] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1717.104037] kmem_cache_alloc_bulk+0x168/0x320 [ 1717.104466] io_submit_sqes+0x6fe6/0x8610 [ 1717.104870] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.105324] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.105773] ? lock_downgrade+0x6d0/0x6d0 [ 1717.106155] ? find_held_lock+0x2c/0x110 [ 1717.106541] ? io_submit_sqes+0x8610/0x8610 [ 1717.106939] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1717.107336] ? wait_for_completion_io+0x270/0x270 [ 1717.107780] ? rcu_read_lock_any_held+0x75/0xa0 [ 1717.108207] ? vfs_write+0x354/0xb10 [ 1717.108557] ? fput_many+0x2f/0x1a0 [ 1717.108897] ? ksys_write+0x1a9/0x260 [ 1717.109253] ? __ia32_sys_read+0xb0/0xb0 [ 1717.109637] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1717.110118] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1717.110592] do_syscall_64+0x33/0x40 [ 1717.110938] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1717.111403] RIP: 0033:0x7fe637263b19 [ 1717.111759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1717.113393] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1717.114090] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1717.114741] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1717.115386] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1717.116050] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1717.116697] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:19:35 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff) 02:19:35 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 7) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1717.154291] FAULT_INJECTION: forcing a failure. [ 1717.154291] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.155404] CPU: 1 PID: 10703 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1717.156056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1717.156811] Call Trace: [ 1717.157067] dump_stack+0x107/0x167 [ 1717.157409] should_fail.cold+0x5/0xa [ 1717.157775] ? create_object.isra.0+0x3a/0xa20 [ 1717.158179] should_failslab+0x5/0x20 [ 1717.158521] kmem_cache_alloc+0x5b/0x310 [ 1717.158887] create_object.isra.0+0x3a/0xa20 [ 1717.159304] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1717.159755] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1717.160186] ? alloc_skb_with_frags+0x92/0x570 [ 1717.160580] __alloc_skb+0xb1/0x5b0 [ 1717.160893] alloc_skb_with_frags+0x92/0x570 [ 1717.161264] ? trace_hardirqs_on+0x5b/0x180 [ 1717.161632] ? kmem_cache_free+0xa7/0x2d0 [ 1717.161984] sock_alloc_send_pskb+0x7af/0x930 [ 1717.162370] ? sk_alloc+0x350/0x350 [ 1717.162687] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1717.163126] ? trace_hardirqs_on+0x5b/0x180 02:19:35 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 49) [ 1717.163491] ? __dev_queue_xmit+0xe4e/0x2710 [ 1717.171923] ? __local_bh_enable_ip+0x9d/0x100 [ 1717.172359] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1717.172835] ? ip6_mtu+0x1bb/0x3d0 [ 1717.173171] ? lock_downgrade+0x6d0/0x6d0 [ 1717.173567] ? ip_frag_init+0x350/0x350 [ 1717.173949] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1717.174384] ? ip6_mtu+0x1e9/0x3d0 [ 1717.174721] ? ip6_setup_cork+0xfb7/0x1740 [ 1717.175118] ip6_make_skb+0x2de/0x4e0 [ 1717.175470] ? ip_frag_init+0x350/0x350 [ 1717.175860] ? ip_frag_init+0x350/0x350 [ 1717.176230] ? ip6_push_pending_frames+0xf0/0xf0 [ 1717.176677] ? ip6_dst_check+0x389/0x8d0 [ 1717.177030] ? sk_dst_check+0x235/0x4c0 [ 1717.177240] FAULT_INJECTION: forcing a failure. [ 1717.177240] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.177381] udpv6_sendmsg+0x20d3/0x2ad0 [ 1717.177401] ? ip_frag_init+0x350/0x350 [ 1717.178983] ? udp_v6_push_pending_frames+0x360/0x360 [ 1717.179427] ? perf_event_task_disable+0x390/0x390 [ 1717.179881] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1717.180291] ? lock_acquire+0x197/0x470 [ 1717.180638] ? find_held_lock+0x2c/0x110 [ 1717.180994] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1717.181450] ? sock_has_perm+0x1ea/0x280 [ 1717.181826] ? __import_iovec+0x458/0x590 [ 1717.182183] ? udp_v6_push_pending_frames+0x360/0x360 [ 1717.182639] inet6_sendmsg+0x105/0x140 [ 1717.182976] ? inet6_compat_ioctl+0x320/0x320 [ 1717.183357] __sock_sendmsg+0xf2/0x190 [ 1717.183728] ____sys_sendmsg+0x334/0x870 [ 1717.184076] ? sock_write_iter+0x3d0/0x3d0 [ 1717.184433] ? do_recvmmsg+0x6d0/0x6d0 [ 1717.184777] ? __lock_acquire+0x1657/0x5b00 [ 1717.185153] ___sys_sendmsg+0xf3/0x170 [ 1717.185490] ? sendmsg_copy_msghdr+0x160/0x160 [ 1717.185884] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1717.186262] ? _raw_spin_unlock_irq+0x27/0x30 [ 1717.186658] ? lock_acquire+0x197/0x470 [ 1717.186997] ? find_held_lock+0x2c/0x110 [ 1717.187349] ? __might_fault+0xd3/0x180 [ 1717.187713] ? lock_downgrade+0x6d0/0x6d0 [ 1717.188071] ? io_schedule_timeout+0x140/0x140 [ 1717.188471] __sys_sendmmsg+0x195/0x470 [ 1717.188824] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1717.189193] ? lock_downgrade+0x6d0/0x6d0 [ 1717.189571] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1717.189983] ? wait_for_completion_io+0x270/0x270 [ 1717.190396] ? rcu_read_lock_any_held+0x75/0xa0 [ 1717.190797] ? vfs_write+0x354/0xb10 [ 1717.191117] ? fput_many+0x2f/0x1a0 [ 1717.191427] ? ksys_write+0x1a9/0x260 [ 1717.191791] ? __ia32_sys_read+0xb0/0xb0 [ 1717.192214] __x64_sys_sendmmsg+0x99/0x100 [ 1717.192668] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1717.193205] do_syscall_64+0x33/0x40 [ 1717.193605] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1717.194142] RIP: 0033:0x7f862c37fb19 [ 1717.194545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1717.200286] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1717.200929] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1717.201528] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1717.202121] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1717.202724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1717.203334] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1717.203990] CPU: 0 PID: 10704 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1717.204609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1717.205329] Call Trace: [ 1717.205576] dump_stack+0x107/0x167 [ 1717.205909] should_fail.cold+0x5/0xa [ 1717.206253] ? create_object.isra.0+0x3a/0xa20 [ 1717.206666] should_failslab+0x5/0x20 [ 1717.207012] kmem_cache_alloc+0x5b/0x310 [ 1717.207392] ? mark_held_locks+0x9e/0xe0 [ 1717.207776] create_object.isra.0+0x3a/0xa20 [ 1717.208175] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1717.208638] kmem_cache_alloc_bulk+0x168/0x320 [ 1717.209060] io_submit_sqes+0x6fe6/0x8610 [ 1717.209436] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1717.209895] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.210344] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.210791] ? lock_downgrade+0x6d0/0x6d0 [ 1717.211162] ? find_held_lock+0x2c/0x110 [ 1717.211539] ? io_submit_sqes+0x8610/0x8610 [ 1717.211938] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1717.212368] ? wait_for_completion_io+0x270/0x270 [ 1717.212804] ? rcu_read_lock_any_held+0x75/0xa0 [ 1717.213218] ? vfs_write+0x354/0xb10 [ 1717.213554] ? fput_many+0x2f/0x1a0 [ 1717.213886] ? ksys_write+0x1a9/0x260 [ 1717.214229] ? __ia32_sys_read+0xb0/0xb0 [ 1717.214598] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1717.215072] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1717.215541] do_syscall_64+0x33/0x40 [ 1717.215898] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1717.216352] RIP: 0033:0x7f8c2e1fdb19 [ 1717.216687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1717.218416] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1717.219094] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1717.223763] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1717.224360] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1717.224995] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1717.225659] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1717.243180] FAULT_INJECTION: forcing a failure. [ 1717.243180] name failslab, interval 1, probability 0, space 0, times 0 [ 1717.245559] CPU: 1 PID: 10709 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1717.246755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1717.248584] Call Trace: [ 1717.249088] dump_stack+0x107/0x167 [ 1717.249781] should_fail.cold+0x5/0xa [ 1717.250510] ? create_object.isra.0+0x3a/0xa20 [ 1717.251439] should_failslab+0x5/0x20 [ 1717.252190] kmem_cache_alloc+0x5b/0x310 [ 1717.252978] ? mark_held_locks+0x9e/0xe0 [ 1717.253766] create_object.isra.0+0x3a/0xa20 [ 1717.254615] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1717.255383] kmem_cache_alloc_bulk+0x168/0x320 [ 1717.255826] io_submit_sqes+0x6fe6/0x8610 [ 1717.256242] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.256712] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1717.257166] ? lock_downgrade+0x6d0/0x6d0 [ 1717.257544] ? find_held_lock+0x2c/0x110 [ 1717.257920] ? io_submit_sqes+0x8610/0x8610 [ 1717.258329] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1717.258791] ? wait_for_completion_io+0x270/0x270 [ 1717.259369] ? rcu_read_lock_any_held+0x75/0xa0 [ 1717.260281] ? vfs_write+0x354/0xb10 [ 1717.261020] ? fput_many+0x2f/0x1a0 [ 1717.261730] ? ksys_write+0x1a9/0x260 [ 1717.262438] ? __ia32_sys_read+0xb0/0xb0 [ 1717.263210] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1717.263696] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1717.264176] do_syscall_64+0x33/0x40 [ 1717.264520] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1717.264986] RIP: 0033:0x7f6110e13b19 [ 1717.265330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1717.266956] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1717.268465] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1717.270092] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1717.271792] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1717.273411] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1717.275094] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:19:48 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:48 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 42) 02:19:48 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 8) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:19:48 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff) 02:19:48 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 48) 02:19:48 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 52) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1730.449970] FAULT_INJECTION: forcing a failure. [ 1730.449970] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.450983] CPU: 1 PID: 10725 Comm: syz-executor.3 Not tainted 5.10.226 #1 02:19:48 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:19:48 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 50) [ 1730.451564] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.453794] FAULT_INJECTION: forcing a failure. [ 1730.453794] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.460281] Call Trace: [ 1730.460303] dump_stack+0x107/0x167 [ 1730.460317] should_fail.cold+0x5/0xa [ 1730.460333] ? create_object.isra.0+0x3a/0xa20 [ 1730.460349] should_failslab+0x5/0x20 [ 1730.460363] kmem_cache_alloc+0x5b/0x310 [ 1730.460377] ? mark_held_locks+0x9e/0xe0 [ 1730.460397] create_object.isra.0+0x3a/0xa20 [ 1730.463822] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.464257] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.464656] io_submit_sqes+0x6fe6/0x8610 [ 1730.465025] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.465446] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.465860] ? lock_downgrade+0x6d0/0x6d0 [ 1730.466209] ? find_held_lock+0x2c/0x110 [ 1730.466563] ? io_submit_sqes+0x8610/0x8610 [ 1730.466935] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.467343] ? wait_for_completion_io+0x270/0x270 [ 1730.467767] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.468163] ? vfs_write+0x354/0xb10 [ 1730.468482] ? fput_many+0x2f/0x1a0 [ 1730.468794] ? ksys_write+0x1a9/0x260 [ 1730.469116] ? __ia32_sys_read+0xb0/0xb0 [ 1730.469463] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.469908] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.470342] do_syscall_64+0x33/0x40 [ 1730.470664] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.471095] RIP: 0033:0x7fe637263b19 [ 1730.471412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.472968] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.473613] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1730.474207] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1730.474809] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.475403] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1730.476020] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1730.479614] FAULT_INJECTION: forcing a failure. [ 1730.479614] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.479895] CPU: 0 PID: 10726 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1730.481107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.481751] Call Trace: [ 1730.481970] dump_stack+0x107/0x167 [ 1730.482260] should_fail.cold+0x5/0xa [ 1730.482569] ? create_object.isra.0+0x3a/0xa20 [ 1730.482933] should_failslab+0x5/0x20 [ 1730.483237] kmem_cache_alloc+0x5b/0x310 [ 1730.483566] create_object.isra.0+0x3a/0xa20 [ 1730.483956] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.484375] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.484760] io_submit_sqes+0x6fe6/0x8610 [ 1730.485107] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.485500] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.485891] ? lock_downgrade+0x6d0/0x6d0 [ 1730.486216] ? find_held_lock+0x2c/0x110 [ 1730.486544] ? io_submit_sqes+0x8610/0x8610 [ 1730.486892] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.487275] ? wait_for_completion_io+0x270/0x270 [ 1730.487660] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.488060] ? vfs_write+0x354/0xb10 [ 1730.488357] ? fput_many+0x2f/0x1a0 [ 1730.488646] ? ksys_write+0x1a9/0x260 [ 1730.488947] ? __ia32_sys_read+0xb0/0xb0 [ 1730.489270] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.489681] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.490086] do_syscall_64+0x33/0x40 [ 1730.490381] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.490781] RIP: 0033:0x7f1a7fffbb19 [ 1730.491077] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.492516] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.493113] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1730.493672] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1730.494228] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.494787] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1730.495343] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1730.495939] CPU: 1 PID: 10729 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1730.496553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.497249] Call Trace: [ 1730.497476] dump_stack+0x107/0x167 [ 1730.497786] should_fail.cold+0x5/0xa [ 1730.498110] ? create_object.isra.0+0x3a/0xa20 [ 1730.498507] should_failslab+0x5/0x20 [ 1730.498830] kmem_cache_alloc+0x5b/0x310 [ 1730.499173] ? mark_held_locks+0x9e/0xe0 [ 1730.499522] create_object.isra.0+0x3a/0xa20 [ 1730.499913] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.500343] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.500734] io_submit_sqes+0x6fe6/0x8610 [ 1730.501103] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.501524] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.501932] ? lock_downgrade+0x6d0/0x6d0 [ 1730.502282] ? find_held_lock+0x2c/0x110 [ 1730.502630] ? io_submit_sqes+0x8610/0x8610 [ 1730.503002] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.503412] ? wait_for_completion_io+0x270/0x270 [ 1730.503839] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.504229] ? vfs_write+0x354/0xb10 [ 1730.504546] ? fput_many+0x2f/0x1a0 [ 1730.504855] ? ksys_write+0x1a9/0x260 [ 1730.505177] ? __ia32_sys_read+0xb0/0xb0 [ 1730.505524] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.505965] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.506399] do_syscall_64+0x33/0x40 [ 1730.506714] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.507144] RIP: 0033:0x7f6110e13b19 [ 1730.507459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.509011] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.509650] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1730.510249] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1730.510865] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.511466] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1730.512079] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1730.522119] FAULT_INJECTION: forcing a failure. [ 1730.522119] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.523082] CPU: 0 PID: 10722 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1730.523635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.524316] Call Trace: [ 1730.524537] dump_stack+0x107/0x167 [ 1730.524827] should_fail.cold+0x5/0xa [ 1730.525131] ? create_object.isra.0+0x3a/0xa20 [ 1730.525495] should_failslab+0x5/0x20 [ 1730.525797] kmem_cache_alloc+0x5b/0x310 [ 1730.526123] create_object.isra.0+0x3a/0xa20 [ 1730.526473] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.526885] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1730.527287] ? alloc_skb_with_frags+0x92/0x570 [ 1730.527657] __alloc_skb+0xb1/0x5b0 [ 1730.527964] alloc_skb_with_frags+0x92/0x570 [ 1730.528313] ? trace_hardirqs_on+0x5b/0x180 [ 1730.528663] ? kmem_cache_free+0xa7/0x2d0 [ 1730.528995] sock_alloc_send_pskb+0x7af/0x930 [ 1730.529356] ? sk_alloc+0x350/0x350 [ 1730.529655] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1730.530066] ? trace_hardirqs_on+0x5b/0x180 [ 1730.530407] ? __dev_queue_xmit+0xe4e/0x2710 [ 1730.530759] ? __local_bh_enable_ip+0x9d/0x100 [ 1730.531129] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1730.531537] ? ip6_mtu+0x1bb/0x3d0 [ 1730.535850] ? lock_downgrade+0x6d0/0x6d0 [ 1730.536181] ? ip_frag_init+0x350/0x350 [ 1730.536505] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1730.536871] ? ip6_mtu+0x1e9/0x3d0 [ 1730.537156] ? ip6_setup_cork+0xfb7/0x1740 [ 1730.537493] ip6_make_skb+0x2de/0x4e0 [ 1730.537793] ? ip_frag_init+0x350/0x350 [ 1730.538112] ? ip_frag_init+0x350/0x350 [ 1730.538428] ? ip6_push_pending_frames+0xf0/0xf0 [ 1730.538810] ? ip6_dst_check+0x389/0x8d0 [ 1730.539132] ? sk_dst_check+0x235/0x4c0 [ 1730.539455] udpv6_sendmsg+0x20d3/0x2ad0 [ 1730.539804] ? ip_frag_init+0x350/0x350 [ 1730.540130] ? udp_v6_push_pending_frames+0x360/0x360 [ 1730.540546] ? perf_event_task_disable+0x390/0x390 [ 1730.540936] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1730.541323] ? lock_acquire+0x197/0x470 [ 1730.541638] ? find_held_lock+0x2c/0x110 [ 1730.541967] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1730.542394] ? sock_has_perm+0x1ea/0x280 [ 1730.542731] ? __import_iovec+0x458/0x590 [ 1730.543060] ? udp_v6_push_pending_frames+0x360/0x360 [ 1730.543469] inet6_sendmsg+0x105/0x140 [ 1730.543793] ? inet6_compat_ioctl+0x320/0x320 [ 1730.544151] __sock_sendmsg+0xf2/0x190 [ 1730.544463] ____sys_sendmsg+0x334/0x870 [ 1730.544787] ? sock_write_iter+0x3d0/0x3d0 [ 1730.545122] ? do_recvmmsg+0x6d0/0x6d0 [ 1730.545433] ? __lock_acquire+0x1657/0x5b00 [ 1730.545785] ___sys_sendmsg+0xf3/0x170 [ 1730.546096] ? sendmsg_copy_msghdr+0x160/0x160 [ 1730.546461] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.546876] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1730.547228] ? trace_hardirqs_on+0x5b/0x180 [ 1730.547576] ? lock_acquire+0x197/0x470 [ 1730.547920] ? find_held_lock+0x2c/0x110 [ 1730.548246] ? __might_fault+0xd3/0x180 [ 1730.548563] ? lock_downgrade+0x6d0/0x6d0 [ 1730.548894] ? io_schedule_timeout+0x140/0x140 [ 1730.549265] __sys_sendmmsg+0x195/0x470 [ 1730.549586] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1730.549930] ? lock_downgrade+0x6d0/0x6d0 [ 1730.550269] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.550653] ? wait_for_completion_io+0x270/0x270 [ 1730.551039] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.551405] ? vfs_write+0x354/0xb10 [ 1730.551702] ? fput_many+0x2f/0x1a0 [ 1730.552009] ? ksys_write+0x1a9/0x260 [ 1730.552312] ? __ia32_sys_read+0xb0/0xb0 [ 1730.552640] __x64_sys_sendmmsg+0x99/0x100 [ 1730.552975] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.553380] do_syscall_64+0x33/0x40 [ 1730.553677] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.554080] RIP: 0033:0x7f862c37fb19 [ 1730.554377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.555824] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1730.556422] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1730.556985] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1730.557545] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.558103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1730.558673] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:19:48 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 53) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1730.568030] FAULT_INJECTION: forcing a failure. [ 1730.568030] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.568997] CPU: 0 PID: 10737 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1730.569553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.570210] Call Trace: [ 1730.570430] dump_stack+0x107/0x167 [ 1730.570726] should_fail.cold+0x5/0xa [ 1730.571034] ? create_object.isra.0+0x3a/0xa20 [ 1730.571403] should_failslab+0x5/0x20 [ 1730.571719] kmem_cache_alloc+0x5b/0x310 [ 1730.572057] ? mark_held_locks+0x9e/0xe0 [ 1730.572387] create_object.isra.0+0x3a/0xa20 [ 1730.572743] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.573152] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.573528] io_submit_sqes+0x6fe6/0x8610 [ 1730.573865] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1730.574266] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.574668] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.575058] ? lock_downgrade+0x6d0/0x6d0 [ 1730.575390] ? find_held_lock+0x2c/0x110 [ 1730.575734] ? io_submit_sqes+0x8610/0x8610 [ 1730.576107] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.576491] ? wait_for_completion_io+0x270/0x270 [ 1730.576873] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.577241] ? vfs_write+0x354/0xb10 [ 1730.577538] ? fput_many+0x2f/0x1a0 [ 1730.577828] ? ksys_write+0x1a9/0x260 [ 1730.578133] ? __ia32_sys_read+0xb0/0xb0 [ 1730.578458] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.578873] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.579283] do_syscall_64+0x33/0x40 [ 1730.579579] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.580003] RIP: 0033:0x7f8c2e1fdb19 [ 1730.580300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.581735] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.582334] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1730.582892] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1730.583452] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.584039] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1730.584603] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:19:48 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 51) [ 1730.607559] FAULT_INJECTION: forcing a failure. [ 1730.607559] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.608622] CPU: 1 PID: 10741 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1730.609202] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.609901] Call Trace: [ 1730.610135] dump_stack+0x107/0x167 [ 1730.610450] should_fail.cold+0x5/0xa [ 1730.610782] ? create_object.isra.0+0x3a/0xa20 [ 1730.611173] should_failslab+0x5/0x20 [ 1730.611503] kmem_cache_alloc+0x5b/0x310 [ 1730.611871] ? mark_held_locks+0x9e/0xe0 [ 1730.612219] create_object.isra.0+0x3a/0xa20 [ 1730.612598] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.613035] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.613432] io_submit_sqes+0x6fe6/0x8610 [ 1730.613807] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.614230] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.614647] ? lock_downgrade+0x6d0/0x6d0 [ 1730.615001] ? find_held_lock+0x2c/0x110 [ 1730.615353] ? io_submit_sqes+0x8610/0x8610 [ 1730.615737] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.616159] ? wait_for_completion_io+0x270/0x270 [ 1730.616572] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.616969] ? vfs_write+0x354/0xb10 [ 1730.617289] ? fput_many+0x2f/0x1a0 [ 1730.617603] ? ksys_write+0x1a9/0x260 [ 1730.617931] ? __ia32_sys_read+0xb0/0xb0 [ 1730.618279] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.618724] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.619168] do_syscall_64+0x33/0x40 [ 1730.619485] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.619936] RIP: 0033:0x7fe637263b19 [ 1730.620256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.621797] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.622441] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1730.623043] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1730.623644] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.624264] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1730.624864] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:19:49 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1730.676151] FAULT_INJECTION: forcing a failure. [ 1730.676151] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.677182] CPU: 0 PID: 10747 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1730.677740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.678396] Call Trace: [ 1730.678622] dump_stack+0x107/0x167 [ 1730.678915] should_fail.cold+0x5/0xa [ 1730.679225] ? create_object.isra.0+0x3a/0xa20 [ 1730.679598] should_failslab+0x5/0x20 [ 1730.679921] kmem_cache_alloc+0x5b/0x310 [ 1730.680251] ? mark_held_locks+0x9e/0xe0 [ 1730.680580] create_object.isra.0+0x3a/0xa20 [ 1730.680932] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.681341] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.681712] io_submit_sqes+0x6fe6/0x8610 [ 1730.682062] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.682461] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.682849] ? lock_downgrade+0x6d0/0x6d0 [ 1730.683178] ? find_held_lock+0x2c/0x110 [ 1730.683509] ? io_submit_sqes+0x8610/0x8610 [ 1730.683882] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.684271] ? wait_for_completion_io+0x270/0x270 [ 1730.684660] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.685030] ? vfs_write+0x354/0xb10 [ 1730.685330] ? fput_many+0x2f/0x1a0 [ 1730.685625] ? ksys_write+0x1a9/0x260 [ 1730.685933] ? __ia32_sys_read+0xb0/0xb0 [ 1730.686263] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.686682] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.687102] do_syscall_64+0x33/0x40 [ 1730.687402] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.691837] RIP: 0033:0x7f6110e13b19 [ 1730.692136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.693568] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.694168] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1730.694731] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1730.695288] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.696000] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1730.696558] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:19:49 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0x0, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:49 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:19:49 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 9) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:19:49 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 54) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:19:49 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffe4) 02:19:49 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 49) [ 1730.834021] FAULT_INJECTION: forcing a failure. [ 1730.834021] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.835162] CPU: 1 PID: 10764 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1730.835798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.836513] Call Trace: [ 1730.836766] dump_stack+0x107/0x167 [ 1730.837109] should_fail.cold+0x5/0xa [ 1730.837467] ? create_object.isra.0+0x3a/0xa20 [ 1730.837892] should_failslab+0x5/0x20 [ 1730.838245] kmem_cache_alloc+0x5b/0x310 [ 1730.838625] create_object.isra.0+0x3a/0xa20 [ 1730.839029] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.839498] __kmalloc_node+0x1ae/0x420 [ 1730.839880] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1730.840340] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1730.840802] kmem_cache_alloc_bulk+0x182/0x320 [ 1730.841227] io_submit_sqes+0x6fe6/0x8610 [ 1730.841633] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.842081] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.842527] ? lock_downgrade+0x6d0/0x6d0 [ 1730.842908] ? find_held_lock+0x2c/0x110 [ 1730.843290] ? io_submit_sqes+0x8610/0x8610 [ 1730.843698] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.844171] ? wait_for_completion_io+0x270/0x270 [ 1730.844616] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.845032] ? vfs_write+0x354/0xb10 [ 1730.845371] ? fput_many+0x2f/0x1a0 [ 1730.845710] ? ksys_write+0x1a9/0x260 [ 1730.846065] ? __ia32_sys_read+0xb0/0xb0 [ 1730.846442] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.846912] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.847380] do_syscall_64+0x33/0x40 [ 1730.847735] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.848218] RIP: 0033:0x7fe637263b19 [ 1730.848571] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.850190] RSP: 002b:00007fe6347d9188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.850874] RAX: ffffffffffffffda RBX: 00007fe637376f60 RCX: 00007fe637263b19 [ 1730.851521] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1730.852197] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.852855] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1730.853510] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 [ 1730.868214] FAULT_INJECTION: forcing a failure. [ 1730.868214] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.869440] CPU: 0 PID: 10765 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1730.870135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.870980] Call Trace: [ 1730.871254] dump_stack+0x107/0x167 [ 1730.871598] should_fail.cold+0x5/0xa [ 1730.871980] ? create_object.isra.0+0x3a/0xa20 [ 1730.872407] should_failslab+0x5/0x20 [ 1730.872764] kmem_cache_alloc+0x5b/0x310 [ 1730.873147] ? mark_held_locks+0x9e/0xe0 [ 1730.873526] create_object.isra.0+0x3a/0xa20 [ 1730.873937] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.874463] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.874926] io_submit_sqes+0x6fe6/0x8610 [ 1730.875321] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1730.875798] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.876257] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.876710] ? lock_downgrade+0x6d0/0x6d0 [ 1730.877099] ? find_held_lock+0x2c/0x110 [ 1730.877484] ? io_submit_sqes+0x8610/0x8610 [ 1730.877901] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.878359] ? wait_for_completion_io+0x270/0x270 [ 1730.878816] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.879250] ? vfs_write+0x354/0xb10 [ 1730.879603] ? fput_many+0x2f/0x1a0 [ 1730.879969] ? ksys_write+0x1a9/0x260 [ 1730.880327] ? __ia32_sys_read+0xb0/0xb0 [ 1730.880714] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.881207] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.881695] do_syscall_64+0x33/0x40 [ 1730.882052] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.882521] RIP: 0033:0x7f8c2e1fdb19 [ 1730.882879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.884552] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.885249] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1730.885902] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1730.886557] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.887200] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 1730.887857] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1730.923328] FAULT_INJECTION: forcing a failure. [ 1730.923328] name failslab, interval 1, probability 0, space 0, times 0 [ 1730.925102] CPU: 1 PID: 10773 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1730.925729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1730.926474] Call Trace: [ 1730.926729] dump_stack+0x107/0x167 [ 1730.927067] should_fail.cold+0x5/0xa [ 1730.927427] ? create_object.isra.0+0x3a/0xa20 [ 1730.927870] should_failslab+0x5/0x20 [ 1730.928221] kmem_cache_alloc+0x5b/0x310 [ 1730.928604] ? mark_held_locks+0x9e/0xe0 [ 1730.928979] create_object.isra.0+0x3a/0xa20 [ 1730.929393] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1730.929862] kmem_cache_alloc_bulk+0x168/0x320 [ 1730.930286] io_submit_sqes+0x6fe6/0x8610 [ 1730.930699] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.931153] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1730.931597] ? lock_downgrade+0x6d0/0x6d0 [ 1730.931997] ? find_held_lock+0x2c/0x110 [ 1730.932378] ? io_submit_sqes+0x8610/0x8610 [ 1730.932799] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1730.933241] ? wait_for_completion_io+0x270/0x270 [ 1730.933681] ? rcu_read_lock_any_held+0x75/0xa0 [ 1730.934098] ? vfs_write+0x354/0xb10 [ 1730.934433] ? fput_many+0x2f/0x1a0 [ 1730.934775] ? ksys_write+0x1a9/0x260 [ 1730.935127] ? __ia32_sys_read+0xb0/0xb0 [ 1730.935493] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1730.935948] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1730.936419] do_syscall_64+0x33/0x40 [ 1730.936773] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1730.937247] RIP: 0033:0x7f1a7fffbb19 [ 1730.937589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1730.939223] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1730.939934] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1730.940575] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1730.941222] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1730.941873] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1730.942524] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:20:02 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 52) 02:20:02 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 43) 02:20:02 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 50) 02:20:02 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:20:02 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 55) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:20:02 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:02 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 10) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:20:02 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfffffffe) [ 1744.528864] FAULT_INJECTION: forcing a failure. [ 1744.528864] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.530030] CPU: 1 PID: 10790 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1744.530627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.531316] Call Trace: [ 1744.531559] dump_stack+0x107/0x167 [ 1744.531878] should_fail.cold+0x5/0xa [ 1744.532211] ? create_io_worker+0xe8/0x690 [ 1744.532587] should_failslab+0x5/0x20 [ 1744.532913] kmem_cache_alloc_node_trace+0x59/0x340 [ 1744.533337] create_io_worker+0xe8/0x690 [ 1744.533696] io_wqe_enqueue+0x69e/0xbe0 [ 1744.534035] ? create_worker_cb+0x260/0x260 [ 1744.534402] ? io_prep_async_work+0x340/0x550 [ 1744.534799] io_queue_async_work+0x26b/0x4f0 [ 1744.535175] __io_queue_sqe+0x5cc/0x9d0 [ 1744.535516] ? io_issue_sqe+0x77b0/0x77b0 [ 1744.535885] ? __fget_files+0x2f8/0x520 [ 1744.536256] io_submit_sqes+0x44aa/0x8610 [ 1744.536643] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.537079] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.537490] ? lock_downgrade+0x6d0/0x6d0 [ 1744.537849] ? find_held_lock+0x2c/0x110 [ 1744.538198] ? io_submit_sqes+0x8610/0x8610 [ 1744.538572] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.538994] ? wait_for_completion_io+0x270/0x270 [ 1744.539405] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.539801] ? vfs_write+0x354/0xb10 [ 1744.540165] ? fput_many+0x2f/0x1a0 [ 1744.540480] ? ksys_write+0x1a9/0x260 [ 1744.540810] ? __ia32_sys_read+0xb0/0xb0 [ 1744.541177] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.541623] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.542073] do_syscall_64+0x33/0x40 [ 1744.542394] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.542838] RIP: 0033:0x7f8c2e1fdb19 [ 1744.543166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.544735] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1744.545388] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1744.545989] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1744.546610] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.547219] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1744.547834] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1744.551313] FAULT_INJECTION: forcing a failure. [ 1744.551313] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.552408] CPU: 1 PID: 10792 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1744.553007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.553717] Call Trace: [ 1744.553944] dump_stack+0x107/0x167 [ 1744.554258] should_fail.cold+0x5/0xa [ 1744.554598] ? create_object.isra.0+0x3a/0xa20 [ 1744.555006] should_failslab+0x5/0x20 [ 1744.555334] kmem_cache_alloc+0x5b/0x310 [ 1744.555683] ? mark_held_locks+0x9e/0xe0 [ 1744.556060] create_object.isra.0+0x3a/0xa20 [ 1744.556436] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1744.556884] kmem_cache_alloc_bulk+0x168/0x320 [ 1744.557277] io_submit_sqes+0x6fe6/0x8610 [ 1744.557657] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.558091] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.558504] ? lock_downgrade+0x6d0/0x6d0 [ 1744.558854] ? find_held_lock+0x2c/0x110 [ 1744.559217] ? io_submit_sqes+0x8610/0x8610 [ 1744.559590] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.560030] ? wait_for_completion_io+0x270/0x270 [ 1744.560446] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.560845] ? vfs_write+0x354/0xb10 [ 1744.561172] ? fput_many+0x2f/0x1a0 [ 1744.561485] ? ksys_write+0x1a9/0x260 [ 1744.561812] ? __ia32_sys_read+0xb0/0xb0 [ 1744.562171] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.562621] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.563060] do_syscall_64+0x33/0x40 [ 1744.563387] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.563826] RIP: 0033:0x7f1a7fffbb19 [ 1744.564157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.565728] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1744.566380] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1744.566987] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1744.567604] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.568230] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1744.568842] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1744.572072] FAULT_INJECTION: forcing a failure. [ 1744.572072] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.573209] CPU: 0 PID: 10788 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1744.573871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.574658] Call Trace: [ 1744.574905] dump_stack+0x107/0x167 [ 1744.575233] should_fail.cold+0x5/0xa [ 1744.575663] ? create_object.isra.0+0x3a/0xa20 [ 1744.576099] should_failslab+0x5/0x20 [ 1744.576548] kmem_cache_alloc+0x5b/0x310 [ 1744.576918] create_object.isra.0+0x3a/0xa20 [ 1744.577309] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1744.577932] kmem_cache_alloc+0x159/0x310 [ 1744.578319] skb_clone+0x14f/0x3d0 [ 1744.578697] ip6_finish_output2+0x1225/0x1fe0 [ 1744.579107] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1744.579609] ip6_output+0x3b8/0x7e0 [ 1744.579967] ip6_local_out+0xb4/0x1a0 [ 1744.580311] ip6_send_skb+0x112/0x460 [ 1744.580733] udp_v6_send_skb+0x7aa/0x15b0 [ 1744.581117] udpv6_sendmsg+0x2116/0x2ad0 [ 1744.581540] ? ip_frag_init+0x350/0x350 [ 1744.581906] ? udp_v6_push_pending_frames+0x360/0x360 [ 1744.582440] ? lock_acquire+0x197/0x470 [ 1744.582801] ? find_held_lock+0x2c/0x110 [ 1744.583181] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.583702] ? sock_has_perm+0x1ea/0x280 [ 1744.584112] ? __import_iovec+0x458/0x590 [ 1744.584567] ? udp_v6_push_pending_frames+0x360/0x360 [ 1744.585036] inet6_sendmsg+0x105/0x140 [ 1744.585442] ? inet6_compat_ioctl+0x320/0x320 [ 1744.585842] __sock_sendmsg+0xf2/0x190 [ 1744.586190] ____sys_sendmsg+0x334/0x870 [ 1744.586623] ? sock_write_iter+0x3d0/0x3d0 [ 1744.587003] ? do_recvmmsg+0x6d0/0x6d0 [ 1744.587419] ? __lock_acquire+0x1657/0x5b00 [ 1744.587824] ___sys_sendmsg+0xf3/0x170 [ 1744.588194] ? sendmsg_copy_msghdr+0x160/0x160 [ 1744.588682] ? __fget_files+0x2cf/0x520 [ 1744.589046] ? lock_acquire+0x197/0x470 [ 1744.589459] ? find_held_lock+0x2c/0x110 [ 1744.589828] ? __might_fault+0xd3/0x180 [ 1744.590183] ? lock_downgrade+0x6d0/0x6d0 [ 1744.590624] __sys_sendmmsg+0x195/0x470 [ 1744.590989] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1744.591439] ? lock_downgrade+0x6d0/0x6d0 [ 1744.591834] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.592298] ? wait_for_completion_io+0x270/0x270 [ 1744.592814] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.593234] ? vfs_write+0x354/0xb10 [ 1744.593625] ? fput_many+0x2f/0x1a0 [ 1744.593959] ? ksys_write+0x1a9/0x260 [ 1744.594310] ? __ia32_sys_read+0xb0/0xb0 [ 1744.594738] __x64_sys_sendmmsg+0x99/0x100 [ 1744.595124] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.599848] do_syscall_64+0x33/0x40 [ 1744.600201] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.600748] RIP: 0033:0x7f862c37fb19 [ 1744.601093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.602817] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1744.603557] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1744.604210] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1744.604900] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.605616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1744.606261] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1744.616993] FAULT_INJECTION: forcing a failure. [ 1744.616993] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.618013] CPU: 1 PID: 10797 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1744.618603] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.619312] Call Trace: [ 1744.619546] dump_stack+0x107/0x167 [ 1744.619860] should_fail.cold+0x5/0xa [ 1744.620214] ? create_object.isra.0+0x3a/0xa20 [ 1744.620605] should_failslab+0x5/0x20 [ 1744.620697] FAULT_INJECTION: forcing a failure. [ 1744.620697] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1744.620934] kmem_cache_alloc+0x5b/0x310 [ 1744.620949] ? mark_held_locks+0x9e/0xe0 [ 1744.620964] create_object.isra.0+0x3a/0xa20 [ 1744.620978] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1744.620997] kmem_cache_alloc_bulk+0x168/0x320 [ 1744.621015] io_submit_sqes+0x6fe6/0x8610 [ 1744.624436] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.624866] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.625278] ? lock_downgrade+0x6d0/0x6d0 [ 1744.625646] ? find_held_lock+0x2c/0x110 [ 1744.625995] ? io_submit_sqes+0x8610/0x8610 [ 1744.626369] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.626799] ? wait_for_completion_io+0x270/0x270 [ 1744.627211] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.627620] ? vfs_write+0x354/0xb10 [ 1744.627954] ? fput_many+0x2f/0x1a0 [ 1744.628266] ? ksys_write+0x1a9/0x260 [ 1744.628608] ? __ia32_sys_read+0xb0/0xb0 [ 1744.628958] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.629402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.629856] do_syscall_64+0x33/0x40 [ 1744.630173] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.630611] RIP: 0033:0x7f6110e13b19 [ 1744.630939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.632511] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1744.633163] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1744.633772] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1744.634381] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.634993] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1744.635597] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1744.636241] CPU: 0 PID: 10798 Comm: syz-executor.3 Not tainted 5.10.226 #1 [ 1744.636925] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.637732] Call Trace: [ 1744.637979] dump_stack+0x107/0x167 [ 1744.638312] should_fail.cold+0x5/0xa [ 1744.638716] _copy_to_user+0x2e/0x180 [ 1744.639069] simple_read_from_buffer+0xcc/0x160 [ 1744.639543] proc_fail_nth_read+0x198/0x230 [ 1744.639958] ? proc_sessionid_read+0x230/0x230 [ 1744.640433] ? security_file_permission+0xb1/0xe0 [ 1744.640873] ? proc_sessionid_read+0x230/0x230 [ 1744.641285] vfs_read+0x228/0x620 [ 1744.641686] ksys_read+0x12d/0x260 [ 1744.642010] ? vfs_write+0xb10/0xb10 [ 1744.642399] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.642876] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.643387] do_syscall_64+0x33/0x40 [ 1744.643734] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.644210] RIP: 0033:0x7fe63721669c [ 1744.644612] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1744.646301] RSP: 002b:00007fe6347d9170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1744.647032] RAX: ffffffffffffffda RBX: 000000000000030e RCX: 00007fe63721669c [ 1744.647714] RDX: 000000000000000f RSI: 00007fe6347d91e0 RDI: 0000000000000005 [ 1744.648416] RBP: 00007fe6347d91d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.649048] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1744.649760] R13: 00007ffc872ac01f R14: 00007fe6347d9300 R15: 0000000000022000 02:20:03 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 51) 02:20:03 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 11) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1744.691764] FAULT_INJECTION: forcing a failure. [ 1744.691764] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.696765] CPU: 1 PID: 10812 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1744.697341] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.698041] Call Trace: [ 1744.698272] dump_stack+0x107/0x167 [ 1744.698599] should_fail.cold+0x5/0xa [ 1744.698926] ? create_object.isra.0+0x3a/0xa20 [ 1744.699313] should_failslab+0x5/0x20 [ 1744.699652] kmem_cache_alloc+0x5b/0x310 [ 1744.704022] ? mark_held_locks+0x9e/0xe0 [ 1744.704368] create_object.isra.0+0x3a/0xa20 [ 1744.704737] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1744.705182] kmem_cache_alloc_bulk+0x168/0x320 [ 1744.705582] io_submit_sqes+0x6fe6/0x8610 [ 1744.705967] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.706384] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.706793] ? lock_downgrade+0x6d0/0x6d0 [ 1744.707154] ? find_held_lock+0x2c/0x110 [ 1744.707502] ? io_submit_sqes+0x8610/0x8610 [ 1744.707882] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.708311] ? wait_for_completion_io+0x270/0x270 [ 1744.708722] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.709127] ? vfs_write+0x354/0xb10 [ 1744.709452] ? fput_many+0x2f/0x1a0 [ 1744.709759] ? ksys_write+0x1a9/0x260 [ 1744.710083] ? __ia32_sys_read+0xb0/0xb0 [ 1744.710440] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.710879] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.711326] do_syscall_64+0x33/0x40 [ 1744.711642] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.712083] RIP: 0033:0x7f1a7fffbb19 [ 1744.712411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.713940] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1744.714588] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1744.715179] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1744.715786] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.716387] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1744.716989] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:20:03 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:03 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 53) [ 1744.785951] FAULT_INJECTION: forcing a failure. [ 1744.785951] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.787043] CPU: 1 PID: 10818 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1744.787625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.788332] Call Trace: [ 1744.788564] dump_stack+0x107/0x167 [ 1744.788887] should_fail.cold+0x5/0xa [ 1744.789212] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1744.789653] should_failslab+0x5/0x20 [ 1744.789987] __kmalloc_node+0x76/0x420 [ 1744.790320] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1744.790747] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1744.791184] kmem_cache_alloc_bulk+0x182/0x320 [ 1744.791574] io_submit_sqes+0x6fe6/0x8610 [ 1744.791948] ? percpu_ref_tryget_many+0x166/0x2d0 [ 1744.792369] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.792786] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.793208] ? lock_downgrade+0x6d0/0x6d0 [ 1744.793556] ? find_held_lock+0x2c/0x110 [ 1744.793901] ? io_submit_sqes+0x8610/0x8610 [ 1744.794283] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.794692] ? wait_for_completion_io+0x270/0x270 [ 1744.795114] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.795505] ? vfs_write+0x354/0xb10 [ 1744.795822] ? fput_many+0x2f/0x1a0 [ 1744.796160] ? ksys_write+0x1a9/0x260 [ 1744.796484] ? __ia32_sys_read+0xb0/0xb0 [ 1744.796830] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.797286] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.797723] do_syscall_64+0x33/0x40 [ 1744.798038] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.798483] RIP: 0033:0x7f8c2e1fdb19 [ 1744.798800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.800344] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1744.800993] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1744.801600] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1744.802195] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.802804] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1744.803400] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1744.825924] FAULT_INJECTION: forcing a failure. [ 1744.825924] name failslab, interval 1, probability 0, space 0, times 0 [ 1744.827289] CPU: 0 PID: 10823 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1744.827947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1744.828703] Call Trace: [ 1744.828970] dump_stack+0x107/0x167 [ 1744.829307] should_fail.cold+0x5/0xa [ 1744.829656] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1744.830137] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1744.830618] should_failslab+0x5/0x20 [ 1744.830967] __kmalloc_node+0x76/0x420 [ 1744.831329] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1744.831793] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1744.832267] kmem_cache_alloc_bulk+0x182/0x320 [ 1744.832693] io_submit_sqes+0x6fe6/0x8610 [ 1744.833098] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.833551] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1744.833998] ? lock_downgrade+0x6d0/0x6d0 [ 1744.834375] ? find_held_lock+0x2c/0x110 [ 1744.834753] ? io_submit_sqes+0x8610/0x8610 [ 1744.835157] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1744.835601] ? wait_for_completion_io+0x270/0x270 [ 1744.836055] ? rcu_read_lock_any_held+0x75/0xa0 [ 1744.836477] ? vfs_write+0x354/0xb10 [ 1744.836819] ? fput_many+0x2f/0x1a0 [ 1744.837154] ? ksys_write+0x1a9/0x260 [ 1744.837503] ? __ia32_sys_read+0xb0/0xb0 [ 1744.837887] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1744.838360] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1744.838831] do_syscall_64+0x33/0x40 [ 1744.839173] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1744.839635] RIP: 0033:0x7f6110e13b19 [ 1744.839986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1744.841615] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1744.842300] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1744.842938] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1744.843577] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1744.844227] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1744.844863] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:20:16 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 44) 02:20:16 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 54) 02:20:16 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 52) 02:20:16 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:20:16 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x10000000000) 02:20:16 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:16 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 12) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:20:16 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1757.953913] FAULT_INJECTION: forcing a failure. [ 1757.953913] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.954978] CPU: 0 PID: 10842 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1757.955568] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1757.956280] Call Trace: [ 1757.956516] dump_stack+0x107/0x167 [ 1757.956824] should_fail.cold+0x5/0xa [ 1757.957147] ? copy_process+0x5d2/0x7800 [ 1757.957492] should_failslab+0x5/0x20 [ 1757.957814] kmem_cache_alloc_node+0x55/0x330 [ 1757.958192] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1757.958640] copy_process+0x5d2/0x7800 [ 1757.958970] ? stack_trace_save+0x8c/0xc0 [ 1757.959317] ? stack_trace_consume_entry+0x160/0x160 [ 1757.959750] ? kasan_save_stack+0x32/0x40 [ 1757.960109] ? kasan_save_stack+0x1b/0x40 [ 1757.960461] ? create_io_worker+0xe8/0x690 [ 1757.960821] ? io_wqe_enqueue+0x69e/0xbe0 [ 1757.961171] ? __cleanup_sighand+0xb0/0xb0 [ 1757.961339] FAULT_INJECTION: forcing a failure. [ 1757.961339] name failslab, interval 1, probability 0, space 0, times 0 [ 1757.961528] ? lock_acquire+0x197/0x470 [ 1757.961542] ? create_object.isra.0+0x3ad/0xa20 [ 1757.961565] ? lock_release+0x680/0x680 [ 1757.963599] ? find_held_lock+0x2c/0x110 [ 1757.963946] ? io_wqe_dec_running+0x220/0x220 [ 1757.964344] create_io_thread+0xb6/0xf0 [ 1757.964683] ? pidfd_pid+0x90/0x90 [ 1757.964987] ? mark_held_locks+0x9e/0xe0 [ 1757.965333] ? io_wqe_dec_running+0x220/0x220 [ 1757.965727] ? __init_swait_queue_head+0xc6/0x150 [ 1757.966140] create_io_worker+0x23a/0x690 [ 1757.966497] io_wqe_enqueue+0x69e/0xbe0 [ 1757.966839] ? create_worker_cb+0x260/0x260 [ 1757.967208] ? io_prep_async_work+0x340/0x550 [ 1757.967594] io_queue_async_work+0x26b/0x4f0 [ 1757.967971] __io_queue_sqe+0x5cc/0x9d0 [ 1757.968329] ? io_issue_sqe+0x77b0/0x77b0 [ 1757.968689] ? __fget_files+0x2f8/0x520 [ 1757.969037] io_submit_sqes+0x44aa/0x8610 [ 1757.969408] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1757.969831] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1757.970238] ? lock_downgrade+0x6d0/0x6d0 [ 1757.970592] ? find_held_lock+0x2c/0x110 [ 1757.970939] ? io_submit_sqes+0x8610/0x8610 [ 1757.971312] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1757.971726] ? wait_for_completion_io+0x270/0x270 [ 1757.972160] ? rcu_read_lock_any_held+0x75/0xa0 [ 1757.972553] ? vfs_write+0x354/0xb10 [ 1757.972869] ? fput_many+0x2f/0x1a0 [ 1757.973179] ? ksys_write+0x1a9/0x260 [ 1757.973502] ? __ia32_sys_read+0xb0/0xb0 [ 1757.973850] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1757.974289] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1757.974728] do_syscall_64+0x33/0x40 [ 1757.975043] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1757.975471] RIP: 0033:0x7f8c2e1fdb19 [ 1757.975790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1757.977347] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1757.977995] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1757.978597] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1757.979195] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1757.979797] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1757.980413] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1757.981044] CPU: 1 PID: 10836 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1757.981680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1757.982395] Call Trace: [ 1757.982643] dump_stack+0x107/0x167 [ 1757.982971] should_fail.cold+0x5/0xa [ 1757.983313] ? create_object.isra.0+0x3a/0xa20 [ 1757.983729] should_failslab+0x5/0x20 [ 1757.984087] kmem_cache_alloc+0x5b/0x310 [ 1757.984457] create_object.isra.0+0x3a/0xa20 [ 1757.984850] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1757.985300] kmem_cache_alloc+0x159/0x310 [ 1757.985679] skb_clone+0x14f/0x3d0 [ 1757.986004] ip6_finish_output2+0x1225/0x1fe0 [ 1757.986412] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1757.986867] ip6_output+0x3b8/0x7e0 [ 1757.987206] ip6_local_out+0xb4/0x1a0 [ 1757.987550] ip6_send_skb+0x112/0x460 [ 1757.987894] udp_v6_send_skb+0x7aa/0x15b0 [ 1757.988289] udpv6_sendmsg+0x2116/0x2ad0 [ 1757.988654] ? ip_frag_init+0x350/0x350 [ 1757.989017] ? udp_v6_push_pending_frames+0x360/0x360 [ 1757.989482] ? perf_event_task_disable+0x390/0x390 [ 1757.989920] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1757.990350] ? lock_acquire+0x197/0x470 [ 1757.990704] ? find_held_lock+0x2c/0x110 [ 1757.991073] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1757.991553] ? sock_has_perm+0x1ea/0x280 [ 1757.991943] ? __import_iovec+0x458/0x590 [ 1757.992334] ? udp_v6_push_pending_frames+0x360/0x360 [ 1757.992793] inet6_sendmsg+0x105/0x140 [ 1757.993141] ? inet6_compat_ioctl+0x320/0x320 [ 1757.993539] __sock_sendmsg+0xf2/0x190 [ 1757.993885] ____sys_sendmsg+0x334/0x870 [ 1757.994246] ? sock_write_iter+0x3d0/0x3d0 [ 1757.994628] ? do_recvmmsg+0x6d0/0x6d0 [ 1757.994983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1757.995447] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1757.995922] ? trace_hardirqs_on+0x5b/0x180 [ 1757.996325] ___sys_sendmsg+0xf3/0x170 [ 1757.996679] ? sendmsg_copy_msghdr+0x160/0x160 [ 1757.997089] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1757.997494] ? _raw_spin_unlock_irq+0x27/0x30 [ 1757.997898] ? finish_task_switch+0x1a4/0x5d0 [ 1757.998299] ? __switch_to+0x572/0xf70 [ 1757.998648] ? __switch_to_asm+0x3a/0x60 [ 1757.999009] ? __switch_to_asm+0x34/0x60 [ 1757.999379] ? __schedule+0x82c/0x1ea0 [ 1757.999740] ? io_schedule_timeout+0x140/0x140 [ 1758.000172] __sys_sendmmsg+0x195/0x470 [ 1758.000532] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1758.000915] ? lock_downgrade+0x6d0/0x6d0 [ 1758.001305] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.001746] ? wait_for_completion_io+0x270/0x270 [ 1758.002193] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.002606] ? vfs_write+0x354/0xb10 [ 1758.002944] ? fput_many+0x2f/0x1a0 [ 1758.003268] ? ksys_write+0x1a9/0x260 [ 1758.003612] ? __ia32_sys_read+0xb0/0xb0 [ 1758.003978] __x64_sys_sendmmsg+0x99/0x100 [ 1758.004368] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.004818] do_syscall_64+0x33/0x40 [ 1758.005148] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.005595] RIP: 0033:0x7f862c37fb19 [ 1758.005929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.007499] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1758.008180] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1758.008799] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1758.009419] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.010042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1758.010679] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1758.021107] FAULT_INJECTION: forcing a failure. [ 1758.021107] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.022192] CPU: 1 PID: 10845 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1758.022796] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.023512] Call Trace: [ 1758.023754] dump_stack+0x107/0x167 [ 1758.024094] should_fail.cold+0x5/0xa [ 1758.024438] ? create_object.isra.0+0x3a/0xa20 [ 1758.024846] should_failslab+0x5/0x20 [ 1758.025185] kmem_cache_alloc+0x5b/0x310 [ 1758.025548] ? mark_held_locks+0x9e/0xe0 [ 1758.025912] create_object.isra.0+0x3a/0xa20 [ 1758.026302] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.026756] kmem_cache_alloc_bulk+0x168/0x320 [ 1758.027170] io_submit_sqes+0x6fe6/0x8610 [ 1758.027566] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.028006] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.028457] ? lock_downgrade+0x6d0/0x6d0 [ 1758.028824] ? find_held_lock+0x2c/0x110 [ 1758.029189] ? io_submit_sqes+0x8610/0x8610 [ 1758.029590] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.030020] ? wait_for_completion_io+0x270/0x270 [ 1758.030454] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.030864] ? vfs_write+0x354/0xb10 [ 1758.031196] ? fput_many+0x2f/0x1a0 [ 1758.031524] ? ksys_write+0x1a9/0x260 [ 1758.031864] ? __ia32_sys_read+0xb0/0xb0 [ 1758.032239] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.032705] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.033164] do_syscall_64+0x33/0x40 [ 1758.033503] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.033955] RIP: 0033:0x7f1a7fffbb19 [ 1758.034287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.035888] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1758.036583] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1758.037208] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1758.037835] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.038461] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1758.039089] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1758.040626] FAULT_INJECTION: forcing a failure. [ 1758.040626] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.041634] CPU: 1 PID: 10849 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1758.042232] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.042952] Call Trace: [ 1758.043191] dump_stack+0x107/0x167 [ 1758.043521] should_fail.cold+0x5/0xa [ 1758.043862] ? create_object.isra.0+0x3a/0xa20 [ 1758.044287] should_failslab+0x5/0x20 [ 1758.044635] kmem_cache_alloc+0x5b/0x310 [ 1758.044995] ? mark_held_locks+0x9e/0xe0 [ 1758.045360] create_object.isra.0+0x3a/0xa20 [ 1758.045754] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.046219] kmem_cache_alloc_bulk+0x168/0x320 [ 1758.046649] io_submit_sqes+0x6fe6/0x8610 [ 1758.047053] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.047496] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.047928] ? lock_downgrade+0x6d0/0x6d0 [ 1758.048313] ? find_held_lock+0x2c/0x110 [ 1758.048683] ? io_submit_sqes+0x8610/0x8610 [ 1758.049076] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.049513] ? wait_for_completion_io+0x270/0x270 [ 1758.049944] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.050356] ? vfs_write+0x354/0xb10 [ 1758.050695] ? fput_many+0x2f/0x1a0 [ 1758.051023] ? ksys_write+0x1a9/0x260 [ 1758.051367] ? __ia32_sys_read+0xb0/0xb0 [ 1758.051739] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.052220] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.052685] do_syscall_64+0x33/0x40 [ 1758.053020] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.053472] RIP: 0033:0x7f6110e13b19 [ 1758.053806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.055408] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1758.056091] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1758.056717] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1758.057340] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.057966] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1758.058590] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 02:20:16 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:16 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 53) 02:20:16 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000000000) 02:20:16 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 55) 02:20:16 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 13) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1758.211024] FAULT_INJECTION: forcing a failure. 02:20:16 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1758.211024] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.212132] CPU: 1 PID: 10864 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1758.212764] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.213519] Call Trace: [ 1758.213774] dump_stack+0x107/0x167 [ 1758.214117] should_fail.cold+0x5/0xa [ 1758.214477] ? create_object.isra.0+0x3a/0xa20 [ 1758.214914] should_failslab+0x5/0x20 [ 1758.215287] kmem_cache_alloc+0x5b/0x310 [ 1758.215678] ? mark_held_locks+0x9e/0xe0 [ 1758.216084] create_object.isra.0+0x3a/0xa20 [ 1758.216508] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.216987] kmem_cache_alloc_bulk+0x168/0x320 [ 1758.217433] io_submit_sqes+0x6fe6/0x8610 [ 1758.217856] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.218317] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.218773] ? lock_downgrade+0x6d0/0x6d0 [ 1758.219155] ? find_held_lock+0x2c/0x110 [ 1758.219542] ? io_submit_sqes+0x8610/0x8610 [ 1758.219951] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.220407] ? wait_for_completion_io+0x270/0x270 [ 1758.220846] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.221256] ? vfs_write+0x354/0xb10 [ 1758.221598] ? fput_many+0x2f/0x1a0 [ 1758.221928] ? ksys_write+0x1a9/0x260 [ 1758.222266] ? __ia32_sys_read+0xb0/0xb0 [ 1758.222640] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.223105] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.223574] do_syscall_64+0x33/0x40 [ 1758.223908] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.224377] RIP: 0033:0x7f1a7fffbb19 [ 1758.224719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.226325] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1758.227002] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1758.227628] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1758.228280] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.228905] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1758.229531] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1758.236718] FAULT_INJECTION: forcing a failure. [ 1758.236718] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.237234] FAULT_INJECTION: forcing a failure. [ 1758.237234] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.237806] CPU: 1 PID: 10868 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1758.239369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.240114] Call Trace: [ 1758.240354] dump_stack+0x107/0x167 [ 1758.240695] should_fail.cold+0x5/0xa [ 1758.241036] ? create_object.isra.0+0x3a/0xa20 [ 1758.241445] should_failslab+0x5/0x20 [ 1758.241789] kmem_cache_alloc+0x5b/0x310 [ 1758.242155] ? mark_held_locks+0x9e/0xe0 [ 1758.242525] create_object.isra.0+0x3a/0xa20 [ 1758.242917] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.243372] kmem_cache_alloc_bulk+0x168/0x320 [ 1758.243791] io_submit_sqes+0x6fe6/0x8610 [ 1758.244206] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.244653] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.245084] ? lock_downgrade+0x6d0/0x6d0 [ 1758.245454] ? find_held_lock+0x2c/0x110 [ 1758.245825] ? io_submit_sqes+0x8610/0x8610 [ 1758.246225] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.246662] ? wait_for_completion_io+0x270/0x270 [ 1758.247093] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.247508] ? vfs_write+0x354/0xb10 [ 1758.247841] ? fput_many+0x2f/0x1a0 [ 1758.248177] ? ksys_write+0x1a9/0x260 [ 1758.248524] ? __ia32_sys_read+0xb0/0xb0 [ 1758.248888] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.249351] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.249817] do_syscall_64+0x33/0x40 [ 1758.250150] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.250607] RIP: 0033:0x7f6110e13b19 [ 1758.250939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.252566] RSP: 002b:00007f610e389188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1758.253242] RAX: ffffffffffffffda RBX: 00007f6110f26f60 RCX: 00007f6110e13b19 [ 1758.253869] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1758.254497] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.255118] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1758.255748] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1758.256425] CPU: 0 PID: 10872 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1758.257023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.257712] Call Trace: [ 1758.257947] dump_stack+0x107/0x167 [ 1758.258257] should_fail.cold+0x5/0xa [ 1758.258587] ? create_io_worker+0xe8/0x690 [ 1758.258948] should_failslab+0x5/0x20 [ 1758.259273] kmem_cache_alloc_node_trace+0x59/0x340 [ 1758.259697] create_io_worker+0xe8/0x690 [ 1758.260069] io_wqe_enqueue+0x69e/0xbe0 [ 1758.260425] ? create_worker_cb+0x260/0x260 [ 1758.260792] ? io_prep_async_work+0x340/0x550 [ 1758.261176] io_queue_async_work+0x26b/0x4f0 [ 1758.261552] __io_queue_sqe+0x5cc/0x9d0 [ 1758.261890] ? io_issue_sqe+0x77b0/0x77b0 [ 1758.262240] ? __fget_files+0x2f8/0x520 [ 1758.262584] io_submit_sqes+0x44aa/0x8610 [ 1758.262951] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.263373] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.263782] ? lock_downgrade+0x6d0/0x6d0 [ 1758.264162] ? find_held_lock+0x2c/0x110 [ 1758.264513] ? io_submit_sqes+0x8610/0x8610 [ 1758.264885] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.265291] ? wait_for_completion_io+0x270/0x270 [ 1758.265703] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.266093] ? vfs_write+0x354/0xb10 [ 1758.266408] ? fput_many+0x2f/0x1a0 [ 1758.266716] ? ksys_write+0x1a9/0x260 [ 1758.267036] ? __ia32_sys_read+0xb0/0xb0 [ 1758.267381] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.267817] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.268289] do_syscall_64+0x33/0x40 [ 1758.268605] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.269033] RIP: 0033:0x7f8c2e1fdb19 [ 1758.269347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.270867] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1758.271502] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1758.272144] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1758.272735] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.273324] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1758.273916] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:20:16 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:16 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x80000000000000) 02:20:16 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 54) [ 1758.467271] FAULT_INJECTION: forcing a failure. [ 1758.467271] name failslab, interval 1, probability 0, space 0, times 0 [ 1758.468354] CPU: 0 PID: 10892 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1758.468938] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1758.469627] Call Trace: [ 1758.469859] dump_stack+0x107/0x167 [ 1758.470173] should_fail.cold+0x5/0xa [ 1758.470502] ? create_object.isra.0+0x3a/0xa20 [ 1758.470894] should_failslab+0x5/0x20 [ 1758.471221] kmem_cache_alloc+0x5b/0x310 [ 1758.471570] ? mark_held_locks+0x9e/0xe0 [ 1758.471919] create_object.isra.0+0x3a/0xa20 [ 1758.472310] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1758.472746] kmem_cache_alloc_bulk+0x168/0x320 [ 1758.473144] io_submit_sqes+0x6fe6/0x8610 [ 1758.473518] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.473941] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1758.474356] ? lock_downgrade+0x6d0/0x6d0 [ 1758.474709] ? find_held_lock+0x2c/0x110 [ 1758.475057] ? io_submit_sqes+0x8610/0x8610 [ 1758.475439] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1758.475856] ? wait_for_completion_io+0x270/0x270 [ 1758.476285] ? rcu_read_lock_any_held+0x75/0xa0 [ 1758.476679] ? vfs_write+0x354/0xb10 [ 1758.476997] ? fput_many+0x2f/0x1a0 [ 1758.477308] ? ksys_write+0x1a9/0x260 [ 1758.477636] ? __ia32_sys_read+0xb0/0xb0 [ 1758.477984] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1758.478432] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1758.478874] do_syscall_64+0x33/0x40 [ 1758.479190] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1758.479624] RIP: 0033:0x7f1a7fffbb19 [ 1758.479942] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1758.481518] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1758.482163] RAX: ffffffffffffffda RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 1758.482767] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 1758.483369] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1758.483971] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1758.484588] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 02:20:29 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 14) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:20:29 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:20:29 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 45) 02:20:29 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 55) 02:20:29 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:20:29 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x100000000000000) 02:20:29 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 56) [ 1771.518839] FAULT_INJECTION: forcing a failure. [ 1771.518839] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.520010] CPU: 0 PID: 10904 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1771.520698] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.521440] Call Trace: [ 1771.521675] dump_stack+0x107/0x167 [ 1771.521985] should_fail.cold+0x5/0xa [ 1771.522310] ? __alloc_skb+0x6d/0x5b0 [ 1771.522693] should_failslab+0x5/0x20 [ 1771.523018] kmem_cache_alloc_node+0x55/0x330 [ 1771.523458] __alloc_skb+0x6d/0x5b0 [ 1771.523773] alloc_skb_with_frags+0x92/0x570 [ 1771.524146] ? trace_hardirqs_on+0x5b/0x180 [ 1771.524613] ? kmem_cache_free+0xa7/0x2d0 [ 1771.524964] sock_alloc_send_pskb+0x7af/0x930 [ 1771.525399] ? sk_alloc+0x350/0x350 [ 1771.525722] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1771.526165] ? trace_hardirqs_on+0x5b/0x180 [ 1771.531298] ? __dev_queue_xmit+0xe4e/0x2710 [ 1771.531728] ? __local_bh_enable_ip+0x9d/0x100 [ 1771.532128] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1771.532655] ? ip6_mtu+0x1bb/0x3d0 [ 1771.532958] ? lock_downgrade+0x6d0/0x6d0 [ 1771.533307] ? ip_frag_init+0x350/0x350 [ 1771.533702] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1771.534095] ? ip6_mtu+0x1e9/0x3d0 [ 1771.534450] ? ip6_setup_cork+0xfb7/0x1740 [ 1771.534810] ip6_make_skb+0x2de/0x4e0 [ 1771.535130] ? ip_frag_init+0x350/0x350 [ 1771.535527] ? ip_frag_init+0x350/0x350 [ 1771.535863] ? ip6_push_pending_frames+0xf0/0xf0 [ 1771.536298] ? ip6_dst_check+0x389/0x8d0 [ 1771.536713] ? sk_dst_check+0x235/0x4c0 [ 1771.537057] udpv6_sendmsg+0x20d3/0x2ad0 [ 1771.537455] ? ip_frag_init+0x350/0x350 [ 1771.537798] ? udp_v6_push_pending_frames+0x360/0x360 [ 1771.538239] ? perf_event_task_disable+0x390/0x390 [ 1771.538705] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1771.539118] ? lock_acquire+0x197/0x470 [ 1771.539510] ? find_held_lock+0x2c/0x110 [ 1771.539864] ? sock_has_perm+0x1ea/0x280 [ 1771.540231] ? __import_iovec+0x458/0x590 [ 1771.540659] ? udp_v6_push_pending_frames+0x360/0x360 [ 1771.541095] inet6_sendmsg+0x105/0x140 [ 1771.541479] ? inet6_compat_ioctl+0x320/0x320 [ 1771.541857] __sock_sendmsg+0xf2/0x190 [ 1771.542186] ____sys_sendmsg+0x334/0x870 [ 1771.542581] ? sock_write_iter+0x3d0/0x3d0 [ 1771.542936] ? do_recvmmsg+0x6d0/0x6d0 [ 1771.543267] ? __lock_acquire+0x1657/0x5b00 [ 1771.543693] ___sys_sendmsg+0xf3/0x170 [ 1771.544024] ? sendmsg_copy_msghdr+0x160/0x160 [ 1771.544515] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1771.544893] ? _raw_spin_unlock_irq+0x27/0x30 [ 1771.545278] ? lock_acquire+0x197/0x470 [ 1771.545661] ? find_held_lock+0x2c/0x110 [ 1771.546008] ? __might_fault+0xd3/0x180 [ 1771.546393] ? lock_downgrade+0x6d0/0x6d0 [ 1771.546747] ? io_schedule_timeout+0x140/0x140 [ 1771.547139] __sys_sendmmsg+0x195/0x470 [ 1771.547534] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1771.547898] ? lock_downgrade+0x6d0/0x6d0 [ 1771.548288] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1771.548793] ? wait_for_completion_io+0x270/0x270 [ 1771.549203] ? rcu_read_lock_any_held+0x75/0xa0 [ 1771.549646] ? vfs_write+0x354/0xb10 [ 1771.549963] ? fput_many+0x2f/0x1a0 [ 1771.550270] ? ksys_write+0x1a9/0x260 [ 1771.550641] ? __ia32_sys_read+0xb0/0xb0 [ 1771.550990] __x64_sys_sendmmsg+0x99/0x100 [ 1771.551411] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1771.551841] do_syscall_64+0x33/0x40 [ 1771.552169] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.552676] RIP: 0033:0x7f862c37fb19 [ 1771.552993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.554602] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1771.555241] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1771.555889] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1771.556564] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.557165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1771.557807] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1771.584870] FAULT_INJECTION: forcing a failure. [ 1771.584870] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1771.586541] CPU: 1 PID: 10911 Comm: syz-executor.4 Not tainted 5.10.226 #1 [ 1771.587879] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.589464] Call Trace: [ 1771.589976] dump_stack+0x107/0x167 [ 1771.590662] should_fail.cold+0x5/0xa [ 1771.591400] _copy_from_user+0x2e/0x1b0 [ 1771.592202] kstrtouint_from_user+0xbd/0x220 [ 1771.593256] ? kstrtou8_from_user+0x210/0x210 [ 1771.594141] ? lock_acquire+0x197/0x470 [ 1771.594902] ? ksys_write+0x12d/0x260 [ 1771.595658] proc_fail_nth_write+0x78/0x220 [ 1771.596598] ? proc_task_getattr+0x1f0/0x1f0 [ 1771.597450] ? proc_task_getattr+0x1f0/0x1f0 [ 1771.598290] vfs_write+0x29a/0xb10 [ 1771.598953] ksys_write+0x12d/0x260 [ 1771.599653] ? __ia32_sys_read+0xb0/0xb0 [ 1771.600302] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1771.600760] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1771.601197] do_syscall_64+0x33/0x40 [ 1771.601532] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.601963] RIP: 0033:0x7f6110dc65ff [ 1771.602279] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48 [ 1771.603826] RSP: 002b:00007f610e389170 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1771.604477] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6110dc65ff [ 1771.605086] RDX: 0000000000000001 RSI: 00007f610e3891e0 RDI: 0000000000000005 [ 1771.605702] RBP: 00007f610e3891d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.606300] R10: 0000000000000002 R11: 0000000000000293 R12: 0000000000000002 [ 1771.606911] R13: 00007ffcd49ba00f R14: 00007f610e389300 R15: 0000000000022000 [ 1771.607997] FAULT_INJECTION: forcing a failure. [ 1771.607997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1771.609102] CPU: 1 PID: 10913 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 1771.609689] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.610390] Call Trace: [ 1771.610617] dump_stack+0x107/0x167 [ 1771.610927] should_fail.cold+0x5/0xa [ 1771.611268] _copy_to_user+0x2e/0x180 [ 1771.611598] simple_read_from_buffer+0xcc/0x160 [ 1771.611994] proc_fail_nth_read+0x198/0x230 [ 1771.612392] ? proc_sessionid_read+0x230/0x230 [ 1771.612783] ? security_file_permission+0xb1/0xe0 [ 1771.613210] ? proc_sessionid_read+0x230/0x230 [ 1771.613598] vfs_read+0x228/0x620 [ 1771.613900] ksys_read+0x12d/0x260 [ 1771.614219] ? vfs_write+0xb10/0xb10 [ 1771.614741] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1771.615183] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1771.615633] do_syscall_64+0x33/0x40 [ 1771.615950] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.616406] RIP: 0033:0x7f1a7ffae69c [ 1771.616722] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1771.618258] RSP: 002b:00007f1a7d571170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1771.618907] RAX: ffffffffffffffda RBX: 000000000000030e RCX: 00007f1a7ffae69c [ 1771.619516] RDX: 000000000000000f RSI: 00007f1a7d5711e0 RDI: 0000000000000005 02:20:30 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1771.620113] RBP: 00007f1a7d5711d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.625647] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1771.627389] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 1771.639362] FAULT_INJECTION: forcing a failure. [ 1771.639362] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1771.641555] CPU: 0 PID: 10900 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1771.642266] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.643156] Call Trace: [ 1771.643498] dump_stack+0x107/0x167 [ 1771.643881] should_fail.cold+0x5/0xa [ 1771.644298] __alloc_pages_nodemask+0x182/0x600 [ 1771.644843] ? lock_downgrade+0x6d0/0x6d0 [ 1771.645281] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1771.645992] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 1771.646595] ? kmem_cache_alloc_node+0x2bc/0x330 [ 1771.647088] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1771.647680] copy_process+0x618/0x7800 [ 1771.648095] ? stack_trace_save+0x8c/0xc0 [ 1771.648596] ? stack_trace_consume_entry+0x160/0x160 [ 1771.649118] ? kasan_save_stack+0x32/0x40 [ 1771.649625] ? kasan_save_stack+0x1b/0x40 [ 1771.650049] ? create_io_worker+0xe8/0x690 [ 1771.650568] ? io_wqe_enqueue+0x69e/0xbe0 [ 1771.651012] ? __cleanup_sighand+0xb0/0xb0 [ 1771.651498] ? lock_acquire+0x197/0x470 [ 1771.651911] ? create_object.isra.0+0x3ad/0xa20 [ 1771.652455] ? lock_release+0x680/0x680 [ 1771.652876] ? find_held_lock+0x2c/0x110 [ 1771.653285] ? io_wqe_dec_running+0x220/0x220 [ 1771.654450] create_io_thread+0xb6/0xf0 [ 1771.654852] ? pidfd_pid+0x90/0x90 [ 1771.655740] ? mark_held_locks+0x9e/0xe0 [ 1771.656775] ? io_wqe_dec_running+0x220/0x220 [ 1771.657897] ? __init_swait_queue_head+0xc6/0x150 [ 1771.659073] create_io_worker+0x23a/0x690 [ 1771.660094] io_wqe_enqueue+0x69e/0xbe0 [ 1771.661096] ? create_worker_cb+0x260/0x260 [ 1771.662177] ? io_prep_async_work+0x340/0x550 [ 1771.663291] io_queue_async_work+0x26b/0x4f0 [ 1771.664460] __io_queue_sqe+0x5cc/0x9d0 [ 1771.665470] ? io_issue_sqe+0x77b0/0x77b0 [ 1771.666493] ? __fget_files+0x2f8/0x520 [ 1771.667481] io_submit_sqes+0x44aa/0x8610 [ 1771.668556] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1771.669796] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1771.670952] ? lock_downgrade+0x6d0/0x6d0 [ 1771.671972] ? find_held_lock+0x2c/0x110 [ 1771.672975] ? io_submit_sqes+0x8610/0x8610 [ 1771.673513] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1771.674011] ? wait_for_completion_io+0x270/0x270 [ 1771.675178] ? rcu_read_lock_any_held+0x75/0xa0 [ 1771.675714] ? vfs_write+0x354/0xb10 [ 1771.676112] ? fput_many+0x2f/0x1a0 [ 1771.676561] ? ksys_write+0x1a9/0x260 [ 1771.676952] ? __ia32_sys_read+0xb0/0xb0 [ 1771.677981] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1771.678610] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1771.679147] do_syscall_64+0x33/0x40 [ 1771.679609] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.680142] RIP: 0033:0x7f8c2e1fdb19 [ 1771.680608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.682537] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1771.683312] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1771.684083] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1771.684865] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.685670] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1771.686429] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:20:30 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x5, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:20:30 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:20:30 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x200000000000000) 02:20:30 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:20:30 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 46) 02:20:30 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:30 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1771.868059] FAULT_INJECTION: forcing a failure. [ 1771.868059] name failslab, interval 1, probability 0, space 0, times 0 [ 1771.870821] CPU: 0 PID: 10950 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1771.872560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1771.874590] Call Trace: [ 1771.875211] dump_stack+0x107/0x167 [ 1771.876110] should_fail.cold+0x5/0xa [ 1771.877061] ? create_object.isra.0+0x3a/0xa20 [ 1771.878176] should_failslab+0x5/0x20 [ 1771.879112] kmem_cache_alloc+0x5b/0x310 [ 1771.880114] ? ___sys_sendmsg+0xf3/0x170 [ 1771.881111] ? __sys_sendmmsg+0x195/0x470 [ 1771.882121] create_object.isra.0+0x3a/0xa20 [ 1771.883181] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1771.884482] kmem_cache_alloc_node+0x169/0x330 [ 1771.885593] __alloc_skb+0x6d/0x5b0 [ 1771.886485] alloc_skb_with_frags+0x92/0x570 [ 1771.887577] ? trace_hardirqs_on+0x5b/0x180 [ 1771.888634] ? kmem_cache_free+0xa7/0x2d0 [ 1771.889644] sock_alloc_send_pskb+0x7af/0x930 [ 1771.890742] ? sk_alloc+0x350/0x350 [ 1771.891672] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1771.892477] ? trace_hardirqs_on+0x5b/0x180 [ 1771.892845] ? __dev_queue_xmit+0xe4e/0x2710 [ 1771.893218] ? __local_bh_enable_ip+0x9d/0x100 [ 1771.893671] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1771.894099] ? ip6_mtu+0x1bb/0x3d0 [ 1771.894451] ? lock_downgrade+0x6d0/0x6d0 [ 1771.894804] ? ip_frag_init+0x350/0x350 [ 1771.895149] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1771.895617] ? ip6_mtu+0x1e9/0x3d0 [ 1771.895920] ? ip6_setup_cork+0xfb7/0x1740 [ 1771.896380] ip6_make_skb+0x2de/0x4e0 [ 1771.896708] ? ip_frag_init+0x350/0x350 [ 1771.897049] ? ip_frag_init+0x350/0x350 [ 1771.897444] ? ip6_push_pending_frames+0xf0/0xf0 [ 1771.897849] ? ip6_dst_check+0x389/0x8d0 [ 1771.898192] ? sk_dst_check+0x235/0x4c0 [ 1771.898588] udpv6_sendmsg+0x20d3/0x2ad0 [ 1771.898934] ? ip_frag_init+0x350/0x350 [ 1771.899277] ? udp_v6_push_pending_frames+0x360/0x360 [ 1771.899790] ? perf_event_task_disable+0x390/0x390 [ 1771.900269] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1771.900730] ? lock_acquire+0x197/0x470 [ 1771.901068] ? find_held_lock+0x2c/0x110 [ 1771.901481] ? sock_has_perm+0x1ea/0x280 [ 1771.901844] ? __import_iovec+0x458/0x590 [ 1771.902196] ? udp_v6_push_pending_frames+0x360/0x360 [ 1771.902684] inet6_sendmsg+0x105/0x140 [ 1771.903014] ? inet6_compat_ioctl+0x320/0x320 [ 1771.903466] __sock_sendmsg+0xf2/0x190 [ 1771.903796] ____sys_sendmsg+0x334/0x870 [ 1771.904143] ? sock_write_iter+0x3d0/0x3d0 [ 1771.905211] ? do_recvmmsg+0x6d0/0x6d0 [ 1771.905968] ? __lock_acquire+0x1657/0x5b00 [ 1771.906794] ___sys_sendmsg+0xf3/0x170 [ 1771.907467] ? sendmsg_copy_msghdr+0x160/0x160 [ 1771.908604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1771.909131] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1771.910231] ? trace_hardirqs_on+0x5b/0x180 [ 1771.911275] ? lock_acquire+0x197/0x470 [ 1771.912282] ? find_held_lock+0x2c/0x110 [ 1771.913277] ? __might_fault+0xd3/0x180 [ 1771.914261] ? lock_downgrade+0x6d0/0x6d0 [ 1771.915271] ? io_schedule_timeout+0x140/0x140 [ 1771.916473] __sys_sendmmsg+0x195/0x470 [ 1771.917423] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1771.918483] ? lock_downgrade+0x6d0/0x6d0 [ 1771.919525] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1771.920707] ? wait_for_completion_io+0x270/0x270 [ 1771.921874] ? rcu_read_lock_any_held+0x75/0xa0 [ 1771.923004] ? vfs_write+0x354/0xb10 [ 1771.923929] ? fput_many+0x2f/0x1a0 [ 1771.924837] ? ksys_write+0x1a9/0x260 [ 1771.925775] ? __ia32_sys_read+0xb0/0xb0 [ 1771.926779] __x64_sys_sendmmsg+0x99/0x100 [ 1771.927825] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1771.929079] do_syscall_64+0x33/0x40 [ 1771.929915] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1771.931097] RIP: 0033:0x7f862c37fb19 [ 1771.931946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1771.935978] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1771.937628] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1771.939175] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1771.940727] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1771.942281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1771.943824] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:20:43 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500000000000000) 02:20:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 47) 02:20:43 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:20:43 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x8, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:20:43 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:43 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:20:43 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 15) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:20:43 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1784.958667] FAULT_INJECTION: forcing a failure. [ 1784.958667] name failslab, interval 1, probability 0, space 0, times 0 [ 1784.959738] CPU: 1 PID: 10971 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1784.960338] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1784.965067] Call Trace: [ 1784.965323] dump_stack+0x107/0x167 [ 1784.965667] should_fail.cold+0x5/0xa [ 1784.966028] ? __delayacct_tsk_init+0x1b/0x80 [ 1784.966451] should_failslab+0x5/0x20 [ 1784.966801] kmem_cache_alloc+0x5b/0x310 [ 1784.972604] __delayacct_tsk_init+0x1b/0x80 [ 1784.973006] copy_process+0x3319/0x7800 [ 1784.973211] FAULT_INJECTION: forcing a failure. [ 1784.973211] name failslab, interval 1, probability 0, space 0, times 0 [ 1784.973367] ? stack_trace_save+0x8c/0xc0 [ 1784.974633] ? stack_trace_consume_entry+0x160/0x160 [ 1784.975072] ? kasan_save_stack+0x1b/0x40 [ 1784.975431] ? __cleanup_sighand+0xb0/0xb0 [ 1784.975803] ? lock_acquire+0x197/0x470 [ 1784.976141] ? create_object.isra.0+0x3ad/0xa20 [ 1784.976567] ? lock_release+0x680/0x680 [ 1784.976909] ? find_held_lock+0x2c/0x110 [ 1784.977264] ? io_wqe_dec_running+0x220/0x220 [ 1784.977655] create_io_thread+0xb6/0xf0 [ 1784.977993] ? pidfd_pid+0x90/0x90 [ 1784.978295] ? mark_held_locks+0x9e/0xe0 [ 1784.978652] ? io_wqe_dec_running+0x220/0x220 [ 1784.979043] ? __init_swait_queue_head+0xc6/0x150 [ 1784.979454] create_io_worker+0x23a/0x690 [ 1784.979818] io_wqe_enqueue+0x69e/0xbe0 [ 1784.980159] ? create_worker_cb+0x260/0x260 [ 1784.980555] ? io_prep_async_work+0x340/0x550 [ 1784.980945] io_queue_async_work+0x26b/0x4f0 [ 1784.981325] __io_queue_sqe+0x5cc/0x9d0 [ 1784.981679] ? io_issue_sqe+0x77b0/0x77b0 [ 1784.982035] ? __fget_files+0x2f8/0x520 [ 1784.982386] io_submit_sqes+0x44aa/0x8610 [ 1784.982768] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1784.983192] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1784.983612] ? lock_downgrade+0x6d0/0x6d0 [ 1784.983964] ? find_held_lock+0x2c/0x110 [ 1784.984321] ? io_submit_sqes+0x8610/0x8610 [ 1784.984717] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1784.985132] ? wait_for_completion_io+0x270/0x270 [ 1784.985552] ? rcu_read_lock_any_held+0x75/0xa0 [ 1784.985948] ? vfs_write+0x354/0xb10 [ 1784.986266] ? fput_many+0x2f/0x1a0 [ 1784.986586] ? ksys_write+0x1a9/0x260 [ 1784.986912] ? __ia32_sys_read+0xb0/0xb0 [ 1784.987262] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1784.987713] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1784.988150] do_syscall_64+0x33/0x40 [ 1784.988489] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1784.988925] RIP: 0033:0x7f8c2e1fdb19 [ 1784.989242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1784.990785] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1784.991428] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1784.992045] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1784.992675] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1784.993290] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1784.993899] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1784.994536] CPU: 0 PID: 10964 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1784.995153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1784.995879] Call Trace: [ 1784.996126] dump_stack+0x107/0x167 [ 1784.996481] should_fail.cold+0x5/0xa [ 1784.996831] ? create_object.isra.0+0x3a/0xa20 [ 1784.997254] should_failslab+0x5/0x20 [ 1784.997609] kmem_cache_alloc+0x5b/0x310 [ 1784.997989] ? ___sys_sendmsg+0xf3/0x170 [ 1784.998365] ? __sys_sendmmsg+0x195/0x470 [ 1784.998753] create_object.isra.0+0x3a/0xa20 [ 1784.999162] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1784.999634] kmem_cache_alloc_node+0x169/0x330 [ 1785.000063] __alloc_skb+0x6d/0x5b0 [ 1785.000428] alloc_skb_with_frags+0x92/0x570 [ 1785.000835] ? trace_hardirqs_on+0x5b/0x180 [ 1785.001238] ? kmem_cache_free+0xa7/0x2d0 [ 1785.001625] sock_alloc_send_pskb+0x7af/0x930 [ 1785.002048] ? sk_alloc+0x350/0x350 [ 1785.002393] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1785.002843] ? trace_hardirqs_on+0x5b/0x180 [ 1785.003236] ? __dev_queue_xmit+0xe4e/0x2710 [ 1785.003632] ? __local_bh_enable_ip+0x9d/0x100 [ 1785.004053] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1785.004527] ? ip6_mtu+0x1bb/0x3d0 [ 1785.004855] ? lock_downgrade+0x6d0/0x6d0 [ 1785.005231] ? ip_frag_init+0x350/0x350 [ 1785.005611] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1785.006035] ? ip6_mtu+0x1e9/0x3d0 [ 1785.006370] ? ip6_setup_cork+0xfb7/0x1740 [ 1785.006764] ip6_make_skb+0x2de/0x4e0 [ 1785.007118] ? ip_frag_init+0x350/0x350 [ 1785.007491] ? ip_frag_init+0x350/0x350 [ 1785.007862] ? ip6_push_pending_frames+0xf0/0xf0 [ 1785.008322] ? ip6_dst_check+0x389/0x8d0 [ 1785.008709] ? sk_dst_check+0x235/0x4c0 [ 1785.009088] udpv6_sendmsg+0x20d3/0x2ad0 [ 1785.009469] ? ip_frag_init+0x350/0x350 [ 1785.009848] ? udp_v6_push_pending_frames+0x360/0x360 [ 1785.010342] ? lock_acquire+0x197/0x470 [ 1785.010711] ? find_held_lock+0x2c/0x110 [ 1785.011102] ? sock_has_perm+0x1ea/0x280 [ 1785.011497] ? __import_iovec+0x458/0x590 [ 1785.011878] ? udp_v6_push_pending_frames+0x360/0x360 [ 1785.012350] inet6_sendmsg+0x105/0x140 [ 1785.012681] ? inet6_compat_ioctl+0x320/0x320 [ 1785.013055] __sock_sendmsg+0xf2/0x190 [ 1785.013382] ____sys_sendmsg+0x334/0x870 [ 1785.013724] ? sock_write_iter+0x3d0/0x3d0 [ 1785.014076] ? do_recvmmsg+0x6d0/0x6d0 [ 1785.014405] ? __lock_acquire+0x1657/0x5b00 [ 1785.014773] ___sys_sendmsg+0xf3/0x170 [ 1785.015101] ? sendmsg_copy_msghdr+0x160/0x160 [ 1785.015484] ? __fget_files+0x2cf/0x520 [ 1785.015820] ? lock_acquire+0x197/0x470 [ 1785.016152] ? find_held_lock+0x2c/0x110 [ 1785.016514] ? __might_fault+0xd3/0x180 [ 1785.016848] ? lock_downgrade+0x6d0/0x6d0 [ 1785.017208] __sys_sendmmsg+0x195/0x470 [ 1785.017545] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1785.017906] ? lock_downgrade+0x6d0/0x6d0 [ 1785.018264] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1785.018670] ? wait_for_completion_io+0x270/0x270 [ 1785.019074] ? rcu_read_lock_any_held+0x75/0xa0 [ 1785.019461] ? vfs_write+0x354/0xb10 [ 1785.019774] ? fput_many+0x2f/0x1a0 [ 1785.020080] ? ksys_write+0x1a9/0x260 [ 1785.020417] ? __ia32_sys_read+0xb0/0xb0 [ 1785.020764] __x64_sys_sendmmsg+0x99/0x100 [ 1785.021119] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1785.021548] do_syscall_64+0x33/0x40 [ 1785.021861] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1785.022288] RIP: 0033:0x7f862c37fb19 [ 1785.022603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1785.024117] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1785.024768] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1785.025360] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1785.025952] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1785.026545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1785.027136] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:20:43 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2, 0x2, 0x0, 0x0) 02:20:43 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000000000000) 02:20:43 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:43 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x312, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:20:43 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2, 0x2, 0x0, 0x0) 02:20:43 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:20:43 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 16) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:20:43 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1785.265839] FAULT_INJECTION: forcing a failure. [ 1785.265839] name failslab, interval 1, probability 0, space 0, times 0 [ 1785.266963] CPU: 0 PID: 11015 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1785.267548] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1785.268243] Call Trace: [ 1785.268511] dump_stack+0x107/0x167 [ 1785.268823] should_fail.cold+0x5/0xa [ 1785.269147] ? create_object.isra.0+0x3a/0xa20 [ 1785.269535] should_failslab+0x5/0x20 [ 1785.269856] kmem_cache_alloc+0x5b/0x310 [ 1785.270200] create_object.isra.0+0x3a/0xa20 [ 1785.270570] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1785.271000] kmem_cache_alloc_node+0x169/0x330 [ 1785.271386] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1785.271832] copy_process+0x5d2/0x7800 [ 1785.272165] ? stack_trace_save+0x8c/0xc0 [ 1785.272552] ? stack_trace_consume_entry+0x160/0x160 [ 1785.272990] ? kasan_save_stack+0x32/0x40 [ 1785.273339] ? kasan_save_stack+0x1b/0x40 [ 1785.273692] ? create_io_worker+0xe8/0x690 [ 1785.274047] ? io_wqe_enqueue+0x69e/0xbe0 [ 1785.274400] ? __cleanup_sighand+0xb0/0xb0 [ 1785.274758] ? lock_acquire+0x197/0x470 [ 1785.275093] ? create_object.isra.0+0x3ad/0xa20 [ 1785.275489] ? lock_release+0x680/0x680 [ 1785.275824] ? find_held_lock+0x2c/0x110 [ 1785.276173] ? io_wqe_dec_running+0x220/0x220 [ 1785.276588] create_io_thread+0xb6/0xf0 [ 1785.276926] ? pidfd_pid+0x90/0x90 [ 1785.277227] ? mark_held_locks+0x9e/0xe0 [ 1785.277573] ? io_wqe_dec_running+0x220/0x220 [ 1785.277960] ? __init_swait_queue_head+0xc6/0x150 [ 1785.278367] create_io_worker+0x23a/0x690 [ 1785.278721] io_wqe_enqueue+0x69e/0xbe0 [ 1785.279061] ? create_worker_cb+0x260/0x260 [ 1785.279428] ? io_prep_async_work+0x340/0x550 [ 1785.279812] io_queue_async_work+0x26b/0x4f0 [ 1785.280193] __io_queue_sqe+0x5cc/0x9d0 [ 1785.280570] ? io_issue_sqe+0x77b0/0x77b0 [ 1785.280922] ? __fget_files+0x2f8/0x520 [ 1785.281268] io_submit_sqes+0x44aa/0x8610 [ 1785.281632] ? __do_sys_io_uring_enter+0x1f2/0x18c0 [ 1785.282057] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1785.282475] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1785.282887] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1785.283332] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1785.283712] ? trace_hardirqs_on+0x5b/0x180 [ 1785.284078] ? io_submit_sqes+0x8610/0x8610 [ 1785.284477] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1785.284857] ? finish_task_switch+0x126/0x5d0 [ 1785.285234] ? finish_task_switch+0xef/0x5d0 [ 1785.285606] ? __switch_to+0x572/0xf70 [ 1785.285933] ? __switch_to_asm+0x3a/0x60 [ 1785.286274] ? __switch_to_asm+0x34/0x60 [ 1785.286621] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1785.287061] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1785.287512] ? trace_hardirqs_on+0x5b/0x180 [ 1785.287878] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1785.288362] ? __x64_sys_io_uring_enter+0xd/0x1b0 [ 1785.288784] ? __x64_sys_io_uring_enter+0x11/0x1b0 [ 1785.289204] do_syscall_64+0x33/0x40 [ 1785.289520] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1785.289948] RIP: 0033:0x7f8c2e1fdb19 [ 1785.290266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1785.291794] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1785.292465] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1785.293060] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1785.293655] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1785.294250] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1785.294843] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:20:43 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe02000000000000) 02:20:56 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x5, 0x2, 0x0, 0x0) 02:20:56 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x500, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:20:56 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x5, 0x2, 0x0, 0x0) 02:20:56 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:20:56 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:20:56 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 17) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:20:56 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 48) 02:20:56 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000000000000) [ 1798.478277] FAULT_INJECTION: forcing a failure. [ 1798.478277] name failslab, interval 1, probability 0, space 0, times 0 [ 1798.479319] CPU: 0 PID: 11047 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1798.479904] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1798.480620] Call Trace: [ 1798.480855] dump_stack+0x107/0x167 [ 1798.481169] should_fail.cold+0x5/0xa [ 1798.481498] ? create_object.isra.0+0x3a/0xa20 [ 1798.481891] should_failslab+0x5/0x20 [ 1798.482216] kmem_cache_alloc+0x5b/0x310 [ 1798.482567] create_object.isra.0+0x3a/0xa20 [ 1798.482942] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1798.483375] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1798.483808] ? alloc_skb_with_frags+0x92/0x570 [ 1798.484200] __alloc_skb+0xb1/0x5b0 [ 1798.484534] alloc_skb_with_frags+0x92/0x570 [ 1798.484912] ? trace_hardirqs_on+0x5b/0x180 [ 1798.485286] ? kmem_cache_free+0xa7/0x2d0 [ 1798.485645] sock_alloc_send_pskb+0x7af/0x930 [ 1798.486032] ? sk_alloc+0x350/0x350 [ 1798.486352] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1798.486798] ? trace_hardirqs_on+0x5b/0x180 [ 1798.487165] ? __dev_queue_xmit+0xe4e/0x2710 [ 1798.487547] ? __local_bh_enable_ip+0x9d/0x100 [ 1798.487944] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1798.488375] ? ip6_mtu+0x1bb/0x3d0 [ 1798.488698] ? lock_downgrade+0x6d0/0x6d0 [ 1798.489051] ? ip_frag_init+0x350/0x350 [ 1798.489400] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1798.489798] ? ip6_mtu+0x1e9/0x3d0 [ 1798.490104] ? ip6_setup_cork+0xfb7/0x1740 [ 1798.490467] ip6_make_skb+0x2de/0x4e0 [ 1798.490791] ? ip_frag_init+0x350/0x350 [ 1798.491134] ? ip_frag_init+0x350/0x350 [ 1798.491475] ? ip6_push_pending_frames+0xf0/0xf0 [ 1798.491883] ? ip6_dst_check+0x389/0x8d0 [ 1798.492229] ? sk_dst_check+0x235/0x4c0 [ 1798.492603] udpv6_sendmsg+0x20d3/0x2ad0 [ 1798.492958] ? ip_frag_init+0x350/0x350 [ 1798.493300] ? udp_v6_push_pending_frames+0x360/0x360 [ 1798.493743] ? mark_lock+0xf5/0x2df0 [ 1798.494065] ? lock_acquire+0x197/0x470 [ 1798.494399] ? find_held_lock+0x2c/0x110 [ 1798.494755] ? sock_has_perm+0x1ea/0x280 [ 1798.495113] ? __import_iovec+0x458/0x590 [ 1798.495463] ? udp_v6_push_pending_frames+0x360/0x360 [ 1798.495901] inet6_sendmsg+0x105/0x140 [ 1798.496231] ? inet6_compat_ioctl+0x320/0x320 [ 1798.496655] __sock_sendmsg+0xf2/0x190 [ 1798.496985] ____sys_sendmsg+0x334/0x870 [ 1798.497330] ? sock_write_iter+0x3d0/0x3d0 [ 1798.497688] ? do_recvmmsg+0x6d0/0x6d0 [ 1798.498019] ? __lock_acquire+0x1657/0x5b00 [ 1798.498390] ___sys_sendmsg+0xf3/0x170 [ 1798.498722] ? sendmsg_copy_msghdr+0x160/0x160 [ 1798.499111] ? __fget_files+0x2cf/0x520 [ 1798.499454] ? lock_acquire+0x197/0x470 [ 1798.499789] ? find_held_lock+0x2c/0x110 [ 1798.500135] ? __might_fault+0xd3/0x180 [ 1798.500480] ? lock_downgrade+0x6d0/0x6d0 [ 1798.500849] __sys_sendmmsg+0x195/0x470 [ 1798.501188] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1798.501555] ? lock_downgrade+0x6d0/0x6d0 [ 1798.501926] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1798.502341] ? wait_for_completion_io+0x270/0x270 [ 1798.502752] ? rcu_read_lock_any_held+0x75/0xa0 [ 1798.503144] ? vfs_write+0x354/0xb10 [ 1798.503461] ? fput_many+0x2f/0x1a0 [ 1798.503771] ? ksys_write+0x1a9/0x260 [ 1798.504094] ? __ia32_sys_read+0xb0/0xb0 [ 1798.504443] __x64_sys_sendmmsg+0x99/0x100 [ 1798.504816] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1798.505252] do_syscall_64+0x33/0x40 [ 1798.505577] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1798.506020] RIP: 0033:0x7f862c37fb19 [ 1798.506347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1798.507915] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1798.508593] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1798.509188] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1798.509784] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1798.510380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1798.510975] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:20:56 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1798.546347] FAULT_INJECTION: forcing a failure. [ 1798.546347] name failslab, interval 1, probability 0, space 0, times 0 [ 1798.547553] CPU: 0 PID: 11048 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1798.548134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1798.548845] Call Trace: [ 1798.549077] dump_stack+0x107/0x167 [ 1798.549387] should_fail.cold+0x5/0xa [ 1798.549718] ? create_object.isra.0+0x3a/0xa20 [ 1798.550106] should_failslab+0x5/0x20 [ 1798.550431] kmem_cache_alloc+0x5b/0x310 [ 1798.550778] ? mark_held_locks+0x9e/0xe0 [ 1798.551126] create_object.isra.0+0x3a/0xa20 [ 1798.551504] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1798.551940] kmem_cache_alloc_bulk+0x168/0x320 [ 1798.552336] io_submit_sqes+0x6fe6/0x8610 [ 1798.552728] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1798.553154] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1798.553571] ? lock_downgrade+0x6d0/0x6d0 [ 1798.553921] ? find_held_lock+0x2c/0x110 [ 1798.554269] ? io_submit_sqes+0x8610/0x8610 [ 1798.554647] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1798.555059] ? wait_for_completion_io+0x270/0x270 [ 1798.555477] ? rcu_read_lock_any_held+0x75/0xa0 [ 1798.555873] ? vfs_write+0x354/0xb10 [ 1798.556196] ? fput_many+0x2f/0x1a0 [ 1798.556515] ? ksys_write+0x1a9/0x260 [ 1798.556844] ? __ia32_sys_read+0xb0/0xb0 [ 1798.557192] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1798.557641] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1798.558081] do_syscall_64+0x33/0x40 [ 1798.558402] entry_SYSCALL_64_after_hwframe+0x67/0xd1 02:20:56 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00000000000000) [ 1798.558843] RIP: 0033:0x7f8c2e1fdb19 [ 1798.564559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1798.566090] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1798.566737] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1798.567340] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1798.567935] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1798.568548] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1798.569143] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:20:56 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x8, 0x2, 0x0, 0x0) 02:20:57 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x1203, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:20:57 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:21:11 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2d5, 0x2, 0x0, 0x0) 02:21:11 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 49) 02:21:11 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:21:11 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:21:11 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x8, 0x2, 0x0, 0x0) 02:21:11 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 18) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:21:11 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:11 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000000000000000) [ 1813.021775] FAULT_INJECTION: forcing a failure. [ 1813.021775] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1813.024818] CPU: 1 PID: 11095 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1813.026513] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1813.028531] Call Trace: [ 1813.029181] dump_stack+0x107/0x167 [ 1813.030073] should_fail.cold+0x5/0xa [ 1813.031002] __alloc_pages_nodemask+0x182/0x600 [ 1813.032131] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1813.033651] ? __kmalloc_node_track_caller+0x393/0x3b0 [ 1813.034936] alloc_pages_current+0x187/0x280 [ 1813.036018] allocate_slab+0x26f/0x380 [ 1813.036986] ___slab_alloc+0x470/0x700 [ 1813.037944] ? alloc_skb_with_frags+0x92/0x570 [ 1813.039068] ? __kmalloc_node_track_caller+0x393/0x3b0 [ 1813.040361] __kmalloc_node_track_caller+0x393/0x3b0 [ 1813.041571] ? alloc_skb_with_frags+0x92/0x570 [ 1813.042684] __alloc_skb+0xb1/0x5b0 [ 1813.043596] alloc_skb_with_frags+0x92/0x570 [ 1813.044665] ? trace_hardirqs_on+0x5b/0x180 [ 1813.045690] ? kmem_cache_free+0xa7/0x2d0 [ 1813.046677] sock_alloc_send_pskb+0x7af/0x930 [ 1813.047771] ? sk_alloc+0x350/0x350 [ 1813.048666] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1813.049920] ? trace_hardirqs_on+0x5b/0x180 [ 1813.050946] ? __dev_queue_xmit+0xe4e/0x2710 [ 1813.052026] ? __local_bh_enable_ip+0x9d/0x100 [ 1813.053144] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1813.054373] ? ip6_mtu+0x1bb/0x3d0 [ 1813.055207] ? lock_downgrade+0x6d0/0x6d0 [ 1813.056188] ? ip_frag_init+0x350/0x350 [ 1813.057160] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1813.058301] ? ip6_mtu+0x1e9/0x3d0 [ 1813.059186] ? ip6_setup_cork+0xfb7/0x1740 [ 1813.060221] ip6_make_skb+0x2de/0x4e0 [ 1813.061143] ? ip_frag_init+0x350/0x350 [ 1813.062100] ? ip_frag_init+0x350/0x350 [ 1813.063043] ? ip6_push_pending_frames+0xf0/0xf0 [ 1813.064152] ? ip6_dst_check+0x389/0x8d0 [ 1813.065117] ? sk_dst_check+0x235/0x4c0 [ 1813.066072] udpv6_sendmsg+0x20d3/0x2ad0 [ 1813.067038] ? ip_frag_init+0x350/0x350 [ 1813.068002] ? udp_v6_push_pending_frames+0x360/0x360 [ 1813.069248] ? perf_event_task_disable+0x390/0x390 [ 1813.070444] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1813.071597] ? lock_acquire+0x197/0x470 [ 1813.072538] ? find_held_lock+0x2c/0x110 02:21:11 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, 0x0, &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1813.073506] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1813.081035] ? sock_has_perm+0x1ea/0x280 [ 1813.082153] ? __import_iovec+0x458/0x590 [ 1813.083291] ? udp_v6_push_pending_frames+0x360/0x360 [ 1813.084814] inet6_sendmsg+0x105/0x140 [ 1813.085301] ? inet6_compat_ioctl+0x320/0x320 [ 1813.086592] __sock_sendmsg+0xf2/0x190 [ 1813.087112] ____sys_sendmsg+0x334/0x870 [ 1813.088187] ? sock_write_iter+0x3d0/0x3d0 [ 1813.088748] ? do_recvmmsg+0x6d0/0x6d0 [ 1813.089811] ? __lock_acquire+0x1657/0x5b00 [ 1813.090393] ___sys_sendmsg+0xf3/0x170 [ 1813.091500] ? sendmsg_copy_msghdr+0x160/0x160 [ 1813.092091] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1813.093390] ? _raw_spin_unlock_irq+0x27/0x30 [ 1813.094638] ? lock_acquire+0x197/0x470 [ 1813.095147] ? find_held_lock+0x2c/0x110 [ 1813.096271] ? __might_fault+0xd3/0x180 [ 1813.096798] ? lock_downgrade+0x6d0/0x6d0 [ 1813.097913] ? io_schedule_timeout+0x140/0x140 [ 1813.098515] __sys_sendmmsg+0x195/0x470 [ 1813.099577] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1813.100123] ? lock_downgrade+0x6d0/0x6d0 [ 1813.101253] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1813.102222] ? wait_for_completion_io+0x270/0x270 [ 1813.103159] ? rcu_read_lock_any_held+0x75/0xa0 [ 1813.104069] ? vfs_write+0x354/0xb10 [ 1813.104724] ? fput_many+0x2f/0x1a0 [ 1813.105678] ? ksys_write+0x1a9/0x260 [ 1813.106683] ? __ia32_sys_read+0xb0/0xb0 [ 1813.107218] __x64_sys_sendmmsg+0x99/0x100 [ 1813.108323] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1813.108993] do_syscall_64+0x33/0x40 [ 1813.110015] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1813.110685] RIP: 0033:0x7f862c37fb19 [ 1813.111657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1813.113950] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1813.115958] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1813.117887] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1813.119682] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1813.121452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1813.123124] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:21:11 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1813.150335] FAULT_INJECTION: forcing a failure. [ 1813.150335] name failslab, interval 1, probability 0, space 0, times 0 [ 1813.154173] CPU: 1 PID: 11110 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1813.156057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1813.158349] Call Trace: [ 1813.159066] dump_stack+0x107/0x167 [ 1813.160064] should_fail.cold+0x5/0xa [ 1813.165149] ? create_object.isra.0+0x3a/0xa20 [ 1813.166425] should_failslab+0x5/0x20 [ 1813.167437] kmem_cache_alloc+0x5b/0x310 [ 1813.168534] create_object.isra.0+0x3a/0xa20 [ 1813.169752] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1813.171087] kmem_cache_alloc+0x159/0x310 [ 1813.172245] alloc_pid+0xd7/0xd30 [ 1813.173222] copy_process+0x3a8e/0x7800 [ 1813.174325] ? stack_trace_save+0x8c/0xc0 [ 1813.175868] ? stack_trace_consume_entry+0x160/0x160 [ 1813.177426] ? __cleanup_sighand+0xb0/0xb0 [ 1813.178533] ? lock_acquire+0x197/0x470 [ 1813.179611] ? create_object.isra.0+0x3ad/0xa20 [ 1813.180914] ? lock_release+0x680/0x680 [ 1813.181952] ? find_held_lock+0x2c/0x110 [ 1813.183066] ? io_wqe_dec_running+0x220/0x220 [ 1813.184230] create_io_thread+0xb6/0xf0 [ 1813.185455] ? pidfd_pid+0x90/0x90 [ 1813.186380] ? mark_held_locks+0x9e/0xe0 [ 1813.187468] ? io_wqe_dec_running+0x220/0x220 [ 1813.188684] ? __init_swait_queue_head+0xc6/0x150 [ 1813.189907] create_io_worker+0x23a/0x690 [ 1813.190356] io_wqe_enqueue+0x69e/0xbe0 [ 1813.191351] ? create_worker_cb+0x260/0x260 [ 1813.192456] ? io_prep_async_work+0x340/0x550 [ 1813.193579] io_queue_async_work+0x26b/0x4f0 [ 1813.194057] __io_queue_sqe+0x5cc/0x9d0 [ 1813.195066] ? io_issue_sqe+0x77b0/0x77b0 [ 1813.195521] ? __fget_files+0x2f8/0x520 [ 1813.196550] io_submit_sqes+0x44aa/0x8610 [ 1813.197593] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1813.198129] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1813.199337] ? lock_downgrade+0x6d0/0x6d0 [ 1813.200360] ? find_held_lock+0x2c/0x110 [ 1813.201407] ? io_submit_sqes+0x8610/0x8610 [ 1813.202525] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1813.203700] ? wait_for_completion_io+0x270/0x270 [ 1813.204821] ? rcu_read_lock_any_held+0x75/0xa0 [ 1813.205875] ? vfs_write+0x354/0xb10 [ 1813.206729] ? fput_many+0x2f/0x1a0 [ 1813.207626] ? ksys_write+0x1a9/0x260 02:21:11 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x500, 0x2, 0x0, 0x0) [ 1813.208501] ? __ia32_sys_read+0xb0/0xb0 [ 1813.212954] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1813.213640] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1813.214278] do_syscall_64+0x33/0x40 [ 1813.214768] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1813.215400] RIP: 0033:0x7f8c2e1fdb19 [ 1813.215877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1813.218156] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1813.219116] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1813.219977] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1813.220874] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1813.221779] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1813.222655] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:11 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 19) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:21:11 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xd723000000000000) 02:21:11 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x1e1, 0x2, 0x0, 0x0) 02:21:11 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, 0x0, &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) [ 1813.392241] FAULT_INJECTION: forcing a failure. [ 1813.392241] name failslab, interval 1, probability 0, space 0, times 0 [ 1813.393783] CPU: 1 PID: 11137 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1813.394657] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1813.395690] Call Trace: [ 1813.396035] dump_stack+0x107/0x167 [ 1813.396515] should_fail.cold+0x5/0xa [ 1813.397021] ? create_object.isra.0+0x3a/0xa20 [ 1813.397601] should_failslab+0x5/0x20 [ 1813.398083] kmem_cache_alloc+0x5b/0x310 [ 1813.398602] create_object.isra.0+0x3a/0xa20 [ 1813.399159] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1813.399804] kmem_cache_alloc+0x159/0x310 [ 1813.400327] __delayacct_tsk_init+0x1b/0x80 [ 1813.400880] copy_process+0x3319/0x7800 [ 1813.401388] ? stack_trace_save+0x8c/0xc0 [ 1813.401918] ? stack_trace_consume_entry+0x160/0x160 [ 1813.402570] ? kasan_save_stack+0x1b/0x40 [ 1813.403095] ? __cleanup_sighand+0xb0/0xb0 [ 1813.403630] ? lock_acquire+0x197/0x470 [ 1813.404120] ? create_object.isra.0+0x3ad/0xa20 [ 1813.404717] ? lock_release+0x680/0x680 [ 1813.405218] ? find_held_lock+0x2c/0x110 [ 1813.405747] ? io_wqe_dec_running+0x220/0x220 [ 1813.406291] create_io_thread+0xb6/0xf0 [ 1813.406806] ? pidfd_pid+0x90/0x90 [ 1813.407250] ? mark_held_locks+0x9e/0xe0 [ 1813.407770] ? io_wqe_dec_running+0x220/0x220 [ 1813.408287] ? __init_swait_queue_head+0xc6/0x150 [ 1813.408739] create_io_worker+0x23a/0x690 [ 1813.409119] io_wqe_enqueue+0x69e/0xbe0 [ 1813.409475] ? create_worker_cb+0x260/0x260 [ 1813.409862] ? io_prep_async_work+0x340/0x550 [ 1813.410265] io_queue_async_work+0x26b/0x4f0 [ 1813.410659] __io_queue_sqe+0x5cc/0x9d0 [ 1813.411013] ? io_issue_sqe+0x77b0/0x77b0 [ 1813.411384] ? __fget_files+0x2f8/0x520 [ 1813.411747] io_submit_sqes+0x44aa/0x8610 [ 1813.412130] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1813.412659] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1813.413245] ? lock_downgrade+0x6d0/0x6d0 [ 1813.413783] ? find_held_lock+0x2c/0x110 [ 1813.414297] ? io_submit_sqes+0x8610/0x8610 [ 1813.414849] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1813.415429] ? wait_for_completion_io+0x270/0x270 [ 1813.415866] ? rcu_read_lock_any_held+0x75/0xa0 [ 1813.416468] ? vfs_write+0x354/0xb10 [ 1813.416946] ? fput_many+0x2f/0x1a0 [ 1813.417419] ? ksys_write+0x1a9/0x260 [ 1813.417902] ? __ia32_sys_read+0xb0/0xb0 [ 1813.418416] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1813.419085] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1813.419727] do_syscall_64+0x33/0x40 [ 1813.420181] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1813.420829] RIP: 0033:0x7f8c2e1fdb19 [ 1813.421302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1813.423249] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1813.424131] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1813.424955] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1813.425861] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1813.426733] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1813.427625] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:11 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2a65, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:11 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:21:24 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x500, 0x2, 0x0, 0x0) 02:21:24 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 50) 02:21:24 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:21:24 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x3f00, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:24 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2000, 0x2, 0x0, 0x0) 02:21:24 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 20) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:21:24 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, 0x0, &(0x7f0000000140)) socket$inet(0x2, 0x1, 0x0) 02:21:24 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff00000000) [ 1826.615372] FAULT_INJECTION: forcing a failure. [ 1826.615372] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.616371] CPU: 1 PID: 11165 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1826.616990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1826.617704] Call Trace: [ 1826.617930] dump_stack+0x107/0x167 [ 1826.618226] should_fail.cold+0x5/0xa [ 1826.618534] ? create_object.isra.0+0x3a/0xa20 [ 1826.618902] should_failslab+0x5/0x20 [ 1826.619211] kmem_cache_alloc+0x5b/0x310 [ 1826.619542] create_object.isra.0+0x3a/0xa20 [ 1826.619893] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1826.620314] kmem_cache_alloc+0x159/0x310 [ 1826.620652] skb_clone+0x14f/0x3d0 [ 1826.620977] ip6_finish_output2+0x1225/0x1fe0 [ 1826.621345] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1826.621743] ip6_output+0x3b8/0x7e0 [ 1826.622043] ip6_local_out+0xb4/0x1a0 [ 1826.622354] ip6_send_skb+0x112/0x460 [ 1826.622667] udp_v6_send_skb+0x7aa/0x15b0 [ 1826.623007] udpv6_sendmsg+0x2116/0x2ad0 [ 1826.623334] ? ip_frag_init+0x350/0x350 [ 1826.623666] ? udp_v6_push_pending_frames+0x360/0x360 [ 1826.624092] ? lock_acquire+0x197/0x470 [ 1826.624409] ? find_held_lock+0x2c/0x110 [ 1826.624747] ? sock_has_perm+0x1ea/0x280 [ 1826.625107] ? __import_iovec+0x458/0x590 [ 1826.625441] ? udp_v6_push_pending_frames+0x360/0x360 [ 1826.625858] inet6_sendmsg+0x105/0x140 [ 1826.626179] ? inet6_compat_ioctl+0x320/0x320 [ 1826.626537] __sock_sendmsg+0xf2/0x190 [ 1826.626851] ____sys_sendmsg+0x334/0x870 [ 1826.627180] ? sock_write_iter+0x3d0/0x3d0 [ 1826.627529] ? do_recvmmsg+0x6d0/0x6d0 [ 1826.627846] ? __lock_acquire+0x1657/0x5b00 [ 1826.628201] ___sys_sendmsg+0xf3/0x170 [ 1826.628525] ? sendmsg_copy_msghdr+0x160/0x160 [ 1826.628905] ? __fget_files+0x2cf/0x520 [ 1826.629227] ? lock_acquire+0x197/0x470 [ 1826.629550] ? find_held_lock+0x2c/0x110 [ 1826.629878] ? __might_fault+0xd3/0x180 [ 1826.630196] ? lock_downgrade+0x6d0/0x6d0 [ 1826.630547] __sys_sendmmsg+0x195/0x470 [ 1826.630870] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1826.631216] ? lock_downgrade+0x6d0/0x6d0 [ 1826.631566] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1826.631954] ? wait_for_completion_io+0x270/0x270 [ 1826.632342] ? rcu_read_lock_any_held+0x75/0xa0 [ 1826.632717] ? vfs_write+0x354/0xb10 [ 1826.633030] ? fput_many+0x2f/0x1a0 [ 1826.633324] ? ksys_write+0x1a9/0x260 [ 1826.633630] ? __ia32_sys_read+0xb0/0xb0 [ 1826.633960] __x64_sys_sendmmsg+0x99/0x100 [ 1826.634299] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1826.634707] do_syscall_64+0x33/0x40 [ 1826.635006] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1826.635412] RIP: 0033:0x7f862c37fb19 [ 1826.635713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1826.637173] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1826.637782] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1826.638346] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1826.638911] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1826.639477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1826.640040] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1826.651082] FAULT_INJECTION: forcing a failure. [ 1826.651082] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.652127] CPU: 1 PID: 11173 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1826.652685] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1826.653351] Call Trace: [ 1826.653571] dump_stack+0x107/0x167 [ 1826.653864] should_fail.cold+0x5/0xa [ 1826.654170] ? create_object.isra.0+0x3a/0xa20 [ 1826.654540] should_failslab+0x5/0x20 [ 1826.654844] kmem_cache_alloc+0x5b/0x310 [ 1826.655176] create_object.isra.0+0x3a/0xa20 [ 1826.655530] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1826.655939] kmem_cache_alloc_bulk+0x168/0x320 [ 1826.656310] io_submit_sqes+0x6fe6/0x8610 [ 1826.656667] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1826.657081] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1826.657472] ? lock_downgrade+0x6d0/0x6d0 [ 1826.657806] ? find_held_lock+0x2c/0x110 [ 1826.658135] ? io_submit_sqes+0x8610/0x8610 [ 1826.658487] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1826.658878] ? wait_for_completion_io+0x270/0x270 [ 1826.659264] ? rcu_read_lock_any_held+0x75/0xa0 [ 1826.659638] ? vfs_write+0x354/0xb10 [ 1826.659939] ? fput_many+0x2f/0x1a0 [ 1826.660237] ? ksys_write+0x1a9/0x260 [ 1826.660550] ? __ia32_sys_read+0xb0/0xb0 [ 1826.660892] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1826.661312] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1826.661730] do_syscall_64+0x33/0x40 [ 1826.662030] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1826.662439] RIP: 0033:0x7f8c2e1fdb19 [ 1826.662739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1826.664200] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1826.664821] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1826.665390] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1826.665957] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1826.666526] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1826.667097] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:25 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:21:25 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2abf, 0x2, 0x0, 0x0) 02:21:25 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), 0x0) socket$inet(0x2, 0x1, 0x0) 02:21:25 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 21) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:21:25 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff00000000) 02:21:25 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x4000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:25 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2000, 0x2, 0x0, 0x0) 02:21:25 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:21:25 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x3f00, 0x2, 0x0, 0x0) [ 1826.861135] FAULT_INJECTION: forcing a failure. [ 1826.861135] name failslab, interval 1, probability 0, space 0, times 0 [ 1826.862201] CPU: 0 PID: 11205 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1826.862783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1826.863480] Call Trace: [ 1826.863711] dump_stack+0x107/0x167 [ 1826.864022] should_fail.cold+0x5/0xa [ 1826.864348] ? create_object.isra.0+0x3a/0xa20 [ 1826.864738] should_failslab+0x5/0x20 [ 1826.865083] kmem_cache_alloc+0x5b/0x310 [ 1826.865434] create_object.isra.0+0x3a/0xa20 [ 1826.865810] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1826.866243] kmem_cache_alloc_bulk+0x168/0x320 [ 1826.866638] io_submit_sqes+0x6fe6/0x8610 [ 1826.867009] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1826.867432] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1826.867846] ? lock_downgrade+0x6d0/0x6d0 [ 1826.868197] ? find_held_lock+0x2c/0x110 [ 1826.868547] ? io_submit_sqes+0x8610/0x8610 [ 1826.868943] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1826.869360] ? wait_for_completion_io+0x270/0x270 [ 1826.869776] ? rcu_read_lock_any_held+0x75/0xa0 [ 1826.870174] ? vfs_write+0x354/0xb10 [ 1826.870501] ? fput_many+0x2f/0x1a0 [ 1826.870816] ? ksys_write+0x1a9/0x260 [ 1826.871143] ? __ia32_sys_read+0xb0/0xb0 [ 1826.871494] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1826.871939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1826.872378] do_syscall_64+0x33/0x40 [ 1826.872700] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1826.873157] RIP: 0033:0x7f8c2e1fdb19 [ 1826.873485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1826.875030] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1826.875678] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1826.876280] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1826.876907] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1826.877511] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1826.878113] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:38 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffff00000000) 02:21:38 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x652a, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:38 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), 0x0) socket$inet(0x2, 0x1, 0x0) 02:21:38 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:21:38 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 51) 02:21:38 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 22) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:21:38 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2ab7, 0x2, 0x0, 0x0) 02:21:38 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x4000, 0x2, 0x0, 0x0) [ 1839.859835] FAULT_INJECTION: forcing a failure. [ 1839.859835] name failslab, interval 1, probability 0, space 0, times 0 [ 1839.862445] CPU: 1 PID: 11247 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1839.863623] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1839.865026] Call Trace: [ 1839.865318] dump_stack+0x107/0x167 [ 1839.865704] should_fail.cold+0x5/0xa [ 1839.866038] ? create_object.isra.0+0x3a/0xa20 [ 1839.866493] should_failslab+0x5/0x20 [ 1839.866825] kmem_cache_alloc+0x5b/0x310 [ 1839.867178] create_object.isra.0+0x3a/0xa20 [ 1839.867960] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1839.868653] kmem_cache_alloc+0x159/0x310 [ 1839.869586] skb_clone+0x14f/0x3d0 [ 1839.870356] ip6_finish_output2+0x1225/0x1fe0 [ 1839.871121] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1839.871968] ip6_output+0x3b8/0x7e0 [ 1839.872588] ip6_local_out+0xb4/0x1a0 [ 1839.873353] ip6_send_skb+0x112/0x460 02:21:38 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xbf2a, 0x2, 0x0, 0x0) [ 1839.874018] udp_v6_send_skb+0x7aa/0x15b0 [ 1839.885566] udpv6_sendmsg+0x2116/0x2ad0 [ 1839.886270] ? ip_frag_init+0x350/0x350 [ 1839.886962] ? udp_v6_push_pending_frames+0x360/0x360 [ 1839.887864] ? perf_event_task_disable+0x390/0x390 [ 1839.888729] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1839.889250] ? lock_acquire+0x197/0x470 [ 1839.889593] ? find_held_lock+0x2c/0x110 [ 1839.889948] ? sock_has_perm+0x1ea/0x280 [ 1839.890307] ? __import_iovec+0x458/0x590 [ 1839.890658] ? udp_v6_push_pending_frames+0x360/0x360 [ 1839.891094] inet6_sendmsg+0x105/0x140 [ 1839.891432] ? inet6_compat_ioctl+0x320/0x320 [ 1839.891810] __sock_sendmsg+0xf2/0x190 [ 1839.892141] ____sys_sendmsg+0x334/0x870 [ 1839.892490] ? sock_write_iter+0x3d0/0x3d0 [ 1839.892847] ? do_recvmmsg+0x6d0/0x6d0 [ 1839.893201] ? __lock_acquire+0x1657/0x5b00 [ 1839.893589] ___sys_sendmsg+0xf3/0x170 [ 1839.893920] ? sendmsg_copy_msghdr+0x160/0x160 [ 1839.894312] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1839.894760] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1839.895137] ? trace_hardirqs_on+0x5b/0x180 [ 1839.895508] ? lock_acquire+0x197/0x470 [ 1839.895844] ? find_held_lock+0x2c/0x110 [ 1839.896192] ? __might_fault+0xd3/0x180 [ 1839.896530] ? lock_downgrade+0x6d0/0x6d0 [ 1839.896891] ? io_schedule_timeout+0x140/0x140 [ 1839.897305] __sys_sendmmsg+0x195/0x470 [ 1839.897654] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1839.898020] ? lock_downgrade+0x6d0/0x6d0 [ 1839.898383] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1839.898800] ? wait_for_completion_io+0x270/0x270 [ 1839.899210] ? rcu_read_lock_any_held+0x75/0xa0 [ 1839.899609] ? vfs_write+0x354/0xb10 [ 1839.899925] ? fput_many+0x2f/0x1a0 [ 1839.900233] ? ksys_write+0x1a9/0x260 [ 1839.900563] ? __ia32_sys_read+0xb0/0xb0 [ 1839.900925] __x64_sys_sendmmsg+0x99/0x100 [ 1839.901302] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1839.901740] do_syscall_64+0x33/0x40 [ 1839.902054] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1839.902489] RIP: 0033:0x7f862c37fb19 [ 1839.902805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1839.904335] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1839.904990] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1839.905593] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1839.906192] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1839.906791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1839.907390] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1839.918534] FAULT_INJECTION: forcing a failure. [ 1839.918534] name failslab, interval 1, probability 0, space 0, times 0 [ 1839.919643] CPU: 1 PID: 11249 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1839.920231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1839.920947] Call Trace: [ 1839.921178] dump_stack+0x107/0x167 [ 1839.921496] should_fail.cold+0x5/0xa [ 1839.921818] ? create_object.isra.0+0x3a/0xa20 [ 1839.922205] should_failslab+0x5/0x20 [ 1839.922533] kmem_cache_alloc+0x5b/0x310 [ 1839.922878] ? mark_held_locks+0x9e/0xe0 [ 1839.923225] create_object.isra.0+0x3a/0xa20 [ 1839.923605] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1839.924038] kmem_cache_alloc_bulk+0x168/0x320 [ 1839.924431] io_submit_sqes+0x6fe6/0x8610 [ 1839.924804] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1839.925245] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1839.925665] ? lock_downgrade+0x6d0/0x6d0 [ 1839.926018] ? find_held_lock+0x2c/0x110 [ 1839.926367] ? io_submit_sqes+0x8610/0x8610 [ 1839.926739] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1839.927149] ? wait_for_completion_io+0x270/0x270 [ 1839.927571] ? rcu_read_lock_any_held+0x75/0xa0 [ 1839.927965] ? vfs_write+0x354/0xb10 [ 1839.928285] ? fput_many+0x2f/0x1a0 [ 1839.928600] ? ksys_write+0x1a9/0x260 [ 1839.928931] ? __ia32_sys_read+0xb0/0xb0 [ 1839.929292] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1839.929748] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1839.930270] do_syscall_64+0x33/0x40 [ 1839.930661] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1839.931176] RIP: 0033:0x7f8c2e1fdb19 02:21:38 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1839.931551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1839.942082] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1839.942722] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1839.943314] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1839.943909] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1839.944500] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1839.945111] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:38 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xd502, 0x2, 0x0, 0x0) 02:21:38 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x3f00, 0x2, 0x0, 0x0) 02:21:38 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), 0x0) socket$inet(0x2, 0x1, 0x0) 02:21:38 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 23) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:21:38 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x800000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:38 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1840.110981] FAULT_INJECTION: forcing a failure. [ 1840.110981] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1840.112182] CPU: 1 PID: 11287 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1840.112770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1840.113476] Call Trace: [ 1840.113709] dump_stack+0x107/0x167 [ 1840.114021] should_fail.cold+0x5/0xa [ 1840.114350] __alloc_pages_nodemask+0x182/0x600 [ 1840.114753] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1840.115272] alloc_pages_current+0x187/0x280 [ 1840.115652] allocate_slab+0x26f/0x380 [ 1840.115985] ___slab_alloc+0x470/0x700 [ 1840.116318] ? io_submit_sqes+0x6fe6/0x8610 [ 1840.116703] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1840.117161] ? trace_hardirqs_on+0x5b/0x180 [ 1840.117538] ? kmem_cache_alloc_bulk+0x1ec/0x320 [ 1840.117936] kmem_cache_alloc_bulk+0x1ec/0x320 [ 1840.118325] io_submit_sqes+0x6fe6/0x8610 [ 1840.118696] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1840.119115] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1840.119524] ? lock_downgrade+0x6d0/0x6d0 [ 1840.119875] ? find_held_lock+0x2c/0x110 [ 1840.120223] ? io_submit_sqes+0x8610/0x8610 [ 1840.120598] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1840.121028] ? wait_for_completion_io+0x270/0x270 [ 1840.121451] ? rcu_read_lock_any_held+0x75/0xa0 [ 1840.121854] ? vfs_write+0x354/0xb10 [ 1840.122171] ? fput_many+0x2f/0x1a0 [ 1840.122500] ? ksys_write+0x1a9/0x260 [ 1840.122830] ? __ia32_sys_read+0xb0/0xb0 [ 1840.123179] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1840.123625] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1840.124065] do_syscall_64+0x33/0x40 [ 1840.124381] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1840.124815] RIP: 0033:0x7f8c2e1fdb19 [ 1840.125150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1840.126692] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1840.127335] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1840.127940] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1840.128541] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1840.129161] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1840.129764] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:38 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x800000, 0x2, 0x0, 0x0) 02:21:38 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r4 = getegid() setresgid(r4, r4, r4) statx(0xffffffffffffffff, &(0x7f0000000380)='.\x00', 0x0, 0x10, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, &(0x7f0000000500)=0xe8) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',dfltgid=', @ANYRESHEX=r5, @ANYBLOB=',posixacl,access=any,version=9p2000.u,dfltgid=', @ANYRESHEX=r6, @ANYBLOB="2c76657273696fac063970323030ad382142a6c5161e1b", @ANYRESDEC=r7, @ANYBLOB=',dont_hash,defcontext=unconfined_u,measure,smackfshat=\',\'A,seclabel,pcr=00000000000000000051,defcontext=user_u,appraise,\x00']) setgroups(0x7, &(0x7f0000000400)=[0x0, 0x0, r4, r4, 0x0, 0x0, r6]) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x9, 0x1, &(0x7f0000000180)=[{&(0x7f00000002c0)="ee7bda6b7b2a2b9793808bdde64a4471b77aecd6cc5fd57a3bfecae5f26d2d7b70d2deaa768548b50ca36b7e25c591244ab09845dedfdca36203bca01c34a9eb319ba07c18dcb87f7fe69178619f0c89d64e64e04ff9f67376c7ffb0981c89306985c50da1193023f715c36064913ab1760404d0c027640eb93b0732a86fabe8bc40cda794739dc6a46e3ae1926503ebce", 0x91, 0xff}], 0x401, &(0x7f0000000380)={[{@journal_checksum}, {@resgid={'resgid', 0x3d, r4}}, {@delalloc}, {@norecovery}, {@min_batch_time={'min_batch_time', 0x3d, 0x8001}}]}) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:21:38 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x0, 0x0) [ 1840.218950] EXT4-fs (loop7): VFS: Can't find ext4 filesystem [ 1840.274580] EXT4-fs (loop7): VFS: Can't find ext4 filesystem 02:21:51 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x4000, 0x2, 0x0, 0x0) 02:21:51 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 52) 02:21:51 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x0, 0x0) 02:21:51 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 24) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:21:51 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x1000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:51 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1853.302053] FAULT_INJECTION: forcing a failure. [ 1853.302053] name failslab, interval 1, probability 0, space 0, times 0 [ 1853.303173] CPU: 1 PID: 11330 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1853.303754] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.304443] Call Trace: [ 1853.304675] dump_stack+0x107/0x167 02:21:51 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6, 0x10010, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000040)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x2004, @fd_index=0x9, 0x4, 0x0, 0x0, 0x8, 0x0, {0x1}}, 0x7ff) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x110, r0, 0x10000000) mmap$IORING_OFF_CQ_RING(&(0x7f0000ff7000/0x4000)=nil, 0x4000, 0x2000004, 0x8010, r0, 0x8000000) syz_io_uring_submit(r3, r5, &(0x7f00000001c0)=@IORING_OP_WRITEV={0x2, 0x4, 0x4000, @fd_index=0x6, 0x7736, &(0x7f00000015c0)=[{&(0x7f00000002c0)="ff79152addf4883aa5e082f611abe6292b3d26889df5123386cb221b75d684103271f5b2316804e2d95cb0f1946e9c4d233d52152f975708d60c7c68a58c621e2a5cf78344a2b4c0cf57feaeac7cf31c2ab006c018a5ff16b02c17629bb5784af5babdef5c04e81346e20d3f799af4392696260eec76c71ec64eda51c3b0d39e30f26d7417d4dd484cdd498286168d902a0bfcb488a6c945989d988a6eb9a674078866635e99d9fe7cb6f4ea93d47a5de0c0c8bca3c1f9dce438c7447d5081648c6640ae2a3cfb", 0xc7}, {&(0x7f00000003c0)="6fc8876c72737657f00444a1e10e089d236f5fa4c2ea75ab33c5ddf875cf1c09d7ae0256d2b356cd39b2e77c69caaffc09a0ff55c3e4966922f4baaa9ec757d94e3b57316817b80415c6afa8a5d8a5c8c4bb5e86aedaae1161525817f5863951afa19311b305f560abfa3780f292c1b3cc5a285023cb48fcbbfedadccf794b7cd29287c146740e014392dc54fdb02c8a0492b440638d25f88456a0ac3e100b8a6b3601225578298202b473", 0xab}, {&(0x7f0000000180)="08a16b4400825bbdeccac6914ef8f245e63708a0", 0x14}, {&(0x7f0000000480)="c61dde8e974591d86159113c813490981e4c4a6b2f17ac88b01ad98c7377f891c078c284ccccd5020666741b07c5ab5878e67b097ae42e75910b0a1a9d8282e60847685d26e2f6b2e497e4c4c3b07463ddc812c04899225d85ad1d3c80cbcdd2282151c8a42502e01f4c36d38aaa97943bff4b45bb37c5cf1e8577ef0a9f7b6d3ac23cccebbb466748e8c2b6dfd3435ae507307ffe9aaf03bc7efded4f68a96b57a64877b1cde28b52a8c35e53418a14bdd7dd95e9adcb2c54f605997d17bcefebe089b31f6e803856cad935aeae7a8846ee242b2087658ea391af81163d9a698fcb4c80224bb2dfc5dc2da6e10d853387e91f35331c789d6971b993ffb29dcf7efb3fdff528a501c95263a0ae2cb812d3231561d33afa51a8b957bfe9fe28adc3cf530b84d516c339dd313b2729ef43867a35b1e0d0b5e849e973b395a2bae47e0f0d89f6f1ac4c3ce0e65cde4e552116fab5dd74fabf3ffec1e1664bd93d048ee9c5c649ee6367f52346a7ab3a7241d9b088b5263eff015dd54121665e25f575fcc808e97d31a2b3574cbb6c5b20e0f9a103ebf728b685c5f3578b3d4c46b6d03cf734c39f7cbd0b59a26d4cf42b94e003d90d54a943b2a85c7f7160aa143d6a8b11907d651796db50ffa698d2daa18655027d6eca0d47902f18148cdf1792414a03eadbc92d3d336b556adf9cec7517a02c9ed939413918168bce3af3c08b29e895196cb30f0a5f1d3d13bc50d668177bb63db9d2f71e4c4624f62770732d21d567a83d2737ab7e33bdea742961b5d2bb54a9ab301327cec349683d4a7e686d097ce9249c61c9f1eb54b8b417fd77d148d59ed7efe4f13373e986b2d2f71c3ef4894c2305d3219810fe639adb725b51d855f5ddf6761481ceafba1fa3cb32b99b345482fb400667d1f048e711b69ddbf00542ec18f2c3aebe72ea3eef41292762fe29cdedda9b1ca9b81a3bb2b0247fe3fd40cee5fd016b289623381ac653b531cb7e33578a63fede2f091cf83f4f3db6d1ccc84335361b53400a4514401463c222ee38b431552f52e5f8e8d03afc9a71ca02858acceabc3059a5d38807431b6018de6cbcc593e1db75de0fc4087e63067e7ec738df640064b6bb2a783fc148a12ed5ac390b4de8257cd2a4a2f9b91b45018830a3b5db3c2db4d4280f93f0811e3c76f55d0fd803fc6a2a75c37d06528c3eb0069c39ca3baa7e546a51e77c721028cbc67df1ad43961398b36be5cb4054565c871d577bdaf0d0e861c389352ba4e4d9caf4baaff1b30ad7e40fe752adef4d152537e489f0da8586eba1f635ade87afc3399652ea3941a503894105823dd3f72238d2cd95dfe0f04f478b63e0d45a9462e324df224b2d0415dab5b9f043de7f1bc3358e7383f00956842edb44b05beba4af9e5e98d680ead6566f439b566ae1916ef39f64987dd23442e860b3991a68ea20148d7445e9da69afe1ce746f56e6d88b06e6def604dd688230272097496fbe4dfcebbb4000a4e8e0519c6174b1e9ca0b9819b7d013a09b2bc353a041e2fdc515de0e946929893701484aa91adbd15af369728ef8ecaa41d354ea6efe7a6ab6416a699e779bd3ba440b9fff7284ee29dbe9b3df4678c3a08269807a0a8fc9484bfc9d5ae98da4411c2795bf07f4e8f0add1b89733b1b47216278545b2ad971b18601d5744492399ee919c77e828651ec178b98a18d1bcd2330b04f4cad296278f7afc5e95c61aae067d40817633a873da546cfc0d46df0e529dd153b399269edfd39c0b82988e7a71fe0c9a55147abd33cbc94a7ff524d9ca68f1c9bb48f7c06f18b56a002a219d5f55206ee36d175749f03b300db82d6c06052d2191173a1c412136d4c1e6a6acec8733f29da405e3e1915ea0ef40b5062ce1a7c89393a5750d20fb1ee63fa22d9ecb8cfabcf21b5661e489c19a0386b1c7857a00ba98c2ad175ca7804646dda6825b4b1ad6d666ee4437aa7fd9d34e8b3e40202a026fefa1ba90c8463703a31dd01e0b44ca1302d37399a0502626c0253a5b3fa7a2df543ed19b61e85dd65900b9f69cae09adadf0eeb513c7ff399fd8a85658cd8a64d4dcfddc5cf2fb525ce3809fcf1a4a309b180cf7289b5b944c26d699c00adfb3d047bf7553882cbab51ffcc7c8b04884eb7a1d2862a9b3daf74899d548db11f4e7b44386b6028c1508be1adfeb3f9db26b30933cae854af0697928c33604b987d00a7c1912866d01ddf811c005710010330d51df94cad4cb4d2adbc7cbf44e7958a582402a3531da270b75707d0e23752504789c95839cc863f5060f7f260525dc3b6aef58dfbb747d26a39609d95791614db40e3bad8523af6fe6b98bd2544684a4db3ff2fa808ecc2edccaa194ebfc29eb49d448a869e79eced123be4d37c7d828a1722e0989af6dc16d85045a83842a5798442a5ad508183c6594658b287453ef6b48438b63d2e3d3e43845db42788eb0c6a1bb937bbf02ef4d1109c99a0378e7049a521218ffe5685e7c58d7ffb8b47e19681c9739d13ccb37721d7b5ddfa003ea2a8fb6f2e764e5da364d21038713a93d0d10ded438f73bc92fc4b60233d9faab9f8b444b65ae6fe66944ac3851fbba6ed9052fcd3c103095f313c90a26bf02d0edeb27536345bf18d8521118c9269c714b8aaa2a56a3e174673a38472b35941d2df695bdbe55b34a366e62832c7d262ba62f6687e8e0733bc0c7aaf091bdb26efad2fd942bd09be72aac19866a3a764639d0e24b3594e900848335388161370c34e32ed80c053d8a6e1e7b3f431e4a0d3b43c81d00613556d785bef3463141b44fd470a1a2beaa87a0bf3c518f52982705c82d6ea26e22141462483b322a49418ef7e2a71eccd2fd4865c3ecace6fc70a4fa8848d9252fb39e140ba753e786198b506a7d92e1e6c1c42017190bd08eb8fdf27ef082b01d3c32f3d785e854017599f00c21311c77db883a1ef6ad4be6f1d42ae6e8879c7509a66414501899bb2fb26121ea724c0d085ea35c4de5a0cc3b43979ef25aabef8451b37405f08d7a13274e06cf3314beb16fa6c7eab26bd8d0cba3418617277e76703b17ea6336f93f4e2c9c7865e102334131c7bb23af0f9203b5b7c8d156ac63a31eea92ef1fbcb6706f02bc62410a698d82b6aa5d85e9c391c87fe74bf11b3d098423a11b7e8929660b0f4c8a3704cb50b0dd406483f54fefed59944102955413831372e6342dc82a0048bc2ad13aecb5b94e34651d641d9a2751ca35ddadf6bb959d8bb4c5886eaebe7437a6aa82a4b7e8979fc1bb8fda33d6257285cf478b275f488b7cfb4bc6fc796651e456a455821e464014991ab3212d7bbb24106998d551d4226f94407143e633d6cdefeaf1528e63dd0486b3233c59ab03174d838f15da013bfdf98af6bb0a8a7667308615d182b6fb29a9ba773406224fb66eddee8615b90bc4ad07685c1ffea724870de7cb2c7369e61d95d2446de9c8889676f5570a3bfe7a367ffd7d2b191b1e806f74c5c437b3b97b80f8411a99696043c57193c5d9e1eff1a307ca37863e3d0f3b419b6c07402e31aa2f58cc92e82d0d62d582fba17f0e16f2e012dd718564ece9c0003d197dad6c7a67a90c4b8e4113e1cf7ffae1cfa59c29a900b90f5ddf73680c1536d4d0aa0ec2c3b276cb8498dbf16a3a66dbedc1136fdfaea487c8213056f83a53a0d7de0522419f29e808b0166ab8b7ca49787a5deaa9ab13c49a87f71db1fea93e71095c04e57bcc2f1d0bfda389055e25c7c49a903e73a6c73de4fe0f57bf2ce31d1c7ca278f93a0b0d36747cb919b9089f4f2b1f44773027536c3e3a6618a51c6647abaeeb8332f88633a980b44bef7c8c03914d583376485c14959ed5a8a35821af3661c3851c2d73b6fe14c13839da2831339eb84657d9cc7e2f0525186ba08c4db8c27ebb1bbd9d65bb85bb8cb3467a771770e84be534f8c92f40a4075aa6c51e0db906a5daa642dc01409cdefac0088d6a22fac6bbc8addf5b7d6f4236954f558f6fcb7180a04b4eeaa0718038d7e05f233828dec1b355cb9da7422b17b73071b6535fbd0848d8dac6946a7b4dd6970c0bdd4c41e7d602e9faf32061f60ebe95de7b74d0fcee0a7825fdd9478c34f33691cab393fff3d5c79ea25b71acedf7735474d414a9195d0d3c7926a707b850085843aef25f8bff63dac9fec75ff92d3869de4071f2fb5b63d5c71fb7fcc78bfa882ce2d1c719c6662eaae332bfbc8112b6b489a1de896fa9a824a4afb9ef462b2a3d1cde0f8294a44d13e643ef24f3c1fbbac2be6897903b5c0d9b4ac167753955212e8ea9b2e224739340d8001d2c881ce9b55625bdbd9f402497be434910fb9e0b3621bee5b4d34b86065116ae89741e526405502528f194cd01352c188530f89739f2f7ceed4a8a3c4bdd97890621f94280f561b9d0532e733a4ddc86b55774a6762d2e8dadb5b48694a794bb83f3866386589d662726cbba731b53c5b45acf878c2dd05abd7dd02213001c6cdef209558d2a6f749cb1b908dcb24d9abf0ae32413789c614a8d5424b38a57df96653aa9d2c8da684c05ce9381c910c8638b13138954468d73528187c5b8f66dc0e7ff7d98bef0e415b419b7b0416877812ba2f52820691c6e5da8ffd3d192c6fbb2cda33646e91cb90920f62d9f5c8e742ee1403202e5bc03ce75c226305737af10d840a461872ff69bb527ef30449c10cdc5652d3bae81c2533e15cd4b0674e8576d5180425f22aca2e80cbe303b3edfbd12d698bbef2ca34806b9e57cd5a8663e03774245b0952498d035b8ff2402001d92e19e762a6a830f93d28a84f49194c3107b4c40c37169bf0641658f679d48ee16713a42114b4572943b0ca9b0931b43ba8af90cde2ba9982e41b24be80cbbf22a32245eddb5303a690b23e4798e0c755e32d12bc1653c1121ceaff160feeb924276ebbaaeed4236f8fef587d7df5e41f687e4864250f5a9405acf41ede9a452a2b31188b2d6abb45665295d2f6ffad5907719c149b619aad6dfa6eb99e2df53f67ca585d2d87083d32fcd8d9879b6ee0d21c224fe312fd985858a1307d322373dcb127b8b5d962536986a9eecd5aed7725f06fbb50e2b7a77e2c5772a4c9012947a3f9fc4e3d6e9c6de40ad652f00db77e58501537f57ff55a1f4b6d45ae1cb6f3205fc08a2b9982c110dc91c509a1d075837c423e7f9c3242b90cdde059d32ce46ad0b268844a5450ca27c2de11167408a869a673a3cda3fa56028c245d413daf48de0dbbb7623d47a2f49c4ee3eb544bb278608be186ead9348f07b3ee5711bd4600fb97f2af097b66634bcf4e26205d8cf8920c6041df17c1a594d8c2a1dc972b5b4d0ffced5cb535aebbebcebada83fdd710d4f8854bd332776f7ee6aedf9b3ffa63294337dcf8a6a0ebb205809fdc9458ffe1ede4f2754e8de460bf4d9f1868608b27183a1514b3e7080c8bb21b4d68a135fa111afdce6d9d3167df141ccaa8f6018236bd46a4bb4584e260f6dc5cab118ac8dfd07eff47dad2bd95df21bb9f87abd573dcdc17be25bee836bca0c03939d1bff4e6ec01b4152553d1e6f722493d645f64b37e8f1769742c66cfa945e98fc3dc33b3cb2034cddbb0dae243de93675b70a824384151245d13873e79b1d3a3e75f05446599d79435bd50bd196d32151f08bbdac4128283d920001f5ec68153371232e21420d45ddc205e308e3301ae0c46638a858fe15daec68cfd4a8b28f93e07a97fd278daf42f87abf15dfdc8eab364d79f16fd117a0f4f453c910dadfb11b7ea5654c6f8bdafda", 0x1000}, {&(0x7f0000001480)="0d983e47d4045d73e1cdcc0ada45dfb51d60cc859b81ad3fc209d2c6a351b6dd4c65f3ce9fb557814f6440933114391c8e67bc92621ce42a411375e4b1d79f5da6b5083e12d11c027ad721616e2c75b23ddeee6abdd30c3534b9eea2f10caa9851e8f1eeab22485073aba3e38041480be892048e46160b31aae7890e3e2d90174c3fe5de014bcf20b02a0b20ccbe92619b2ea99e51f09d7e588dbf690b2f3e319910932e12f98705", 0xa8}, {&(0x7f0000001540)="593e5e20329de975549ea4ee1d7d1f5f6433f32d04c99733bbbc5d8633de48973ced36d238369ca721b0130784db926d810c07caac926935b4f56ae6c6746c77421272003c1075297594eac2784a8d182dfda757f9d80da9920367f4d1ba29448cfe018c8735062a", 0x68}], 0x6, 0xb}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x48000, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffb1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000000c0)) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x100000e, 0x10, r0, 0x0) r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x5, 0x2010113, r0, 0x10000000) syz_io_uring_submit(r6, r7, &(0x7f0000001700)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000001640)=0x80, &(0x7f0000001680)=@in={0x2, 0x0, @private}, 0x0, 0x1800}, 0x81) 02:21:51 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x1000000, 0x2, 0x0, 0x0) [ 1853.304985] should_fail.cold+0x5/0xa [ 1853.321370] ? create_object.isra.0+0x3a/0xa20 [ 1853.321764] should_failslab+0x5/0x20 [ 1853.322088] kmem_cache_alloc+0x5b/0x310 [ 1853.322434] ? mark_held_locks+0x9e/0xe0 [ 1853.322780] create_object.isra.0+0x3a/0xa20 [ 1853.323152] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1853.323583] kmem_cache_alloc_bulk+0x168/0x320 [ 1853.323973] io_submit_sqes+0x6fe6/0x8610 [ 1853.324342] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1853.324761] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1853.325192] ? lock_downgrade+0x6d0/0x6d0 [ 1853.325540] ? find_held_lock+0x2c/0x110 [ 1853.325886] ? io_submit_sqes+0x8610/0x8610 [ 1853.326257] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1853.326667] ? wait_for_completion_io+0x270/0x270 [ 1853.327075] ? rcu_read_lock_any_held+0x75/0xa0 [ 1853.327465] ? vfs_write+0x354/0xb10 [ 1853.327780] ? fput_many+0x2f/0x1a0 [ 1853.328087] ? ksys_write+0x1a9/0x260 [ 1853.328409] ? __ia32_sys_read+0xb0/0xb0 [ 1853.328754] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1853.329209] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1853.329644] do_syscall_64+0x33/0x40 [ 1853.329958] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.330387] RIP: 0033:0x7f8c2e1fdb19 [ 1853.330704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.332231] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1853.332870] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1853.333492] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1853.334089] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.334686] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1853.335282] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:51 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 25) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1853.434714] FAULT_INJECTION: forcing a failure. [ 1853.434714] name failslab, interval 1, probability 0, space 0, times 0 [ 1853.435770] CPU: 0 PID: 11333 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1853.436377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.437133] Call Trace: [ 1853.437384] dump_stack+0x107/0x167 [ 1853.437714] should_fail.cold+0x5/0xa [ 1853.438066] ? create_object.isra.0+0x3a/0xa20 [ 1853.438492] should_failslab+0x5/0x20 [ 1853.438837] kmem_cache_alloc+0x5b/0x310 [ 1853.439208] create_object.isra.0+0x3a/0xa20 [ 1853.439609] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1853.440067] kmem_cache_alloc+0x159/0x310 [ 1853.440464] skb_clone+0x14f/0x3d0 [ 1853.440800] ip6_finish_output2+0x1225/0x1fe0 [ 1853.441241] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1853.441701] ip6_output+0x3b8/0x7e0 [ 1853.442051] ip6_local_out+0xb4/0x1a0 [ 1853.442408] ip6_send_skb+0x112/0x460 [ 1853.442769] udp_v6_send_skb+0x7aa/0x15b0 [ 1853.442829] FAULT_INJECTION: forcing a failure. [ 1853.442829] name failslab, interval 1, probability 0, space 0, times 0 [ 1853.443134] udpv6_sendmsg+0x2116/0x2ad0 [ 1853.444392] ? ip_frag_init+0x350/0x350 [ 1853.444752] ? udp_v6_push_pending_frames+0x360/0x360 [ 1853.445230] ? lock_acquire+0x197/0x470 [ 1853.445578] ? find_held_lock+0x2c/0x110 [ 1853.445935] ? sock_has_perm+0x1ea/0x280 [ 1853.446298] ? __import_iovec+0x458/0x590 [ 1853.446667] ? udp_v6_push_pending_frames+0x360/0x360 [ 1853.447107] inet6_sendmsg+0x105/0x140 [ 1853.447444] ? inet6_compat_ioctl+0x320/0x320 [ 1853.447827] __sock_sendmsg+0xf2/0x190 [ 1853.448159] ____sys_sendmsg+0x334/0x870 [ 1853.448516] ? sock_write_iter+0x3d0/0x3d0 [ 1853.448875] ? do_recvmmsg+0x6d0/0x6d0 [ 1853.449228] ? __lock_acquire+0x1657/0x5b00 [ 1853.449613] ___sys_sendmsg+0xf3/0x170 [ 1853.449948] ? sendmsg_copy_msghdr+0x160/0x160 [ 1853.450339] ? __fget_files+0x2cf/0x520 [ 1853.450691] ? lock_acquire+0x197/0x470 [ 1853.451028] ? find_held_lock+0x2c/0x110 [ 1853.451377] ? __might_fault+0xd3/0x180 [ 1853.451723] ? lock_downgrade+0x6d0/0x6d0 [ 1853.452091] __sys_sendmmsg+0x195/0x470 [ 1853.452436] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1853.452808] ? lock_downgrade+0x6d0/0x6d0 [ 1853.453193] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1853.453615] ? wait_for_completion_io+0x270/0x270 [ 1853.454027] ? rcu_read_lock_any_held+0x75/0xa0 [ 1853.454421] ? vfs_write+0x354/0xb10 [ 1853.454746] ? fput_many+0x2f/0x1a0 [ 1853.455058] ? ksys_write+0x1a9/0x260 [ 1853.455381] ? __ia32_sys_read+0xb0/0xb0 [ 1853.455744] __x64_sys_sendmmsg+0x99/0x100 [ 1853.456106] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1853.456554] do_syscall_64+0x33/0x40 [ 1853.456873] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.457323] RIP: 0033:0x7f862c37fb19 [ 1853.457648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.459170] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1853.459820] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1853.460419] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1853.461017] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.465646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1853.466242] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1853.466862] CPU: 1 PID: 11350 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1853.467476] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1853.468207] Call Trace: [ 1853.468454] dump_stack+0x107/0x167 [ 1853.468791] should_fail.cold+0x5/0xa [ 1853.469163] ? create_object.isra.0+0x3a/0xa20 [ 1853.469582] should_failslab+0x5/0x20 [ 1853.469927] kmem_cache_alloc+0x5b/0x310 [ 1853.470311] ? mark_held_locks+0x9e/0xe0 [ 1853.470689] create_object.isra.0+0x3a/0xa20 [ 1853.471105] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1853.471573] kmem_cache_alloc_bulk+0x168/0x320 [ 1853.471999] io_submit_sqes+0x6fe6/0x8610 [ 1853.472416] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1853.472871] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1853.473341] ? lock_downgrade+0x6d0/0x6d0 [ 1853.473726] ? find_held_lock+0x2c/0x110 [ 1853.474104] ? io_submit_sqes+0x8610/0x8610 [ 1853.474521] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1853.474965] ? wait_for_completion_io+0x270/0x270 [ 1853.475414] ? rcu_read_lock_any_held+0x75/0xa0 [ 1853.475844] ? vfs_write+0x354/0xb10 [ 1853.476188] ? fput_many+0x2f/0x1a0 [ 1853.476540] ? ksys_write+0x1a9/0x260 [ 1853.476892] ? __ia32_sys_read+0xb0/0xb0 [ 1853.477292] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1853.477782] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1853.478254] do_syscall_64+0x33/0x40 [ 1853.478597] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1853.479073] RIP: 0033:0x7f8c2e1fdb19 [ 1853.479416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1853.481067] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1853.481762] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1853.482411] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1853.483057] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.483693] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1853.484340] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:21:51 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:21:51 executing program 7: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_matches\x00') r1 = syz_io_uring_setup(0x24d4f, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:21:51 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:21:51 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xb72a, 0x2, 0x0, 0x0) 02:21:52 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2000000, 0x2, 0x0, 0x0) 02:22:05 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 26) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:22:05 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 53) 02:22:05 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xe101, 0x2, 0x0, 0x0) 02:22:05 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x5000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:22:05 executing program 5: pread64(0xffffffffffffffff, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(0xffffffffffffffff, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r0}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) socket$inet(0x2, 0x0, 0x0) 02:22:05 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1866.934989] FAULT_INJECTION: forcing a failure. [ 1866.934989] name failslab, interval 1, probability 0, space 0, times 0 [ 1866.936083] CPU: 0 PID: 11397 Comm: syz-executor.1 Not tainted 5.10.226 #1 02:22:05 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x5000000, 0x2, 0x0, 0x0) 02:22:05 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1866.936701] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1866.937453] Call Trace: [ 1866.937702] dump_stack+0x107/0x167 [ 1866.938035] should_fail.cold+0x5/0xa [ 1866.938383] ? create_object.isra.0+0x3a/0xa20 [ 1866.938802] should_failslab+0x5/0x20 [ 1866.939154] kmem_cache_alloc+0x5b/0x310 [ 1866.939534] ? ___sys_sendmsg+0xf3/0x170 [ 1866.939910] ? __sys_sendmmsg+0x195/0x470 [ 1866.940297] create_object.isra.0+0x3a/0xa20 [ 1866.940697] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1866.941152] kmem_cache_alloc_node+0x169/0x330 [ 1866.945607] __alloc_skb+0x6d/0x5b0 [ 1866.945951] alloc_skb_with_frags+0x92/0x570 [ 1866.946355] ? trace_hardirqs_on+0x5b/0x180 [ 1866.946755] ? kmem_cache_free+0xa7/0x2d0 [ 1866.947139] sock_alloc_send_pskb+0x7af/0x930 [ 1866.947561] ? sk_alloc+0x350/0x350 [ 1866.947902] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1866.948373] ? trace_hardirqs_on+0x5b/0x180 [ 1866.948763] ? __dev_queue_xmit+0xe4e/0x2710 [ 1866.949159] ? __local_bh_enable_ip+0x9d/0x100 [ 1866.949595] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1866.950070] ? ip6_mtu+0x1bb/0x3d0 [ 1866.950402] ? lock_downgrade+0x6d0/0x6d0 [ 1866.950782] ? ip_frag_init+0x350/0x350 [ 1866.951148] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1866.951564] ? ip6_mtu+0x1e9/0x3d0 [ 1866.951894] ? ip6_setup_cork+0xfb7/0x1740 [ 1866.952289] ip6_make_skb+0x2de/0x4e0 [ 1866.952644] ? ip_frag_init+0x350/0x350 [ 1866.953023] ? ip_frag_init+0x350/0x350 [ 1866.953416] ? ip6_push_pending_frames+0xf0/0xf0 [ 1866.953844] ? ip6_dst_check+0x389/0x8d0 [ 1866.954211] ? sk_dst_check+0x235/0x4c0 [ 1866.954572] udpv6_sendmsg+0x20d3/0x2ad0 [ 1866.954931] ? ip_frag_init+0x350/0x350 [ 1866.955299] ? udp_v6_push_pending_frames+0x360/0x360 [ 1866.955788] ? lock_acquire+0x197/0x470 [ 1866.956157] ? find_held_lock+0x2c/0x110 [ 1866.956537] ? lock_chain_count+0x20/0x20 [ 1866.956919] ? sock_has_perm+0x1ea/0x280 [ 1866.957321] ? __import_iovec+0x458/0x590 [ 1866.957705] ? udp_v6_push_pending_frames+0x360/0x360 [ 1866.958172] inet6_sendmsg+0x105/0x140 [ 1866.958535] ? inet6_compat_ioctl+0x320/0x320 [ 1866.958945] __sock_sendmsg+0xf2/0x190 [ 1866.959305] ____sys_sendmsg+0x334/0x870 [ 1866.959674] ? sock_write_iter+0x3d0/0x3d0 [ 1866.960060] ? do_recvmmsg+0x6d0/0x6d0 [ 1866.960415] ? __lock_acquire+0x1657/0x5b00 [ 1866.960805] ___sys_sendmsg+0xf3/0x170 [ 1866.961168] ? sendmsg_copy_msghdr+0x160/0x160 [ 1866.961599] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1866.962078] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1866.962467] ? trace_hardirqs_on+0x5b/0x180 [ 1866.962868] ? lock_acquire+0x197/0x470 [ 1866.963232] ? find_held_lock+0x2c/0x110 [ 1866.963614] ? __might_fault+0xd3/0x180 [ 1866.963981] ? lock_downgrade+0x6d0/0x6d0 [ 1866.964364] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1866.964871] __sys_sendmmsg+0x195/0x470 [ 1866.965253] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1866.965637] ? lock_downgrade+0x6d0/0x6d0 [ 1866.966032] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1866.966478] ? wait_for_completion_io+0x270/0x270 [ 1866.966924] ? rcu_read_lock_any_held+0x75/0xa0 [ 1866.967353] ? vfs_write+0x354/0xb10 [ 1866.967697] ? fput_many+0x2f/0x1a0 [ 1866.968026] ? ksys_write+0x1a9/0x260 [ 1866.968383] ? __ia32_sys_read+0xb0/0xb0 [ 1866.968763] __x64_sys_sendmmsg+0x99/0x100 [ 1866.969161] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1866.969649] do_syscall_64+0x33/0x40 [ 1866.969989] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1866.970452] RIP: 0033:0x7f862c37fb19 [ 1866.970793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1866.972408] RSP: 002b:00007f86298d4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1866.973081] RAX: ffffffffffffffda RBX: 00007f862c493020 RCX: 00007f862c37fb19 [ 1866.973710] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1866.974303] RBP: 00007f86298d41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1866.974895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1866.975494] R13: 00007ffd1a0e155f R14: 00007f86298d4300 R15: 0000000000022000 [ 1867.011927] FAULT_INJECTION: forcing a failure. [ 1867.011927] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.013085] CPU: 1 PID: 11402 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1867.013734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.014472] Call Trace: [ 1867.014733] dump_stack+0x107/0x167 [ 1867.015072] should_fail.cold+0x5/0xa [ 1867.015436] ? create_object.isra.0+0x3a/0xa20 [ 1867.015863] should_failslab+0x5/0x20 [ 1867.016219] kmem_cache_alloc+0x5b/0x310 [ 1867.016605] ? mark_held_locks+0x9e/0xe0 [ 1867.016990] create_object.isra.0+0x3a/0xa20 [ 1867.017411] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.017894] kmem_cache_alloc_bulk+0x168/0x320 [ 1867.018327] io_submit_sqes+0x6fe6/0x8610 [ 1867.018745] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.019207] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.019655] ? lock_downgrade+0x6d0/0x6d0 [ 1867.020045] ? find_held_lock+0x2c/0x110 [ 1867.020424] ? io_submit_sqes+0x8610/0x8610 [ 1867.020831] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.021307] ? wait_for_completion_io+0x270/0x270 [ 1867.021753] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.022189] ? vfs_write+0x354/0xb10 [ 1867.022539] ? fput_many+0x2f/0x1a0 [ 1867.022879] ? ksys_write+0x1a9/0x260 [ 1867.023236] ? __ia32_sys_read+0xb0/0xb0 [ 1867.023621] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.024103] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.024591] do_syscall_64+0x33/0x40 [ 1867.024938] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.025422] RIP: 0033:0x7f8c2e1fdb19 [ 1867.025772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.027420] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.028116] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1867.028767] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1867.029431] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.030081] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1867.030734] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:22:05 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x8000000, 0x2, 0x0, 0x0) 02:22:05 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x8000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:22:05 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x800000, 0x2, 0x0, 0x0) 02:22:05 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:22:05 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 27) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:22:05 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = fcntl$getown(r0, 0x9) syz_open_procfs(r3, &(0x7f0000000040)='net/ip6_mr_vif\x00') r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x200000b, 0x10010, r0, 0x0) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:05 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x20000000, 0x2, 0x0, 0x0) [ 1867.357958] FAULT_INJECTION: forcing a failure. [ 1867.357958] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.360126] CPU: 0 PID: 11439 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1867.361942] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1867.364186] Call Trace: [ 1867.364541] dump_stack+0x107/0x167 [ 1867.365547] should_fail.cold+0x5/0xa [ 1867.366558] ? create_object.isra.0+0x3a/0xa20 [ 1867.367138] should_failslab+0x5/0x20 [ 1867.368132] kmem_cache_alloc+0x5b/0x310 [ 1867.368659] ? mark_held_locks+0x9e/0xe0 [ 1867.369685] create_object.isra.0+0x3a/0xa20 [ 1867.370210] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1867.371557] kmem_cache_alloc_bulk+0x168/0x320 [ 1867.372118] io_submit_sqes+0x6fe6/0x8610 [ 1867.373262] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.373890] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1867.375098] ? lock_downgrade+0x6d0/0x6d0 [ 1867.375621] ? find_held_lock+0x2c/0x110 [ 1867.376693] ? io_submit_sqes+0x8610/0x8610 [ 1867.377226] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1867.378476] ? wait_for_completion_io+0x270/0x270 [ 1867.379080] ? rcu_read_lock_any_held+0x75/0xa0 [ 1867.380316] ? vfs_write+0x354/0xb10 [ 1867.380792] ? fput_many+0x2f/0x1a0 [ 1867.381774] ? ksys_write+0x1a9/0x260 [ 1867.382261] ? __ia32_sys_read+0xb0/0xb0 [ 1867.383277] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1867.383906] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1867.385288] do_syscall_64+0x33/0x40 [ 1867.385734] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1867.387033] RIP: 0033:0x7f8c2e1fdb19 [ 1867.387532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1867.392365] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1867.393343] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1867.395206] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1867.397089] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.398966] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1867.400818] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:22:05 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x3f000000, 0x2, 0x0, 0x0) 02:22:05 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:19 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:19 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x1000000, 0x2, 0x0, 0x0) 02:22:19 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(0x0, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r4 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:22:19 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x12030000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:22:19 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 28) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:22:19 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 54) 02:22:19 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:19 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x40000000, 0x2, 0x0, 0x0) [ 1881.163566] FAULT_INJECTION: forcing a failure. [ 1881.163566] name failslab, interval 1, probability 0, space 0, times 0 [ 1881.164697] CPU: 1 PID: 11479 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1881.165277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.166008] Call Trace: [ 1881.166250] dump_stack+0x107/0x167 [ 1881.166569] should_fail.cold+0x5/0xa [ 1881.166900] should_failslab+0x5/0x20 [ 1881.167229] kmem_cache_alloc_bulk+0x4b/0x320 [ 1881.167625] io_submit_sqes+0x6fe6/0x8610 [ 1881.167997] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.168421] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.168841] ? io_submit_sqes+0x8610/0x8610 [ 1881.169212] ? recalibrate_cpu_khz+0x10/0x10 [ 1881.169612] ? ktime_get+0x158/0x1f0 [ 1881.169939] ? setup_APIC_eilvt+0x2f0/0x2f0 [ 1881.170307] ? clockevents_program_event+0x131/0x360 [ 1881.170746] ? tick_program_event+0xa8/0x140 [ 1881.171119] ? hrtimer_interrupt+0x771/0x9b0 [ 1881.171511] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.171958] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.172400] do_syscall_64+0x33/0x40 [ 1881.172721] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.173164] RIP: 0033:0x7f8c2e1fdb19 [ 1881.173512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.175072] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1881.175724] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1881.176325] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1881.176937] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.177563] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1881.178172] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1881.185330] FAULT_INJECTION: forcing a failure. [ 1881.185330] name failslab, interval 1, probability 0, space 0, times 0 [ 1881.186470] CPU: 0 PID: 11483 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1881.187051] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.187800] Call Trace: [ 1881.188036] dump_stack+0x107/0x167 [ 1881.188397] should_fail.cold+0x5/0xa [ 1881.188728] ? create_object.isra.0+0x3a/0xa20 [ 1881.189117] should_failslab+0x5/0x20 [ 1881.189519] kmem_cache_alloc+0x5b/0x310 [ 1881.189866] ? ___sys_sendmsg+0xf3/0x170 [ 1881.190208] ? __sys_sendmmsg+0x195/0x470 [ 1881.190643] create_object.isra.0+0x3a/0xa20 [ 1881.191024] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1881.191515] kmem_cache_alloc_node+0x169/0x330 [ 1881.191906] __alloc_skb+0x6d/0x5b0 [ 1881.192219] alloc_skb_with_frags+0x92/0x570 [ 1881.192640] ? trace_hardirqs_on+0x5b/0x180 [ 1881.193006] ? kmem_cache_free+0xa7/0x2d0 [ 1881.193429] sock_alloc_send_pskb+0x7af/0x930 [ 1881.193820] ? sk_alloc+0x350/0x350 [ 1881.194151] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1881.194679] ? trace_hardirqs_on+0x5b/0x180 [ 1881.195042] ? __dev_queue_xmit+0xe4e/0x2710 [ 1881.195473] ? __local_bh_enable_ip+0x9d/0x100 [ 1881.195864] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1881.196333] ? ip6_mtu+0x1bb/0x3d0 [ 1881.196644] ? lock_downgrade+0x6d0/0x6d0 [ 1881.199727] ? ip_frag_init+0x350/0x350 [ 1881.200076] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1881.200519] ? ip6_mtu+0x1e9/0x3d0 [ 1881.200823] ? ip6_setup_cork+0xfb7/0x1740 [ 1881.201181] ip6_make_skb+0x2de/0x4e0 [ 1881.201582] ? ip_frag_init+0x350/0x350 [ 1881.201923] ? ip_frag_init+0x350/0x350 [ 1881.202263] ? ip6_push_pending_frames+0xf0/0xf0 [ 1881.202750] ? ip6_dst_check+0x389/0x8d0 [ 1881.203095] ? sk_dst_check+0x235/0x4c0 [ 1881.203502] udpv6_sendmsg+0x20d3/0x2ad0 [ 1881.203850] ? ip_frag_init+0x350/0x350 [ 1881.204191] ? udp_v6_push_pending_frames+0x360/0x360 [ 1881.204682] ? perf_event_task_disable+0x390/0x390 02:22:19 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xbf2a0000, 0x2, 0x0, 0x0) [ 1881.205098] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1881.205587] ? lock_acquire+0x197/0x470 [ 1881.205923] ? find_held_lock+0x2c/0x110 [ 1881.206274] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1881.206813] ? sock_has_perm+0x1ea/0x280 [ 1881.207171] ? __import_iovec+0x458/0x590 [ 1881.207579] ? udp_v6_push_pending_frames+0x360/0x360 [ 1881.208013] inet6_sendmsg+0x105/0x140 [ 1881.208394] ? inet6_compat_ioctl+0x320/0x320 [ 1881.208768] __sock_sendmsg+0xf2/0x190 [ 1881.209095] ____sys_sendmsg+0x334/0x870 [ 1881.209609] ? sock_write_iter+0x3d0/0x3d0 [ 1881.209963] ? do_recvmmsg+0x6d0/0x6d0 [ 1881.210365] ? __lock_acquire+0x1657/0x5b00 [ 1881.210744] ___sys_sendmsg+0xf3/0x170 [ 1881.211073] ? sendmsg_copy_msghdr+0x160/0x160 [ 1881.211521] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.211975] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1881.212401] ? trace_hardirqs_on+0x5b/0x180 [ 1881.212771] ? lock_acquire+0x197/0x470 [ 1881.213105] ? find_held_lock+0x2c/0x110 [ 1881.213545] ? __might_fault+0xd3/0x180 [ 1881.213882] ? lock_downgrade+0x6d0/0x6d0 [ 1881.214238] ? io_schedule_timeout+0x140/0x140 [ 1881.214706] __sys_sendmmsg+0x195/0x470 [ 1881.215045] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1881.215469] ? lock_downgrade+0x6d0/0x6d0 [ 1881.215832] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1881.216240] ? wait_for_completion_io+0x270/0x270 [ 1881.216700] ? rcu_read_lock_any_held+0x75/0xa0 [ 1881.217091] ? vfs_write+0x354/0xb10 [ 1881.217485] ? fput_many+0x2f/0x1a0 [ 1881.217794] ? ksys_write+0x1a9/0x260 [ 1881.218116] ? __ia32_sys_read+0xb0/0xb0 [ 1881.218569] __x64_sys_sendmmsg+0x99/0x100 [ 1881.218927] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.219418] do_syscall_64+0x33/0x40 [ 1881.219733] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.220164] RIP: 0033:0x7f862c37fb19 [ 1881.220529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.222118] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1881.222829] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1881.223480] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1881.224072] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.224711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1881.225369] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:22:19 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 29) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:22:19 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x20000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:22:19 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(0x0, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r4 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:22:19 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r5 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/exec\x00', 0x2, 0x0) r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000000c0), 0x18002, 0x0) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ppoll(&(0x7f0000000180)=[{r7, 0x4150}, {r4, 0x100}, {r0, 0x200}, {r5, 0x8000}, {r6, 0x283}], 0x5, &(0x7f00000001c0)={0x77359400}, &(0x7f00000002c0)={[0x14c800000]}, 0x8) 02:22:19 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:19 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x2000000, 0x2, 0x0, 0x0) [ 1881.516094] FAULT_INJECTION: forcing a failure. [ 1881.516094] name failslab, interval 1, probability 0, space 0, times 0 [ 1881.517225] CPU: 1 PID: 11511 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1881.517830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.518525] Call Trace: [ 1881.518758] dump_stack+0x107/0x167 [ 1881.519070] should_fail.cold+0x5/0xa [ 1881.519398] ? create_object.isra.0+0x3a/0xa20 [ 1881.519793] should_failslab+0x5/0x20 [ 1881.520117] kmem_cache_alloc+0x5b/0x310 [ 1881.520471] create_object.isra.0+0x3a/0xa20 [ 1881.520843] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1881.521276] kmem_cache_alloc_bulk+0x168/0x320 [ 1881.521694] io_submit_sqes+0x6fe6/0x8610 [ 1881.522069] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.522496] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1881.522917] ? lock_downgrade+0x6d0/0x6d0 [ 1881.523266] ? find_held_lock+0x2c/0x110 [ 1881.523621] ? io_submit_sqes+0x8610/0x8610 [ 1881.523995] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1881.524405] ? wait_for_completion_io+0x270/0x270 [ 1881.524820] ? rcu_read_lock_any_held+0x75/0xa0 [ 1881.525214] ? vfs_write+0x354/0xb10 [ 1881.525560] ? fput_many+0x2f/0x1a0 [ 1881.525880] ? ksys_write+0x1a9/0x260 [ 1881.526205] ? __ia32_sys_read+0xb0/0xb0 [ 1881.526563] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.527014] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.527456] do_syscall_64+0x33/0x40 [ 1881.527778] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.528214] RIP: 0033:0x7f8c2e1fdb19 [ 1881.528534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.530113] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1881.530769] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1881.531378] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1881.531980] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.532584] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1881.533186] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:22:20 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(0x0, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r4 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:22:20 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x3f000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:22:20 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:20 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xd5020000, 0x2, 0x0, 0x0) 02:22:20 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x80900, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xc, 0x6010, r4, 0x8000000) 02:22:20 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x5000000, 0x2, 0x0, 0x0) 02:22:33 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 30) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:22:33 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:33 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x40000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:22:33 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xe4ffffff, 0x2, 0x0, 0x0) 02:22:33 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:33 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:22:33 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x8000000, 0x2, 0x0, 0x0) 02:22:33 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 55) [ 1895.624663] FAULT_INJECTION: forcing a failure. [ 1895.624663] name failslab, interval 1, probability 0, space 0, times 0 [ 1895.625799] CPU: 0 PID: 11573 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1895.626418] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1895.627157] Call Trace: [ 1895.627409] dump_stack+0x107/0x167 [ 1895.627745] should_fail.cold+0x5/0xa [ 1895.628097] ? create_object.isra.0+0x3a/0xa20 [ 1895.628516] should_failslab+0x5/0x20 [ 1895.628869] kmem_cache_alloc+0x5b/0x310 [ 1895.629243] ? mark_held_locks+0x9e/0xe0 [ 1895.629642] create_object.isra.0+0x3a/0xa20 [ 1895.630058] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1895.630530] kmem_cache_alloc_bulk+0x168/0x320 [ 1895.630962] io_submit_sqes+0x6fe6/0x8610 [ 1895.631381] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1895.631846] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1895.632299] ? lock_downgrade+0x6d0/0x6d0 [ 1895.632685] ? find_held_lock+0x2c/0x110 [ 1895.633073] ? io_submit_sqes+0x8610/0x8610 [ 1895.633488] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1895.633964] ? wait_for_completion_io+0x270/0x270 [ 1895.634419] ? rcu_read_lock_any_held+0x75/0xa0 [ 1895.634874] ? vfs_write+0x354/0xb10 [ 1895.635226] ? fput_many+0x2f/0x1a0 [ 1895.635570] ? ksys_write+0x1a9/0x260 [ 1895.635929] ? __ia32_sys_read+0xb0/0xb0 [ 1895.636316] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1895.636786] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1895.637240] do_syscall_64+0x33/0x40 [ 1895.637600] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1895.638062] RIP: 0033:0x7f8c2e1fdb19 [ 1895.638405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1895.640040] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1895.640729] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1895.641379] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1895.642041] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1895.642685] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1895.643329] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1895.645654] FAULT_INJECTION: forcing a failure. [ 1895.645654] name failslab, interval 1, probability 0, space 0, times 0 [ 1895.646723] CPU: 0 PID: 11565 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1895.647353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1895.648094] Call Trace: [ 1895.648347] dump_stack+0x107/0x167 [ 1895.648686] should_fail.cold+0x5/0xa [ 1895.649047] ? create_object.isra.0+0x3a/0xa20 [ 1895.649476] should_failslab+0x5/0x20 [ 1895.649845] kmem_cache_alloc+0x5b/0x310 [ 1895.650229] create_object.isra.0+0x3a/0xa20 [ 1895.650633] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1895.651082] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1895.651529] ? alloc_skb_with_frags+0x92/0x570 [ 1895.651936] __alloc_skb+0xb1/0x5b0 [ 1895.652257] alloc_skb_with_frags+0x92/0x570 [ 1895.652647] ? trace_hardirqs_on+0x5b/0x180 [ 1895.653045] ? kmem_cache_free+0xa7/0x2d0 [ 1895.653427] sock_alloc_send_pskb+0x7af/0x930 [ 1895.653851] ? sk_alloc+0x350/0x350 [ 1895.654189] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1895.654662] ? trace_hardirqs_on+0x5b/0x180 [ 1895.655088] ? __dev_queue_xmit+0xe4e/0x2710 [ 1895.655495] ? __local_bh_enable_ip+0x9d/0x100 [ 1895.655924] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1895.656392] ? ip6_mtu+0x1bb/0x3d0 [ 1895.656726] ? lock_downgrade+0x6d0/0x6d0 [ 1895.657112] ? ip_frag_init+0x350/0x350 [ 1895.657497] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1895.657935] ? ip6_mtu+0x1e9/0x3d0 [ 1895.658260] ? ip6_setup_cork+0xfb7/0x1740 [ 1895.658652] ip6_make_skb+0x2de/0x4e0 [ 1895.659008] ? ip_frag_init+0x350/0x350 [ 1895.659375] ? ip_frag_init+0x350/0x350 [ 1895.659750] ? ip6_push_pending_frames+0xf0/0xf0 [ 1895.660196] ? ip6_dst_check+0x389/0x8d0 [ 1895.660577] ? sk_dst_check+0x235/0x4c0 [ 1895.660961] udpv6_sendmsg+0x20d3/0x2ad0 [ 1895.661347] ? ip_frag_init+0x350/0x350 [ 1895.661749] ? udp_v6_push_pending_frames+0x360/0x360 [ 1895.662239] ? perf_event_task_disable+0x390/0x390 [ 1895.662702] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1895.663158] ? lock_acquire+0x197/0x470 [ 1895.663532] ? find_held_lock+0x2c/0x110 [ 1895.663927] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1895.664433] ? sock_has_perm+0x1ea/0x280 [ 1895.664858] ? __import_iovec+0x458/0x590 [ 1895.665251] ? udp_v6_push_pending_frames+0x360/0x360 [ 1895.665748] inet6_sendmsg+0x105/0x140 [ 1895.666122] ? inet6_compat_ioctl+0x320/0x320 [ 1895.666543] __sock_sendmsg+0xf2/0x190 [ 1895.666912] ____sys_sendmsg+0x334/0x870 [ 1895.667288] ? sock_write_iter+0x3d0/0x3d0 [ 1895.667666] ? do_recvmmsg+0x6d0/0x6d0 [ 1895.668017] ? __lock_acquire+0x1657/0x5b00 [ 1895.668418] ___sys_sendmsg+0xf3/0x170 [ 1895.668779] ? sendmsg_copy_msghdr+0x160/0x160 [ 1895.669202] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1895.669682] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1895.670075] ? trace_hardirqs_on+0x5b/0x180 [ 1895.670465] ? lock_acquire+0x197/0x470 [ 1895.670822] ? find_held_lock+0x2c/0x110 [ 1895.671181] ? __might_fault+0xd3/0x180 [ 1895.671550] ? lock_downgrade+0x6d0/0x6d0 [ 1895.671933] ? io_schedule_timeout+0x140/0x140 [ 1895.672370] __sys_sendmmsg+0x195/0x470 [ 1895.672745] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1895.673141] ? lock_downgrade+0x6d0/0x6d0 [ 1895.673544] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1895.673992] ? wait_for_completion_io+0x270/0x270 [ 1895.674437] ? rcu_read_lock_any_held+0x75/0xa0 [ 1895.674863] ? vfs_write+0x354/0xb10 [ 1895.675232] ? fput_many+0x2f/0x1a0 [ 1895.675574] ? ksys_write+0x1a9/0x260 [ 1895.675893] ? __ia32_sys_read+0xb0/0xb0 [ 1895.676264] __x64_sys_sendmmsg+0x99/0x100 [ 1895.676654] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1895.677125] do_syscall_64+0x33/0x40 [ 1895.677468] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1895.677948] RIP: 0033:0x7f862c37fb19 [ 1895.678283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1895.679874] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1895.680549] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1895.681194] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1895.681853] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1895.682506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1895.683163] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:22:47 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 56) 02:22:47 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:47 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 31) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:22:47 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x20000000, 0x2, 0x0, 0x0) 02:22:47 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:22:47 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xfeffffff, 0x2, 0x0, 0x0) 02:22:47 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x10, r0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) r5 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r8}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r4, 0x80, &(0x7f0000000180)=@l2tp={0x2, 0x0, @empty, 0x1}, 0x0, 0x0, 0x1, {0x0, r8}}, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:47 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x652a0000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1908.791612] FAULT_INJECTION: forcing a failure. [ 1908.791612] name failslab, interval 1, probability 0, space 0, times 0 [ 1908.794593] CPU: 1 PID: 11603 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1908.795784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1908.797191] Call Trace: [ 1908.797641] dump_stack+0x107/0x167 [ 1908.797999] should_fail.cold+0x5/0xa [ 1908.798343] ? skb_clone+0x14f/0x3d0 [ 1908.798675] should_failslab+0x5/0x20 [ 1908.799009] kmem_cache_alloc+0x5b/0x310 [ 1908.799364] skb_clone+0x14f/0x3d0 [ 1908.799679] ip6_finish_output2+0x1225/0x1fe0 [ 1908.800069] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1908.800498] ip6_output+0x3b8/0x7e0 [ 1908.800817] ip6_local_out+0xb4/0x1a0 [ 1908.801143] ip6_send_skb+0x112/0x460 [ 1908.801473] udp_v6_send_skb+0x7aa/0x15b0 [ 1908.801904] udpv6_sendmsg+0x2116/0x2ad0 [ 1908.802256] ? ip_frag_init+0x350/0x350 [ 1908.802606] ? udp_v6_push_pending_frames+0x360/0x360 [ 1908.803062] ? lock_acquire+0x197/0x470 [ 1908.803402] ? find_held_lock+0x2c/0x110 [ 1908.803764] ? sock_has_perm+0x1ea/0x280 [ 1908.804126] ? __import_iovec+0x458/0x590 [ 1908.804486] ? udp_v6_push_pending_frames+0x360/0x360 [ 1908.804924] inet6_sendmsg+0x105/0x140 [ 1908.805256] ? inet6_compat_ioctl+0x320/0x320 [ 1908.805644] __sock_sendmsg+0xf2/0x190 [ 1908.806016] ____sys_sendmsg+0x334/0x870 [ 1908.806364] ? sock_write_iter+0x3d0/0x3d0 [ 1908.806728] ? do_recvmmsg+0x6d0/0x6d0 [ 1908.807060] ? __lock_acquire+0x1657/0x5b00 [ 1908.807437] ___sys_sendmsg+0xf3/0x170 [ 1908.807771] ? sendmsg_copy_msghdr+0x160/0x160 [ 1908.808167] ? __fget_files+0x2cf/0x520 [ 1908.808515] ? lock_acquire+0x197/0x470 [ 1908.808853] ? find_held_lock+0x2c/0x110 [ 1908.809203] ? __might_fault+0xd3/0x180 [ 1908.809544] ? lock_downgrade+0x6d0/0x6d0 [ 1908.809928] __sys_sendmmsg+0x195/0x470 [ 1908.810270] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1908.810638] ? lock_downgrade+0x6d0/0x6d0 [ 1908.811005] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1908.811418] ? wait_for_completion_io+0x270/0x270 [ 1908.811830] ? rcu_read_lock_any_held+0x75/0xa0 [ 1908.812236] ? vfs_write+0x354/0xb10 [ 1908.812558] ? fput_many+0x2f/0x1a0 [ 1908.812870] ? ksys_write+0x1a9/0x260 [ 1908.813195] ? __ia32_sys_read+0xb0/0xb0 [ 1908.813545] __x64_sys_sendmmsg+0x99/0x100 [ 1908.813922] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1908.814362] do_syscall_64+0x33/0x40 [ 1908.814685] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1908.815123] RIP: 0033:0x7f862c37fb19 [ 1908.815444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1908.816983] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1908.817631] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1908.818256] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1908.818863] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1908.819471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1908.820071] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1908.839669] FAULT_INJECTION: forcing a failure. [ 1908.839669] name failslab, interval 1, probability 0, space 0, times 0 [ 1908.840725] CPU: 1 PID: 11600 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1908.841313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1908.842027] Call Trace: [ 1908.842261] dump_stack+0x107/0x167 [ 1908.842578] should_fail.cold+0x5/0xa [ 1908.842914] ? create_object.isra.0+0x3a/0xa20 [ 1908.843307] should_failslab+0x5/0x20 [ 1908.843638] kmem_cache_alloc+0x5b/0x310 [ 1908.843989] ? mark_held_locks+0x9e/0xe0 [ 1908.844338] create_object.isra.0+0x3a/0xa20 [ 1908.844715] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1908.845154] kmem_cache_alloc_bulk+0x168/0x320 [ 1908.845560] io_submit_sqes+0x6fe6/0x8610 [ 1908.845958] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1908.846381] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1908.846796] ? lock_downgrade+0x6d0/0x6d0 [ 1908.847154] ? find_held_lock+0x2c/0x110 [ 1908.847505] ? io_submit_sqes+0x8610/0x8610 [ 1908.847881] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1908.848294] ? wait_for_completion_io+0x270/0x270 [ 1908.848708] ? rcu_read_lock_any_held+0x75/0xa0 [ 1908.849103] ? vfs_write+0x354/0xb10 [ 1908.849424] ? fput_many+0x2f/0x1a0 [ 1908.849750] ? ksys_write+0x1a9/0x260 [ 1908.850079] ? __ia32_sys_read+0xb0/0xb0 [ 1908.850429] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1908.850873] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1908.851312] do_syscall_64+0x33/0x40 [ 1908.851631] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1908.852069] RIP: 0033:0x7f8c2e1fdb19 [ 1908.852389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1908.853942] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1908.854586] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1908.855186] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1908.855786] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1908.856386] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1908.856986] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1908.872875] Zero length message leads to an empty skb 02:22:47 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:22:47 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x3f000000, 0x2, 0x0, 0x0) 02:22:47 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xe4ffffff, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:22:47 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xffffffe4, 0x2, 0x0, 0x0) 02:22:47 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:22:47 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 32) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:22:47 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) clock_gettime(0x0, &(0x7f0000005e40)={0x0, 0x0}) r5 = openat(0xffffffffffffff9c, &(0x7f0000001b80)='./file0\x00', 0x106400, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20010, r5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c80)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/132, 0x84}, {&(0x7f0000000380)=""/183, 0xb7}, {&(0x7f0000000040)=""/58, 0x3a}, {&(0x7f00000000c0)=""/16, 0x10}, {&(0x7f0000000180)=""/12, 0xc}], 0x5, &(0x7f00000001c0)=""/30, 0x1e}, 0x1}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f00000004c0)=""/151, 0x97}, {&(0x7f0000000580)=""/126, 0x7e}, {&(0x7f0000000600)=""/172, 0xac}, {&(0x7f00000006c0)=""/252, 0xfc}, {&(0x7f00000007c0)=""/236, 0xec}, {&(0x7f00000008c0)=""/176, 0xb0}, {&(0x7f0000000980)=""/193, 0xc1}, {&(0x7f0000000a80)=""/4096, 0x1000}], 0x8}, 0xe968}, {{&(0x7f0000001b00)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000002f40)=[{&(0x7f0000001b80)}, {&(0x7f0000001bc0)=""/19, 0x13}, {&(0x7f0000001c00)=""/143, 0x8f}, {&(0x7f0000001cc0)=""/132, 0x84}, {&(0x7f0000001e00)=""/165, 0xa5}, {&(0x7f0000001ec0)=""/4096, 0x1000}, {&(0x7f0000002ec0)=""/81, 0x51}], 0x7}, 0x10001}, {{&(0x7f0000002fc0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000004440)=[{&(0x7f0000003040)=""/58, 0x3a}, {&(0x7f0000003080)=""/94, 0x5e}, {&(0x7f0000003100)=""/136, 0x88}, {&(0x7f00000031c0)=""/242, 0xf2}, {&(0x7f00000032c0)=""/96, 0x60}, {&(0x7f0000003340)=""/4096, 0x1000}, {&(0x7f0000004340)=""/201, 0xc9}], 0x7}, 0x4}, {{&(0x7f00000044c0)=@generic, 0x80, &(0x7f00000045c0)=[{&(0x7f0000004540)=""/68, 0x44}], 0x1, &(0x7f0000004600)=""/60, 0x3c}, 0x8}, {{0x0, 0x0, &(0x7f0000005800)=[{&(0x7f0000004640)=""/193, 0xc1}, {&(0x7f0000004740)=""/50, 0x32}, {&(0x7f0000004780)=""/67, 0x43}, {&(0x7f0000004800)=""/4096, 0x1000}], 0x4, &(0x7f0000005840)=""/220, 0xdc}, 0x3}, {{&(0x7f0000005940)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000005b40)=[{&(0x7f00000059c0)=""/205, 0xcd}, {&(0x7f0000005ac0)=""/91, 0x5b}], 0x2, &(0x7f0000005b80)=""/196, 0xc4}, 0x5b}], 0x7, 0x20, &(0x7f0000005e80)={r3, r4+60000000}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1909.015016] FAULT_INJECTION: forcing a failure. [ 1909.015016] name failslab, interval 1, probability 0, space 0, times 0 [ 1909.016146] CPU: 0 PID: 11644 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1909.016727] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1909.017416] Call Trace: [ 1909.017648] dump_stack+0x107/0x167 [ 1909.017975] should_fail.cold+0x5/0xa [ 1909.018302] ? create_object.isra.0+0x3a/0xa20 [ 1909.018693] should_failslab+0x5/0x20 [ 1909.019017] kmem_cache_alloc+0x5b/0x310 [ 1909.019367] ? mark_held_locks+0x9e/0xe0 [ 1909.019717] create_object.isra.0+0x3a/0xa20 [ 1909.020092] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1909.020528] kmem_cache_alloc_bulk+0x168/0x320 [ 1909.020919] io_submit_sqes+0x6fe6/0x8610 [ 1909.021289] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1909.021726] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1909.022134] ? lock_downgrade+0x6d0/0x6d0 [ 1909.022486] ? find_held_lock+0x2c/0x110 [ 1909.022835] ? io_submit_sqes+0x8610/0x8610 [ 1909.023210] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1909.023625] ? wait_for_completion_io+0x270/0x270 [ 1909.024038] ? rcu_read_lock_any_held+0x75/0xa0 [ 1909.024434] ? vfs_write+0x354/0xb10 [ 1909.024757] ? fput_many+0x2f/0x1a0 [ 1909.025068] ? ksys_write+0x1a9/0x260 [ 1909.025393] ? __ia32_sys_read+0xb0/0xb0 [ 1909.025761] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1909.026213] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1909.026664] do_syscall_64+0x33/0x40 [ 1909.026981] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1909.027423] RIP: 0033:0x7f8c2e1fdb19 [ 1909.027743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1909.029290] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1909.029950] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1909.030561] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1909.031161] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1909.031763] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1909.032367] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:23:00 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 57) 02:23:00 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 33) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:23:00 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, 0x0, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:00 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xfeffffff, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:00 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:00 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x40000000, 0x2, 0x0, 0x0) 02:23:00 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xfffffffe, 0x2, 0x0, 0x0) 02:23:00 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000040)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index=0x5, 0x0, 0x0, 0x0, 0x1}, 0xffff) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1921.963374] FAULT_INJECTION: forcing a failure. [ 1921.963374] name failslab, interval 1, probability 0, space 0, times 0 [ 1921.964529] CPU: 0 PID: 11662 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1921.966046] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1921.966764] Call Trace: [ 1921.967373] dump_stack+0x107/0x167 [ 1921.967730] should_fail.cold+0x5/0xa [ 1921.968558] should_failslab+0x5/0x20 [ 1921.969364] __kmalloc_node_track_caller+0x74/0x3b0 [ 1921.969804] ? alloc_skb_with_frags+0x92/0x570 [ 1921.970804] __alloc_skb+0xb1/0x5b0 [ 1921.971148] alloc_skb_with_frags+0x92/0x570 [ 1921.972098] ? trace_hardirqs_on+0x5b/0x180 [ 1921.972495] ? kmem_cache_free+0xa7/0x2d0 [ 1921.973404] sock_alloc_send_pskb+0x7af/0x930 [ 1921.974384] ? sk_alloc+0x350/0x350 [ 1921.974744] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1921.975860] ? trace_hardirqs_on+0x5b/0x180 [ 1921.976276] ? asm_sysvec_call_function_single+0x12/0x20 [ 1921.977436] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1921.977937] ? ip6_mtu+0x1bb/0x3d0 [ 1921.978695] ? lock_downgrade+0x6d0/0x6d0 [ 1921.979582] ? ip_frag_init+0x350/0x350 [ 1921.980433] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1921.981420] ? ip6_mtu+0x1e9/0x3d0 [ 1921.982183] ? ip6_setup_cork+0xfb7/0x1740 [ 1921.983078] ip6_make_skb+0x2de/0x4e0 [ 1921.983883] ? ip_frag_init+0x350/0x350 [ 1921.984730] ? ip_frag_init+0x350/0x350 [ 1921.985587] ? ip6_push_pending_frames+0xf0/0xf0 [ 1921.986621] ? ip6_dst_check+0x389/0x8d0 [ 1921.987484] ? sk_dst_check+0x235/0x4c0 [ 1921.988345] udpv6_sendmsg+0x20d3/0x2ad0 [ 1921.989218] ? ip_frag_init+0x350/0x350 [ 1921.990072] ? udp_v6_push_pending_frames+0x360/0x360 [ 1921.991185] ? perf_event_task_disable+0x390/0x390 [ 1921.992243] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1921.993266] ? lock_acquire+0x197/0x470 [ 1921.994120] ? find_held_lock+0x2c/0x110 [ 1921.994997] ? sock_has_perm+0x1ea/0x280 [ 1921.995887] ? __import_iovec+0x458/0x590 [ 1921.996776] ? udp_v6_push_pending_frames+0x360/0x360 [ 1921.997879] inet6_sendmsg+0x105/0x140 [ 1921.998712] ? inet6_compat_ioctl+0x320/0x320 [ 1921.999677] __sock_sendmsg+0xf2/0x190 [ 1922.000508] ____sys_sendmsg+0x334/0x870 [ 1922.001369] ? sock_write_iter+0x3d0/0x3d0 [ 1922.002294] ? do_recvmmsg+0x6d0/0x6d0 [ 1922.003136] ? __lock_acquire+0x1657/0x5b00 [ 1922.004061] ___sys_sendmsg+0xf3/0x170 [ 1922.004899] ? sendmsg_copy_msghdr+0x160/0x160 [ 1922.005891] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1922.007008] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1922.007971] ? trace_hardirqs_on+0x5b/0x180 [ 1922.008902] ? lock_acquire+0x197/0x470 [ 1922.009739] ? find_held_lock+0x2c/0x110 [ 1922.010616] ? __might_fault+0xd3/0x180 [ 1922.011457] ? lock_downgrade+0x6d0/0x6d0 [ 1922.012342] ? io_schedule_timeout+0x140/0x140 [ 1922.013334] __sys_sendmmsg+0x195/0x470 [ 1922.014211] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1922.015126] ? lock_downgrade+0x6d0/0x6d0 [ 1922.016022] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1922.017078] ? wait_for_completion_io+0x270/0x270 [ 1922.018124] ? rcu_read_lock_any_held+0x75/0xa0 [ 1922.019117] ? vfs_write+0x354/0xb10 [ 1922.019911] ? fput_many+0x2f/0x1a0 [ 1922.020697] ? ksys_write+0x1a9/0x260 [ 1922.021522] ? __ia32_sys_read+0xb0/0xb0 [ 1922.022397] __x64_sys_sendmmsg+0x99/0x100 [ 1922.023292] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1922.024388] do_syscall_64+0x33/0x40 [ 1922.025180] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1922.026315] RIP: 0033:0x7f862c37fb19 [ 1922.027111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1922.031086] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1922.032707] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1922.034224] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1922.035667] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1922.037155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1922.038692] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1922.068335] FAULT_INJECTION: forcing a failure. [ 1922.068335] name failslab, interval 1, probability 0, space 0, times 0 [ 1922.070950] CPU: 1 PID: 11663 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1922.072467] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1922.074289] Call Trace: [ 1922.074868] dump_stack+0x107/0x167 [ 1922.075661] should_fail.cold+0x5/0xa [ 1922.076496] ? create_object.isra.0+0x3a/0xa20 [ 1922.077493] should_failslab+0x5/0x20 [ 1922.078376] kmem_cache_alloc+0x5b/0x310 [ 1922.079167] ? mark_held_locks+0x9e/0xe0 [ 1922.079603] create_object.isra.0+0x3a/0xa20 [ 1922.080564] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1922.081680] kmem_cache_alloc_bulk+0x168/0x320 [ 1922.082689] io_submit_sqes+0x6fe6/0x8610 [ 1922.083613] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1922.084694] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1922.085740] ? lock_downgrade+0x6d0/0x6d0 [ 1922.086658] ? find_held_lock+0x2c/0x110 02:23:00 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1922.087541] ? io_submit_sqes+0x8610/0x8610 [ 1922.089188] ? __mutex_unlock_slowpath+0xe1/0x600 02:23:00 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 58) [ 1922.090559] ? wait_for_completion_io+0x270/0x270 [ 1922.092553] ? rcu_read_lock_any_held+0x75/0xa0 [ 1922.094392] ? vfs_write+0x354/0xb10 [ 1922.095197] ? fput_many+0x2f/0x1a0 [ 1922.096378] ? ksys_write+0x1a9/0x260 [ 1922.097919] ? __ia32_sys_read+0xb0/0xb0 [ 1922.099546] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1922.101261] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1922.102872] do_syscall_64+0x33/0x40 [ 1922.103849] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1922.105614] RIP: 0033:0x7f8c2e1fdb19 [ 1922.106280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1922.112580] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1922.114528] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1922.116176] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1922.119338] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1922.121201] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1922.123804] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:23:00 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x3, 0x0, 0x0) 02:23:00 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, 0x0, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1922.159636] FAULT_INJECTION: forcing a failure. [ 1922.159636] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1922.161668] CPU: 0 PID: 11692 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1922.162347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1922.164137] Call Trace: [ 1922.164718] dump_stack+0x107/0x167 [ 1922.165496] should_fail.cold+0x5/0xa [ 1922.166337] _copy_from_user+0x2e/0x1b0 [ 1922.167177] __copy_msghdr_from_user+0x91/0x4b0 [ 1922.168178] ? __ia32_sys_shutdown+0x80/0x80 [ 1922.169118] ? udp_v6_push_pending_frames+0x360/0x360 [ 1922.169626] ? inet6_sendmsg+0xbd/0x140 [ 1922.170493] ? inet6_compat_ioctl+0x320/0x320 [ 1922.170931] ? __sock_sendmsg+0x55/0x190 [ 1922.171815] sendmsg_copy_msghdr+0xa1/0x160 [ 1922.172241] ? do_recvmmsg+0x6d0/0x6d0 [ 1922.173077] ? __lock_acquire+0x1657/0x5b00 [ 1922.173524] ___sys_sendmsg+0xc6/0x170 [ 1922.174379] ? sendmsg_copy_msghdr+0x160/0x160 [ 1922.174828] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1922.175961] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1922.176918] ? trace_hardirqs_on+0x5b/0x180 [ 1922.177843] ? lock_acquire+0x197/0x470 [ 1922.178708] ? find_held_lock+0x2c/0x110 [ 1922.179581] ? __might_fault+0xd3/0x180 [ 1922.180430] ? lock_downgrade+0x6d0/0x6d0 [ 1922.181324] ? io_schedule_timeout+0x140/0x140 [ 1922.182296] __sys_sendmmsg+0x195/0x470 [ 1922.182669] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1922.183581] ? lock_downgrade+0x6d0/0x6d0 [ 1922.184489] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1922.185514] ? wait_for_completion_io+0x270/0x270 [ 1922.186560] ? rcu_read_lock_any_held+0x75/0xa0 [ 1922.187541] ? vfs_write+0x354/0xb10 [ 1922.187880] ? fput_many+0x2f/0x1a0 [ 1922.188652] ? ksys_write+0x1a9/0x260 [ 1922.189009] ? __ia32_sys_read+0xb0/0xb0 [ 1922.189878] __x64_sys_sendmmsg+0x99/0x100 [ 1922.190587] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1922.191541] do_syscall_64+0x33/0x40 [ 1922.192363] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1922.193491] RIP: 0033:0x7f862c37fb19 [ 1922.194372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1922.198575] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1922.200331] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1922.201983] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1922.203632] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1922.205276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1922.206935] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:23:00 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:00 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x6, 0x0, 0x0) 02:23:00 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xffffffe4, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:00 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8, 0x29153, r4, 0x8000000) ioctl$BTRFS_IOC_GET_FEATURES(r3, 0x80189439, &(0x7f00000000c0)) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x0, 0x1, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r1, 0x0, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x3, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xe, 0x1}, 0x8) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) fchmod(r0, 0x90) 02:23:00 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1922.285122] audit: type=1400 audit(1728181380.684:11): avc: denied { map } for pid=11709 comm="syz-executor.7" path="pipe:[36452]" dev="pipefs" ino=36452 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 02:23:13 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x8, 0x0, 0x0) 02:23:13 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x110, r0, 0x8000000) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x430, 0x39, 0x404, 0x70bd28, 0x25dfdbfb, {0x7}, [@generic="71db956809d1d6471ab25aa7544ea73526f4a3a95c3cc8249304c6bc59e043b28b07d915bcf79afcf422913ed153d81f9cf8ec946a0d2658d9b5", @nested={0xaf, 0x1c, 0x0, 0x1, [@generic="f9f3407d85a786a0fb56648bdf8abe9f9c3e39da1098e160641ab3a5f879a1f6459ebc1a7fdc4908cfea7b4ae8a85027bbcf263b494def1054d838d7618d58682732ee6dfc5f10969a230a783dbf3c4948f88f32177a8dbebace4f2807c05594214c7d025e5bc5ffb0328bde489335b6d2913194455a8dfb3cc33f8d78ec4a7b369b91c1f88c522ea147c77be40f8487fbdcbdd2d2811a2086d89e82b1b450608f7e99dd9b7b2069e5f282"]}, @nested={0x32e, 0x20, 0x0, 0x1, [@typed={0x8, 0x88, 0x0, 0x0, @uid=0xee01}, @typed={0x8, 0x22, 0x0, 0x0, @fd=r4}, @generic="125e1a2786488a2820ab268970e43dcf24365786f54a9800de55ae694fd74ecf873b551e237efc035f4d74f2", @typed={0x8, 0x12, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x8, 0x22, 0x0, 0x0, @u32=0x400}, @generic="49e829bf333681b70bb80b6be1f7531a24f83fe3f25310b517e8be45f4598a26406745ca74bb6b06e1e9b8e4f8f3d30cec2861e21476ab2e04e357a6f2d2ca5d84904ede5c911552b76ff0ceed02cb6573ee1f88745c2069fc36d8b03a208008c1ab07a73538ff6f294f75081bd700ca0aee6c544835e0f8a7912c78eacf3f3a97cc028896cfef2753b74ea13d1c38c9070453417d8a4daeaa8f52d654831cd0dfe5ec9e9cc6824c7c5defcb8c0e284a45a624360186103dc5afec23ba25876886bcb5f2b6586f23d94bc7fe019c0ba969603f109192d45b09e16f001fd5194b4c0ce723089188e5ce70563bbccb7c86701c457f866ec643fa", @generic="00474d094e93dae1a5578540f8231e0bda7762331cda27fb130c551db0f74d7678074f2ccf32ceefda0de3ddfd937d693ee89908ace8ede5c5cb20f6e56ba75880362dad1c850ac1462f2950277e854dec908fe5dd60da57ad470c5f3b60c01889bd2907afc0dd30dd4c94f8ca8a8f", @typed={0x8, 0x72, 0x0, 0x0, @uid}, @generic="857b2a0e178409ff68e7c09a364c4198f2910238c95acd70e7ec0573cf4dcd0e62914e7d41c9da2697dace0df015dec96c381b3fe48dfe308ce176c668ccfa1cc6c045bdd92593ef79004db239be640302dc1fd8a8da95cb54d5a29860fcedf821661735284a6905cce252e4e5cfc6d93124326a3e580fcc72998525559887b9ad4ddb0a38dce778058ccfcd1a6fd452d8bcfa8ccce0f62536f2434132fe587eb5db0650c175a5f4fec7d5b2ce2673abcc362e3d4f00becb2f7e729eaaa65ca5d620b576e2d1dd0af82f2781f780facba44a1e95fc20735a766162b42c8ad8cd07", @generic="2ffe171846cba110dcd74d00efa4d083ed02ace188d0849a63934f5549eb3059ac5f246165cc84b32420535b426790a0ba4689ec560fd9936494d1d2e7d1ee934e1c123d61b5da073f34c1bb2eea05ab9eaac611ff4714ee8df8d789d0136d533f53b64da695fd4ec633d6e9881a097a9ed1cd251cf1ea1cf1735531068a73eec7d02e4d1af612bed12a03f14b"]}]}, 0x430}, 0x1, 0x0, 0x0, 0x40800}, 0x40084) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:13 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 34) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:23:13 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xb72a0000, 0x2, 0x0, 0x0) 02:23:13 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, 0x0, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:13 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 59) 02:23:13 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:13 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xfffffffe, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1935.422206] FAULT_INJECTION: forcing a failure. [ 1935.422206] name failslab, interval 1, probability 0, space 0, times 0 [ 1935.423252] CPU: 0 PID: 11739 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1935.423841] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1935.424542] Call Trace: [ 1935.424780] dump_stack+0x107/0x167 [ 1935.425096] should_fail.cold+0x5/0xa [ 1935.425428] ? create_object.isra.0+0x3a/0xa20 [ 1935.425824] should_failslab+0x5/0x20 [ 1935.426170] kmem_cache_alloc+0x5b/0x310 [ 1935.426524] create_object.isra.0+0x3a/0xa20 [ 1935.426903] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1935.427341] kmem_cache_alloc+0x159/0x310 [ 1935.427704] skb_clone+0x14f/0x3d0 [ 1935.428017] ip6_finish_output2+0x1225/0x1fe0 [ 1935.428409] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1935.428839] ip6_output+0x3b8/0x7e0 [ 1935.429159] ip6_local_out+0xb4/0x1a0 [ 1935.429489] ip6_send_skb+0x112/0x460 [ 1935.429822] udp_v6_send_skb+0x7aa/0x15b0 [ 1935.430203] udpv6_sendmsg+0x2116/0x2ad0 [ 1935.430554] ? ip_frag_init+0x350/0x350 [ 1935.430904] ? udp_v6_push_pending_frames+0x360/0x360 [ 1935.431358] ? perf_event_task_disable+0x390/0x390 [ 1935.431782] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1935.432201] ? lock_acquire+0x197/0x470 [ 1935.432540] ? find_held_lock+0x2c/0x110 [ 1935.432898] ? sock_has_perm+0x1ea/0x280 [ 1935.433265] ? __import_iovec+0x458/0x590 [ 1935.433621] ? udp_v6_push_pending_frames+0x360/0x360 [ 1935.434082] inet6_sendmsg+0x105/0x140 [ 1935.434416] ? inet6_compat_ioctl+0x320/0x320 [ 1935.434801] __sock_sendmsg+0xf2/0x190 [ 1935.435135] ____sys_sendmsg+0x334/0x870 [ 1935.435482] ? sock_write_iter+0x3d0/0x3d0 [ 1935.435842] ? do_recvmmsg+0x6d0/0x6d0 [ 1935.436177] ? __lock_acquire+0x1657/0x5b00 [ 1935.436554] ___sys_sendmsg+0xf3/0x170 [ 1935.436890] ? sendmsg_copy_msghdr+0x160/0x160 [ 1935.437281] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1935.437728] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1935.438129] ? trace_hardirqs_on+0x5b/0x180 [ 1935.438505] ? lock_acquire+0x197/0x470 [ 1935.438846] ? find_held_lock+0x2c/0x110 [ 1935.439199] ? __might_fault+0xd3/0x180 [ 1935.439541] ? lock_downgrade+0x6d0/0x6d0 [ 1935.439900] ? io_schedule_timeout+0x140/0x140 [ 1935.440300] __sys_sendmmsg+0x195/0x470 [ 1935.440646] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1935.441015] ? lock_downgrade+0x6d0/0x6d0 [ 1935.441382] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1935.441798] ? wait_for_completion_io+0x270/0x270 [ 1935.442228] ? rcu_read_lock_any_held+0x75/0xa0 [ 1935.442627] ? vfs_write+0x354/0xb10 [ 1935.442947] ? fput_many+0x2f/0x1a0 [ 1935.443266] ? ksys_write+0x1a9/0x260 [ 1935.443595] ? __ia32_sys_read+0xb0/0xb0 [ 1935.443948] __x64_sys_sendmmsg+0x99/0x100 [ 1935.444312] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1935.444752] do_syscall_64+0x33/0x40 [ 1935.445072] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1935.445509] RIP: 0033:0x7f862c37fb19 [ 1935.445830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1935.447403] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1935.448053] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1935.448660] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1935.449266] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1935.449870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1935.450486] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1935.497353] FAULT_INJECTION: forcing a failure. [ 1935.497353] name failslab, interval 1, probability 0, space 0, times 0 [ 1935.498497] CPU: 1 PID: 11740 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1935.499083] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1935.499778] Call Trace: [ 1935.500012] dump_stack+0x107/0x167 [ 1935.500326] should_fail.cold+0x5/0xa [ 1935.500653] ? create_object.isra.0+0x3a/0xa20 [ 1935.501041] ? create_object.isra.0+0x3a/0xa20 [ 1935.501435] should_failslab+0x5/0x20 02:23:13 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1935.501762] kmem_cache_alloc+0x5b/0x310 [ 1935.502125] ? mark_held_locks+0x9e/0xe0 [ 1935.502474] create_object.isra.0+0x3a/0xa20 [ 1935.502849] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1935.503283] kmem_cache_alloc_bulk+0x168/0x320 [ 1935.503678] io_submit_sqes+0x6fe6/0x8610 [ 1935.514066] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1935.514485] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1935.514892] ? lock_downgrade+0x6d0/0x6d0 [ 1935.515239] ? find_held_lock+0x2c/0x110 [ 1935.515585] ? io_submit_sqes+0x8610/0x8610 [ 1935.515956] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1935.516369] ? wait_for_completion_io+0x270/0x270 [ 1935.516777] ? rcu_read_lock_any_held+0x75/0xa0 [ 1935.517167] ? vfs_write+0x354/0xb10 [ 1935.517481] ? fput_many+0x2f/0x1a0 [ 1935.517789] ? ksys_write+0x1a9/0x260 [ 1935.518129] ? __ia32_sys_read+0xb0/0xb0 [ 1935.518473] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1935.518912] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1935.519347] do_syscall_64+0x33/0x40 [ 1935.519663] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1935.520092] RIP: 0033:0x7f8c2e1fdb19 [ 1935.520408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1935.521933] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1935.522583] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1935.523178] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1935.523773] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1935.524368] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1935.524962] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:23:13 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:13 executing program 7: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:14 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0xc, 0x0, 0x0) 02:23:14 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x3, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:14 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xe1010000, 0x2, 0x0, 0x0) 02:23:14 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:14 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 35) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:23:14 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x10, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:14 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:14 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x22, 0x0, 0x0) 02:23:14 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1935.775225] FAULT_INJECTION: forcing a failure. [ 1935.775225] name failslab, interval 1, probability 0, space 0, times 0 [ 1935.776284] CPU: 1 PID: 11794 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1935.776869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1935.777567] Call Trace: [ 1935.777801] dump_stack+0x107/0x167 [ 1935.778131] should_fail.cold+0x5/0xa [ 1935.778461] ? create_object.isra.0+0x3a/0xa20 [ 1935.778855] should_failslab+0x5/0x20 [ 1935.779181] kmem_cache_alloc+0x5b/0x310 [ 1935.779530] ? mark_held_locks+0x9e/0xe0 [ 1935.779879] create_object.isra.0+0x3a/0xa20 [ 1935.780255] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1935.780690] kmem_cache_alloc_bulk+0x168/0x320 [ 1935.781086] io_submit_sqes+0x6fe6/0x8610 [ 1935.781456] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1935.781881] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1935.782317] ? lock_downgrade+0x6d0/0x6d0 [ 1935.782668] ? find_held_lock+0x2c/0x110 [ 1935.783019] ? io_submit_sqes+0x8610/0x8610 [ 1935.783394] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1935.783806] ? wait_for_completion_io+0x270/0x270 [ 1935.784217] ? rcu_read_lock_any_held+0x75/0xa0 [ 1935.784611] ? vfs_write+0x354/0xb10 [ 1935.784934] ? fput_many+0x2f/0x1a0 [ 1935.785247] ? ksys_write+0x1a9/0x260 [ 1935.785571] ? __ia32_sys_read+0xb0/0xb0 [ 1935.785919] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1935.786372] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1935.786812] do_syscall_64+0x33/0x40 [ 1935.787130] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1935.787565] RIP: 0033:0x7f8c2e1fdb19 [ 1935.787885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1935.789425] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1935.790086] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1935.790685] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1935.791286] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1935.791885] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1935.792486] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:23:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 60) 02:23:31 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 36) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1953.381304] FAULT_INJECTION: forcing a failure. [ 1953.381304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1953.382395] CPU: 1 PID: 11812 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1953.382974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1953.383666] Call Trace: [ 1953.383897] dump_stack+0x107/0x167 [ 1953.384209] should_fail.cold+0x5/0xa [ 1953.384543] _copy_from_user+0x2e/0x1b0 [ 1953.384892] __copy_msghdr_from_user+0x91/0x4b0 [ 1953.385291] ? __ia32_sys_shutdown+0x80/0x80 [ 1953.385671] ? udp_v6_push_pending_frames+0x360/0x360 [ 1953.386117] ? inet6_sendmsg+0xbd/0x140 [ 1953.386475] ? inet6_compat_ioctl+0x320/0x320 [ 1953.386867] ? __sock_sendmsg+0x55/0x190 [ 1953.387228] sendmsg_copy_msghdr+0xa1/0x160 [ 1953.387603] ? do_recvmmsg+0x6d0/0x6d0 [ 1953.387941] ? __lock_acquire+0x1657/0x5b00 [ 1953.388134] FAULT_INJECTION: forcing a failure. [ 1953.388134] name failslab, interval 1, probability 0, space 0, times 0 [ 1953.388318] ___sys_sendmsg+0xc6/0x170 [ 1953.388333] ? sendmsg_copy_msghdr+0x160/0x160 [ 1953.388348] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1953.388369] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1953.395680] ? trace_hardirqs_on+0x5b/0x180 [ 1953.396045] ? lock_acquire+0x197/0x470 [ 1953.396386] ? find_held_lock+0x2c/0x110 [ 1953.396737] ? __might_fault+0xd3/0x180 [ 1953.397071] ? lock_downgrade+0x6d0/0x6d0 [ 1953.397433] ? io_schedule_timeout+0x140/0x140 [ 1953.397824] __sys_sendmmsg+0x195/0x470 [ 1953.398174] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1953.398572] ? lock_downgrade+0x6d0/0x6d0 [ 1953.398931] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1953.399339] ? wait_for_completion_io+0x270/0x270 [ 1953.399836] ? rcu_read_lock_any_held+0x75/0xa0 [ 1953.400307] ? vfs_write+0x354/0xb10 [ 1953.400688] ? fput_many+0x2f/0x1a0 [ 1953.401069] ? ksys_write+0x1a9/0x260 [ 1953.401454] ? __ia32_sys_read+0xb0/0xb0 [ 1953.401880] __x64_sys_sendmmsg+0x99/0x100 [ 1953.402302] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1953.402735] do_syscall_64+0x33/0x40 [ 1953.403051] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1953.403481] RIP: 0033:0x7f862c37fb19 [ 1953.403797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1953.405326] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1953.405966] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1953.406573] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1953.407172] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1953.407777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1953.408374] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1953.409495] CPU: 0 PID: 11813 Comm: syz-executor.6 Not tainted 5.10.226 #1 02:23:31 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xe4ffffff, 0x2, 0x0, 0x0) 02:23:31 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x11, r0, 0x4dceb000) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) r5 = pidfd_getfd(0xffffffffffffffff, r4, 0x0) close_range(0xffffffffffffffff, r5, 0x2) 02:23:31 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x30e, 0x0, 0x0) 02:23:31 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1953.410126] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1953.411946] Call Trace: [ 1953.412190] dump_stack+0x107/0x167 [ 1953.413558] should_fail.cold+0x5/0xa [ 1953.413978] ? create_object.isra.0+0x3a/0xa20 [ 1953.415683] should_failslab+0x5/0x20 [ 1953.416008] kmem_cache_alloc+0x5b/0x310 [ 1953.416430] ? mark_held_locks+0x9e/0xe0 [ 1953.416775] create_object.isra.0+0x3a/0xa20 [ 1953.417152] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1953.418653] kmem_cache_alloc_bulk+0x168/0x320 [ 1953.419068] io_submit_sqes+0x6fe6/0x8610 [ 1953.420506] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1953.420953] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1953.422442] ? lock_downgrade+0x6d0/0x6d0 [ 1953.422813] ? find_held_lock+0x2c/0x110 [ 1953.423182] ? io_submit_sqes+0x8610/0x8610 [ 1953.424620] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1953.425056] ? wait_for_completion_io+0x270/0x270 [ 1953.426535] ? rcu_read_lock_any_held+0x75/0xa0 [ 1953.426949] ? vfs_write+0x354/0xb10 [ 1953.428330] ? fput_many+0x2f/0x1a0 [ 1953.428656] ? ksys_write+0x1a9/0x260 [ 1953.428998] ? __ia32_sys_read+0xb0/0xb0 [ 1953.431412] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1953.431877] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1953.433417] do_syscall_64+0x33/0x40 [ 1953.433751] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1953.434224] RIP: 0033:0x7f8c2e1fdb19 [ 1953.434620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1953.437248] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1953.440972] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1953.442650] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1953.443241] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1953.445631] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1953.447296] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:23:31 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x6, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:31 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:31 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 61) [ 1953.503931] FAULT_INJECTION: forcing a failure. [ 1953.503931] name failslab, interval 1, probability 0, space 0, times 0 [ 1953.504974] CPU: 1 PID: 11828 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1953.505561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1953.506279] Call Trace: [ 1953.506517] dump_stack+0x107/0x167 [ 1953.506836] should_fail.cold+0x5/0xa [ 1953.507175] ? __alloc_skb+0x6d/0x5b0 [ 1953.507505] should_failslab+0x5/0x20 [ 1953.507831] kmem_cache_alloc_node+0x55/0x330 [ 1953.508220] __alloc_skb+0x6d/0x5b0 [ 1953.508534] alloc_skb_with_frags+0x92/0x570 [ 1953.508905] ? trace_hardirqs_on+0x5b/0x180 [ 1953.509273] ? kmem_cache_free+0xa7/0x2d0 [ 1953.509629] sock_alloc_send_pskb+0x7af/0x930 [ 1953.510015] ? sk_alloc+0x350/0x350 [ 1953.510345] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1953.510788] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1953.511229] ? mark_lock+0xf5/0x2df0 [ 1953.511556] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1953.511994] ? ip6_mtu+0x1bb/0x3d0 [ 1953.512296] ? lock_downgrade+0x6d0/0x6d0 [ 1953.512653] ? ip_frag_init+0x350/0x350 [ 1953.513000] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1953.513395] ? ip6_mtu+0x1e9/0x3d0 [ 1953.513699] ? ip6_setup_cork+0xfb7/0x1740 [ 1953.514063] ip6_make_skb+0x2de/0x4e0 [ 1953.514395] ? ip_frag_init+0x350/0x350 [ 1953.514735] ? ip_frag_init+0x350/0x350 [ 1953.515077] ? ip6_push_pending_frames+0xf0/0xf0 [ 1953.515486] ? ip6_dst_check+0x389/0x8d0 [ 1953.515829] ? sk_dst_check+0x235/0x4c0 [ 1953.516173] udpv6_sendmsg+0x20d3/0x2ad0 [ 1953.516521] ? ip_frag_init+0x350/0x350 [ 1953.516864] ? udp_v6_push_pending_frames+0x360/0x360 [ 1953.517304] ? perf_event_task_disable+0x390/0x390 [ 1953.517721] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1953.518171] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1953.518641] ? trace_hardirqs_on+0x5b/0x180 [ 1953.519014] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1953.519483] ? sock_has_perm+0x1ea/0x280 [ 1953.519842] ? __import_iovec+0x458/0x590 [ 1953.520193] ? udp_v6_push_pending_frames+0x360/0x360 [ 1953.520632] inet6_sendmsg+0x105/0x140 [ 1953.520963] ? inet6_compat_ioctl+0x320/0x320 [ 1953.521340] __sock_sendmsg+0xf2/0x190 [ 1953.521675] ____sys_sendmsg+0x334/0x870 [ 1953.522021] ? sock_write_iter+0x3d0/0x3d0 [ 1953.522391] ? do_recvmmsg+0x6d0/0x6d0 [ 1953.522726] ? find_held_lock+0x2c/0x110 [ 1953.523076] ___sys_sendmsg+0xf3/0x170 [ 1953.523410] ? sendmsg_copy_msghdr+0x160/0x160 [ 1953.523801] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1953.524240] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1953.524620] ? trace_hardirqs_on+0x5b/0x180 [ 1953.524985] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1953.525363] ? finish_task_switch+0x126/0x5d0 [ 1953.525744] ? finish_task_switch+0xef/0x5d0 [ 1953.526114] ? __switch_to+0x572/0xf70 [ 1953.526460] ? __switch_to_asm+0x3a/0x60 [ 1953.526802] ? __switch_to_asm+0x34/0x60 [ 1953.527150] ? __schedule+0x82c/0x1ea0 [ 1953.527490] ? io_schedule_timeout+0x140/0x140 [ 1953.527885] __sys_sendmmsg+0x195/0x470 [ 1953.528225] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1953.528596] ? lock_downgrade+0x6d0/0x6d0 [ 1953.528956] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1953.529366] ? wait_for_completion_io+0x270/0x270 [ 1953.529777] ? rcu_read_lock_any_held+0x75/0xa0 [ 1953.530179] ? vfs_write+0x354/0xb10 [ 1953.530500] ? fput_many+0x2f/0x1a0 [ 1953.530810] ? ksys_write+0x1a9/0x260 [ 1953.531135] ? __ia32_sys_read+0xb0/0xb0 [ 1953.531487] __x64_sys_sendmmsg+0x99/0x100 [ 1953.531846] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1953.532280] do_syscall_64+0x33/0x40 [ 1953.532597] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1953.533027] RIP: 0033:0x7f862c37fb19 [ 1953.533345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1953.534897] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1953.535538] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1953.536135] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1953.536731] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1953.537328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1953.537925] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:23:31 executing program 5: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:31 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2) 02:23:31 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xfeffffff, 0x2, 0x0, 0x0) 02:23:32 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) io_uring_enter(r0, 0x484e, 0xcc2e, 0x2, &(0x7f0000000040)={[0x4]}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x3, 0x0, @fd=r0}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:32 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:32 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x8, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:32 executing program 5: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:45 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 62) 02:23:45 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0xc, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:45 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xffffffe4, 0x2, 0x0, 0x0) 02:23:45 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x32, 0x1f, 0x0, 0x85, 0x0, 0x7, 0x100138, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0xb9e1, 0x0, @perf_bp={&(0x7f0000000040), 0x4}, 0x202, 0x7, 0x8b2, 0x7, 0x4d4, 0x5, 0x3, 0x0, 0x8, 0x0, 0xdfc}, 0x0, 0x5, 0xffffffffffffffff, 0x3) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:45 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:45 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 37) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:23:45 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5) 02:23:45 executing program 5: syz_io_uring_submit(0x0, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r0, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:45 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1967.316936] FAULT_INJECTION: forcing a failure. [ 1967.316936] name failslab, interval 1, probability 0, space 0, times 0 [ 1967.318113] CPU: 1 PID: 11874 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1967.318718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1967.319416] Call Trace: [ 1967.319651] dump_stack+0x107/0x167 [ 1967.319964] should_fail.cold+0x5/0xa [ 1967.320293] ? create_object.isra.0+0x3a/0xa20 [ 1967.320688] should_failslab+0x5/0x20 [ 1967.321015] kmem_cache_alloc+0x5b/0x310 [ 1967.321367] create_object.isra.0+0x3a/0xa20 [ 1967.321743] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1967.322180] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1967.322629] ? alloc_skb_with_frags+0x92/0x570 [ 1967.323023] __alloc_skb+0xb1/0x5b0 [ 1967.323340] alloc_skb_with_frags+0x92/0x570 [ 1967.323716] ? trace_hardirqs_on+0x5b/0x180 [ 1967.324086] ? kmem_cache_free+0xa7/0x2d0 [ 1967.324443] sock_alloc_send_pskb+0x7af/0x930 [ 1967.324830] ? sk_alloc+0x350/0x350 [ 1967.325148] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1967.325590] ? trace_hardirqs_on+0x5b/0x180 [ 1967.325958] ? __dev_queue_xmit+0xe4e/0x2710 [ 1967.326346] ? __local_bh_enable_ip+0x9d/0x100 [ 1967.326742] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1967.327173] ? ip6_mtu+0x1bb/0x3d0 [ 1967.327477] ? lock_downgrade+0x6d0/0x6d0 [ 1967.327831] ? ip_frag_init+0x350/0x350 [ 1967.328177] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1967.328573] ? ip6_mtu+0x1e9/0x3d0 [ 1967.328877] ? ip6_setup_cork+0xfb7/0x1740 [ 1967.329238] ip6_make_skb+0x2de/0x4e0 [ 1967.329561] ? ip_frag_init+0x350/0x350 [ 1967.329904] ? ip_frag_init+0x350/0x350 [ 1967.330244] ? ip6_push_pending_frames+0xf0/0xf0 [ 1967.330671] ? ip6_dst_check+0x389/0x8d0 [ 1967.331017] ? sk_dst_check+0x235/0x4c0 [ 1967.331367] udpv6_sendmsg+0x20d3/0x2ad0 [ 1967.331716] ? ip_frag_init+0x350/0x350 [ 1967.332061] ? udp_v6_push_pending_frames+0x360/0x360 [ 1967.332505] ? perf_event_task_disable+0x390/0x390 [ 1967.332923] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1967.333334] ? lock_acquire+0x197/0x470 [ 1967.333671] ? find_held_lock+0x2c/0x110 [ 1967.334025] ? sock_has_perm+0x1ea/0x280 [ 1967.334406] ? __import_iovec+0x458/0x590 [ 1967.334763] ? udp_v6_push_pending_frames+0x360/0x360 [ 1967.335201] inet6_sendmsg+0x105/0x140 [ 1967.335535] ? inet6_compat_ioctl+0x320/0x320 [ 1967.335915] __sock_sendmsg+0xf2/0x190 [ 1967.336247] ____sys_sendmsg+0x334/0x870 [ 1967.336595] ? sock_write_iter+0x3d0/0x3d0 [ 1967.336954] ? do_recvmmsg+0x6d0/0x6d0 [ 1967.337288] ? __lock_acquire+0x1657/0x5b00 [ 1967.337662] ___sys_sendmsg+0xf3/0x170 [ 1967.337997] ? sendmsg_copy_msghdr+0x160/0x160 [ 1967.338406] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1967.338851] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1967.339228] ? trace_hardirqs_on+0x5b/0x180 [ 1967.339599] ? lock_acquire+0x197/0x470 [ 1967.339937] ? find_held_lock+0x2c/0x110 [ 1967.340287] ? __might_fault+0xd3/0x180 [ 1967.340625] ? lock_downgrade+0x6d0/0x6d0 [ 1967.340980] ? io_schedule_timeout+0x140/0x140 [ 1967.341376] __sys_sendmmsg+0x195/0x470 [ 1967.341718] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1967.342083] ? lock_downgrade+0x6d0/0x6d0 [ 1967.342465] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1967.342879] ? wait_for_completion_io+0x270/0x270 [ 1967.343291] ? rcu_read_lock_any_held+0x75/0xa0 [ 1967.343683] ? vfs_write+0x354/0xb10 [ 1967.343999] ? fput_many+0x2f/0x1a0 [ 1967.344309] ? ksys_write+0x1a9/0x260 [ 1967.344633] ? __ia32_sys_read+0xb0/0xb0 [ 1967.344982] __x64_sys_sendmmsg+0x99/0x100 [ 1967.345342] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1967.345776] do_syscall_64+0x33/0x40 [ 1967.346092] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1967.346546] RIP: 0033:0x7f862c37fb19 [ 1967.346864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1967.348402] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1967.349045] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1967.349643] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1967.350243] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1967.350859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1967.351458] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:23:45 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 1967.377958] FAULT_INJECTION: forcing a failure. [ 1967.377958] name failslab, interval 1, probability 0, space 0, times 0 [ 1967.379067] CPU: 0 PID: 11891 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1967.379650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1967.380340] Call Trace: [ 1967.380571] dump_stack+0x107/0x167 [ 1967.380884] should_fail.cold+0x5/0xa [ 1967.381214] should_failslab+0x5/0x20 [ 1967.381541] kmem_cache_alloc_bulk+0x4b/0x320 [ 1967.381927] io_submit_sqes+0x6fe6/0x8610 [ 1967.382309] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1967.382745] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1967.383160] ? lock_downgrade+0x6d0/0x6d0 [ 1967.383513] ? find_held_lock+0x2c/0x110 [ 1967.383860] ? io_submit_sqes+0x8610/0x8610 [ 1967.384237] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1967.384649] ? wait_for_completion_io+0x270/0x270 [ 1967.385063] ? rcu_read_lock_any_held+0x75/0xa0 [ 1967.385459] ? vfs_write+0x354/0xb10 [ 1967.385778] ? fput_many+0x2f/0x1a0 [ 1967.386090] ? ksys_write+0x1a9/0x260 [ 1967.386433] ? __ia32_sys_read+0xb0/0xb0 [ 1967.386787] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1967.387232] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1967.387670] do_syscall_64+0x33/0x40 [ 1967.387989] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1967.388422] RIP: 0033:0x7f8c2e1fdb19 [ 1967.388739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1967.390275] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1967.390965] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1967.391562] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1967.392161] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1967.392758] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1967.393357] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:23:45 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8) 02:23:45 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x22, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:45 executing program 7: ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, 0x65}}, './file0\x00'}) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x18c, 0x0, 0x2, 0x401, 0x0, 0x0, {0x5, 0x0, 0x5}, [@CTA_EXPECT_NAT={0x120, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0xb4, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @private2}}}]}, @CTA_EXPECT_NAT_TUPLE={0x68, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @rand_addr=0x64010102}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}]}, @CTA_EXPECT_NAT={0x1c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8}]}, @CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x2}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x5}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x5}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x7}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x1000}]}, 0x18c}, 0x1, 0x0, 0x0, 0x8000}, 0x800) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1979.714623] kworker/dying (5232) used greatest stack depth: 23608 bytes left 02:23:58 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:58 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 63) 02:23:58 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 38) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:23:58 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:58 executing program 5: r0 = syz_io_uring_setup(0x0, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:58 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0xfffffffe, 0x2, 0x0, 0x0) 02:23:58 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x30e, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:58 executing program 7: r0 = syz_io_uring_setup(0x4d4b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x8000000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:58 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2d5) [ 1980.536864] FAULT_INJECTION: forcing a failure. [ 1980.536864] name failslab, interval 1, probability 0, space 0, times 0 [ 1980.537968] CPU: 1 PID: 11932 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1980.538600] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1980.539347] Call Trace: [ 1980.539604] dump_stack+0x107/0x167 [ 1980.539710] FAULT_INJECTION: forcing a failure. [ 1980.539710] name failslab, interval 1, probability 0, space 0, times 0 [ 1980.539927] should_fail.cold+0x5/0xa [ 1980.539945] ? create_object.isra.0+0x3a/0xa20 [ 1980.539963] should_failslab+0x5/0x20 [ 1980.541887] kmem_cache_alloc+0x5b/0x310 [ 1980.542237] create_object.isra.0+0x3a/0xa20 [ 1980.542653] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1980.543140] kmem_cache_alloc_bulk+0x168/0x320 [ 1980.543590] io_submit_sqes+0x6fe6/0x8610 [ 1980.544007] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.544487] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.544952] ? lock_downgrade+0x6d0/0x6d0 [ 1980.545344] ? find_held_lock+0x2c/0x110 [ 1980.545747] ? io_submit_sqes+0x8610/0x8610 [ 1980.546164] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1980.546642] ? wait_for_completion_io+0x270/0x270 [ 1980.547102] ? rcu_read_lock_any_held+0x75/0xa0 [ 1980.547551] ? vfs_write+0x354/0xb10 [ 1980.547909] ? fput_many+0x2f/0x1a0 [ 1980.548267] ? ksys_write+0x1a9/0x260 [ 1980.548646] ? __ia32_sys_read+0xb0/0xb0 [ 1980.549046] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1980.549558] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1980.550056] do_syscall_64+0x33/0x40 [ 1980.550418] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1980.550945] RIP: 0033:0x7f8c2e1fdb19 [ 1980.551325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1980.553071] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1980.553806] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1980.554464] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1980.555063] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1980.555672] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1980.556267] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 1980.556945] CPU: 0 PID: 11927 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1980.558713] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1980.559552] Call Trace: [ 1980.559852] dump_stack+0x107/0x167 [ 1980.560766] should_fail.cold+0x5/0xa [ 1980.561190] should_failslab+0x5/0x20 [ 1980.561623] __kmalloc_node_track_caller+0x74/0x3b0 [ 1980.562156] ? alloc_skb_with_frags+0x92/0x570 [ 1980.562669] __alloc_skb+0xb1/0x5b0 [ 1980.563081] alloc_skb_with_frags+0x92/0x570 [ 1980.563553] ? trace_hardirqs_on+0x5b/0x180 [ 1980.564034] ? kmem_cache_free+0xa7/0x2d0 [ 1980.564489] sock_alloc_send_pskb+0x7af/0x930 [ 1980.564968] ? sk_alloc+0x350/0x350 [ 1980.565375] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1980.565927] ? trace_hardirqs_on+0x5b/0x180 [ 1980.566401] ? __dev_queue_xmit+0xe4e/0x2710 [ 1980.566836] ? __local_bh_enable_ip+0x9d/0x100 [ 1980.567265] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 1980.567724] ? ip6_mtu+0x1bb/0x3d0 [ 1980.568047] ? lock_downgrade+0x6d0/0x6d0 [ 1980.568423] ? ip_frag_init+0x350/0x350 [ 1980.568799] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 1980.569217] ? ip6_mtu+0x1e9/0x3d0 [ 1980.569545] ? ip6_setup_cork+0xfb7/0x1740 [ 1980.569935] ip6_make_skb+0x2de/0x4e0 [ 1980.570279] ? ip_frag_init+0x350/0x350 [ 1980.570640] ? ip_frag_init+0x350/0x350 [ 1980.570993] ? ip6_push_pending_frames+0xf0/0xf0 [ 1980.571431] ? ip6_dst_check+0x389/0x8d0 [ 1980.571799] ? sk_dst_check+0x235/0x4c0 [ 1980.572168] udpv6_sendmsg+0x20d3/0x2ad0 [ 1980.572553] ? ip_frag_init+0x350/0x350 [ 1980.572926] ? udp_v6_push_pending_frames+0x360/0x360 [ 1980.573408] ? perf_event_task_disable+0x390/0x390 [ 1980.573855] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1980.574303] ? lock_acquire+0x197/0x470 [ 1980.574734] ? find_held_lock+0x2c/0x110 [ 1980.575561] ? sock_has_perm+0x1ea/0x280 [ 1980.576535] ? __import_iovec+0x458/0x590 [ 1980.577513] ? udp_v6_push_pending_frames+0x360/0x360 [ 1980.578694] inet6_sendmsg+0x105/0x140 [ 1980.579034] ? inet6_compat_ioctl+0x320/0x320 [ 1980.579412] __sock_sendmsg+0xf2/0x190 [ 1980.579742] ____sys_sendmsg+0x334/0x870 [ 1980.580087] ? sock_write_iter+0x3d0/0x3d0 [ 1980.580443] ? do_recvmmsg+0x6d0/0x6d0 [ 1980.580773] ? __lock_acquire+0x1657/0x5b00 [ 1980.581145] ___sys_sendmsg+0xf3/0x170 [ 1980.581475] ? sendmsg_copy_msghdr+0x160/0x160 [ 1980.581862] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1980.582300] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1980.582704] ? trace_hardirqs_on+0x5b/0x180 [ 1980.583070] ? lock_acquire+0x197/0x470 [ 1980.583403] ? find_held_lock+0x2c/0x110 [ 1980.583748] ? __might_fault+0xd3/0x180 [ 1980.584082] ? lock_downgrade+0x6d0/0x6d0 [ 1980.584431] ? io_schedule_timeout+0x140/0x140 [ 1980.584823] __sys_sendmmsg+0x195/0x470 [ 1980.585161] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1980.585522] ? lock_downgrade+0x6d0/0x6d0 [ 1980.585880] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1980.586286] ? wait_for_completion_io+0x270/0x270 [ 1980.586708] ? rcu_read_lock_any_held+0x75/0xa0 [ 1980.587097] ? vfs_write+0x354/0xb10 [ 1980.587416] ? fput_many+0x2f/0x1a0 [ 1980.587724] ? ksys_write+0x1a9/0x260 [ 1980.588045] ? __ia32_sys_read+0xb0/0xb0 [ 1980.588391] __x64_sys_sendmmsg+0x99/0x100 [ 1980.588746] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1980.589176] do_syscall_64+0x33/0x40 [ 1980.589489] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1980.589916] RIP: 0033:0x7f862c37fb19 [ 1980.590235] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1980.591762] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1980.592395] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1980.592986] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1980.593577] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 02:23:58 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 1980.594168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1980.610794] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:23:59 executing program 5: r0 = syz_io_uring_setup(0x4d4f, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:59 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:23:59 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 39) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:23:59 executing program 5: r0 = syz_io_uring_setup(0x4d4f, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:23:59 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500) 02:23:59 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:23:59 executing program 5: r0 = syz_io_uring_setup(0x4d4f, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1980.831806] FAULT_INJECTION: forcing a failure. [ 1980.831806] name failslab, interval 1, probability 0, space 0, times 0 [ 1980.833073] CPU: 1 PID: 11969 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1980.833798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1980.834659] Call Trace: [ 1980.834943] dump_stack+0x107/0x167 [ 1980.835332] should_fail.cold+0x5/0xa [ 1980.835747] ? create_object.isra.0+0x3a/0xa20 [ 1980.836231] should_failslab+0x5/0x20 [ 1980.836633] kmem_cache_alloc+0x5b/0x310 [ 1980.837065] create_object.isra.0+0x3a/0xa20 [ 1980.837525] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1980.838060] kmem_cache_alloc_bulk+0x168/0x320 [ 1980.838556] io_submit_sqes+0x6fe6/0x8610 [ 1980.839014] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.839533] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1980.840044] ? lock_downgrade+0x6d0/0x6d0 [ 1980.840477] ? find_held_lock+0x2c/0x110 [ 1980.840904] ? io_submit_sqes+0x8610/0x8610 [ 1980.841364] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1980.841870] ? wait_for_completion_io+0x270/0x270 [ 1980.842378] ? rcu_read_lock_any_held+0x75/0xa0 [ 1980.842874] ? vfs_write+0x354/0xb10 [ 1980.843267] ? fput_many+0x2f/0x1a0 [ 1980.843657] ? ksys_write+0x1a9/0x260 [ 1980.844058] ? __ia32_sys_read+0xb0/0xb0 [ 1980.844491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1980.845038] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1980.845579] do_syscall_64+0x33/0x40 [ 1980.845978] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1980.846519] RIP: 0033:0x7f8c2e1fdb19 [ 1980.846913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1980.848785] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1980.849490] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1980.850150] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1980.850820] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1980.851478] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1980.852137] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:24:12 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:12 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 40) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:24:12 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:24:12 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:12 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 64) 02:24:12 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000) 02:24:12 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x3, 0x0, 0x0) 02:24:12 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000040)={r0, 0xffffffffffffff3f, 0xd29d, 0x10000}) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000007, 0x13, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = creat(&(0x7f0000000180)='./file0\x00', 0x8) renameat2(r3, &(0x7f00000000c0)='./file0\x00', r5, &(0x7f00000001c0)='./file0\x00', 0x7) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x68c0, 0x3c3, 0x2, &(0x7f0000000600)={[0xfff]}, 0x8) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000640), 0x20000, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r6, 0x3) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000005c0)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, r5, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@generic={0x6, "d202816e2743de704e40d35a3216b886883604fe3bc8d284a2834930e15183977ec57c7f3f25972df15255763eb64be69bfc508fae4719e9740f880cdb5c5aca057cc0fbc16d099b0ab9971f9a96e3eb4732bfbe5c637099660454e5f52373d68680621d99cedb34375ec60a0419399a478d7247e23b5c4b08c35e0e21ec"}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000340)="c1d01ee3b72cd2cfaafbd5d92afbe2d82cc64ef8f16e455f3dbdb61c3bad029030311ca08698f5de3f5d1c4541ac42fcbab1a98eba8f4e31d54f811ba5f14f839e6633d6c82a66d3de9dd73596c527a8d23d81028cd8c3fd21d78cc8446aba53b47ec1141463c380deb92303456e182687a2e94ada750a1f788be5ad0f86623c975aa52fafc59303f7da12f58b9bd6fb5e82ef203ca6131766f22affd1226e028fde9a6175bba3829bdf7798a1f57df1ee993595a3872e0b9924f98374c87765b6ec4ee5e1623813cc2e76e0630f3a410d8eb0", 0xd3}], 0x1, &(0x7f0000000480)=[{0x100, 0x104, 0x7, "7b0f123901d9ac58228778384cf727e982897820afaa827d90537536c9114ec1ccc03ecbe8abd7e446042da91ca46a7ac1dc31496c9b7ba5bd79bea1b747003b428bd42a30701edf10f2a12fee8d764bda8eca43b40c795ed57d64eac0a5e57f8b58177624d54b28ba8a62508fcc5f6707880fb4bf6dcb663ebaaaf15ed65d7851dc8ee200e1ac3e4d271784e4dbc60e0aae57e98057f314219d26214b5f629d7493138e73f54c43eeeee98d7c3ef8f07f3d90bfa72e201c6598fe9778c923f35aa6f4cf07cbe52f47be8076cb5046e8f661a369eace2daa74063fa9f017ae4fbf2dc752aec7b0c52a2f5af9"}], 0x100}, 0x0, 0x2100, 0x0, {0x0, r7}}, 0x9) [ 1994.311602] FAULT_INJECTION: forcing a failure. [ 1994.311602] name failslab, interval 1, probability 0, space 0, times 0 [ 1994.314229] CPU: 1 PID: 12001 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1994.315763] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1994.317593] Call Trace: [ 1994.318169] dump_stack+0x107/0x167 [ 1994.318987] should_fail.cold+0x5/0xa [ 1994.319826] ? skb_clone+0x14f/0x3d0 [ 1994.320644] should_failslab+0x5/0x20 [ 1994.321473] kmem_cache_alloc+0x5b/0x310 [ 1994.322368] skb_clone+0x14f/0x3d0 [ 1994.323221] ip6_finish_output2+0x1225/0x1fe0 [ 1994.324212] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 1994.325313] ip6_output+0x3b8/0x7e0 [ 1994.326120] ip6_local_out+0xb4/0x1a0 [ 1994.326975] ip6_send_skb+0x112/0x460 [ 1994.327804] udp_v6_send_skb+0x7aa/0x15b0 [ 1994.328720] udpv6_sendmsg+0x2116/0x2ad0 [ 1994.329613] ? ip_frag_init+0x350/0x350 [ 1994.330492] ? udp_v6_push_pending_frames+0x360/0x360 [ 1994.331636] ? perf_event_task_disable+0x390/0x390 [ 1994.332720] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 1994.333779] ? lock_acquire+0x197/0x470 [ 1994.334663] ? find_held_lock+0x2c/0x110 [ 1994.335562] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1994.336713] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1994.337896] ? sock_has_perm+0x1ea/0x280 [ 1994.338814] ? __import_iovec+0x458/0x590 [ 1994.339723] ? udp_v6_push_pending_frames+0x360/0x360 [ 1994.340859] inet6_sendmsg+0x105/0x140 02:24:12 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 1994.341710] ? inet6_compat_ioctl+0x320/0x320 [ 1994.342876] __sock_sendmsg+0xf2/0x190 [ 1994.343723] ____sys_sendmsg+0x334/0x870 [ 1994.344613] ? sock_write_iter+0x3d0/0x3d0 [ 1994.345542] ? do_recvmmsg+0x6d0/0x6d0 [ 1994.346397] ? __lock_acquire+0x1657/0x5b00 [ 1994.347370] ___sys_sendmsg+0xf3/0x170 [ 1994.348226] ? sendmsg_copy_msghdr+0x160/0x160 [ 1994.349232] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1994.350375] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1994.351371] ? trace_hardirqs_on+0x5b/0x180 [ 1994.352321] ? lock_acquire+0x197/0x470 [ 1994.353182] ? find_held_lock+0x2c/0x110 [ 1994.354076] ? __might_fault+0xd3/0x180 [ 1994.354962] ? lock_downgrade+0x6d0/0x6d0 [ 1994.355874] ? io_schedule_timeout+0x140/0x140 [ 1994.356883] __sys_sendmmsg+0x195/0x470 [ 1994.357759] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1994.358720] ? lock_downgrade+0x6d0/0x6d0 [ 1994.359639] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1994.360698] ? wait_for_completion_io+0x270/0x270 [ 1994.361751] ? rcu_read_lock_any_held+0x75/0xa0 [ 1994.362787] ? vfs_write+0x354/0xb10 [ 1994.363597] ? fput_many+0x2f/0x1a0 [ 1994.364397] ? ksys_write+0x1a9/0x260 [ 1994.365238] ? __ia32_sys_read+0xb0/0xb0 [ 1994.366134] __x64_sys_sendmmsg+0x99/0x100 [ 1994.367078] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1994.368214] do_syscall_64+0x33/0x40 [ 1994.369022] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1994.370164] RIP: 0033:0x7f862c37fb19 [ 1994.375875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1994.381049] FAULT_INJECTION: forcing a failure. [ 1994.381049] name failslab, interval 1, probability 0, space 0, times 0 [ 1994.383685] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1994.383702] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1994.383711] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1994.383720] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1994.383729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1994.383739] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 1994.396065] CPU: 0 PID: 12000 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1994.397583] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1994.399409] Call Trace: [ 1994.399993] dump_stack+0x107/0x167 [ 1994.400791] should_fail.cold+0x5/0xa [ 1994.401630] should_failslab+0x5/0x20 [ 1994.402465] kmem_cache_alloc_bulk+0x4b/0x320 [ 1994.403490] io_submit_sqes+0x6fe6/0x8610 [ 1994.404417] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1994.405505] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1994.406570] ? lock_downgrade+0x6d0/0x6d0 [ 1994.408090] ? find_held_lock+0x2c/0x110 [ 1994.410076] ? io_submit_sqes+0x8610/0x8610 [ 1994.414494] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1994.416550] ? wait_for_completion_io+0x270/0x270 [ 1994.417760] ? rcu_read_lock_any_held+0x75/0xa0 [ 1994.419666] ? vfs_write+0x354/0xb10 [ 1994.420995] ? fput_many+0x2f/0x1a0 [ 1994.421931] ? ksys_write+0x1a9/0x260 [ 1994.423673] ? __ia32_sys_read+0xb0/0xb0 [ 1994.424574] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1994.426397] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1994.428330] do_syscall_64+0x33/0x40 [ 1994.429835] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1994.431844] RIP: 0033:0x7f8c2e1fdb19 [ 1994.432666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1994.438951] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1994.442131] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1994.444385] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1994.446892] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1994.448851] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1994.451615] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:24:12 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2abf) 02:24:12 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 41) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 1994.650142] FAULT_INJECTION: forcing a failure. [ 1994.650142] name failslab, interval 1, probability 0, space 0, times 0 [ 1994.652876] CPU: 1 PID: 12027 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 1994.654389] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1994.657475] Call Trace: [ 1994.658062] dump_stack+0x107/0x167 [ 1994.658866] should_fail.cold+0x5/0xa [ 1994.659703] ? create_object.isra.0+0x3a/0xa20 [ 1994.660708] should_failslab+0x5/0x20 [ 1994.661543] kmem_cache_alloc+0x5b/0x310 [ 1994.662437] ? mark_held_locks+0x9e/0xe0 [ 1994.664431] create_object.isra.0+0x3a/0xa20 [ 1994.665399] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1994.666278] kmem_cache_alloc_bulk+0x168/0x320 [ 1994.667090] io_submit_sqes+0x6fe6/0x8610 [ 1994.667831] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1994.668702] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 1994.669534] ? lock_downgrade+0x6d0/0x6d0 [ 1994.670253] ? find_held_lock+0x2c/0x110 [ 1994.671071] ? io_submit_sqes+0x8610/0x8610 [ 1994.672908] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1994.673744] ? wait_for_completion_io+0x270/0x270 [ 1994.674593] ? rcu_read_lock_any_held+0x75/0xa0 [ 1994.676794] ? vfs_write+0x354/0xb10 [ 1994.677444] ? fput_many+0x2f/0x1a0 [ 1994.678080] ? ksys_write+0x1a9/0x260 [ 1994.679144] ? __ia32_sys_read+0xb0/0xb0 [ 1994.679489] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1994.679929] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1994.680380] do_syscall_64+0x33/0x40 [ 1994.680695] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1994.681125] RIP: 0033:0x7f8c2e1fdb19 [ 1994.681452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1994.683695] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1994.684333] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 1994.684940] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 1994.685544] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1994.686141] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 1994.686769] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:24:13 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x6, 0x0, 0x0) 02:24:13 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r2, r1, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:13 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = dup2(r0, r0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r0, &(0x7f0000000040)={0x8000200a}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat2(r4, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x4a800, 0x178, 0x3}, 0x18) syz_io_uring_setup(0x4f24, &(0x7f00000002c0)={0x0, 0xa6d7, 0x4, 0x1, 0x1a8, 0x0, r5}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f00000001c0), &(0x7f0000000340)) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:13 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x0, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:13 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00) 02:24:13 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x312) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:24:13 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:13 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x0, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:13 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:24:13 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 65) 02:24:13 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x8, 0x0, 0x0) 02:24:13 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:13 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000) [ 1995.059108] FAULT_INJECTION: forcing a failure. [ 1995.059108] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1995.060190] CPU: 1 PID: 12068 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 1995.060775] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.061479] Call Trace: [ 1995.061712] dump_stack+0x107/0x167 [ 1995.062024] should_fail.cold+0x5/0xa [ 1995.062366] _copy_from_user+0x2e/0x1b0 [ 1995.062763] __copy_msghdr_from_user+0x91/0x4b0 [ 1995.063158] ? __ia32_sys_shutdown+0x80/0x80 [ 1995.063546] ? udp_v6_push_pending_frames+0x360/0x360 [ 1995.063987] ? inet6_sendmsg+0xbd/0x140 [ 1995.064327] ? inet6_compat_ioctl+0x320/0x320 [ 1995.064717] ? __sock_sendmsg+0x55/0x190 [ 1995.065067] sendmsg_copy_msghdr+0xa1/0x160 [ 1995.065443] ? do_recvmmsg+0x6d0/0x6d0 [ 1995.065780] ? __lock_acquire+0x1657/0x5b00 [ 1995.066154] ___sys_sendmsg+0xc6/0x170 [ 1995.066497] ? sendmsg_copy_msghdr+0x160/0x160 [ 1995.066913] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.067356] ? _raw_spin_unlock_irq+0x1f/0x30 [ 1995.067745] ? trace_hardirqs_on+0x5b/0x180 [ 1995.068116] ? lock_acquire+0x197/0x470 [ 1995.068452] ? find_held_lock+0x2c/0x110 [ 1995.068813] ? __might_fault+0xd3/0x180 [ 1995.069151] ? lock_downgrade+0x6d0/0x6d0 [ 1995.069506] ? io_schedule_timeout+0x140/0x140 [ 1995.069912] __sys_sendmmsg+0x195/0x470 [ 1995.070253] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1995.070631] ? lock_downgrade+0x6d0/0x6d0 [ 1995.071013] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1995.071424] ? wait_for_completion_io+0x270/0x270 [ 1995.071845] ? rcu_read_lock_any_held+0x75/0xa0 [ 1995.072240] ? vfs_write+0x354/0xb10 [ 1995.072557] ? fput_many+0x2f/0x1a0 [ 1995.072878] ? ksys_write+0x1a9/0x260 [ 1995.073201] ? __ia32_sys_read+0xb0/0xb0 [ 1995.073549] __x64_sys_sendmmsg+0x99/0x100 [ 1995.073918] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.074352] do_syscall_64+0x33/0x40 [ 1995.074685] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.075129] RIP: 0033:0x7f862c37fb19 [ 1995.075447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.076989] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1995.077642] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 1995.078250] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 1995.078867] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1995.079475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1995.080077] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:24:27 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 42) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:24:27 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 66) 02:24:27 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xbf2a) 02:24:27 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:27 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) syz_io_uring_submit(r3, r6, &(0x7f00000000c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040)=0x80, &(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x0, 0x80000, 0x1}, 0x5) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff0000/0x4000)=nil, 0x4000, 0x300000c, 0x40010, r4, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r11 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r11, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r12 = socket$inet(0x2, 0x4, 0x6) r13 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r13, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r13, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) syz_io_uring_submit(r8, r10, &(0x7f00000002c0)=@IORING_OP_SPLICE={0x1e, 0x3, 0x0, @fd_index=0x5, 0x7, {0x0, r12}, 0xff, 0xe, 0x0, {0x0, 0x0, r13}}, 0x7) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:27 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x0, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:27 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1203) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:24:27 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0xc, 0x0, 0x0) 02:24:27 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2008.793245] FAULT_INJECTION: forcing a failure. [ 2008.793245] name failslab, interval 1, probability 0, space 0, times 0 [ 2008.794462] CPU: 0 PID: 12084 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2008.795156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2008.795907] Call Trace: [ 2008.796159] dump_stack+0x107/0x167 [ 2008.796498] should_fail.cold+0x5/0xa [ 2008.796852] ? create_object.isra.0+0x3a/0xa20 [ 2008.797272] should_failslab+0x5/0x20 [ 2008.797627] kmem_cache_alloc+0x5b/0x310 [ 2008.798004] ? mark_held_locks+0x9e/0xe0 [ 2008.798384] create_object.isra.0+0x3a/0xa20 [ 2008.798826] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2008.799478] FAULT_INJECTION: forcing a failure. [ 2008.799478] name failslab, interval 1, probability 0, space 0, times 0 [ 2008.800029] kmem_cache_alloc_bulk+0x168/0x320 [ 2008.800051] io_submit_sqes+0x6fe6/0x8610 [ 2008.801721] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2008.802142] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2008.802563] ? lock_downgrade+0x6d0/0x6d0 [ 2008.802926] ? find_held_lock+0x2c/0x110 [ 2008.803275] ? io_submit_sqes+0x8610/0x8610 [ 2008.803658] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2008.804068] ? wait_for_completion_io+0x270/0x270 [ 2008.804488] ? rcu_read_lock_any_held+0x75/0xa0 [ 2008.804882] ? vfs_write+0x354/0xb10 [ 2008.805199] ? fput_many+0x2f/0x1a0 [ 2008.805521] ? ksys_write+0x1a9/0x260 [ 2008.805844] ? __ia32_sys_read+0xb0/0xb0 [ 2008.806192] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2008.806645] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2008.807630] do_syscall_64+0x33/0x40 [ 2008.807951] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2008.808383] RIP: 0033:0x7f8c2e1fdb19 [ 2008.808706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2008.810232] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2008.811051] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2008.812257] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2008.813473] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2008.814683] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2008.816215] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2008.817766] CPU: 1 PID: 12085 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2008.818489] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2008.819352] Call Trace: [ 2008.819627] dump_stack+0x107/0x167 [ 2008.820010] should_fail.cold+0x5/0xa [ 2008.820411] ? __alloc_skb+0x6d/0x5b0 [ 2008.820807] should_failslab+0x5/0x20 [ 2008.821202] kmem_cache_alloc_node+0x55/0x330 [ 2008.821664] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2008.822226] __alloc_skb+0x6d/0x5b0 [ 2008.822607] alloc_skb_with_frags+0x92/0x570 [ 2008.823066] ? trace_hardirqs_on+0x5b/0x180 [ 2008.823518] ? kmem_cache_free+0xa7/0x2d0 [ 2008.823953] sock_alloc_send_pskb+0x7af/0x930 [ 2008.824425] ? sk_alloc+0x350/0x350 [ 2008.824808] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2008.825339] ? trace_hardirqs_on+0x5b/0x180 [ 2008.825790] ? __dev_queue_xmit+0xe4e/0x2710 [ 2008.826245] ? __local_bh_enable_ip+0x9d/0x100 [ 2008.826726] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2008.827265] ? ip6_mtu+0x1bb/0x3d0 [ 2008.827635] ? lock_downgrade+0x6d0/0x6d0 [ 2008.828062] ? ip_frag_init+0x350/0x350 [ 2008.828442] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2008.828865] ip6_make_skb+0x2de/0x4e0 [ 2008.829212] ? ip_frag_init+0x350/0x350 [ 2008.829588] ? ip_frag_init+0x350/0x350 [ 2008.829954] ? ip6_push_pending_frames+0xf0/0xf0 [ 2008.830394] ? ip6_dst_check+0x389/0x8d0 [ 2008.830776] ? sk_dst_check+0x235/0x4c0 [ 2008.831150] udpv6_sendmsg+0x20d3/0x2ad0 [ 2008.831529] ? ip_frag_init+0x350/0x350 [ 2008.831884] ? udp_v6_push_pending_frames+0x360/0x360 [ 2008.832332] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2008.832794] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2008.833247] ? trace_hardirqs_on+0x5b/0x180 [ 2008.833646] ? lock_acquire+0x1b9/0x470 [ 2008.833998] ? find_held_lock+0x2c/0x110 [ 2008.834365] ? sock_has_perm+0x1ea/0x280 [ 2008.834748] ? __import_iovec+0x458/0x590 [ 2008.835122] ? udp_v6_push_pending_frames+0x360/0x360 [ 2008.835598] inet6_sendmsg+0x105/0x140 [ 2008.835958] ? inet6_compat_ioctl+0x320/0x320 [ 2008.836372] __sock_sendmsg+0xf2/0x190 [ 2008.836737] ____sys_sendmsg+0x334/0x870 [ 2008.837118] ? sock_write_iter+0x3d0/0x3d0 [ 2008.837509] ? do_recvmmsg+0x6d0/0x6d0 [ 2008.837871] ? __lock_acquire+0x1657/0x5b00 [ 2008.838280] ___sys_sendmsg+0xf3/0x170 [ 2008.838639] ? sendmsg_copy_msghdr+0x160/0x160 [ 2008.839113] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2008.839602] ? _raw_spin_unlock_irq+0x27/0x30 [ 2008.840097] ? lock_acquire+0x197/0x470 [ 2008.840532] ? find_held_lock+0x2c/0x110 [ 2008.840983] ? __might_fault+0xd3/0x180 [ 2008.841419] ? lock_downgrade+0x6d0/0x6d0 [ 2008.841876] ? io_schedule_timeout+0x140/0x140 [ 2008.842386] __sys_sendmmsg+0x195/0x470 [ 2008.842835] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2008.843312] ? lock_downgrade+0x6d0/0x6d0 [ 2008.843784] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2008.844316] ? wait_for_completion_io+0x270/0x270 [ 2008.844845] ? rcu_read_lock_any_held+0x75/0xa0 [ 2008.845353] ? vfs_write+0x354/0xb10 [ 2008.845760] ? fput_many+0x2f/0x1a0 [ 2008.846159] ? ksys_write+0x1a9/0x260 [ 2008.846581] ? __ia32_sys_read+0xb0/0xb0 [ 2008.847025] __x64_sys_sendmmsg+0x99/0x100 [ 2008.847470] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2008.848001] do_syscall_64+0x33/0x40 [ 2008.848389] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2008.848919] RIP: 0033:0x7f862c37fb19 [ 2008.849307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2008.851128] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2008.851908] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2008.852637] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2008.853290] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2008.853939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2008.854593] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:24:27 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:27 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:24:27 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:40 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2a65) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:24:40 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:40 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xd502) 02:24:40 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 43) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:24:40 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 67) 02:24:40 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x22, 0x0, 0x0) 02:24:40 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:40 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0x8000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x6, 0x13, r0, 0x10000000) syz_io_uring_submit(r1, r3, &(0x7f0000000480)=@IORING_OP_SENDMSG={0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)="f1f4057f40efce9f35f708b81189b18e2568d8870c3fd89d9f591c444dfaadaff0155de863d1196148024854845f1b2a6034f1f7958c9dbd", 0x38}, {&(0x7f00000000c0)="a08752ef11b3ef6260496304", 0xc}, {&(0x7f00000002c0)="e81b80800cc4ca23bbfb7d34ecc668a812d6a55af4dfc5bb613d6be8434deac346b6d119e8df5a02c6ffbee62cc4ee54856f6e2533eb7ae1dc9cd155e2f56649248279eeff90a1f5271550285b0f539cf4095e57b41644f9e404497f41be64cf03a1f0119ab28d74d9d2d2a42820a01b32c79453f480fb534d24d5975e7ba76b757ca189b0c17c9491ea46975d883db258870035746417de75aa56668dcf9a09432ad82a8b215ca0bc81e7d1d8cf6c6e35b5a50f3ca9e72d7a9545f01edb59606eeb8ac68e8b10d26785059a8d5287e3740aff02ccc95b7271", 0xd9}, {&(0x7f0000000180)="75c799275a12057874c0edc4463d90ce512cd80b9313c70a4acbfc547bd57ea9a19fdaa80c81a4fb8965171a0657588daf1926670ac81d246e1b", 0x3a}, {&(0x7f00000001c0)="e693d98831b48ff947ae2ebc26804361a9dc1451c8a54587ee209e4fdf5185dcce48", 0x22}], 0x5}, 0x0, 0x400c020}, 0x7) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2021.934668] FAULT_INJECTION: forcing a failure. [ 2021.934668] name failslab, interval 1, probability 0, space 0, times 0 [ 2021.935731] CPU: 1 PID: 12148 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2021.936313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2021.937007] Call Trace: [ 2021.937241] dump_stack+0x107/0x167 [ 2021.937554] should_fail.cold+0x5/0xa [ 2021.937884] ? __alloc_skb+0x6d/0x5b0 [ 2021.938213] should_failslab+0x5/0x20 [ 2021.938539] kmem_cache_alloc_node+0x55/0x330 [ 2021.938938] __alloc_skb+0x6d/0x5b0 [ 2021.939265] alloc_skb_with_frags+0x92/0x570 [ 2021.939639] ? trace_hardirqs_on+0x5b/0x180 [ 2021.940008] ? kmem_cache_free+0xa7/0x2d0 [ 2021.940364] sock_alloc_send_pskb+0x7af/0x930 [ 2021.940753] ? sk_alloc+0x350/0x350 [ 2021.941069] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2021.941511] ? trace_hardirqs_on+0x5b/0x180 [ 2021.941877] ? __dev_queue_xmit+0xe4e/0x2710 [ 2021.942251] ? __local_bh_enable_ip+0x9d/0x100 [ 2021.942650] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2021.943112] ? ip6_mtu+0x1bb/0x3d0 [ 2021.943416] ? lock_downgrade+0x6d0/0x6d0 [ 2021.943769] ? ip_frag_init+0x350/0x350 [ 2021.944116] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2021.944516] ? ip6_mtu+0x1e9/0x3d0 [ 2021.944821] ? ip6_setup_cork+0xfb7/0x1740 [ 2021.945190] ip6_make_skb+0x2de/0x4e0 [ 2021.945518] ? ip_frag_init+0x350/0x350 [ 2021.945864] ? ip_frag_init+0x350/0x350 [ 2021.946214] ? ip6_push_pending_frames+0xf0/0xf0 [ 2021.946626] ? ip6_dst_check+0x389/0x8d0 [ 2021.946990] ? sk_dst_check+0x235/0x4c0 [ 2021.947337] udpv6_sendmsg+0x20d3/0x2ad0 [ 2021.947686] ? ip_frag_init+0x350/0x350 [ 2021.948037] ? udp_v6_push_pending_frames+0x360/0x360 [ 2021.948485] ? perf_event_task_disable+0x390/0x390 [ 2021.948903] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2021.949317] ? lock_acquire+0x197/0x470 [ 2021.949661] ? find_held_lock+0x2c/0x110 [ 2021.950016] ? sock_has_perm+0x1ea/0x280 [ 2021.950379] ? __import_iovec+0x458/0x590 [ 2021.950734] ? udp_v6_push_pending_frames+0x360/0x360 [ 2021.951192] inet6_sendmsg+0x105/0x140 [ 2021.951530] ? inet6_compat_ioctl+0x320/0x320 [ 2021.951911] __sock_sendmsg+0xf2/0x190 [ 2021.952244] ____sys_sendmsg+0x334/0x870 [ 2021.952598] ? sock_write_iter+0x3d0/0x3d0 [ 2021.952957] ? do_recvmmsg+0x6d0/0x6d0 [ 2021.953291] ? __lock_acquire+0x1657/0x5b00 [ 2021.953671] ___sys_sendmsg+0xf3/0x170 [ 2021.954004] ? sendmsg_copy_msghdr+0x160/0x160 [ 2021.954399] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2021.954790] ? _raw_spin_unlock_irq+0x27/0x30 [ 2021.955194] ? lock_acquire+0x197/0x470 [ 2021.955537] ? find_held_lock+0x2c/0x110 [ 2021.955886] ? __might_fault+0xd3/0x180 [ 2021.956225] ? lock_downgrade+0x6d0/0x6d0 [ 2021.956582] ? io_schedule_timeout+0x140/0x140 [ 2021.956985] __sys_sendmmsg+0x195/0x470 [ 2021.957326] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2021.957699] ? lock_downgrade+0x6d0/0x6d0 [ 2021.958063] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2021.958481] ? wait_for_completion_io+0x270/0x270 [ 2021.958898] ? rcu_read_lock_any_held+0x75/0xa0 [ 2021.959305] ? vfs_write+0x354/0xb10 [ 2021.959627] ? fput_many+0x2f/0x1a0 [ 2021.959938] ? ksys_write+0x1a9/0x260 [ 2021.960262] ? __ia32_sys_read+0xb0/0xb0 [ 2021.960618] __x64_sys_sendmmsg+0x99/0x100 [ 2021.960978] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2021.961416] do_syscall_64+0x33/0x40 [ 2021.961733] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2021.962165] RIP: 0033:0x7f862c37fb19 [ 2021.962486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2021.964052] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2021.964702] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2021.965302] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2021.965902] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2021.966501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2021.967120] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:24:40 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 68) [ 2022.022065] FAULT_INJECTION: forcing a failure. [ 2022.022065] name failslab, interval 1, probability 0, space 0, times 0 [ 2022.023204] CPU: 0 PID: 12147 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2022.023838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2022.024592] Call Trace: [ 2022.024853] dump_stack+0x107/0x167 [ 2022.025197] should_fail.cold+0x5/0xa [ 2022.025562] ? create_object.isra.0+0x3a/0xa20 [ 2022.025987] should_failslab+0x5/0x20 [ 2022.026344] kmem_cache_alloc+0x5b/0x310 [ 2022.026722] ? mark_held_locks+0x9e/0xe0 [ 2022.027122] create_object.isra.0+0x3a/0xa20 [ 2022.027531] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2022.028001] kmem_cache_alloc_bulk+0x168/0x320 [ 2022.028430] io_submit_sqes+0x6fe6/0x8610 [ 2022.028840] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2022.029298] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2022.029753] ? lock_downgrade+0x6d0/0x6d0 [ 2022.030141] ? find_held_lock+0x2c/0x110 [ 2022.030520] ? io_submit_sqes+0x8610/0x8610 [ 2022.030932] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2022.031379] ? wait_for_completion_io+0x270/0x270 [ 2022.031831] ? rcu_read_lock_any_held+0x75/0xa0 [ 2022.032254] ? vfs_write+0x354/0xb10 [ 2022.032602] ? fput_many+0x2f/0x1a0 [ 2022.032934] ? ksys_write+0x1a9/0x260 [ 2022.033283] ? __ia32_sys_read+0xb0/0xb0 [ 2022.033661] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2022.034136] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2022.034611] do_syscall_64+0x33/0x40 [ 2022.034962] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2022.035432] RIP: 0033:0x7f8c2e1fdb19 [ 2022.035779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2022.037420] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2022.038108] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2022.038282] FAULT_INJECTION: forcing a failure. [ 2022.038282] name failslab, interval 1, probability 0, space 0, times 0 [ 2022.038745] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2022.038755] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2022.038774] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2022.041632] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2022.042294] CPU: 1 PID: 12165 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2022.042894] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2022.043611] Call Trace: [ 2022.043844] dump_stack+0x107/0x167 [ 2022.044155] should_fail.cold+0x5/0xa [ 2022.044483] ? create_object.isra.0+0x3a/0xa20 [ 2022.044876] should_failslab+0x5/0x20 [ 2022.045201] kmem_cache_alloc+0x5b/0x310 [ 2022.045549] ? ___sys_sendmsg+0xf3/0x170 [ 2022.045892] ? __sys_sendmmsg+0x195/0x470 [ 2022.046245] create_object.isra.0+0x3a/0xa20 [ 2022.046621] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2022.047072] kmem_cache_alloc_node+0x169/0x330 [ 2022.047464] __alloc_skb+0x6d/0x5b0 [ 2022.047779] alloc_skb_with_frags+0x92/0x570 [ 2022.048152] ? trace_hardirqs_on+0x5b/0x180 [ 2022.048520] ? kmem_cache_free+0xa7/0x2d0 [ 2022.048874] sock_alloc_send_pskb+0x7af/0x930 [ 2022.049260] ? sk_alloc+0x350/0x350 [ 2022.049577] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2022.050016] ? trace_hardirqs_on+0x5b/0x180 [ 2022.050382] ? __dev_queue_xmit+0xe4e/0x2710 [ 2022.050759] ? __local_bh_enable_ip+0x9d/0x100 [ 2022.051179] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2022.051610] ? ip6_mtu+0x1bb/0x3d0 [ 2022.051912] ? lock_downgrade+0x6d0/0x6d0 [ 2022.052265] ? ip_frag_init+0x350/0x350 [ 2022.052612] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2022.053006] ? ip6_mtu+0x1e9/0x3d0 [ 2022.053309] ? ip6_setup_cork+0xfb7/0x1740 [ 2022.053668] ip6_make_skb+0x2de/0x4e0 [ 2022.053990] ? ip_frag_init+0x350/0x350 [ 2022.054330] ? ip_frag_init+0x350/0x350 [ 2022.054673] ? ip6_push_pending_frames+0xf0/0xf0 [ 2022.055098] ? ip6_dst_check+0x389/0x8d0 [ 2022.055448] ? sk_dst_check+0x235/0x4c0 [ 2022.055792] udpv6_sendmsg+0x20d3/0x2ad0 [ 2022.056139] ? ip_frag_init+0x350/0x350 [ 2022.056489] ? udp_v6_push_pending_frames+0x360/0x360 [ 2022.056930] ? perf_event_task_disable+0x390/0x390 [ 2022.057349] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2022.057760] ? lock_acquire+0x197/0x470 [ 2022.058097] ? find_held_lock+0x2c/0x110 [ 2022.058451] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2022.058902] ? sock_has_perm+0x1ea/0x280 [ 2022.059272] ? __import_iovec+0x458/0x590 [ 2022.059627] ? udp_v6_push_pending_frames+0x360/0x360 [ 2022.060065] inet6_sendmsg+0x105/0x140 [ 2022.060398] ? inet6_compat_ioctl+0x320/0x320 [ 2022.060777] __sock_sendmsg+0xf2/0x190 [ 2022.061109] ____sys_sendmsg+0x334/0x870 [ 2022.061458] ? sock_write_iter+0x3d0/0x3d0 [ 2022.061817] ? do_recvmmsg+0x6d0/0x6d0 [ 2022.062150] ? __lock_acquire+0x1657/0x5b00 [ 2022.062526] ___sys_sendmsg+0xf3/0x170 [ 2022.062858] ? sendmsg_copy_msghdr+0x160/0x160 [ 2022.063268] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2022.063711] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2022.064088] ? trace_hardirqs_on+0x5b/0x180 [ 2022.064458] ? lock_acquire+0x197/0x470 [ 2022.064793] ? find_held_lock+0x2c/0x110 [ 2022.065142] ? __might_fault+0xd3/0x180 [ 2022.065481] ? lock_downgrade+0x6d0/0x6d0 [ 2022.065835] ? io_schedule_timeout+0x140/0x140 [ 2022.066231] __sys_sendmmsg+0x195/0x470 [ 2022.066573] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2022.066947] ? lock_downgrade+0x6d0/0x6d0 [ 2022.067315] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2022.067733] ? wait_for_completion_io+0x270/0x270 [ 2022.068143] ? rcu_read_lock_any_held+0x75/0xa0 [ 2022.068536] ? vfs_write+0x354/0xb10 [ 2022.068853] ? fput_many+0x2f/0x1a0 [ 2022.069166] ? ksys_write+0x1a9/0x260 [ 2022.069492] ? __ia32_sys_read+0xb0/0xb0 [ 2022.069841] __x64_sys_sendmmsg+0x99/0x100 [ 2022.070201] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2022.070638] do_syscall_64+0x33/0x40 [ 2022.070969] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2022.071406] RIP: 0033:0x7f862c37fb19 [ 2022.071723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2022.073256] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2022.073898] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2022.074498] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2022.075102] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2022.075700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2022.076297] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:24:53 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:53 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 69) 02:24:53 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 44) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:24:53 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0x32a}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:53 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000) 02:24:53 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x30e, 0x0, 0x0) 02:24:53 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:53 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 2035.007197] FAULT_INJECTION: forcing a failure. [ 2035.007197] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.008285] CPU: 0 PID: 12191 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2035.008944] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2035.009680] Call Trace: [ 2035.009921] dump_stack+0x107/0x167 [ 2035.010229] should_fail.cold+0x5/0xa [ 2035.010602] ? create_object.isra.0+0x3a/0xa20 [ 2035.010998] should_failslab+0x5/0x20 [ 2035.011332] kmem_cache_alloc+0x5b/0x310 [ 2035.011723] create_object.isra.0+0x3a/0xa20 [ 2035.012102] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2035.012601] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2035.013035] ? alloc_skb_with_frags+0x92/0x570 [ 2035.013470] __alloc_skb+0xb1/0x5b0 [ 2035.013783] alloc_skb_with_frags+0x92/0x570 [ 2035.014164] ? trace_hardirqs_on+0x5b/0x180 [ 2035.014576] ? kmem_cache_free+0xa7/0x2d0 [ 2035.014927] sock_alloc_send_pskb+0x7af/0x930 [ 2035.015333] ? sk_alloc+0x350/0x350 [ 2035.015693] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2035.016128] ? trace_hardirqs_on+0x5b/0x180 [ 2035.016570] ? __dev_queue_xmit+0xe4e/0x2710 [ 2035.016939] ? __local_bh_enable_ip+0x9d/0x100 [ 2035.017338] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2035.017810] ? ip6_mtu+0x1bb/0x3d0 [ 2035.018111] ? lock_downgrade+0x6d0/0x6d0 [ 2035.018516] ? ip_frag_init+0x350/0x350 [ 2035.018858] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2035.019258] ? ip6_mtu+0x1e9/0x3d0 [ 2035.019619] ? ip6_setup_cork+0xfb7/0x1740 [ 2035.019976] ip6_make_skb+0x2de/0x4e0 [ 2035.020295] ? ip_frag_init+0x350/0x350 [ 2035.020688] ? ip_frag_init+0x350/0x350 [ 2035.021024] ? ip6_push_pending_frames+0xf0/0xf0 [ 2035.021502] ? ip6_dst_check+0x389/0x8d0 [ 2035.021843] ? sk_dst_check+0x235/0x4c0 [ 2035.022181] udpv6_sendmsg+0x20d3/0x2ad0 [ 2035.022583] ? ip_frag_init+0x350/0x350 [ 2035.022923] ? udp_v6_push_pending_frames+0x360/0x360 [ 2035.023369] ? perf_event_task_disable+0x390/0x390 [ 2035.023838] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2035.024244] ? lock_acquire+0x197/0x470 [ 2035.024628] ? find_held_lock+0x2c/0x110 [ 2035.024981] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2035.025464] ? sock_has_perm+0x1ea/0x280 [ 2035.025831] ? __import_iovec+0x458/0x590 [ 2035.026179] ? udp_v6_push_pending_frames+0x360/0x360 [ 2035.026683] inet6_sendmsg+0x105/0x140 [ 2035.027023] ? inet6_compat_ioctl+0x320/0x320 [ 2035.027455] __sock_sendmsg+0xf2/0x190 [ 2035.027785] ____sys_sendmsg+0x334/0x870 [ 2035.028133] ? sock_write_iter+0x3d0/0x3d0 [ 2035.028534] ? do_recvmmsg+0x6d0/0x6d0 [ 2035.028871] ? __lock_acquire+0x1657/0x5b00 [ 2035.029243] ___sys_sendmsg+0xf3/0x170 [ 2035.029617] ? sendmsg_copy_msghdr+0x160/0x160 [ 2035.030011] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2035.030520] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2035.030893] ? trace_hardirqs_on+0x5b/0x180 [ 2035.031275] ? lock_acquire+0x197/0x470 [ 2035.031653] ? find_held_lock+0x2c/0x110 [ 2035.031998] ? __might_fault+0xd3/0x180 [ 2035.032341] ? lock_downgrade+0x6d0/0x6d0 [ 2035.032737] ? io_schedule_timeout+0x140/0x140 [ 2035.033134] __sys_sendmmsg+0x195/0x470 [ 2035.033518] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2035.033878] ? lock_downgrade+0x6d0/0x6d0 [ 2035.034248] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2035.034722] ? wait_for_completion_io+0x270/0x270 [ 2035.035138] ? rcu_read_lock_any_held+0x75/0xa0 [ 2035.035583] ? vfs_write+0x354/0xb10 [ 2035.035898] ? fput_many+0x2f/0x1a0 [ 2035.036205] ? ksys_write+0x1a9/0x260 [ 2035.036581] ? __ia32_sys_read+0xb0/0xb0 [ 2035.036929] __x64_sys_sendmmsg+0x99/0x100 [ 2035.037285] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2035.037766] do_syscall_64+0x33/0x40 [ 2035.038081] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2035.038609] RIP: 0033:0x7f862c37fb19 [ 2035.038927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2035.040513] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2035.041146] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2035.041744] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2035.042333] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2035.042928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2035.043528] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:24:53 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2) 02:24:53 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2035.055179] FAULT_INJECTION: forcing a failure. [ 2035.055179] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.056223] CPU: 0 PID: 12186 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2035.056814] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2035.057509] Call Trace: [ 2035.057734] dump_stack+0x107/0x167 [ 2035.058044] should_fail.cold+0x5/0xa [ 2035.058367] ? create_object.isra.0+0x3a/0xa20 [ 2035.058762] should_failslab+0x5/0x20 [ 2035.059092] kmem_cache_alloc+0x5b/0x310 [ 2035.059436] ? mark_held_locks+0x9e/0xe0 [ 2035.059794] create_object.isra.0+0x3a/0xa20 [ 2035.060166] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2035.060598] kmem_cache_alloc_bulk+0x168/0x320 [ 2035.060999] io_submit_sqes+0x6fe6/0x8610 [ 2035.061372] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2035.061804] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2035.062218] ? lock_downgrade+0x6d0/0x6d0 [ 2035.062569] ? find_held_lock+0x2c/0x110 [ 2035.062928] ? io_submit_sqes+0x8610/0x8610 [ 2035.063313] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2035.063728] ? wait_for_completion_io+0x270/0x270 [ 2035.064155] ? rcu_read_lock_any_held+0x75/0xa0 [ 2035.064557] ? vfs_write+0x354/0xb10 [ 2035.064879] ? fput_many+0x2f/0x1a0 [ 2035.065194] ? ksys_write+0x1a9/0x260 [ 2035.065521] ? __ia32_sys_read+0xb0/0xb0 [ 2035.065872] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2035.066326] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2035.066767] do_syscall_64+0x33/0x40 [ 2035.067102] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2035.067538] RIP: 0033:0x7f8c2e1fdb19 [ 2035.067856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2035.069418] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2035.070066] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2035.070675] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2035.071294] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2035.071897] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2035.072506] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:24:53 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000) 02:24:53 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:24:53 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:53 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 45) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:24:53 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x3, 0x0, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000000, 0x8010, r4, 0x5099f000) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:24:53 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:24:53 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2035.252184] FAULT_INJECTION: forcing a failure. [ 2035.252184] name failslab, interval 1, probability 0, space 0, times 0 [ 2035.253279] CPU: 0 PID: 12225 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2035.253869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2035.254575] Call Trace: [ 2035.254807] dump_stack+0x107/0x167 [ 2035.255127] should_fail.cold+0x5/0xa [ 2035.255455] ? create_object.isra.0+0x3a/0xa20 [ 2035.255853] should_failslab+0x5/0x20 [ 2035.256178] kmem_cache_alloc+0x5b/0x310 [ 2035.256524] ? mark_held_locks+0x9e/0xe0 [ 2035.256880] create_object.isra.0+0x3a/0xa20 [ 2035.257256] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2035.257694] kmem_cache_alloc_bulk+0x168/0x320 [ 2035.258556] io_submit_sqes+0x6fe6/0x8610 [ 2035.259480] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2035.260502] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2035.261079] ? lock_downgrade+0x6d0/0x6d0 [ 2035.261433] ? find_held_lock+0x2c/0x110 [ 2035.261781] ? io_submit_sqes+0x8610/0x8610 [ 2035.262165] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2035.262579] ? wait_for_completion_io+0x270/0x270 [ 2035.262997] ? rcu_read_lock_any_held+0x75/0xa0 [ 2035.263405] ? vfs_write+0x354/0xb10 [ 2035.263722] ? fput_many+0x2f/0x1a0 [ 2035.264034] ? ksys_write+0x1a9/0x260 [ 2035.264362] ? __ia32_sys_read+0xb0/0xb0 [ 2035.264712] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2035.265299] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2035.266196] do_syscall_64+0x33/0x40 [ 2035.266843] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2035.267746] RIP: 0033:0x7f8c2e1fdb19 [ 2035.268387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2035.271748] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2035.273036] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2035.274238] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2035.275272] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2035.275873] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2035.276471] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:25:06 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 70) 02:25:06 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 46) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:06 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000) 02:25:06 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5) 02:25:06 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 2048.023679] FAULT_INJECTION: forcing a failure. [ 2048.023679] name failslab, interval 1, probability 0, space 0, times 0 [ 2048.024726] CPU: 1 PID: 12246 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2048.025303] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2048.025992] Call Trace: [ 2048.026223] dump_stack+0x107/0x167 [ 2048.026539] should_fail.cold+0x5/0xa [ 2048.026868] should_failslab+0x5/0x20 02:25:06 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x652a) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:06 executing program 7: syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f00000000c0)='.\x00', 0x400000000000000, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000180)="e86dbda9bfa39b4146c8be168036e6478e454f8d83baed8326b931a986e5f2fa182881acaf4d58d1f739974b3b5af674e8ec13cc3094a9740acc976892ea8cfea7a55823c1ab04e87ddeb65b0ac54309961d1a5439c9", 0x56, 0x6}], 0x1008010, &(0x7f0000000300)={[{@huge_always}, {@mode={'mode', 0x3d, 0xfffffffffffffff9}}, {@huge_advise}, {@huge_within_size}, {@huge_advise}], [{@fowner_gt={'fowner>', 0xffffffffffffffff}}, {@smackfshat={'smackfshat', 0x3d, '=\\&'}}, {@fowner_gt={'fowner>', 0xffffffffffffffff}}, {@dont_appraise}, {@obj_user}, {@subj_role={'subj_role', 0x3d, '%\x85^+,-\xc2\x0e'}}, {@obj_role={'obj_role', 0x3d, '%!,'}}, {@subj_type={'subj_type', 0x3d, '\x00'}}, {@pcr={'pcr', 0x3d, 0x2d}}]}) r0 = syz_io_uring_setup(0x19c1, &(0x7f0000000240)={0x0, 0x2, 0x0, 0x4000, 0x4000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$sock_ifreq(r3, 0x89b0, &(0x7f0000000440)={'ip6gretap0\x00', @ifru_names}) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) openat(0xffffffffffffffff, &(0x7f0000000480)='./file0\x00', 0x204080, 0x42) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) pkey_mprotect(&(0x7f0000ff5000/0x4000)=nil, 0x4000, 0x2000000, 0xffffffffffffffff) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x300000f, 0x8010, r0, 0x10000000) syz_io_uring_submit(r5, r8, &(0x7f0000000400)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x2007, @fd_index=0x4, 0x4, 0x0, 0x0, 0x2, 0x0, {0x3}}, 0x80000001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:06 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2048.027225] kmem_cache_alloc_bulk+0x4b/0x320 [ 2048.027639] io_submit_sqes+0x6fe6/0x8610 [ 2048.028008] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2048.028437] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2048.028854] ? lock_downgrade+0x6d0/0x6d0 [ 2048.029212] ? find_held_lock+0x2c/0x110 [ 2048.029564] ? io_submit_sqes+0x8610/0x8610 [ 2048.029935] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2048.030345] ? wait_for_completion_io+0x270/0x270 [ 2048.030760] ? rcu_read_lock_any_held+0x75/0xa0 [ 2048.031155] ? vfs_write+0x354/0xb10 [ 2048.031505] ? fput_many+0x2f/0x1a0 [ 2048.031818] ? ksys_write+0x1a9/0x260 [ 2048.032143] ? __ia32_sys_read+0xb0/0xb0 [ 2048.032497] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2048.032941] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2048.033380] do_syscall_64+0x33/0x40 [ 2048.033703] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2048.034135] RIP: 0033:0x7f8c2e1fdb19 [ 2048.034460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2048.036018] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2048.036666] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2048.037268] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2048.037871] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2048.038473] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2048.039075] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2048.053143] FAULT_INJECTION: forcing a failure. [ 2048.053143] name failslab, interval 1, probability 0, space 0, times 0 [ 2048.054152] CPU: 1 PID: 12253 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2048.054752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2048.055463] Call Trace: [ 2048.055690] dump_stack+0x107/0x167 [ 2048.056002] should_fail.cold+0x5/0xa [ 2048.056330] ? skb_clone+0x14f/0x3d0 [ 2048.056654] should_failslab+0x5/0x20 [ 2048.056977] kmem_cache_alloc+0x5b/0x310 [ 2048.057328] skb_clone+0x14f/0x3d0 [ 2048.057643] ip6_finish_output2+0x1225/0x1fe0 [ 2048.058030] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 2048.058462] ip6_output+0x3b8/0x7e0 [ 2048.058780] ip6_local_out+0xb4/0x1a0 [ 2048.059106] ip6_send_skb+0x112/0x460 [ 2048.059451] udp_v6_send_skb+0x7aa/0x15b0 [ 2048.059812] udpv6_sendmsg+0x2116/0x2ad0 [ 2048.060159] ? ip_frag_init+0x350/0x350 [ 2048.060507] ? udp_v6_push_pending_frames+0x360/0x360 [ 2048.060953] ? perf_event_task_disable+0x390/0x390 [ 2048.061375] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2048.061793] ? lock_acquire+0x197/0x470 [ 2048.062132] ? find_held_lock+0x2c/0x110 [ 2048.062495] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2048.062937] ? sock_has_perm+0x1ea/0x280 [ 2048.063311] ? __import_iovec+0x458/0x590 [ 2048.063671] ? udp_v6_push_pending_frames+0x360/0x360 [ 2048.064110] inet6_sendmsg+0x105/0x140 [ 2048.066849] ? inet6_compat_ioctl+0x320/0x320 [ 2048.067241] __sock_sendmsg+0xf2/0x190 [ 2048.067577] ____sys_sendmsg+0x334/0x870 [ 2048.067980] ? sock_write_iter+0x3d0/0x3d0 [ 2048.068336] ? do_recvmmsg+0x6d0/0x6d0 [ 2048.068667] ? __lock_acquire+0x1657/0x5b00 [ 2048.069086] ___sys_sendmsg+0xf3/0x170 [ 2048.069418] ? sendmsg_copy_msghdr+0x160/0x160 [ 2048.069862] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2048.070301] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2048.070870] ? trace_hardirqs_on+0x5b/0x180 [ 2048.071260] ? lock_acquire+0x197/0x470 [ 2048.071597] ? find_held_lock+0x2c/0x110 [ 2048.071942] ? __might_fault+0xd3/0x180 [ 2048.072278] ? lock_downgrade+0x6d0/0x6d0 [ 2048.072630] ? io_schedule_timeout+0x140/0x140 [ 2048.073025] __sys_sendmmsg+0x195/0x470 [ 2048.073366] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2048.073736] ? lock_downgrade+0x6d0/0x6d0 [ 2048.074097] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2048.074515] ? wait_for_completion_io+0x270/0x270 [ 2048.074921] ? rcu_read_lock_any_held+0x75/0xa0 [ 2048.075322] ? vfs_write+0x354/0xb10 [ 2048.075638] ? fput_many+0x2f/0x1a0 [ 2048.075946] ? ksys_write+0x1a9/0x260 [ 2048.076269] ? __ia32_sys_read+0xb0/0xb0 [ 2048.076619] __x64_sys_sendmmsg+0x99/0x100 [ 2048.076975] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2048.077410] do_syscall_64+0x33/0x40 [ 2048.077724] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2048.078153] RIP: 0033:0x7f862c37fb19 [ 2048.078469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2048.080032] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2048.080674] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2048.081270] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2048.081865] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2048.082461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2048.083067] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 2048.092483] tmpfs: Unsupported parameter 'huge' 02:25:06 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:06 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5000000) 02:25:06 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 47) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:06 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:06 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:06 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8) [ 2048.270720] FAULT_INJECTION: forcing a failure. [ 2048.270720] name failslab, interval 1, probability 0, space 0, times 0 [ 2048.271905] CPU: 0 PID: 12291 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2048.272553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2048.273240] Call Trace: [ 2048.273515] dump_stack+0x107/0x167 [ 2048.273826] should_fail.cold+0x5/0xa [ 2048.274151] ? create_object.isra.0+0x3a/0xa20 [ 2048.274590] should_failslab+0x5/0x20 02:25:06 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8000000) [ 2048.274915] kmem_cache_alloc+0x5b/0x310 [ 2048.275278] create_object.isra.0+0x3a/0xa20 [ 2048.275691] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2048.276120] kmem_cache_alloc_bulk+0x168/0x320 [ 2048.276555] io_submit_sqes+0x6fe6/0x8610 [ 2048.276923] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2048.277339] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2048.277814] ? lock_downgrade+0x6d0/0x6d0 [ 2048.278163] ? find_held_lock+0x2c/0x110 [ 2048.278559] ? io_submit_sqes+0x8610/0x8610 [ 2048.278931] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2048.279347] ? wait_for_completion_io+0x270/0x270 [ 2048.279796] ? rcu_read_lock_any_held+0x75/0xa0 [ 2048.280186] ? vfs_write+0x354/0xb10 [ 2048.280548] ? fput_many+0x2f/0x1a0 [ 2048.280858] ? ksys_write+0x1a9/0x260 [ 2048.281180] ? __ia32_sys_read+0xb0/0xb0 [ 2048.281573] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2048.282735] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2048.283168] do_syscall_64+0x33/0x40 [ 2048.283548] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2048.283979] RIP: 0033:0x7f8c2e1fdb19 [ 2048.284295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2048.285901] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2048.286587] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2048.287191] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2048.287789] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2048.288387] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2048.288983] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2048.295754] tmpfs: Unsupported parameter 'huge' 02:25:06 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:19 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 71) 02:25:19 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x20000000) 02:25:19 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 48) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:19 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, 0x0, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:19 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:19 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1e1) 02:25:19 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:19 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r7 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) syz_io_uring_submit(r8, 0x0, 0x0, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r10}}, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f0000000080)=@IORING_OP_ACCEPT={0xd, 0x4, 0x0, r6, &(0x7f0000000180), 0x0, 0x0, 0x80800, 0x0, {0x0, r11}}, 0x0) r12 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='blkio.bfq.io_queued\x00', 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_CLOSE={0x13, 0x2, 0x0, r12, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r13 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r13, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2061.407255] FAULT_INJECTION: forcing a failure. [ 2061.407255] name failslab, interval 1, probability 0, space 0, times 0 [ 2061.408418] CPU: 0 PID: 12330 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2061.409077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2061.409810] Call Trace: [ 2061.410041] dump_stack+0x107/0x167 [ 2061.410350] should_fail.cold+0x5/0xa [ 2061.410674] ? create_object.isra.0+0x3a/0xa20 [ 2061.411125] should_failslab+0x5/0x20 [ 2061.411470] kmem_cache_alloc+0x5b/0x310 [ 2061.411856] ? mark_held_locks+0x9e/0xe0 [ 2061.412201] create_object.isra.0+0x3a/0xa20 [ 2061.412575] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2061.413016] FAULT_INJECTION: forcing a failure. [ 2061.413016] name failslab, interval 1, probability 0, space 0, times 0 [ 2061.414019] kmem_cache_alloc_bulk+0x168/0x320 [ 2061.414410] io_submit_sqes+0x6fe6/0x8610 [ 2061.414823] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2061.415242] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2061.415665] ? lock_downgrade+0x6d0/0x6d0 [ 2061.416055] ? find_held_lock+0x2c/0x110 [ 2061.416402] ? io_submit_sqes+0x8610/0x8610 [ 2061.416821] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2061.417228] ? wait_for_completion_io+0x270/0x270 [ 2061.417638] ? rcu_read_lock_any_held+0x75/0xa0 [ 2061.418094] ? vfs_write+0x354/0xb10 [ 2061.418411] ? fput_many+0x2f/0x1a0 [ 2061.418767] ? ksys_write+0x1a9/0x260 [ 2061.419088] ? __ia32_sys_read+0xb0/0xb0 [ 2061.419456] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2061.419941] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2061.420376] do_syscall_64+0x33/0x40 [ 2061.420732] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2061.421167] RIP: 0033:0x7f8c2e1fdb19 [ 2061.421484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2061.423108] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2061.423801] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2061.424395] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2061.425032] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2061.425627] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2061.426782] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2061.427416] CPU: 1 PID: 12331 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2061.428053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2061.428762] Call Trace: [ 2061.428996] dump_stack+0x107/0x167 [ 2061.429309] should_fail.cold+0x5/0xa [ 2061.429660] should_failslab+0x5/0x20 [ 2061.429988] __kmalloc_node_track_caller+0x74/0x3b0 [ 2061.430413] ? alloc_skb_with_frags+0x92/0x570 [ 2061.430818] __alloc_skb+0xb1/0x5b0 [ 2061.431132] alloc_skb_with_frags+0x92/0x570 [ 2061.431517] ? trace_hardirqs_on+0x5b/0x180 [ 2061.431898] ? kmem_cache_free+0xa7/0x2d0 [ 2061.432249] sock_alloc_send_pskb+0x7af/0x930 [ 2061.432634] ? sk_alloc+0x350/0x350 [ 2061.432962] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2061.433410] ? trace_hardirqs_on+0x5b/0x180 [ 2061.433790] ? mark_lock+0xf5/0x2df0 [ 2061.434113] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2061.434547] ? ip6_mtu+0x1bb/0x3d0 [ 2061.434858] ? lock_downgrade+0x6d0/0x6d0 [ 2061.435208] ? ip_frag_init+0x350/0x350 [ 2061.435567] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2061.435971] ? ip6_mtu+0x1e9/0x3d0 [ 2061.436274] ? ip6_setup_cork+0xfb7/0x1740 [ 2061.436637] ip6_make_skb+0x2de/0x4e0 [ 2061.436967] ? ip_frag_init+0x350/0x350 [ 2061.437306] ? ip_frag_init+0x350/0x350 [ 2061.437648] ? ip6_push_pending_frames+0xf0/0xf0 [ 2061.438057] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2061.438520] ? ip6_dst_check+0x389/0x8d0 [ 2061.438862] ? sk_dst_check+0x235/0x4c0 [ 2061.439214] udpv6_sendmsg+0x20d3/0x2ad0 [ 2061.439571] ? ip_frag_init+0x350/0x350 [ 2061.439914] ? udp_v6_push_pending_frames+0x360/0x360 [ 2061.440365] ? perf_event_task_disable+0x390/0x390 [ 2061.440781] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2061.441200] ? lock_acquire+0x197/0x470 [ 2061.441538] ? find_held_lock+0x2c/0x110 [ 2061.441895] ? sock_has_perm+0x1ea/0x280 [ 2061.442261] ? __import_iovec+0x458/0x590 [ 2061.442620] ? udp_v6_push_pending_frames+0x360/0x360 [ 2061.443384] inet6_sendmsg+0x105/0x140 [ 2061.443777] ? inet6_compat_ioctl+0x320/0x320 [ 2061.444214] __sock_sendmsg+0xf2/0x190 [ 2061.444619] ____sys_sendmsg+0x334/0x870 [ 2061.445029] ? sock_write_iter+0x3d0/0x3d0 [ 2061.445455] ? do_recvmmsg+0x6d0/0x6d0 [ 2061.445842] ? find_held_lock+0x2c/0x110 [ 2061.446245] ___sys_sendmsg+0xf3/0x170 [ 2061.446647] ? sendmsg_copy_msghdr+0x160/0x160 [ 2061.447095] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2061.448301] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2061.449302] ? trace_hardirqs_on+0x5b/0x180 [ 2061.449741] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2061.450750] ? finish_task_switch+0x126/0x5d0 [ 2061.451185] ? finish_task_switch+0xef/0x5d0 [ 2061.452189] ? __switch_to+0x572/0xf70 [ 2061.452571] ? __switch_to_asm+0x3a/0x60 [ 2061.453491] ? __switch_to_asm+0x34/0x60 [ 2061.453913] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2061.455086] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2061.455616] ? trace_hardirqs_on+0x5b/0x180 [ 2061.456054] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2061.456589] __sys_sendmmsg+0x195/0x470 [ 2061.456980] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2061.457396] ? lock_downgrade+0x6d0/0x6d0 [ 2061.457806] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2061.458275] ? wait_for_completion_io+0x270/0x270 [ 2061.458744] ? rcu_read_lock_any_held+0x75/0xa0 [ 2061.459199] ? vfs_write+0x354/0xb10 [ 2061.459574] ? fput_many+0x2f/0x1a0 [ 2061.459926] ? ksys_write+0x1a9/0x260 [ 2061.460310] ? __ia32_sys_read+0xb0/0xb0 [ 2061.460711] __x64_sys_sendmmsg+0x99/0x100 [ 2061.461117] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2061.461633] do_syscall_64+0x33/0x40 [ 2061.461994] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2061.462493] RIP: 0033:0x7f862c37fb19 [ 2061.462859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2061.464667] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2061.465389] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2061.466069] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2061.466768] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2061.467453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2061.468146] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:25:19 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:19 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, 0x0, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:19 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:19 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f000000) 02:25:19 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002740), 0xffffffffffffffff) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(r6, &(0x7f0000002800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={0x20, r7, 0x1, 0x0, 0x0, {0x14}, [@ETHTOOL_A_EEE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0x20}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000400)=@IORING_OP_POLL_ADD={0x6, 0x5, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x1110}, 0x1}, 0x685f) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0xc0, r5, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x8}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x13}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x5}, @ETHTOOL_A_CHANNELS_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_CHANNELS_RX_COUNT={0x8}]}, 0xc0}, 0x1, 0x0, 0x0, 0x20000008}, 0x800) pwrite64(r4, &(0x7f0000000180)="8f38102c889e8a3def52125a7b1f39bf88fd4db4391918b6c18e27b578cf5259224ab7235627d01a0296ec26ce2c62d6eb83290e7a508a6b5fa57531f21343ecef413c1d9a05444f652ab3c269fc1ada0ee69244ca2c892c517f9253728de185441a30fcedebfa5f4980a725477633e08b33792b8eb02a165d04ecee2edc76d7", 0x80, 0x80000001) 02:25:19 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500) 02:25:20 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 49) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:20 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2061.694197] FAULT_INJECTION: forcing a failure. [ 2061.694197] name failslab, interval 1, probability 0, space 0, times 0 [ 2061.695414] CPU: 0 PID: 12376 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2061.696040] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2061.696777] Call Trace: [ 2061.697010] dump_stack+0x107/0x167 [ 2061.697319] should_fail.cold+0x5/0xa [ 2061.697645] ? create_object.isra.0+0x3a/0xa20 [ 2061.698166] should_failslab+0x5/0x20 [ 2061.698490] kmem_cache_alloc+0x5b/0x310 [ 2061.698909] ? mark_held_locks+0x9e/0xe0 [ 2061.699258] create_object.isra.0+0x3a/0xa20 [ 2061.699649] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2061.700254] kmem_cache_alloc_bulk+0x168/0x320 [ 2061.700645] io_submit_sqes+0x6fe6/0x8610 [ 2061.701055] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2061.701473] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2061.701924] ? lock_downgrade+0x6d0/0x6d0 [ 2061.702270] ? find_held_lock+0x2c/0x110 [ 2061.702617] ? io_submit_sqes+0x8610/0x8610 [ 2061.703035] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2061.703464] ? wait_for_completion_io+0x270/0x270 [ 2061.703936] ? rcu_read_lock_any_held+0x75/0xa0 [ 2061.704325] ? vfs_write+0x354/0xb10 [ 2061.704640] ? fput_many+0x2f/0x1a0 [ 2061.705027] ? ksys_write+0x1a9/0x260 [ 2061.705351] ? __ia32_sys_read+0xb0/0xb0 [ 2061.705777] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2061.706223] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2061.706657] do_syscall_64+0x33/0x40 [ 2061.707031] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2061.707478] RIP: 0033:0x7f8c2e1fdb19 [ 2061.707842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2061.709395] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2061.710074] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2061.710667] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2061.711325] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2061.711981] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2061.712572] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2074.552208] FAULT_INJECTION: forcing a failure. [ 2074.552208] name failslab, interval 1, probability 0, space 0, times 0 [ 2074.553293] CPU: 0 PID: 12388 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2074.553875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2074.554567] Call Trace: [ 2074.554799] dump_stack+0x107/0x167 [ 2074.555111] should_fail.cold+0x5/0xa [ 2074.555440] ? create_object.isra.0+0x3a/0xa20 [ 2074.555879] should_failslab+0x5/0x20 [ 2074.556209] kmem_cache_alloc+0x5b/0x310 [ 2074.556584] ? mark_held_locks+0x9e/0xe0 [ 2074.556931] create_object.isra.0+0x3a/0xa20 [ 2074.557304] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2074.557762] kmem_cache_alloc_bulk+0x168/0x320 [ 2074.558155] io_submit_sqes+0x6fe6/0x8610 [ 2074.558548] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2074.558970] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2074.559380] ? lock_downgrade+0x6d0/0x6d0 [ 2074.559756] ? find_held_lock+0x2c/0x110 [ 2074.560107] ? io_submit_sqes+0x8610/0x8610 [ 2074.560497] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2074.560918] ? wait_for_completion_io+0x270/0x270 [ 2074.561330] ? rcu_read_lock_any_held+0x75/0xa0 [ 2074.561748] ? vfs_write+0x354/0xb10 [ 2074.562065] ? fput_many+0x2f/0x1a0 [ 2074.562377] ? ksys_write+0x1a9/0x260 [ 2074.562721] ? __ia32_sys_read+0xb0/0xb0 [ 2074.563070] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.563547] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2074.563989] do_syscall_64+0x33/0x40 [ 2074.564307] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2074.564782] RIP: 0033:0x7f8c2e1fdb19 [ 2074.565101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2074.566686] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2074.567330] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2074.568043] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2074.568293] FAULT_INJECTION: forcing a failure. [ 2074.568293] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2074.568692] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2074.568700] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2074.568708] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2074.571975] CPU: 1 PID: 12396 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2074.572635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2074.573377] Call Trace: [ 2074.573639] dump_stack+0x107/0x167 [ 2074.573981] should_fail.cold+0x5/0xa [ 2074.574350] _copy_from_user+0x2e/0x1b0 [ 2074.574747] __copy_msghdr_from_user+0x91/0x4b0 [ 2074.575180] ? __ia32_sys_shutdown+0x80/0x80 [ 2074.575627] ? udp_v6_push_pending_frames+0x360/0x360 [ 2074.576106] ? inet6_sendmsg+0xbd/0x140 [ 2074.576497] ? inet6_compat_ioctl+0x320/0x320 [ 2074.576905] ? __sock_sendmsg+0x55/0x190 [ 2074.577282] sendmsg_copy_msghdr+0xa1/0x160 [ 2074.577711] ? do_recvmmsg+0x6d0/0x6d0 [ 2074.578073] ? __lock_acquire+0x1657/0x5b00 [ 2074.578501] ___sys_sendmsg+0xc6/0x170 [ 2074.578866] ? sendmsg_copy_msghdr+0x160/0x160 [ 2074.579282] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.579843] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2074.580252] ? trace_hardirqs_on+0x5b/0x180 [ 2074.580677] ? lock_acquire+0x197/0x470 [ 2074.581040] ? find_held_lock+0x2c/0x110 [ 2074.581480] ? __might_fault+0xd3/0x180 [ 2074.581912] ? lock_downgrade+0x6d0/0x6d0 [ 2074.582372] ? io_schedule_timeout+0x140/0x140 [ 2074.582883] __sys_sendmmsg+0x195/0x470 [ 2074.583349] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2074.583849] ? lock_downgrade+0x6d0/0x6d0 [ 2074.584324] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2074.584874] ? wait_for_completion_io+0x270/0x270 [ 2074.585419] ? rcu_read_lock_any_held+0x75/0xa0 [ 2074.585934] ? vfs_write+0x354/0xb10 [ 2074.586353] ? fput_many+0x2f/0x1a0 [ 2074.586768] ? ksys_write+0x1a9/0x260 [ 2074.587194] ? __ia32_sys_read+0xb0/0xb0 [ 2074.587660] __x64_sys_sendmmsg+0x99/0x100 [ 2074.588125] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2074.588699] do_syscall_64+0x33/0x40 [ 2074.589120] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2074.589694] RIP: 0033:0x7f862c37fb19 [ 2074.590109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2074.592136] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2074.592980] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2074.593757] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2074.594565] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2074.595344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2074.596122] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 2074.793963] FAULT_INJECTION: forcing a failure. [ 2074.793963] name failslab, interval 1, probability 0, space 0, times 0 [ 2074.796548] CPU: 1 PID: 12428 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2074.797813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2074.799345] Call Trace: [ 2074.799680] dump_stack+0x107/0x167 [ 2074.800008] should_fail.cold+0x5/0xa [ 2074.800353] ? create_object.isra.0+0x3a/0xa20 [ 2074.800770] should_failslab+0x5/0x20 [ 2074.801110] kmem_cache_alloc+0x5b/0x310 [ 2074.801481] ? mark_held_locks+0x9e/0xe0 [ 2074.801845] create_object.isra.0+0x3a/0xa20 [ 2074.802236] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2074.802696] kmem_cache_alloc_bulk+0x168/0x320 [ 2074.803121] io_submit_sqes+0x6fe6/0x8610 [ 2074.803566] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2074.804682] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2074.805540] ? lock_downgrade+0x6d0/0x6d0 [ 2074.806268] ? find_held_lock+0x2c/0x110 [ 2074.806995] ? io_submit_sqes+0x8610/0x8610 [ 2074.807868] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2074.809088] ? wait_for_completion_io+0x270/0x270 [ 2074.810033] ? rcu_read_lock_any_held+0x75/0xa0 [ 2074.810943] ? vfs_write+0x354/0xb10 [ 2074.811605] ? fput_many+0x2f/0x1a0 [ 2074.811935] ? ksys_write+0x1a9/0x260 [ 2074.812277] ? __ia32_sys_read+0xb0/0xb0 [ 2074.812643] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.813106] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2074.813565] do_syscall_64+0x33/0x40 [ 2074.813899] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2074.814352] RIP: 0033:0x7f8c2e1fdb19 [ 2074.814688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2074.816354] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2074.817045] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2074.817687] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2074.818326] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2074.818964] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2074.819643] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2074.880309] FAULT_INJECTION: forcing a failure. [ 2074.880309] name failslab, interval 1, probability 0, space 0, times 0 [ 2074.881682] CPU: 1 PID: 12451 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2074.882297] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2074.883029] Call Trace: [ 2074.883277] dump_stack+0x107/0x167 [ 2074.883636] should_fail.cold+0x5/0xa [ 2074.883986] ? __alloc_skb+0x6d/0x5b0 [ 2074.884331] should_failslab+0x5/0x20 [ 2074.884678] kmem_cache_alloc_node+0x55/0x330 [ 2074.885087] __alloc_skb+0x6d/0x5b0 [ 2074.885424] alloc_skb_with_frags+0x92/0x570 [ 2074.885818] ? trace_hardirqs_on+0x5b/0x180 [ 2074.886211] ? kmem_cache_free+0xa7/0x2d0 [ 2074.886588] sock_alloc_send_pskb+0x7af/0x930 [ 2074.887005] ? sk_alloc+0x350/0x350 [ 2074.887342] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2074.887828] ? trace_hardirqs_on+0x5b/0x180 [ 2074.888215] ? __dev_queue_xmit+0xe4e/0x2710 [ 2074.888617] ? __local_bh_enable_ip+0x9d/0x100 [ 2074.889043] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2074.889516] ? ip6_mtu+0x1bb/0x3d0 [ 2074.889843] ? lock_downgrade+0x6d0/0x6d0 [ 2074.890216] ? ip_frag_init+0x350/0x350 [ 2074.890592] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2074.891007] ? ip6_mtu+0x1e9/0x3d0 [ 2074.891330] ? ip6_setup_cork+0xfb7/0x1740 [ 2074.891734] ip6_make_skb+0x2de/0x4e0 [ 2074.892076] ? ip_frag_init+0x350/0x350 [ 2074.892444] ? ip_frag_init+0x350/0x350 [ 2074.892804] ? ip6_push_pending_frames+0xf0/0xf0 [ 2074.893240] ? ip6_dst_check+0x389/0x8d0 [ 2074.893611] ? sk_dst_check+0x235/0x4c0 [ 2074.893978] udpv6_sendmsg+0x20d3/0x2ad0 [ 2074.894346] ? ip_frag_init+0x350/0x350 [ 2074.894724] ? udp_v6_push_pending_frames+0x360/0x360 [ 2074.895191] ? perf_event_task_disable+0x390/0x390 [ 2074.895645] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2074.896082] ? lock_acquire+0x197/0x470 [ 2074.896439] ? find_held_lock+0x2c/0x110 [ 2074.896817] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.897282] ? sock_has_perm+0x1ea/0x280 [ 2074.897670] ? __import_iovec+0x458/0x590 [ 2074.898043] ? udp_v6_push_pending_frames+0x360/0x360 [ 2074.898509] inet6_sendmsg+0x105/0x140 [ 2074.898861] ? inet6_compat_ioctl+0x320/0x320 [ 2074.899261] __sock_sendmsg+0xf2/0x190 [ 2074.899634] ____sys_sendmsg+0x334/0x870 [ 2074.900008] ? sock_write_iter+0x3d0/0x3d0 [ 2074.900385] ? do_recvmmsg+0x6d0/0x6d0 [ 2074.900741] ? __lock_acquire+0x1657/0x5b00 [ 2074.901139] ___sys_sendmsg+0xf3/0x170 [ 2074.901493] ? sendmsg_copy_msghdr+0x160/0x160 [ 2074.901904] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.902372] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2074.902772] ? trace_hardirqs_on+0x5b/0x180 [ 2074.903164] ? lock_acquire+0x197/0x470 [ 2074.903534] ? find_held_lock+0x2c/0x110 [ 2074.903905] ? __might_fault+0xd3/0x180 [ 2074.904261] ? lock_downgrade+0x6d0/0x6d0 [ 2074.904639] ? io_schedule_timeout+0x140/0x140 [ 2074.905061] __sys_sendmmsg+0x195/0x470 [ 2074.905425] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2074.905818] ? lock_downgrade+0x6d0/0x6d0 [ 2074.906211] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2074.906660] ? wait_for_completion_io+0x270/0x270 [ 2074.907097] ? rcu_read_lock_any_held+0x75/0xa0 [ 2074.907536] ? vfs_write+0x354/0xb10 [ 2074.908157] ? fput_many+0x2f/0x1a0 [ 2074.908487] ? ksys_write+0x1a9/0x260 [ 2074.908828] ? __ia32_sys_read+0xb0/0xb0 [ 2074.909202] __x64_sys_sendmmsg+0x99/0x100 [ 2074.909581] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2074.910036] do_syscall_64+0x33/0x40 [ 2074.910369] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2074.910824] RIP: 0033:0x7f862c37fb19 [ 2074.911159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2074.912795] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2074.913469] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2074.914096] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2074.914722] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2074.915350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2074.915998] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:25:32 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:32 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 50) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:32 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x40000000) 02:25:32 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, 0x0, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:32 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000) 02:25:32 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:32 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 72) 02:25:32 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd=r3, 0x6, {0x0, r0}, 0x5, 0x0, 0x1, {0x0, 0x0, r3}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:33 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:33 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:33 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2ab7) 02:25:33 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 51) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:33 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xbf2a0000) 02:25:33 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, 0x0, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:33 executing program 7: pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000100), 0x5a, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x10) vmsplice(r1, &(0x7f0000000480)=[{&(0x7f00000002c0)="8e203be8642311dc8a704b2eb815188172e7ab4fe6bff0180791b089657a13b6d193b56b5f71ffb4512214cb6e843312ad611e036f6a3b86b3136f9c9abee497b295402214dfcb3d2d881fc3668f26f8fe1d60727628d24fe1d01c88b2e7550f028dc4a7fe19f8b29148f632fc8f", 0x6e}, {&(0x7f00000000c0)="49a8003a6f07d9340b6004", 0xb}, {&(0x7f0000000340)="b9278cacd80803772b2ff46ab3dbb8ec41321cc4cd72790fa6308ea489e387e24e", 0x21}, {&(0x7f0000000380)="36f0d16b31a16712f294da442022a6af3c44ef0ebd5126e90a59074fe13ce0bbc0cc60194549ff6e115027d78fe2706da04660eb5756c06ea952523ab124418cc7a217ec6b501b9e89fcb100f73fa3d9300571b5b9ead33d05a2b978403aba25dc9f5a11748c785eeab3049a1c367ecc5a679a0427cf0e39fd41e4514e9de61a830f014fd520ed36dce3cb28e4208c2e5ad5056b52077d6180f1a4d519a3b9e410f763f5b1dd3a9ece2eee447eb04cf4e757e0ee78f29d96451d9fa600d244eda0662c1d6e0992eaf3f2156249a87e3e38301bb71f0203ae875ff8c6d559401e16d2fb2d348ddc16e854a8e22ad0a58f30b46e", 0xf3}], 0x4, 0x4) r2 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x3, 0x0, 0x0, r1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r5, r4, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r2, 0x58af, 0x0, 0x2, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x80, 0x0, 0x3, 0x40, 0x0, 0x0, 0x8, 0x10000, 0xd, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x4, @perf_config_ext={0x2, 0x100}, 0x0, 0x400, 0x8, 0x3, 0x2, 0x9, 0x7, 0x0, 0x7, 0x0, 0x5}, 0x0, 0x5, 0xffffffffffffffff, 0x0) 02:25:33 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:33 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 73) 02:25:46 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xd5020000) 02:25:46 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 74) 02:25:46 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x12030000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:46 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, 0x0, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:46 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:46 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 52) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:46 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r4 = syz_io_uring_setup(0x2622, &(0x7f0000000180)={0x0, 0xe29b, 0x0, 0x0, 0x47, 0x0, r0}, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)) syz_io_uring_setup(0x7084, &(0x7f00000002c0)={0x0, 0x990d, 0x2, 0x3, 0x353, 0x0, r0}, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000340), &(0x7f0000000380)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000003c0)=@IORING_OP_POLL_REMOVE={0x7, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r7}}, 0x20) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000000, 0x13, r4, 0x8000000) 02:25:46 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00) [ 2087.687680] FAULT_INJECTION: forcing a failure. [ 2087.687680] name failslab, interval 1, probability 0, space 0, times 0 [ 2087.688758] CPU: 1 PID: 12470 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2087.689348] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.690046] Call Trace: [ 2087.690278] dump_stack+0x107/0x167 [ 2087.690593] should_fail.cold+0x5/0xa [ 2087.690921] ? create_object.isra.0+0x3a/0xa20 [ 2087.691314] should_failslab+0x5/0x20 [ 2087.691647] kmem_cache_alloc+0x5b/0x310 [ 2087.691999] ? mark_held_locks+0x9e/0xe0 [ 2087.692349] create_object.isra.0+0x3a/0xa20 [ 2087.692724] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2087.693157] kmem_cache_alloc_bulk+0x168/0x320 [ 2087.693551] io_submit_sqes+0x6fe6/0x8610 [ 2087.693922] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.694344] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.694754] ? lock_downgrade+0x6d0/0x6d0 [ 2087.695106] ? find_held_lock+0x2c/0x110 [ 2087.695454] ? io_submit_sqes+0x8610/0x8610 [ 2087.695845] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2087.696256] ? wait_for_completion_io+0x270/0x270 [ 2087.696666] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.697060] ? vfs_write+0x354/0xb10 [ 2087.697378] ? fput_many+0x2f/0x1a0 [ 2087.697687] ? ksys_write+0x1a9/0x260 [ 2087.698013] ? __ia32_sys_read+0xb0/0xb0 [ 2087.698361] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.698804] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.699243] do_syscall_64+0x33/0x40 [ 2087.699560] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.700017] RIP: 0033:0x7f8c2e1fdb19 [ 2087.700341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.701894] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2087.702554] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2087.703152] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2087.703774] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.704377] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2087.704978] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2087.714934] FAULT_INJECTION: forcing a failure. [ 2087.714934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2087.716138] CPU: 0 PID: 12477 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2087.716729] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.717429] Call Trace: [ 2087.717660] dump_stack+0x107/0x167 [ 2087.717974] should_fail.cold+0x5/0xa [ 2087.718307] _copy_from_user+0x2e/0x1b0 [ 2087.718657] __copy_msghdr_from_user+0x91/0x4b0 [ 2087.719061] ? __ia32_sys_shutdown+0x80/0x80 [ 2087.719449] ? udp_v6_push_pending_frames+0x360/0x360 [ 2087.719913] ? inet6_sendmsg+0xbd/0x140 [ 2087.720250] ? inet6_compat_ioctl+0x320/0x320 [ 2087.720627] ? __sock_sendmsg+0x55/0x190 [ 2087.720976] sendmsg_copy_msghdr+0xa1/0x160 [ 2087.721350] ? do_recvmmsg+0x6d0/0x6d0 [ 2087.721683] ? __lock_acquire+0x1657/0x5b00 [ 2087.722057] ___sys_sendmsg+0xc6/0x170 [ 2087.722390] ? sendmsg_copy_msghdr+0x160/0x160 [ 2087.722776] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2087.723154] ? _raw_spin_unlock_irq+0x27/0x30 [ 2087.723539] ? lock_acquire+0x197/0x470 [ 2087.723892] ? find_held_lock+0x2c/0x110 [ 2087.724241] ? __might_fault+0xd3/0x180 [ 2087.724580] ? lock_downgrade+0x6d0/0x6d0 [ 2087.724933] ? io_schedule_timeout+0x140/0x140 [ 2087.725329] __sys_sendmmsg+0x195/0x470 [ 2087.725672] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2087.726042] ? lock_downgrade+0x6d0/0x6d0 [ 2087.726409] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2087.726820] ? wait_for_completion_io+0x270/0x270 [ 2087.727241] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.727641] ? vfs_write+0x354/0xb10 [ 2087.727968] ? fput_many+0x2f/0x1a0 [ 2087.728280] ? ksys_write+0x1a9/0x260 [ 2087.728606] ? __ia32_sys_read+0xb0/0xb0 [ 2087.728958] __x64_sys_sendmmsg+0x99/0x100 [ 2087.729323] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.729759] do_syscall_64+0x33/0x40 [ 2087.730075] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.730509] RIP: 0033:0x7f862c37fb19 [ 2087.730827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.732382] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2087.733022] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2087.733624] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2087.734224] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.734825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2087.735425] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:25:46 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, 0x0, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:46 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff) 02:25:46 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000) 02:25:46 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 53) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:46 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:46 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 75) 02:25:46 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x20000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:46 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2087.921945] FAULT_INJECTION: forcing a failure. [ 2087.921945] name failslab, interval 1, probability 0, space 0, times 0 [ 2087.923160] CPU: 0 PID: 12504 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2087.923756] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.924450] Call Trace: [ 2087.924683] dump_stack+0x107/0x167 [ 2087.924997] should_fail.cold+0x5/0xa [ 2087.925327] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2087.925778] should_failslab+0x5/0x20 [ 2087.926104] __kmalloc_node+0x76/0x420 [ 2087.926443] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 2087.926876] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 2087.927306] kmem_cache_alloc_bulk+0x182/0x320 [ 2087.927712] io_submit_sqes+0x6fe6/0x8610 [ 2087.928085] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.928510] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2087.928927] ? lock_downgrade+0x6d0/0x6d0 [ 2087.929280] ? find_held_lock+0x2c/0x110 [ 2087.929632] ? io_submit_sqes+0x8610/0x8610 [ 2087.930008] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2087.930423] ? wait_for_completion_io+0x270/0x270 [ 2087.930837] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.931235] ? vfs_write+0x354/0xb10 [ 2087.931559] ? fput_many+0x2f/0x1a0 [ 2087.931882] ? ksys_write+0x1a9/0x260 [ 2087.932209] ? __ia32_sys_read+0xb0/0xb0 [ 2087.932559] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.933003] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.933445] do_syscall_64+0x33/0x40 [ 2087.933762] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.934197] RIP: 0033:0x7f8c2e1fdb19 [ 2087.934515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.936077] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2087.936724] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2087.937325] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2087.937926] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.938528] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2087.939138] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 [ 2087.940638] FAULT_INJECTION: forcing a failure. [ 2087.940638] name failslab, interval 1, probability 0, space 0, times 0 [ 2087.941602] CPU: 0 PID: 12508 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2087.942184] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.942883] Call Trace: [ 2087.943111] dump_stack+0x107/0x167 [ 2087.943429] should_fail.cold+0x5/0xa [ 2087.943777] ? create_object.isra.0+0x3a/0xa20 [ 2087.944166] should_failslab+0x5/0x20 [ 2087.944495] kmem_cache_alloc+0x5b/0x310 [ 2087.944842] ? ___sys_sendmsg+0xf3/0x170 [ 2087.945187] ? __sys_sendmmsg+0x195/0x470 [ 2087.945545] create_object.isra.0+0x3a/0xa20 [ 2087.945920] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2087.946355] kmem_cache_alloc_node+0x169/0x330 [ 2087.946747] __alloc_skb+0x6d/0x5b0 [ 2087.947062] alloc_skb_with_frags+0x92/0x570 [ 2087.947438] ? trace_hardirqs_on+0x5b/0x180 [ 2087.947822] ? kmem_cache_free+0xa7/0x2d0 [ 2087.948176] sock_alloc_send_pskb+0x7af/0x930 [ 2087.948565] ? sk_alloc+0x350/0x350 [ 2087.948883] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2087.949325] ? trace_hardirqs_on+0x5b/0x180 [ 2087.949693] ? __dev_queue_xmit+0xe4e/0x2710 [ 2087.950066] ? __local_bh_enable_ip+0x9d/0x100 [ 2087.950460] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2087.950896] ? ip6_mtu+0x1bb/0x3d0 [ 2087.951200] ? lock_downgrade+0x6d0/0x6d0 [ 2087.951552] ? ip_frag_init+0x350/0x350 [ 2087.951915] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2087.952311] ? ip6_mtu+0x1e9/0x3d0 [ 2087.952616] ? ip6_setup_cork+0xfb7/0x1740 [ 2087.952978] ip6_make_skb+0x2de/0x4e0 [ 2087.953301] ? ip_frag_init+0x350/0x350 [ 2087.953648] ? ip_frag_init+0x350/0x350 [ 2087.953988] ? ip6_push_pending_frames+0xf0/0xf0 [ 2087.954398] ? ip6_dst_check+0x389/0x8d0 [ 2087.954743] ? sk_dst_check+0x235/0x4c0 [ 2087.955086] udpv6_sendmsg+0x20d3/0x2ad0 [ 2087.955436] ? ip_frag_init+0x350/0x350 [ 2087.955799] ? udp_v6_push_pending_frames+0x360/0x360 [ 2087.956242] ? perf_event_task_disable+0x390/0x390 [ 2087.956663] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2087.957075] ? lock_acquire+0x197/0x470 [ 2087.957412] ? find_held_lock+0x2c/0x110 [ 2087.957766] ? sock_has_perm+0x1ea/0x280 [ 2087.958126] ? __import_iovec+0x458/0x590 [ 2087.958481] ? udp_v6_push_pending_frames+0x360/0x360 [ 2087.958921] inet6_sendmsg+0x105/0x140 [ 2087.959254] ? inet6_compat_ioctl+0x320/0x320 02:25:46 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xb72a) [ 2087.959644] __sock_sendmsg+0xf2/0x190 [ 2087.959986] ____sys_sendmsg+0x334/0x870 [ 2087.960334] ? sock_write_iter+0x3d0/0x3d0 [ 2087.967642] ? do_recvmmsg+0x6d0/0x6d0 [ 2087.967982] ? __lock_acquire+0x1657/0x5b00 [ 2087.968356] ___sys_sendmsg+0xf3/0x170 [ 2087.968693] ? sendmsg_copy_msghdr+0x160/0x160 [ 2087.969081] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.969520] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2087.969895] ? trace_hardirqs_on+0x5b/0x180 [ 2087.970265] ? lock_acquire+0x197/0x470 [ 2087.970601] ? find_held_lock+0x2c/0x110 [ 2087.970957] ? __might_fault+0xd3/0x180 [ 2087.971293] ? lock_downgrade+0x6d0/0x6d0 [ 2087.971668] ? io_schedule_timeout+0x140/0x140 [ 2087.972065] __sys_sendmmsg+0x195/0x470 [ 2087.972407] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2087.972770] ? lock_downgrade+0x6d0/0x6d0 [ 2087.973132] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2087.973541] ? wait_for_completion_io+0x270/0x270 [ 2087.973948] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.974339] ? vfs_write+0x354/0xb10 [ 2087.974652] ? fput_many+0x2f/0x1a0 [ 2087.974961] ? ksys_write+0x1a9/0x260 [ 2087.975285] ? __ia32_sys_read+0xb0/0xb0 [ 2087.975647] __x64_sys_sendmmsg+0x99/0x100 [ 2087.976008] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.976444] do_syscall_64+0x33/0x40 [ 2087.976760] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.977191] RIP: 0033:0x7f862c37fb19 [ 2087.977507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.979041] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2087.979688] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2087.980284] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2087.980883] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.981479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2087.982075] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:25:46 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x0, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:46 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff) 02:25:46 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:46 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x40010, r0, 0x8000000) r4 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r5}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000006c0)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x1026}, 0x1, {0x0, r5}}, 0x3) sendmsg$nl_generic(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB="0000000a000000040000804aea287e1a32612129e5cbafe939823035a0232297de3a2c267be00e9540b1c1029310e779bc5241fe74744ef388db6e112485eb0bcee510e3d31930a5e67cf201109ff671eee9463f658b48a14cbbb4bfdf554143ef59f0e03741a36f36c024f35805fafff5eeab3692940f41ed08f593c7638c6af2cb48b5ca9f4b8b06f4eeab12cfaf6de14f6c6cd054b9f677ae7c7c23e50d7a0b97fbc8c65ce406ef1a677e9eb1ea7fc2e860b55216f5869d5fc74802c2000000000000000000000000004f667b59d9b6b036108173cdbcbf885d5827139365fbf351ed283addfb9904fc205cc1f801d0b5f7819271e1c0f685e4c72212b90f8a7008610617e78d6bcb2905f5e277f244ec1394e506396c29b2c936c2d8d741bed8f8ff56afe104b7f77cf2b4482299f216fc68833596e895865d56020c087a7495d494dd311ab6ab12b0db4aeee350a9fe142a7fef4ae5bb5d8abde7e7a2c4108ea26aac7783dcf0a226d1b82ea907a11cfd8b25a5c9af24f9bf21b666b8ed8193d648e9e7890900c5e50ffcfd8e94335df1636f03044fd347d2352813d90dcf141b6c853cbf82ef9e5da099770e71be01ee164850bac311e52151da78799e88430a86f8e9489d9b3d0c27540410e903b490a01225df0af2ae3704fe78b9b338a23b0330eede18b2bfc09cfd6f928bc32d621bc20646f6072f1f38d89b02b8f30e7865e070d73983d65ce4c68cbca3764bb5a9d990b8bbc4340a5de479e632161e2d0060a0a37aee15edd0dbb897582ceff3f09f700213f3b6e8683943738d6dee885de35fece5168600f0c869f5e1da5a11f27b93cc37941d1b9e1006d317f29056"], 0x18}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000580)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, r4, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@nfc_llcp, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000340)=""/159, 0x9f}, {&(0x7f0000000400)=""/238, 0xee}], 0x2, &(0x7f0000000500)=""/98, 0x62}, 0x0, 0x0, 0x0, {0x1}}, 0x7) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2800000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_config_ext={0x61d69414}, 0x0, 0x0, 0x0, 0x0, 0x100001, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000100), 0x5a, 0x0) io_uring_enter(r6, 0x58af, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f0000000100), 0x5a, 0x0) openat(r7, &(0x7f0000000040)='./file0\x00', 0x414000, 0x1a4) 02:25:46 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:46 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffe4) 02:25:46 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe101) 02:25:46 executing program 7: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00', 0x0, 0xa) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) r6 = clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) clone3(&(0x7f0000000800)={0x100, &(0x7f00000002c0)=0xffffffffffffffff, &(0x7f0000000300), &(0x7f0000000880), {0x15}, &(0x7f0000000680)=""/250, 0xfa, &(0x7f0000000380)=""/34, &(0x7f0000000780)=[r6, r6, 0x0, r6, r6, 0x0], 0x6}, 0x58) fcntl$lock(r5, 0x24, &(0x7f0000000040)={0x1, 0x1, 0x0, 0x0, r6}) ioctl$AUTOFS_IOC_CATATONIC(0xffffffffffffffff, 0x9362, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(r7, 0x5000940f, &(0x7f0000000940)={{r7}, "ae76671a9bf2fe6287338c6d466541c096dd2884c8f5b1abeb0e0e68fca9bd8134d4b3f42d97ee2cbad286c6f72997b1de6969eb93fc9039df464b08baea8058ac35b27b6ad0772ae4a7bb4454d0f421aa8d76706abbd38b30dc13e482b8838ffcd709793e15734705045af49344de2acbf3611d580b544b4638c778b0f4ced26d816885704fc54b8f81c98d972f6a6d3a88d6f42cb27e1035725100db27b409dd88ac82d9046eaff236e8eee343adcfd88510297071a2272c409338721983c5ba63f934038c8fd42808cb5f522fca9b9f7c9462c9abe82fde5ccc4ba208c9df02ae372baba9330fd1682de246801abded7e0e5f8f74fc9c095704ba0fc874d2ee6c8f67cb76853bf38b5bd05a9f839f9ebb065c0fea13b397cd524369984de8c1c20532f6c7092c32408756ff81f85d0e8b3b86feef91ba447c629c9b8d7711b25c934bb8b00d48fb13250cd6b2d8bcc3e5f3e2450e133c046a9ef69d3b0b6c19dd0b8f0fbd68f05e3978edf4d73654ae1475de64cb38daf5ac588d8911a125cc0ff85996b95691a8ee1be17cf8305fd0380f79719057d6140894a422fcb9a1c05870e5ddd9be119fc0a7c0d8909fd4fd10569618bab75de390a5da756a4fd1c06929c57535fa509ddb469989eaf17dd7aac496165f79fd8a6d2d0ce67452c4cbc126df36081386e3f74cbbf6bf5dac9e4599109c51d5b4055179471a1609c00df8037d57a0e2b530c9da227424131d795506735bed2ac2a756ee58f7bb353a505a9cb46e14823224ea8630b3449d249b57e2303e1e09be6fb222c2d7c5ddff28a405df01fd06fb8ece8ab0cbbbdcd8a167155900e3d85d9c9b77001aae8186322a008fd544709b6f91d8e55cdefca14a4261d485c06954fe6da27497b1596a286109a37653f7f2ac7b7250b721c27f8f35fb8b5527f336d8f3f6d5ccfd51dd9483b37949e8bb3c7ed04ce975171d642f36c9dba1b165eeedb3a42a795b209cab068995ab8c02bc613d85381e54941ac4218781d0ca8041896454f68d57bc5efe3f3035e5dbaa087f54fbc43b51e28c4da2b55391b41848f935f828e2abc93a344bc872150a01c8eaed3f5d8bc8e6e1451e2274eef9c70ff5c4024d3bf8e9cd81728a0900eac253ca72b64088c156d5b6e4bc655f5644608ff03528387d23a0d3d2838eda722eda279d946842f283cb7e36039454fe99105293899979408eca4431cee0d0861fcce9f86bd29f9e4e204239860f79e9f70769c1d5427ea9c6be634f74579b8eed9b9486c3a2f6900f67f564e80893070e3c6f0f180ede2e3375dc2280b33b636fee4afe00cd88a4b914c38866f9885d24c0a61cc7ea25808437413bc6d8980aa1c32865a09902afb0ceb121e5ee60e466f768bacb0e4ac079612abd7a1d3b275c282fa445d0eebeb78d970eb8a1c63db2bf1013f81dc0f4f2a2e4be88932d50c5b808a0f6d1b8827fc64b8be1e12dcc68e55890c8b5c7da99a64b6fe398a9e94965ea3c5d8b372d75c0784608a06879e74cc0f77f9db5da862297dcc4f26e73dd2758dbac2be89629c2e56ce31fe0b027342ba1e4af7e4cb291c481b45a3537b3c9d92db5febd8c5e07204aa429cefa48c623d750638dd5d89f7adeedf524fc1b1cf1f0f188861bce62164680b376a54d5d4db6489a68d38f380cfb43ea0599039d0bf9c0e4c9ba07d5dcf27c819714c00b89c2fe1a7c092aec3fc3173b3ef8f894517f0123c92122ce79a30f4b99015ea030cada384a5c1ad930bac55b4258d71373db0a82300d4009962548d0442f5e351c267a12cd409b4b104b88028a817930905dfc6d35dd5821d9ae992944923eb36cadcb6f2dd91f2bcdd5208d6d2f89ca22dec9e6095cf55ec7d2f1b363292ad3ca3f32eae3f48c7400a87bee7c138267a0bbbcbaee9867d3c44d3056a787bbd65c51048ed6b1d05d0daddff82ae17812226bfe7077642df8afe6f5a254fd46a98edc7bf1f6a75adf79aa54a414914d1339da18d825e4ab8f8437444d4b695daa0c27192a05aabba13499d45a25a57f74fae21f8b8deb9f0d6f0f9097e89eaa56309493392458854c06abd34c08b6e0a904f5949eb8cb296d25c6d3912435ff615626c17fcd8fe0861deefbabda879cf326f46dd0c859c3103d18c25863519446228be9e8b164821c2c17d98433b41ea8331cf302b686555ed47644105faf41204c584721eeb9149a5ca0873234e55667190c46ce1edea7d04cb2c48172d427f284eeed14a783bd1f1b42f02ddabf525977100f21a99a812382b84a422c2ed3927a99d97cafe13b4c924ce05da66d40c4775323bd1155771ce8ef8e0cc592c6d1a2ea20c54b100b7867927f9f8b9e6231e5eb67b21f6c68d225824abd1efcdd0e0bb877ceb3ab06426b482ab2c02890b586b95201c02e6ca10e17b9b50a4cd9ab15df919ed73f7d638f236ac5cf9c688484e69251c6825fa597aad5a147507c048054592173916aa44b13bbf78d4052f15248af479b9cf2f6cd9ea1715027e4eaa96f8fd5a45891d00c8103c7f267ee9f3fe26fb3a2b8395f0ea9997098f3c0a86a3237700ce1739421ebb282085844939f4e7c104311878d3d6ceb203392868732f345912a39b7d88a120e06d949e79acd8f701d21e78c54456412345c38f56e80f122dc6144e6926e0bbad4c3a65e63f077070e59080314fa2b7625efe520ac7242c25096308045f1097dfc3c4e5de9af6cd12922406fd34b5946e2c9b5712c7017d64ba6abe1687ba171c6d0a0637ec9c77366661b7fcb8f9c9ed13a7cffed078a4829b3918c7a4fed10e396835ffb17144f080305372c4985c5bfc21545f660ffd789f82162d950eb4fe9339464b5de982d7e061f20eedb90600761eaeb5e186b73b4f1573d2690a1f8c717d09cdfccc9fa1cc0436500df9c19eb669cbe1f33d21c940c27043f0ae2f6a126799cc49dfed0f03b364e985bf47dd7b808ba9aba61ce49a02397a57b3817c6a8d085ac7b9fc40deaee4af4f14d6b72586e8f0a26b7772181a404b96c1ee845e87ae1298b74f4d863b7a2ba09b31b1a8405c6abbb3898f5c86da260b4815eab0b464c3ab9b811e12e3e00cdf8b58aefd06340e2d89c8078acdf5f8a153b8621a21c0fe83c7f397fe628cf6420c5e39df5a333dd18a3432248a168111870f9453e7a4076402a48597e2bad756adefad5765d5401e537d99a190e7e9fbfc825515d25462ae2c7b1f6f560f4875b9aa86de510a2706e5667e12a0c618c3705422030f1a072186b6c33e25ef84c3e49560314f07bb2be5d67d25c3ea6f5244a62e887ce204205c623e3166ccd9ceadf833df2a37d1d18f7204481a5da9aab17ec0a180af90ce269a869e6921a64431daa68ee8cbb2f1b0a7468657cbe5676f4155dda460dcfed966a1adabb031362058e8139a8224b5bc2e400b9d74cc4a6bb362372c89866fa3748dc064ffbdfcca0a2913d91cd7f2efe493b1ae6168be006bc6439b7fe0d7148baa15f3934a4ee2870e35a978a90da5e5c9bc3cdbb3d6fdb9aa643540723541fb29d2a4bb6633d8f95e92a5f27b3b9037bde8aff709f7ee8da3624d347046db661fcda88e1c9f806aaee07ce51b742b81358a2d7c86f28cc61790e498f6c38e1bccdfca9d8f028d5d67d9c2fdfa8fd60941fc56fd9483a4e2ced8673eb92c60d666ad8936af07bea0925fdcdc58041dd4f1c0479451d8839c9b6d157585cb646752663a294b52a0c1f4ef503691277551d9ac024b9aa063ce4c1388b6c87f8162735accb7d9ef28fdf7bf9986541a10a2a7742dffa0df558a7b5fbd56cc04a2bb21f36086fa7b92393ef2b2c6352c7c881e9009ef57718e4674b62c33e491ef20b342a64db07d84b7914d2c8c225c5e96a3c4663f2a0c2d76d585d3bc01504cf36c0526687c4f18af51eac0a00c35bed157a0bcdab6ae59b3aa12f779ae06ccae4a91c8bcd685408d7ab9a64b51fa1ee2e0ddc3a13f7057e274d0a17b78d367b37f981713be9340c6a561d4126a70f7b04046e64bbf060221b15f7dda520d245ba134a73e444263424a24adb74d1caa0a77f7956332ab9a03b674a44f7a748f3d3457cf800a1b830a7afc774c7c6b21d279f33c52fcbba6d2c4f409676827de48900f9b970f8f45d3ff8b1b33d2ae460e8837353c0a1e9557767491ada6b07c5ed41e30f7be4ed7895995878f385b76b7034c511a31bbfa62eabfa253846bc7032677c1a023894c24c55d81df35954925b70b1e8bb51fceea8535bdf97afbb300345f7497654a55158a60180861bd8e9d0f0979e2b2e8027ad68e74471fafba4ca1cc906ac770b872d7833fcf6c8dfb606ff903316ad6f116c1163997226675b908e4710de011f756181e495a792ec9316fbc63dafabc4ceb2adaa24657bc7c2192e5024c7f87ff60b45751e915f234d234412bb12622c016b487691e0e2882b9c82085a202b30648e43359bfb395f5b4c761c4567296e19aab5f857e1ffa86feb24490cb557a191ebc97f1f3e73e212034f6fd301aa47204ac66b9d4603374bcbc017de443b8cf27a75340e9a1c4857e1f2ba282d031eb72f67f1b1d5aacb2d92d4d659c6ce28def424af6437b09cd90bf28b36c50974788384e044a5ec6f7bc8083c2f87ade1dc69a2ecc12139b9e5a74624f2576bac4d06537c6e41d1478a0806f90746e5521416d9944b9739c37c8ecababf7ec55c72d3903b714614baeaeb30646b3beff8e9253fd925be370fd298d6f139b0a1d98dcebfbca4abac61235469624e01a035baed5eb8aae7c069dc3c24fbfb8fac94b9983abd0ffffd2908f740cfe023676b04ac05ad2bb081d1b73978bd1b5125aa58b1995aed2932b49755cee7582e9c35d870c7f71ffff17bac73598804fc1679bca6e3a7254011b89c254ec3541727df6bc395a1e06e10a4dfca44174a08fddbc75ac4ba2cb6e3101b9c5eebbbcae534c566f7dcb97787c7f3ccc5990525803c552e34ba25e6b59426da05acfc2eb966b47135381d6e894c58ff3b5bfdd170035844b3bcc72c29fea7278a55a0d645e442e75ecc70f4f93cb7bece179c23058b80bf11fecd9153a9f5e40ae4bdf71287a8c8abae2fca9aa7165b9c191fbc37dda13d801e71d4796713178f20678d56f23133d04043c083953113eb088e7c82c7e322d4a329a5e26533f9062ba8739b34c131cb37b3d7deb32f078873e58e9378d8150f9e1f5218dc614580899b1d719a0cd9952e027f15c6cb931b0b9603f36ae8861aec5c9ac6b395dbc37e50fc7c0c84011b023884635fdce0380ad5b643284ab4392781c3f73c4062d29f377539616a0a905fb565153e5c92b9a452e438fedf7b5e4ebdb820f6b21716d14e5dc611271fad54f998c8c798754ad8ada675dab17addd37e21a5d4171916199f385d637dce78c257e37480e099e1b382a4f5fc14aad80fa11ac027ce8c9527de6a4be480a46e75367d2d2db5e86f40aac76c8b0b2da8ef531b3a166f1e97cca0cd9d134744294240aa8e5f0f593c8178d33aa3f985b03e8214070d9e380cf24e73ce96debdb7203a62685ff3fdb3c5a96dcf0e08526d3c7dc892c99e5f6bf3afd5867c9e17ef345c5762eb743736ba393df6fe69cc963ad9aee1381a34f56a0c3639ad57473ec5d41d04a3efb9d7bf0efd9136a5bfbf2a0136ad6b571caf182e3d2248d5506165d80394ae75b91feef15d20911303657d88e81aad942a7912d2ef1a106fa6737d4eae34cc6a0ca01ace65d682b80ac6d3940a5165ede7389eefd585e09e471cbe428fc5"}) 02:25:46 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x0, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:59 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 54) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 2100.983168] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12581 comm=syz-executor.7 [ 2100.993200] FAULT_INJECTION: forcing a failure. [ 2100.993200] name failslab, interval 1, probability 0, space 0, times 0 [ 2100.994229] CPU: 0 PID: 12585 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2100.994815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2100.995516] Call Trace: [ 2100.995758] dump_stack+0x107/0x167 [ 2100.996079] should_fail.cold+0x5/0xa [ 2100.996412] ? create_object.isra.0+0x3a/0xa20 [ 2100.996807] should_failslab+0x5/0x20 [ 2100.997134] kmem_cache_alloc+0x5b/0x310 [ 2100.997495] create_object.isra.0+0x3a/0xa20 [ 2100.997871] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2100.998306] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2100.998742] ? alloc_skb_with_frags+0x92/0x570 [ 2100.999135] __alloc_skb+0xb1/0x5b0 [ 2100.999452] alloc_skb_with_frags+0x92/0x570 [ 2100.999844] ? trace_hardirqs_on+0x5b/0x180 [ 2101.000214] ? kmem_cache_free+0xa7/0x2d0 [ 2101.000570] sock_alloc_send_pskb+0x7af/0x930 [ 2101.000958] ? sk_alloc+0x350/0x350 [ 2101.001277] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2101.001724] ? trace_hardirqs_on+0x5b/0x180 [ 2101.002090] ? __dev_queue_xmit+0xe4e/0x2710 [ 2101.002467] ? __local_bh_enable_ip+0x9d/0x100 [ 2101.002866] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2101.003297] ? ip6_mtu+0x1bb/0x3d0 [ 2101.003600] ? lock_downgrade+0x6d0/0x6d0 [ 2101.003962] ? ip_frag_init+0x350/0x350 [ 2101.004309] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2101.004704] ? ip6_mtu+0x1e9/0x3d0 [ 2101.005009] ? ip6_setup_cork+0xfb7/0x1740 [ 2101.005370] ip6_make_skb+0x2de/0x4e0 [ 2101.005692] ? ip_frag_init+0x350/0x350 [ 2101.006034] ? ip_frag_init+0x350/0x350 [ 2101.006374] ? ip6_push_pending_frames+0xf0/0xf0 [ 2101.006782] ? ip6_dst_check+0x389/0x8d0 [ 2101.007126] ? sk_dst_check+0x235/0x4c0 [ 2101.007471] udpv6_sendmsg+0x20d3/0x2ad0 [ 2101.007830] ? ip_frag_init+0x350/0x350 [ 2101.008180] ? udp_v6_push_pending_frames+0x360/0x360 [ 2101.008622] ? perf_event_task_disable+0x390/0x390 [ 2101.009041] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2101.009454] ? lock_acquire+0x197/0x470 [ 2101.009796] ? find_held_lock+0x2c/0x110 [ 2101.010155] ? sock_has_perm+0x1ea/0x280 [ 2101.010519] ? __import_iovec+0x458/0x590 [ 2101.010872] ? udp_v6_push_pending_frames+0x360/0x360 [ 2101.011312] inet6_sendmsg+0x105/0x140 [ 2101.011643] ? inet6_compat_ioctl+0x320/0x320 [ 2101.012038] __sock_sendmsg+0xf2/0x190 [ 2101.012376] ____sys_sendmsg+0x334/0x870 [ 2101.012724] ? sock_write_iter+0x3d0/0x3d0 [ 2101.013083] ? do_recvmmsg+0x6d0/0x6d0 [ 2101.013417] ? __lock_acquire+0x1657/0x5b00 [ 2101.013795] ___sys_sendmsg+0xf3/0x170 [ 2101.014128] ? sendmsg_copy_msghdr+0x160/0x160 [ 2101.014520] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2101.014963] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2101.015349] ? trace_hardirqs_on+0x5b/0x180 [ 2101.015722] ? lock_acquire+0x197/0x470 [ 2101.016076] ? find_held_lock+0x2c/0x110 [ 2101.016426] ? __might_fault+0xd3/0x180 [ 2101.016768] ? lock_downgrade+0x6d0/0x6d0 [ 2101.017123] ? io_schedule_timeout+0x140/0x140 [ 2101.017523] __sys_sendmmsg+0x195/0x470 [ 2101.017870] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2101.018237] ? lock_downgrade+0x6d0/0x6d0 [ 2101.018604] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2101.019020] ? wait_for_completion_io+0x270/0x270 [ 2101.019436] ? rcu_read_lock_any_held+0x75/0xa0 [ 2101.019842] ? vfs_write+0x354/0xb10 [ 2101.020161] ? fput_many+0x2f/0x1a0 [ 2101.020476] ? ksys_write+0x1a9/0x260 [ 2101.020801] ? __ia32_sys_read+0xb0/0xb0 [ 2101.021153] __x64_sys_sendmmsg+0x99/0x100 [ 2101.021517] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2101.021951] do_syscall_64+0x33/0x40 [ 2101.022268] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2101.022707] RIP: 0033:0x7f862c37fb19 [ 2101.023025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2101.024582] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2101.025232] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2101.025836] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2101.026440] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2101.027040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2101.027644] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 2101.033448] FAULT_INJECTION: forcing a failure. [ 2101.033448] name failslab, interval 1, probability 0, space 0, times 0 [ 2101.034551] CPU: 0 PID: 12571 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2101.035130] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2101.035844] Call Trace: [ 2101.036070] dump_stack+0x107/0x167 [ 2101.036383] should_fail.cold+0x5/0xa [ 2101.036705] ? create_object.isra.0+0x3a/0xa20 [ 2101.037091] ? create_object.isra.0+0x3a/0xa20 [ 2101.037481] should_failslab+0x5/0x20 [ 2101.037804] kmem_cache_alloc+0x5b/0x310 [ 2101.038148] ? mark_held_locks+0x9e/0xe0 [ 2101.038498] create_object.isra.0+0x3a/0xa20 [ 2101.038870] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2101.039302] kmem_cache_alloc_bulk+0x168/0x320 [ 2101.039695] io_submit_sqes+0x6fe6/0x8610 [ 2101.040083] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.040505] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.040921] ? lock_downgrade+0x6d0/0x6d0 [ 2101.041271] ? find_held_lock+0x2c/0x110 [ 2101.041621] ? io_submit_sqes+0x8610/0x8610 [ 2101.041992] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2101.042405] ? wait_for_completion_io+0x270/0x270 [ 2101.042818] ? rcu_read_lock_any_held+0x75/0xa0 [ 2101.043211] ? vfs_write+0x354/0xb10 [ 2101.043529] ? fput_many+0x2f/0x1a0 [ 2101.043849] ? ksys_write+0x1a9/0x260 [ 2101.044181] ? __ia32_sys_read+0xb0/0xb0 [ 2101.044530] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2101.044974] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2101.045412] do_syscall_64+0x33/0x40 [ 2101.045728] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2101.046161] RIP: 0033:0x7f8c2e1fdb19 [ 2101.046479] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2101.048036] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2101.048678] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2101.049277] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2101.049875] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2101.050477] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2101.051077] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:25:59 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 76) 02:25:59 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x0, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:59 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) io_uring_register$IORING_UNREGISTER_FILES(r0, 0x3, 0x0, 0x0) mount$9p_rdma(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x10048, &(0x7f0000000340)={'trans=rdma,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@timeout={'timeout', 0x3d, 0xffff}}, {@common=@dfltgid}, {@rq={'rq', 0x3d, 0x5}}, {@timeout={'timeout', 0x3d, 0x6}}, {@common=@mmap}, {@common=@uname={'uname', 0x3d, '\x00'}}, {@timeout={'timeout', 0x3d, 0x4}}, {@sq={'sq', 0x3d, 0xb2}}], [{@measure}, {@dont_appraise}, {@dont_hash}, {@subj_role={'subj_role', 0x3d, 'xxhash64\x00'}}]}}) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x361, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000140)=0x0) r6 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, 0x12, r0, 0x10000000) r8 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) syz_io_uring_submit(r4, r7, &(0x7f0000000040)=@IORING_OP_WRITE_FIXED={0x5, 0x4, 0x2000, @fd=r8, 0x8000, 0x200000000000000, 0x1, 0x0, 0x1}, 0xffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ABORT_SCAN(r8, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x28, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x0, 0x53}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x1000}, 0x4000000) 02:25:59 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:59 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x40000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:59 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfffffffe) 02:25:59 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000) 02:25:59 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:59 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x652a0000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:25:59 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:25:59 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000) 02:25:59 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x10000000000) 02:25:59 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) read(r0, &(0x7f0000000340)=""/223, 0xdf) syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_FADVISE={0x18, 0x5, 0x0, @fd=r3, 0xc54b, 0x0, 0x401, 0x4, 0x1}, 0xffff) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r6}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000680)=@IORING_OP_SENDMSG={0x9, 0x4, 0x0, r3, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=@in6={0xa, 0x4e23, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0x4}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000002c0)="f475355c54188cbd259f0fd65b616d5f762a87e4", 0x14}, {&(0x7f0000000540)="b12fb342da86e5fc46018994e4c14ced6c62a1150d2c1b8675a33ea8d8ab20fdc974fd56d3c39679cf5e5b77255d3ce5be386f97640bd48abba63c2d3cb047d97a21a8673c960c4953542a4a10ca4bc0dd4e972b7a4ef2a2fa987966f4f718ee90fbcbec416672bd13507eca8d1a62d3f0e804c4cd2544543475c44f833a5af90ab3638dfae3b6e3b126e0f456cf4ac9040de7aea0f7b98166f5e10f4d3fdaf1c17bfb1492bb1afd642f788382dd4082445c216280915ec7ea67c322c73cf1b100dfe13d9829b988ff5785d55259c8f75f8a6c7f813d968a78f5ec47", 0xdc}], 0x2, &(0x7f0000000880)=[{0x68, 0x119, 0x1, "a6ed9756367635ac44bc8429bd8a9991ffe3855e90393e2296d3bd29bb11bf075522bb2e1fbf261edaf94a943d67447b2186cf670fa5078f85ea15621522fa4f0d5e2b17cdb4eb9994144a41da4580b25f0617d2b4e043d1"}, {0x78, 0x10f, 0x0, "2c8c71d22592efa048cb75bb4e463f62fac70edb7c9bef27d262b1fa257976f2bcc98c2ded9098ed11db066be99196d7bd7f51bc646763f034d75c7f60c5f99eaab9cbe9e5e2bff038d82120d30930d05fcf074bf7722feb1528e69858036ff6ae"}, {0x20, 0x10b, 0x9, "7aac45c99ebfe0e3b11a"}, {0x108, 0x1, 0x9, "5d4b39ec51567b341ffe730b83d5c60cca51ac9d7ff34a85a40bd43b2f41399acb87ff3ed0672d5c886c7fab86e3da0868b15007de92bedaa5999f778e7478f8796365dfa4403684aa617d5ae86ab188f9546e892cc9d25c2532b37e7e530eca1318872796bbda4e01f58cb0cb4d8f22be84a5aa84d203494db4d97e4a59752894636cea409d69711da81b8b40198d97b84596fc4d835546317acfb1720250cfd346bc13fc48df3c0535ff7d3770c9b71eca67ea89f7618defc1d5717f3a48ed0efd1abc377a9dd6fb5440ace73a060227db5a00a464078a262ccfe56b7327347ae0291bc828460a5b65631b8993f17cd6eaa6afb00b41"}, {0xa8, 0x10f, 0x0, "2bda42b7a202df5d8bef8844f7b66e46e08693e55c0adec219e12aef34fca7012021f7678400313445038ebd96361baa19c7da2f91e228711b289aa8eb12528cea8f918923efe03c252bfd3e79dc3c1a41a05690a41f18c1428a36e3e8c2365d4bae36818b533edba7704909f749fa12f6f7a4f610d6561129b4010a24f47db914ba1be03017bfce76716317db5859aef3f3a5"}, {0x58, 0x114, 0x9, "6eaf52e66555226c5e4f91c6b837f5ee23d79f3a55611b8ccdca52674b2277877d28e236981cd5238c76d8309b1af1329a4e05e0b1faff09886e962527fac3536c672eb34c2d2637"}, {0x58, 0x118, 0x81, "ef059863186eddbd165e410209e3389f77d39c40a32ff0b2794b385924d481137d96a71e05f31435e86fe90af1551900ac7079c71bfa179a3b02fdf964cc06d1286c"}, {0x18, 0x10f, 0x0, "2dc940dc41"}, {0x28, 0x104, 0xfffffe01, "6cce40ac64bbadaa8115ee3fe8703987532d"}, {0x20, 0x111, 0x4, "aaf58c880ae92d2acc11f84a"}], 0x3c0}, 0x0, 0x20000000, 0x0, {0x0, r6}}, 0x4) pwrite64(r5, &(0x7f0000000180)="f8675db1d09f7edd10a1348ca27ffd73b00ac49ccb826df71521f7c0fa5e7db24f5e2ee4bc63c938fdbb8d8bf8687894a2079ec67757ab49487f73fb04426e8662cd492ecf75ac252d54134a97120323b5a391dc01a1ddd0", 0x58, 0x3) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000001900210c00000000000000000a"], 0x1c}}, 0x0) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:59 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 55) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:25:59 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:25:59 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 2101.319125] FAULT_INJECTION: forcing a failure. [ 2101.319125] name failslab, interval 1, probability 0, space 0, times 0 [ 2101.320244] CPU: 1 PID: 12631 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2101.320824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2101.321511] Call Trace: [ 2101.321743] dump_stack+0x107/0x167 [ 2101.322052] should_fail.cold+0x5/0xa [ 2101.322377] ? create_object.isra.0+0x3a/0xa20 [ 2101.322770] should_failslab+0x5/0x20 [ 2101.323096] kmem_cache_alloc+0x5b/0x310 [ 2101.323446] ? mark_held_locks+0x9e/0xe0 [ 2101.323818] create_object.isra.0+0x3a/0xa20 [ 2101.324195] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2101.324623] kmem_cache_alloc_bulk+0x168/0x320 [ 2101.325017] io_submit_sqes+0x6fe6/0x8610 [ 2101.325385] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.325802] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2101.326207] ? lock_downgrade+0x6d0/0x6d0 [ 2101.326554] ? find_held_lock+0x2c/0x110 [ 2101.326899] ? io_submit_sqes+0x8610/0x8610 [ 2101.327270] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2101.327683] ? wait_for_completion_io+0x270/0x270 [ 2101.328107] ? rcu_read_lock_any_held+0x75/0xa0 [ 2101.328501] ? vfs_write+0x354/0xb10 [ 2101.328816] ? fput_many+0x2f/0x1a0 [ 2101.329126] ? ksys_write+0x1a9/0x260 [ 2101.329449] ? __ia32_sys_read+0xb0/0xb0 [ 2101.329794] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2101.330236] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2101.330679] do_syscall_64+0x33/0x40 [ 2101.330993] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2101.331427] RIP: 0033:0x7f8c2e1fdb19 [ 2101.331743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2101.333294] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2101.333937] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2101.334531] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2101.335128] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2101.335730] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2101.336344] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:26:12 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 77) 02:26:12 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:26:12 executing program 7: openat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x4000, 0x101) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0), 0x400000, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x4000)=nil, 0x4000, 0x1000006, 0x8010, r3, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r8 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x2, 0x6000, @fd_index=0x7, 0x4, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/49, 0x31}], 0x1, 0x4, 0x57d029a54be0383c, {0x0, r9}}, 0x1ff) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r10 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x40010, r5, 0x10000000) r11 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r14 = io_uring_register$IORING_REGISTER_PERSONALITY(r11, 0x9, 0x0, 0x0) syz_io_uring_submit(r12, 0x0, 0x0, 0x0) syz_io_uring_submit(r12, r13, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r14}}, 0x0) syz_io_uring_submit(r1, r10, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r14}}, 0x4) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:12 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000) 02:26:12 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000000000) 02:26:12 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:12 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 56) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:26:12 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 2114.255504] FAULT_INJECTION: forcing a failure. [ 2114.255504] name failslab, interval 1, probability 0, space 0, times 0 [ 2114.258606] FAULT_INJECTION: forcing a failure. [ 2114.258606] name failslab, interval 1, probability 0, space 0, times 0 [ 2114.260517] CPU: 0 PID: 12642 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2114.260527] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2114.260532] Call Trace: [ 2114.260554] dump_stack+0x107/0x167 [ 2114.260571] should_fail.cold+0x5/0xa [ 2114.260594] ? create_object.isra.0+0x3a/0xa20 [ 2114.263968] should_failslab+0x5/0x20 [ 2114.264293] kmem_cache_alloc+0x5b/0x310 [ 2114.264648] ? ___sys_sendmsg+0xf3/0x170 [ 2114.264991] ? __sys_sendmmsg+0x195/0x470 [ 2114.265349] create_object.isra.0+0x3a/0xa20 [ 2114.265728] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2114.266161] kmem_cache_alloc_node+0x169/0x330 [ 2114.266560] __alloc_skb+0x6d/0x5b0 [ 2114.266875] alloc_skb_with_frags+0x92/0x570 [ 2114.267248] ? trace_hardirqs_on+0x5b/0x180 [ 2114.267625] ? kmem_cache_free+0xa7/0x2d0 [ 2114.267996] sock_alloc_send_pskb+0x7af/0x930 [ 2114.268391] ? sk_alloc+0x350/0x350 [ 2114.268710] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2114.269146] ? trace_hardirqs_on+0x5b/0x180 [ 2114.269520] ? __dev_queue_xmit+0xe4e/0x2710 [ 2114.269890] ? __local_bh_enable_ip+0x9d/0x100 [ 2114.270284] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2114.270724] ? ip6_mtu+0x1bb/0x3d0 [ 2114.271028] ? lock_downgrade+0x6d0/0x6d0 [ 2114.271386] ? ip_frag_init+0x350/0x350 [ 2114.271735] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2114.272146] ? ip6_mtu+0x1e9/0x3d0 [ 2114.272459] ? ip6_setup_cork+0xfb7/0x1740 [ 2114.272820] ip6_make_skb+0x2de/0x4e0 [ 2114.273142] ? ip_frag_init+0x350/0x350 [ 2114.273491] ? ip_frag_init+0x350/0x350 [ 2114.273830] ? ip6_push_pending_frames+0xf0/0xf0 [ 2114.274235] ? ip6_dst_check+0x389/0x8d0 [ 2114.274589] ? sk_dst_check+0x235/0x4c0 [ 2114.274936] udpv6_sendmsg+0x20d3/0x2ad0 [ 2114.275286] ? ip_frag_init+0x350/0x350 [ 2114.275642] ? udp_v6_push_pending_frames+0x360/0x360 [ 2114.276110] ? lock_acquire+0x197/0x470 [ 2114.276454] ? find_held_lock+0x2c/0x110 [ 2114.276809] ? sock_has_perm+0x1ea/0x280 [ 2114.277170] ? __import_iovec+0x458/0x590 [ 2114.277531] ? udp_v6_push_pending_frames+0x360/0x360 [ 2114.277967] inet6_sendmsg+0x105/0x140 [ 2114.278297] ? inet6_compat_ioctl+0x320/0x320 [ 2114.278683] __sock_sendmsg+0xf2/0x190 [ 2114.279014] ____sys_sendmsg+0x334/0x870 [ 2114.279365] ? sock_write_iter+0x3d0/0x3d0 [ 2114.279725] ? do_recvmmsg+0x6d0/0x6d0 [ 2114.280072] ? __lock_acquire+0x1657/0x5b00 [ 2114.280456] ___sys_sendmsg+0xf3/0x170 [ 2114.280789] ? sendmsg_copy_msghdr+0x160/0x160 [ 2114.281179] ? __fget_files+0x2cf/0x520 [ 2114.281530] ? lock_acquire+0x197/0x470 [ 2114.281868] ? find_held_lock+0x2c/0x110 [ 2114.282216] ? __might_fault+0xd3/0x180 [ 2114.282563] ? lock_downgrade+0x6d0/0x6d0 [ 2114.282928] __sys_sendmmsg+0x195/0x470 [ 2114.283268] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2114.283642] ? lock_downgrade+0x6d0/0x6d0 [ 2114.284024] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2114.284444] ? wait_for_completion_io+0x270/0x270 [ 2114.284852] ? rcu_read_lock_any_held+0x75/0xa0 [ 2114.285241] ? vfs_write+0x354/0xb10 [ 2114.285566] ? fput_many+0x2f/0x1a0 [ 2114.285876] ? ksys_write+0x1a9/0x260 [ 2114.286200] ? __ia32_sys_read+0xb0/0xb0 [ 2114.286559] __x64_sys_sendmmsg+0x99/0x100 [ 2114.286920] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2114.287355] do_syscall_64+0x33/0x40 [ 2114.287677] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2114.288124] RIP: 0033:0x7f862c37fb19 [ 2114.288449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2114.289970] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2114.290615] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2114.291206] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2114.291804] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.292417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2114.293008] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 2114.293629] CPU: 1 PID: 12651 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2114.300414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2114.301156] Call Trace: [ 2114.301409] dump_stack+0x107/0x167 [ 2114.301753] should_fail.cold+0x5/0xa [ 2114.302110] ? create_object.isra.0+0x3a/0xa20 [ 2114.302535] should_failslab+0x5/0x20 [ 2114.302890] kmem_cache_alloc+0x5b/0x310 [ 2114.303267] ? mark_held_locks+0x9e/0xe0 [ 2114.303649] create_object.isra.0+0x3a/0xa20 [ 2114.304069] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2114.304543] kmem_cache_alloc_bulk+0x168/0x320 [ 2114.304974] io_submit_sqes+0x6fe6/0x8610 [ 2114.305382] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2114.305841] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2114.306291] ? lock_downgrade+0x6d0/0x6d0 [ 2114.306662] ? find_held_lock+0x2c/0x110 [ 2114.307033] ? io_submit_sqes+0x8610/0x8610 [ 2114.307433] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2114.307873] ? wait_for_completion_io+0x270/0x270 [ 2114.308324] ? rcu_read_lock_any_held+0x75/0xa0 [ 2114.308748] ? vfs_write+0x354/0xb10 [ 2114.309090] ? fput_many+0x2f/0x1a0 [ 2114.309430] ? ksys_write+0x1a9/0x260 [ 2114.309785] ? __ia32_sys_read+0xb0/0xb0 [ 2114.310152] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2114.310618] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2114.311087] do_syscall_64+0x33/0x40 [ 2114.311436] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2114.311904] RIP: 0033:0x7f8c2e1fdb19 [ 2114.312250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2114.313843] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2114.314531] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2114.315173] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2114.315815] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.316479] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2114.317129] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:26:12 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf, 0x11, r0, 0x8000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:12 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:12 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x80000000000000) 02:26:12 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x5000000) 02:26:12 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:26:12 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x0, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:26:12 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:12 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 57) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 2114.590733] FAULT_INJECTION: forcing a failure. [ 2114.590733] name failslab, interval 1, probability 0, space 0, times 0 [ 2114.593420] CPU: 0 PID: 12699 Comm: syz-executor.6 Not tainted 5.10.226 #1 [ 2114.594681] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2114.596231] Call Trace: [ 2114.596772] dump_stack+0x107/0x167 [ 2114.597472] should_fail.cold+0x5/0xa [ 2114.598208] ? create_object.isra.0+0x3a/0xa20 [ 2114.599087] should_failslab+0x5/0x20 [ 2114.599840] kmem_cache_alloc+0x5b/0x310 [ 2114.600693] create_object.isra.0+0x3a/0xa20 [ 2114.601548] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2114.602534] kmem_cache_alloc_bulk+0x168/0x320 [ 2114.603430] io_submit_sqes+0x6fe6/0x8610 [ 2114.604365] ? __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2114.605317] __do_sys_io_uring_enter+0x6b5/0x18c0 [ 2114.606238] ? lock_downgrade+0x6d0/0x6d0 [ 2114.607030] ? find_held_lock+0x2c/0x110 [ 2114.607805] ? io_submit_sqes+0x8610/0x8610 [ 2114.608693] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2114.609665] ? wait_for_completion_io+0x270/0x270 [ 2114.610605] ? rcu_read_lock_any_held+0x75/0xa0 [ 2114.611486] ? vfs_write+0x354/0xb10 [ 2114.612263] ? fput_many+0x2f/0x1a0 [ 2114.612945] ? ksys_write+0x1a9/0x260 [ 2114.613656] ? __ia32_sys_read+0xb0/0xb0 [ 2114.614429] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2114.615384] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2114.616394] do_syscall_64+0x33/0x40 [ 2114.617135] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2114.618155] RIP: 0033:0x7f8c2e1fdb19 [ 2114.618918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2114.622559] RSP: 002b:00007f8c2b773188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2114.624002] RAX: ffffffffffffffda RBX: 00007f8c2e310f60 RCX: 00007f8c2e1fdb19 [ 2114.624646] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000004 [ 2114.625292] RBP: 00007f8c2b7731d0 R08: 0000000000000000 R09: 0000000000000000 [ 2114.625939] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000002 [ 2114.626584] R13: 00007ffdfd1b284f R14: 00007f8c2b773300 R15: 0000000000022000 02:26:27 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:27 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) 02:26:27 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x100000000000000) 02:26:27 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 78) 02:26:27 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffe4) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:26:27 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x0, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:26:27 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x8000000) 02:26:27 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) (fail_nth: 58) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 2128.770221] FAULT_INJECTION: forcing a failure. [ 2128.770221] name failslab, interval 1, probability 0, space 0, times 0 [ 2128.771354] CPU: 1 PID: 12718 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2128.771987] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2128.772742] Call Trace: [ 2128.772996] dump_stack+0x107/0x167 [ 2128.773334] should_fail.cold+0x5/0xa [ 2128.773692] ? create_object.isra.0+0x3a/0xa20 [ 2128.774112] should_failslab+0x5/0x20 [ 2128.774461] kmem_cache_alloc+0x5b/0x310 [ 2128.774840] create_object.isra.0+0x3a/0xa20 [ 2128.775242] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2128.775709] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2128.776195] ? alloc_skb_with_frags+0x92/0x570 [ 2128.776621] __alloc_skb+0xb1/0x5b0 [ 2128.776966] alloc_skb_with_frags+0x92/0x570 [ 2128.777367] ? trace_hardirqs_on+0x5b/0x180 [ 2128.777764] ? kmem_cache_free+0xa7/0x2d0 [ 2128.778147] sock_alloc_send_pskb+0x7af/0x930 [ 2128.778562] ? sk_alloc+0x350/0x350 [ 2128.778908] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2128.779388] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2128.779873] ? mark_lock+0xf5/0x2df0 [ 2128.780250] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2128.780718] ? ip6_mtu+0x1bb/0x3d0 [ 2128.781047] ? lock_downgrade+0x6d0/0x6d0 [ 2128.781430] ? ip_frag_init+0x350/0x350 [ 2128.781807] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2128.782233] ? ip6_mtu+0x1e9/0x3d0 [ 2128.782576] ? ip6_setup_cork+0xfb7/0x1740 [ 2128.782966] ip6_make_skb+0x2de/0x4e0 [ 2128.783318] ? ip_frag_init+0x350/0x350 [ 2128.783691] ? ip_frag_init+0x350/0x350 [ 2128.784071] ? ip6_push_pending_frames+0xf0/0xf0 [ 2128.784517] ? ip6_dst_check+0x389/0x8d0 [ 2128.784896] ? sk_dst_check+0x235/0x4c0 [ 2128.785271] udpv6_sendmsg+0x20d3/0x2ad0 [ 2128.785645] ? ip_frag_init+0x350/0x350 [ 2128.786015] ? udp_v6_push_pending_frames+0x360/0x360 [ 2128.786490] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2128.786983] ? trace_hardirqs_on+0x5b/0x180 [ 2128.787388] ? lock_acquire+0xaf/0x470 [ 2128.787747] ? lock_acquire+0x197/0x470 [ 2128.788121] ? find_held_lock+0x2c/0x110 [ 2128.788510] ? sock_has_perm+0x1ea/0x280 [ 2128.788896] ? selinux_socket_recvmsg+0x40/0x40 [ 2128.789325] ? udp_v6_push_pending_frames+0x360/0x360 [ 2128.789806] inet6_sendmsg+0x105/0x140 [ 2128.790168] ? inet6_compat_ioctl+0x320/0x320 [ 2128.790585] __sock_sendmsg+0xf2/0x190 [ 2128.790951] ____sys_sendmsg+0x334/0x870 [ 2128.791332] ? sock_write_iter+0x3d0/0x3d0 [ 2128.791722] ? do_recvmmsg+0x6d0/0x6d0 [ 2128.792106] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2128.792593] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2128.793080] ? trace_hardirqs_on+0x5b/0x180 [ 2128.793476] ___sys_sendmsg+0xf3/0x170 [ 2128.793835] ? sendmsg_copy_msghdr+0x160/0x160 [ 2128.794249] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2128.794653] ? _raw_spin_unlock_irq+0x27/0x30 [ 2128.795061] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2128.795469] ? finish_task_switch+0x126/0x5d0 [ 2128.795878] ? finish_task_switch+0xef/0x5d0 [ 2128.796295] ? __switch_to+0x572/0xf70 [ 2128.796648] ? __switch_to_asm+0x3a/0x60 [ 2128.797017] ? __switch_to_asm+0x34/0x60 [ 2128.797392] ? __schedule+0x82c/0x1ea0 [ 2128.797757] ? io_schedule_timeout+0x140/0x140 [ 2128.798185] __sys_sendmmsg+0x195/0x470 [ 2128.798555] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2128.798949] ? lock_downgrade+0x6d0/0x6d0 [ 2128.799341] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2128.799784] ? wait_for_completion_io+0x270/0x270 [ 2128.800246] ? rcu_read_lock_any_held+0x75/0xa0 [ 2128.800667] ? vfs_write+0x354/0xb10 [ 2128.801013] ? fput_many+0x2f/0x1a0 [ 2128.801349] ? ksys_write+0x1a9/0x260 [ 2128.801705] ? __ia32_sys_read+0xb0/0xb0 [ 2128.802084] __x64_sys_sendmmsg+0x99/0x100 [ 2128.802468] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2128.802933] do_syscall_64+0x33/0x40 [ 2128.803272] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2128.803737] RIP: 0033:0x7f862c37fb19 [ 2128.804087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2128.805724] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2128.806408] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2128.807047] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2128.807692] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2128.808350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2128.808945] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:26:40 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:40 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 79) 02:26:40 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x20000000) 02:26:40 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfffffffe) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:26:40 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x200000000000000) 02:26:40 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) process_vm_readv(0x0, &(0x7f0000000780)=[{&(0x7f00000002c0)=""/250, 0xfa}, {&(0x7f00000003c0)=""/156, 0x9c}, {&(0x7f0000000480)=""/153, 0x99}, {&(0x7f0000000540)=""/165, 0xa5}, {&(0x7f0000000600)=""/181, 0xb5}, {&(0x7f0000000040)=""/25, 0x19}, {&(0x7f00000000c0)=""/46, 0x2e}, {&(0x7f0000000180)=""/69, 0x45}, {&(0x7f00000006c0)=""/133, 0x85}], 0x9, &(0x7f0000000b00)=[{&(0x7f0000000840)=""/113, 0x71}, {&(0x7f00000008c0)=""/239, 0xef}, {&(0x7f00000009c0)=""/69, 0x45}, {&(0x7f0000000a40)=""/165, 0xa5}], 0x4, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:40 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x0, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:26:40 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 2142.380443] FAULT_INJECTION: forcing a failure. [ 2142.380443] name failslab, interval 1, probability 0, space 0, times 0 [ 2142.381551] CPU: 1 PID: 12750 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2142.382189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2142.382949] Call Trace: [ 2142.383209] dump_stack+0x107/0x167 [ 2142.383557] should_fail.cold+0x5/0xa [ 2142.383919] ? create_object.isra.0+0x3a/0xa20 [ 2142.384366] should_failslab+0x5/0x20 [ 2142.384729] kmem_cache_alloc+0x5b/0x310 [ 2142.385099] create_object.isra.0+0x3a/0xa20 [ 2142.385488] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2142.385936] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2142.386380] ? alloc_skb_with_frags+0x92/0x570 [ 2142.386788] __alloc_skb+0xb1/0x5b0 [ 2142.387119] alloc_skb_with_frags+0x92/0x570 [ 2142.387504] ? trace_hardirqs_on+0x5b/0x180 [ 2142.387883] ? kmem_cache_free+0xa7/0x2d0 [ 2142.388260] sock_alloc_send_pskb+0x7af/0x930 [ 2142.388669] ? sk_alloc+0x350/0x350 [ 2142.389004] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2142.389515] ? __ip6_append_data.isra.0+0x759/0x3a70 [ 2142.389992] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2142.390467] ? ip6_mtu+0x1bb/0x3d0 [ 2142.390790] ? lock_downgrade+0x6d0/0x6d0 [ 2142.391173] ? ip_frag_init+0x350/0x350 [ 2142.391546] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2142.391972] ? ip6_mtu+0x1e9/0x3d0 [ 2142.392321] ? ip6_setup_cork+0xfb7/0x1740 [ 2142.392717] ip6_make_skb+0x2de/0x4e0 [ 2142.393065] ? ip_frag_init+0x350/0x350 [ 2142.393438] ? ip_frag_init+0x350/0x350 [ 2142.393807] ? ip6_push_pending_frames+0xf0/0xf0 [ 2142.394238] ? ip6_dst_check+0x45/0x8d0 [ 2142.394614] ? ip6_dst_check+0x389/0x8d0 [ 2142.394990] ? sk_dst_check+0x235/0x4c0 [ 2142.395365] udpv6_sendmsg+0x20d3/0x2ad0 [ 2142.395747] ? ip_frag_init+0x350/0x350 [ 2142.396121] ? udp_v6_push_pending_frames+0x360/0x360 [ 2142.396616] ? perf_event_task_disable+0x390/0x390 [ 2142.397071] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2142.397514] ? lock_acquire+0x197/0x470 [ 2142.397884] ? find_held_lock+0x2c/0x110 [ 2142.398267] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2142.398760] ? sock_has_perm+0x1ea/0x280 [ 2142.399156] ? __import_iovec+0x458/0x590 [ 2142.399538] ? udp_v6_push_pending_frames+0x360/0x360 [ 2142.400003] inet6_sendmsg+0x105/0x140 [ 2142.400371] ? inet6_compat_ioctl+0x320/0x320 [ 2142.400751] __sock_sendmsg+0xf2/0x190 [ 2142.401081] ____sys_sendmsg+0x334/0x870 [ 2142.401425] ? sock_write_iter+0x3d0/0x3d0 [ 2142.401782] ? do_recvmmsg+0x6d0/0x6d0 [ 2142.402113] ? find_held_lock+0x2c/0x110 [ 2142.402464] ___sys_sendmsg+0xf3/0x170 [ 2142.402795] ? sendmsg_copy_msghdr+0x160/0x160 [ 2142.403180] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2142.403619] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2142.403994] ? trace_hardirqs_on+0x5b/0x180 [ 2142.404399] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2142.404810] ? finish_task_switch+0x126/0x5d0 [ 2142.405212] ? finish_task_switch+0xef/0x5d0 [ 2142.405616] ? __switch_to+0x572/0xf70 [ 2142.405973] ? __switch_to_asm+0x3a/0x60 [ 2142.406346] ? __switch_to_asm+0x34/0x60 [ 2142.406726] ? __schedule+0x82c/0x1ea0 [ 2142.407079] ? io_schedule_timeout+0x140/0x140 [ 2142.407503] __sys_sendmmsg+0x195/0x470 [ 2142.407878] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2142.408286] ? lock_downgrade+0x6d0/0x6d0 [ 2142.408683] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2142.409123] ? wait_for_completion_io+0x270/0x270 [ 2142.409569] ? rcu_read_lock_any_held+0x75/0xa0 [ 2142.409984] ? vfs_write+0x354/0xb10 [ 2142.410327] ? fput_many+0x2f/0x1a0 [ 2142.410666] ? ksys_write+0x1a9/0x260 [ 2142.411010] ? __ia32_sys_read+0xb0/0xb0 [ 2142.411382] __x64_sys_sendmmsg+0x99/0x100 [ 2142.411772] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2142.412250] do_syscall_64+0x33/0x40 [ 2142.412603] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2142.413073] RIP: 0033:0x7f862c37fb19 [ 2142.413423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2142.415073] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2142.415767] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2142.416429] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2142.417087] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2142.417745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2142.418403] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:26:40 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:26:40 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:40 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x10000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:26:40 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500000000000000) 02:26:40 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f000000) 02:26:40 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x0, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:26:41 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x10, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:41 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_setup(0x1578, &(0x7f0000000180)={0x0, 0x96fe, 0x20, 0x3, 0x176, 0x0, r0}, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f00000002c0), &(0x7f0000000300)=0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000400)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0xffff78b9, 0x2, &(0x7f0000000340)="93cbb201ec38f7700ee37430f16cf24309688db14e127ead24b150763010faf33652203743670dc9aec59bda90d2cfedbeccebbcd9d5ed4c09be8603fa97a1b9c67a04aeaea1a7098784b43d5d91d922ddb6bcb1d5860ff6a534bd1de60db15dcb017028803d3e67658dacbffe97c53f90f2d369b75ebed29b3d43841f2edcad3c9f61cf01b41879bd883b850a1b34263a976eba55ae1337", 0x200, 0x0, 0x1, {0x3}}, 0x6) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100, 0x1) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) fcntl$setlease(r5, 0x400, 0x0) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r8 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r9 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) syz_io_uring_submit(r10, 0x0, 0x0, 0x0) syz_io_uring_submit(r10, r11, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r12}}, 0x0) syz_io_uring_submit(r6, r2, &(0x7f00000000c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1, 0x0, 0x0, 0x0, 0x23457, 0x0, 0x0, 0x0, {0x0, r12}}, 0x101) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r5) 02:26:41 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000000000000) [ 2155.873085] FAULT_INJECTION: forcing a failure. [ 2155.873085] name failslab, interval 1, probability 0, space 0, times 0 [ 2155.874260] CPU: 0 PID: 12826 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2155.874849] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2155.875553] Call Trace: [ 2155.875787] dump_stack+0x107/0x167 [ 2155.876101] should_fail.cold+0x5/0xa [ 2155.876440] ? __alloc_skb+0x6d/0x5b0 [ 2155.876772] should_failslab+0x5/0x20 [ 2155.877105] kmem_cache_alloc_node+0x55/0x330 [ 2155.877494] __alloc_skb+0x6d/0x5b0 [ 2155.877807] alloc_skb_with_frags+0x92/0x570 [ 2155.878185] ? trace_hardirqs_on+0x5b/0x180 [ 2155.878559] ? kmem_cache_free+0xa7/0x2d0 [ 2155.878914] sock_alloc_send_pskb+0x7af/0x930 [ 2155.879302] ? sk_alloc+0x350/0x350 [ 2155.879622] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2155.880062] ? trace_hardirqs_on+0x5b/0x180 [ 2155.880457] ? __dev_queue_xmit+0xe4e/0x2710 [ 2155.880831] ? __local_bh_enable_ip+0x9d/0x100 [ 2155.881221] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2155.881651] ? ip6_mtu+0x1bb/0x3d0 [ 2155.881951] ? lock_downgrade+0x6d0/0x6d0 [ 2155.882300] ? ip_frag_init+0x350/0x350 [ 2155.882644] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2155.883034] ? ip6_mtu+0x1e9/0x3d0 [ 2155.883334] ? ip6_setup_cork+0xfb7/0x1740 [ 2155.883690] ip6_make_skb+0x2de/0x4e0 [ 2155.884008] ? ip_frag_init+0x350/0x350 [ 2155.884345] ? ip_frag_init+0x350/0x350 [ 2155.884701] ? ip6_push_pending_frames+0xf0/0xf0 [ 2155.885108] ? ip6_dst_check+0x389/0x8d0 [ 2155.885451] ? sk_dst_check+0x235/0x4c0 [ 2155.885792] udpv6_sendmsg+0x20d3/0x2ad0 [ 2155.886137] ? ip_frag_init+0x350/0x350 [ 2155.886479] ? udp_v6_push_pending_frames+0x360/0x360 [ 2155.886924] ? perf_event_task_disable+0x390/0x390 [ 2155.887339] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2155.887748] ? lock_acquire+0x197/0x470 [ 2155.888083] ? find_held_lock+0x2c/0x110 [ 2155.888456] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2155.888897] ? sock_has_perm+0x1ea/0x280 [ 2155.889254] ? __import_iovec+0x458/0x590 [ 2155.889604] ? udp_v6_push_pending_frames+0x360/0x360 [ 2155.890039] inet6_sendmsg+0x105/0x140 [ 2155.890368] ? inet6_compat_ioctl+0x320/0x320 [ 2155.890745] __sock_sendmsg+0xf2/0x190 [ 2155.891074] ____sys_sendmsg+0x334/0x870 [ 2155.891418] ? sock_write_iter+0x3d0/0x3d0 [ 2155.891773] ? do_recvmmsg+0x6d0/0x6d0 [ 2155.892106] ? __lock_acquire+0x1657/0x5b00 [ 2155.892493] ___sys_sendmsg+0xf3/0x170 [ 2155.892824] ? sendmsg_copy_msghdr+0x160/0x160 [ 2155.893211] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2155.893651] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2155.894026] ? trace_hardirqs_on+0x5b/0x180 [ 2155.894395] ? lock_acquire+0x197/0x470 [ 2155.894729] ? find_held_lock+0x2c/0x110 [ 2155.895078] ? __might_fault+0xd3/0x180 [ 2155.895414] ? lock_downgrade+0x6d0/0x6d0 [ 2155.895767] ? io_schedule_timeout+0x140/0x140 [ 2155.896161] __sys_sendmmsg+0x195/0x470 [ 2155.900539] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2155.900901] ? lock_downgrade+0x6d0/0x6d0 [ 2155.901260] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2155.901668] ? wait_for_completion_io+0x270/0x270 [ 2155.902073] ? rcu_read_lock_any_held+0x75/0xa0 [ 2155.902463] ? vfs_write+0x354/0xb10 [ 2155.902783] ? fput_many+0x2f/0x1a0 [ 2155.903091] ? ksys_write+0x1a9/0x260 [ 2155.903411] ? __ia32_sys_read+0xb0/0xb0 [ 2155.903762] __x64_sys_sendmmsg+0x99/0x100 [ 2155.904121] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2155.904569] do_syscall_64+0x33/0x40 [ 2155.904882] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2155.905311] RIP: 0033:0x7f862c37fb19 [ 2155.905628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2155.907152] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2155.907790] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2155.908393] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2155.908989] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2155.909584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2155.910178] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:26:54 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 80) 02:26:54 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x2, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:26:54 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000000000000) 02:26:54 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x0, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:26:54 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:26:54 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:54 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x40000000) 02:26:54 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff8000/0x2000)=nil, 0x2000, 0x3000006, 0x10, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180)=0x400000) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) syz_io_uring_submit(r1, r6, &(0x7f0000000040)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x3, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80002060}, 0x7f) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:54 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x0, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:26:54 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:26:54 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 81) 02:26:54 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x80000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 2156.019729] FAULT_INJECTION: forcing a failure. [ 2156.019729] name failslab, interval 1, probability 0, space 0, times 0 [ 2156.020857] CPU: 1 PID: 12863 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2156.021437] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2156.022128] Call Trace: [ 2156.022360] dump_stack+0x107/0x167 [ 2156.022670] should_fail.cold+0x5/0xa [ 2156.022996] ? create_object.isra.0+0x3a/0xa20 [ 2156.023386] should_failslab+0x5/0x20 [ 2156.023711] kmem_cache_alloc+0x5b/0x310 [ 2156.024057] ? ___sys_sendmsg+0xf3/0x170 [ 2156.024425] ? __sys_sendmmsg+0x195/0x470 [ 2156.024778] create_object.isra.0+0x3a/0xa20 [ 2156.025150] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2156.025580] kmem_cache_alloc_node+0x169/0x330 [ 2156.025970] __alloc_skb+0x6d/0x5b0 [ 2156.026282] alloc_skb_with_frags+0x92/0x570 [ 2156.026651] ? trace_hardirqs_on+0x5b/0x180 [ 2156.027015] ? kmem_cache_free+0xa7/0x2d0 [ 2156.027368] sock_alloc_send_pskb+0x7af/0x930 [ 2156.027752] ? sk_alloc+0x350/0x350 [ 2156.028072] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2156.028523] ? trace_hardirqs_on+0x5b/0x180 [ 2156.028887] ? __dev_queue_xmit+0xe4e/0x2710 [ 2156.029259] ? __local_bh_enable_ip+0x9d/0x100 [ 2156.029654] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2156.030081] ? ip6_mtu+0x1bb/0x3d0 [ 2156.030386] ? lock_downgrade+0x6d0/0x6d0 [ 2156.030736] ? ip_frag_init+0x350/0x350 [ 2156.031086] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2156.031480] ? ip6_mtu+0x1e9/0x3d0 [ 2156.031781] ? ip6_setup_cork+0xfb7/0x1740 [ 2156.032138] ip6_make_skb+0x2de/0x4e0 [ 2156.032467] ? ip_frag_init+0x350/0x350 [ 2156.032809] ? ip_frag_init+0x350/0x350 [ 2156.033149] ? ip6_push_pending_frames+0xf0/0xf0 [ 2156.033562] ? ip6_dst_check+0x389/0x8d0 [ 2156.033903] ? sk_dst_check+0x235/0x4c0 [ 2156.034247] udpv6_sendmsg+0x20d3/0x2ad0 [ 2156.034598] ? ip_frag_init+0x350/0x350 [ 2156.034939] ? udp_v6_push_pending_frames+0x360/0x360 [ 2156.035380] ? perf_event_task_disable+0x390/0x390 [ 2156.035794] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2156.036202] ? lock_acquire+0x197/0x470 [ 2156.036556] ? find_held_lock+0x2c/0x110 [ 2156.036908] ? sock_has_perm+0x1ea/0x280 [ 2156.037267] ? __import_iovec+0x458/0x590 [ 2156.037623] ? udp_v6_push_pending_frames+0x360/0x360 [ 2156.038060] inet6_sendmsg+0x105/0x140 [ 2156.038394] ? inet6_compat_ioctl+0x320/0x320 [ 2156.038769] __sock_sendmsg+0xf2/0x190 [ 2156.039099] ____sys_sendmsg+0x334/0x870 [ 2156.039444] ? sock_write_iter+0x3d0/0x3d0 [ 2156.039799] ? do_recvmmsg+0x6d0/0x6d0 [ 2156.040130] ? __lock_acquire+0x1657/0x5b00 [ 2156.040516] ___sys_sendmsg+0xf3/0x170 [ 2156.040848] ? sendmsg_copy_msghdr+0x160/0x160 [ 2156.041234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2156.041682] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2156.042056] ? trace_hardirqs_on+0x5b/0x180 [ 2156.042425] ? lock_acquire+0x197/0x470 [ 2156.042760] ? find_held_lock+0x2c/0x110 [ 2156.043117] ? __might_fault+0xd3/0x180 [ 2156.043459] ? lock_downgrade+0x6d0/0x6d0 [ 2156.043815] ? io_schedule_timeout+0x140/0x140 [ 2156.044214] __sys_sendmmsg+0x195/0x470 [ 2156.044569] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2156.044939] ? lock_downgrade+0x6d0/0x6d0 [ 2156.045299] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2156.045709] ? wait_for_completion_io+0x270/0x270 [ 2156.046118] ? rcu_read_lock_any_held+0x75/0xa0 [ 2156.046510] ? vfs_write+0x354/0xb10 [ 2156.046827] ? fput_many+0x2f/0x1a0 [ 2156.047136] ? ksys_write+0x1a9/0x260 [ 2156.047458] ? __ia32_sys_read+0xb0/0xb0 [ 2156.047806] __x64_sys_sendmmsg+0x99/0x100 [ 2156.048163] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2156.048608] do_syscall_64+0x33/0x40 [ 2156.048923] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2156.049355] RIP: 0033:0x7f862c37fb19 [ 2156.049670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2156.051198] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2156.051837] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2156.052449] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2156.053040] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2156.053636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2156.054231] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:27:07 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0xff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x1, 0x0, 0x0) 02:27:07 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00000000000000) 02:27:07 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 82) 02:27:07 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x100000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:27:07 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xb72a0000) 02:27:07 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:07 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x5, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:07 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x0, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 2169.067554] FAULT_INJECTION: forcing a failure. [ 2169.067554] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2169.068665] CPU: 1 PID: 12879 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2169.069251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2169.069964] Call Trace: [ 2169.070198] dump_stack+0x107/0x167 [ 2169.070522] should_fail.cold+0x5/0xa [ 2169.070855] _copy_from_user+0x2e/0x1b0 [ 2169.071202] __copy_msghdr_from_user+0x91/0x4b0 [ 2169.071605] ? __ia32_sys_shutdown+0x80/0x80 [ 2169.071992] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2169.072450] sendmsg_copy_msghdr+0xa1/0x160 [ 2169.072834] ? do_recvmmsg+0x6d0/0x6d0 [ 2169.073173] ? find_held_lock+0x2c/0x110 [ 2169.073538] ___sys_sendmsg+0xc6/0x170 [ 2169.073874] ? sendmsg_copy_msghdr+0x160/0x160 [ 2169.074269] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2169.074725] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2169.075106] ? trace_hardirqs_on+0x5b/0x180 [ 2169.075476] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2169.075860] ? finish_task_switch+0x126/0x5d0 [ 2169.076241] ? finish_task_switch+0xef/0x5d0 [ 2169.076635] ? __switch_to+0x572/0xf70 [ 2169.076969] ? __switch_to_asm+0x3a/0x60 [ 2169.077316] ? __switch_to_asm+0x34/0x60 [ 2169.077668] ? __schedule+0x82c/0x1ea0 [ 2169.078007] ? io_schedule_timeout+0x140/0x140 [ 2169.078409] __sys_sendmmsg+0x195/0x470 [ 2169.078753] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2169.079123] ? lock_downgrade+0x6d0/0x6d0 [ 2169.079490] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2169.079905] ? wait_for_completion_io+0x270/0x270 [ 2169.080322] ? rcu_read_lock_any_held+0x75/0xa0 [ 2169.080735] ? vfs_write+0x354/0xb10 [ 2169.081054] ? fput_many+0x2f/0x1a0 [ 2169.081369] ? ksys_write+0x1a9/0x260 [ 2169.081696] ? __ia32_sys_read+0xb0/0xb0 [ 2169.082049] __x64_sys_sendmmsg+0x99/0x100 [ 2169.082412] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2169.082856] do_syscall_64+0x33/0x40 [ 2169.083174] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2169.083610] RIP: 0033:0x7f862c37fb19 [ 2169.083929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2169.085488] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2169.086135] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2169.086739] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2169.087348] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2169.087954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2169.088570] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:27:07 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:07 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000000000000000) 02:27:07 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x0, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:07 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000040), 0x8, 0x100) io_uring_enter(r3, 0x1e02, 0x1b1, 0x2, &(0x7f00000000c0)={[0x8]}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) io_uring_enter(r0, 0x2d2c, 0x797, 0x0, &(0x7f0000000180)={[0x8]}, 0x8) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:07 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x200000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:27:07 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x8, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:07 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 83) 02:27:07 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe1010000) 02:27:07 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2169.310842] FAULT_INJECTION: forcing a failure. [ 2169.310842] name failslab, interval 1, probability 0, space 0, times 0 [ 2169.312204] CPU: 1 PID: 12934 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2169.313033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2169.313829] Call Trace: [ 2169.314120] dump_stack+0x107/0x167 [ 2169.314433] should_fail.cold+0x5/0xa [ 2169.314795] ? create_object.isra.0+0x3a/0xa20 [ 2169.315775] should_failslab+0x5/0x20 [ 2169.316522] kmem_cache_alloc+0x5b/0x310 [ 2169.317208] create_object.isra.0+0x3a/0xa20 [ 2169.317942] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2169.319041] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2169.320139] ? alloc_skb_with_frags+0x92/0x570 [ 2169.321136] __alloc_skb+0xb1/0x5b0 [ 2169.321928] alloc_skb_with_frags+0x92/0x570 [ 2169.322875] ? trace_hardirqs_on+0x5b/0x180 [ 2169.323808] ? kmem_cache_free+0xa7/0x2d0 [ 2169.324715] sock_alloc_send_pskb+0x7af/0x930 [ 2169.325692] ? sk_alloc+0x350/0x350 [ 2169.326484] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2169.327621] ? trace_hardirqs_on+0x5b/0x180 [ 2169.328558] ? __dev_queue_xmit+0xe4e/0x2710 [ 2169.329509] ? __local_bh_enable_ip+0x9d/0x100 [ 2169.330501] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2169.331592] ? ip6_mtu+0x1bb/0x3d0 [ 2169.332389] ? lock_downgrade+0x6d0/0x6d0 [ 2169.333296] ? ip_frag_init+0x350/0x350 [ 2169.334167] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2169.335171] ? ip6_mtu+0x1e9/0x3d0 [ 2169.335941] ? ip6_setup_cork+0xfb7/0x1740 [ 2169.336867] ip6_make_skb+0x2de/0x4e0 [ 2169.337692] ? ip_frag_init+0x350/0x350 [ 2169.338556] ? ip_frag_init+0x350/0x350 [ 2169.339415] ? ip6_push_pending_frames+0xf0/0xf0 [ 2169.340443] ? ip6_dst_check+0x389/0x8d0 [ 2169.341330] ? sk_dst_check+0x235/0x4c0 [ 2169.342214] udpv6_sendmsg+0x20d3/0x2ad0 [ 2169.343097] ? ip_frag_init+0x350/0x350 [ 2169.343961] ? udp_v6_push_pending_frames+0x360/0x360 [ 2169.345091] ? perf_event_task_disable+0x390/0x390 [ 2169.346156] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2169.347201] ? lock_acquire+0x197/0x470 [ 2169.348061] ? find_held_lock+0x2c/0x110 [ 2169.348954] ? sock_has_perm+0x1ea/0x280 [ 2169.349847] ? __import_iovec+0x458/0x590 [ 2169.350743] ? udp_v6_push_pending_frames+0x360/0x360 [ 2169.351863] inet6_sendmsg+0x105/0x140 [ 2169.352714] ? inet6_compat_ioctl+0x320/0x320 [ 2169.353683] __sock_sendmsg+0xf2/0x190 [ 2169.354529] ____sys_sendmsg+0x334/0x870 [ 2169.355410] ? sock_write_iter+0x3d0/0x3d0 [ 2169.356325] ? do_recvmmsg+0x6d0/0x6d0 [ 2169.357179] ? __lock_acquire+0x1657/0x5b00 [ 2169.358120] ___sys_sendmsg+0xf3/0x170 [ 2169.358962] ? sendmsg_copy_msghdr+0x160/0x160 [ 2169.359950] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2169.361094] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2169.362062] ? trace_hardirqs_on+0x5b/0x180 [ 2169.362999] ? lock_acquire+0x197/0x470 [ 2169.363876] ? find_held_lock+0x2c/0x110 [ 2169.364834] ? __might_fault+0xd3/0x180 [ 2169.365760] ? lock_downgrade+0x6d0/0x6d0 [ 2169.366729] ? io_schedule_timeout+0x140/0x140 [ 2169.367805] __sys_sendmmsg+0x195/0x470 [ 2169.368730] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2169.369660] ? lock_downgrade+0x6d0/0x6d0 [ 2169.370566] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2169.371609] ? wait_for_completion_io+0x270/0x270 [ 2169.372685] ? rcu_read_lock_any_held+0x75/0xa0 [ 2169.373686] ? vfs_write+0x354/0xb10 [ 2169.374485] ? fput_many+0x2f/0x1a0 [ 2169.375266] ? ksys_write+0x1a9/0x260 [ 2169.376084] ? __ia32_sys_read+0xb0/0xb0 [ 2169.376997] __x64_sys_sendmmsg+0x99/0x100 [ 2169.377914] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2169.379026] do_syscall_64+0x33/0x40 [ 2169.379829] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2169.380967] RIP: 0033:0x7f862c37fb19 [ 2169.381770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2169.385798] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2169.387444] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2169.389017] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2169.390557] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2169.392091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2169.393661] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:27:07 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xbf2a000000000000) 02:27:07 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:07 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x0, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:07 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:27:21 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 84) 02:27:21 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x8, 0x40010, r0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80}, 0x48c0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) io_uring_enter(r4, 0xdbb, 0xd187, 0x0, &(0x7f0000000040)={[0x4]}, 0x8) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:21 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x0, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:21 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xd502000000000000) 02:27:21 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:21 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x3b8, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:21 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff) 02:27:21 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 2182.669180] FAULT_INJECTION: forcing a failure. [ 2182.669180] name failslab, interval 1, probability 0, space 0, times 0 [ 2182.670302] CPU: 1 PID: 12978 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2182.670924] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2182.671664] Call Trace: [ 2182.671898] dump_stack+0x107/0x167 [ 2182.672210] should_fail.cold+0x5/0xa [ 2182.672610] ? skb_clone+0x14f/0x3d0 [ 2182.672961] should_failslab+0x5/0x20 [ 2182.673285] kmem_cache_alloc+0x5b/0x310 [ 2182.673685] skb_clone+0x14f/0x3d0 [ 2182.673995] ip6_finish_output2+0x1225/0x1fe0 [ 2182.674437] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 2182.674858] ip6_output+0x3b8/0x7e0 [ 2182.675174] ip6_local_out+0xb4/0x1a0 [ 2182.675548] ip6_send_skb+0x112/0x460 [ 2182.675876] udp_v6_send_skb+0x7aa/0x15b0 [ 2182.676234] udpv6_sendmsg+0x2116/0x2ad0 [ 2182.676661] ? ip_frag_init+0x350/0x350 [ 2182.677018] ? udp_v6_push_pending_frames+0x360/0x360 [ 2182.677516] ? perf_event_task_disable+0x390/0x390 [ 2182.677933] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2182.678391] ? lock_acquire+0x197/0x470 [ 2182.678729] ? find_held_lock+0x2c/0x110 [ 2182.679081] ? sock_has_perm+0x1ea/0x280 [ 2182.679493] ? udp_v6_push_pending_frames+0x360/0x360 [ 2182.679945] ? udp_v6_push_pending_frames+0x360/0x360 [ 2182.680465] inet6_sendmsg+0x105/0x140 [ 2182.680816] ? inet6_compat_ioctl+0x320/0x320 [ 2182.681193] __sock_sendmsg+0xf2/0x190 [ 2182.681580] ____sys_sendmsg+0x334/0x870 [ 2182.681926] ? sock_write_iter+0x3d0/0x3d0 [ 2182.682281] ? do_recvmmsg+0x6d0/0x6d0 [ 2182.682661] ? find_held_lock+0x2c/0x110 [ 2182.683011] ___sys_sendmsg+0xf3/0x170 [ 2182.683389] ? sendmsg_copy_msghdr+0x160/0x160 [ 2182.683779] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2182.684219] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2182.684672] ? trace_hardirqs_on+0x5b/0x180 [ 2182.685047] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2182.685479] ? finish_task_switch+0x126/0x5d0 [ 2182.685854] ? finish_task_switch+0xef/0x5d0 [ 2182.686225] ? __switch_to+0x572/0xf70 [ 2182.686603] ? __switch_to_asm+0x3a/0x60 [ 2182.686942] ? __switch_to_asm+0x34/0x60 [ 2182.687290] ? __schedule+0x82c/0x1ea0 [ 2182.687674] ? io_schedule_timeout+0x140/0x140 [ 2182.688074] __sys_sendmmsg+0x195/0x470 [ 2182.688490] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2182.688876] ? lock_downgrade+0x6d0/0x6d0 [ 2182.689239] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2182.689702] ? wait_for_completion_io+0x270/0x270 [ 2182.690112] ? rcu_read_lock_any_held+0x75/0xa0 [ 2182.690559] ? vfs_write+0x354/0xb10 [ 2182.690880] ? fput_many+0x2f/0x1a0 [ 2182.691201] ? ksys_write+0x1a9/0x260 [ 2182.691575] ? __ia32_sys_read+0xb0/0xb0 [ 2182.691924] __x64_sys_sendmmsg+0x99/0x100 [ 2182.692281] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2182.692797] do_syscall_64+0x33/0x40 [ 2182.693111] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2182.693594] RIP: 0033:0x7f862c37fb19 [ 2182.693912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2182.695537] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2182.696174] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2182.696855] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2182.697510] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2182.698123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2182.698772] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:27:21 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x0, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:21 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:21 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff00000000) 02:27:21 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x500, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:35 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff) 02:27:35 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 85) 02:27:35 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x2000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:35 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x0, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:35 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = dup2(r0, r0) io_uring_enter(r4, 0x4421, 0x497a, 0x2, &(0x7f0000000040)={[0x45]}, 0x8) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r5 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r8}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_FALLOCATE={0x11, 0x4, 0x0, @fd_index=0xa, 0xffffffff, 0x0, 0x8, 0x0, 0x0, {0x0, r8}}, 0x7) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:35 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff00000000) 02:27:35 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:35 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1203000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 2197.325859] FAULT_INJECTION: forcing a failure. [ 2197.325859] name failslab, interval 1, probability 0, space 0, times 0 [ 2197.327070] CPU: 0 PID: 13037 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2197.327668] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2197.328364] Call Trace: [ 2197.328599] dump_stack+0x107/0x167 [ 2197.328939] should_fail.cold+0x5/0xa [ 2197.329269] should_failslab+0x5/0x20 [ 2197.329594] __kmalloc_node_track_caller+0x74/0x3b0 [ 2197.330018] ? alloc_skb_with_frags+0x92/0x570 [ 2197.330409] __alloc_skb+0xb1/0x5b0 [ 2197.330725] alloc_skb_with_frags+0x92/0x570 [ 2197.331097] ? trace_hardirqs_on+0x5b/0x180 [ 2197.331466] ? kmem_cache_free+0xa7/0x2d0 [ 2197.331824] sock_alloc_send_pskb+0x7af/0x930 [ 2197.332210] ? sk_alloc+0x350/0x350 [ 2197.332527] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2197.332981] ? trace_hardirqs_on+0x5b/0x180 [ 2197.333348] ? __dev_queue_xmit+0xe4e/0x2710 [ 2197.333720] ? __local_bh_enable_ip+0x9d/0x100 [ 2197.334117] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2197.334547] ? ip6_mtu+0x1bb/0x3d0 [ 2197.334856] ? lock_downgrade+0x6d0/0x6d0 [ 2197.335208] ? ip_frag_init+0x350/0x350 [ 2197.335554] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2197.335948] ? ip6_mtu+0x1e9/0x3d0 [ 2197.336252] ? ip6_setup_cork+0xfb7/0x1740 [ 2197.336611] ip6_make_skb+0x2de/0x4e0 [ 2197.336949] ? ip_frag_init+0x350/0x350 [ 2197.337292] ? ip_frag_init+0x350/0x350 [ 2197.337631] ? ip6_push_pending_frames+0xf0/0xf0 [ 2197.338042] ? ip6_dst_check+0x389/0x8d0 [ 2197.338388] ? sk_dst_check+0x235/0x4c0 [ 2197.338733] udpv6_sendmsg+0x20d3/0x2ad0 [ 2197.339082] ? ip_frag_init+0x350/0x350 [ 2197.339427] ? udp_v6_push_pending_frames+0x360/0x360 [ 2197.339868] ? perf_event_task_disable+0x390/0x390 [ 2197.340287] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2197.340698] ? lock_acquire+0x197/0x470 [ 2197.341069] ? find_held_lock+0x2c/0x110 [ 2197.341421] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2197.341874] ? sock_has_perm+0x1ea/0x280 [ 2197.342234] ? __import_iovec+0x458/0x590 [ 2197.342593] ? udp_v6_push_pending_frames+0x360/0x360 [ 2197.343026] inet6_sendmsg+0x105/0x140 [ 2197.343357] ? inet6_compat_ioctl+0x320/0x320 [ 2197.343734] __sock_sendmsg+0xf2/0x190 [ 2197.344062] ____sys_sendmsg+0x334/0x870 [ 2197.344410] ? sock_write_iter+0x3d0/0x3d0 [ 2197.344769] ? do_recvmmsg+0x6d0/0x6d0 [ 2197.345118] ? __lock_acquire+0x1657/0x5b00 [ 2197.345495] ___sys_sendmsg+0xf3/0x170 [ 2197.345825] ? sendmsg_copy_msghdr+0x160/0x160 [ 2197.346211] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2197.346651] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2197.347025] ? trace_hardirqs_on+0x5b/0x180 [ 2197.347398] ? lock_acquire+0x197/0x470 [ 2197.347732] ? find_held_lock+0x2c/0x110 [ 2197.348078] ? __might_fault+0xd3/0x180 [ 2197.348417] ? lock_downgrade+0x6d0/0x6d0 [ 2197.348771] ? io_schedule_timeout+0x140/0x140 [ 2197.349179] __sys_sendmmsg+0x195/0x470 [ 2197.349523] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2197.349885] ? lock_downgrade+0x6d0/0x6d0 [ 2197.350245] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2197.350658] ? wait_for_completion_io+0x270/0x270 [ 2197.351065] ? rcu_read_lock_any_held+0x75/0xa0 [ 2197.351457] ? vfs_write+0x354/0xb10 [ 2197.351772] ? fput_many+0x2f/0x1a0 [ 2197.352079] ? ksys_write+0x1a9/0x260 [ 2197.352401] ? __ia32_sys_read+0xb0/0xb0 [ 2197.352748] __x64_sys_sendmmsg+0x99/0x100 [ 2197.353120] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2197.353554] do_syscall_64+0x33/0x40 [ 2197.353869] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2197.354299] RIP: 0033:0x7f862c37fb19 [ 2197.354615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2197.356144] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2197.356786] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2197.357408] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2197.358001] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2197.358593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2197.359184] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:27:35 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffff00000000) 02:27:35 executing program 7: r0 = syz_io_uring_setup(0x1640, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3af}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:35 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:35 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:35 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x31e0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:35 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:27:48 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x3f00, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:49 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4000007, 0x20010, r0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f00000000c0), 0x1) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 86) 02:27:49 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffe4) 02:27:49 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:49 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:27:49 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r5, 0x4004f506, &(0x7f0000000040)) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x407d86f9c0f02723, 0x4000010, r4, 0x8000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000000800)="12eb7dc9066b", 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2210.639902] FAULT_INJECTION: forcing a failure. [ 2210.639902] name failslab, interval 1, probability 0, space 0, times 0 [ 2210.641066] CPU: 0 PID: 13090 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2210.641656] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2210.642355] Call Trace: [ 2210.642588] dump_stack+0x107/0x167 [ 2210.642906] should_fail.cold+0x5/0xa [ 2210.643236] ? skb_clone+0x14f/0x3d0 [ 2210.643559] should_failslab+0x5/0x20 [ 2210.643884] kmem_cache_alloc+0x5b/0x310 [ 2210.644235] skb_clone+0x14f/0x3d0 [ 2210.644546] ip6_finish_output2+0x1225/0x1fe0 [ 2210.644935] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 2210.645379] ip6_output+0x3b8/0x7e0 [ 2210.645697] ip6_local_out+0xb4/0x1a0 [ 2210.646024] ip6_send_skb+0x112/0x460 [ 2210.646354] udp_v6_send_skb+0x7aa/0x15b0 [ 2210.646718] udpv6_sendmsg+0x2116/0x2ad0 [ 2210.647069] ? ip_frag_init+0x350/0x350 [ 2210.647416] ? udp_v6_push_pending_frames+0x360/0x360 [ 2210.647859] ? perf_event_task_disable+0x390/0x390 [ 2210.648280] ? hrtimer_start_range_ns+0x3b2/0xb30 [ 2210.648698] ? lock_acquire+0x197/0x470 [ 2210.649050] ? find_held_lock+0x2c/0x110 [ 2210.649409] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2210.649871] ? sock_has_perm+0x1ea/0x280 [ 2210.650233] ? __import_iovec+0x458/0x590 [ 2210.650589] ? udp_v6_push_pending_frames+0x360/0x360 [ 2210.651031] inet6_sendmsg+0x105/0x140 [ 2210.651364] ? inet6_compat_ioctl+0x320/0x320 [ 2210.651748] __sock_sendmsg+0xf2/0x190 [ 2210.652082] ____sys_sendmsg+0x334/0x870 [ 2210.652430] ? sock_write_iter+0x3d0/0x3d0 [ 2210.652790] ? do_recvmmsg+0x6d0/0x6d0 [ 2210.653141] ? __lock_acquire+0x1657/0x5b00 [ 2210.653519] ___sys_sendmsg+0xf3/0x170 [ 2210.653855] ? sendmsg_copy_msghdr+0x160/0x160 [ 2210.654246] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2210.654690] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2210.655071] ? trace_hardirqs_on+0x5b/0x180 [ 2210.655443] ? lock_acquire+0x197/0x470 [ 2210.655781] ? find_held_lock+0x2c/0x110 [ 2210.656132] ? __might_fault+0xd3/0x180 [ 2210.656473] ? lock_downgrade+0x6d0/0x6d0 [ 2210.656829] ? io_schedule_timeout+0x140/0x140 [ 2210.657246] __sys_sendmmsg+0x195/0x470 [ 2210.657591] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2210.657961] ? lock_downgrade+0x6d0/0x6d0 [ 2210.658326] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2210.658740] ? wait_for_completion_io+0x270/0x270 [ 2210.659152] ? rcu_read_lock_any_held+0x75/0xa0 [ 2210.659548] ? vfs_write+0x354/0xb10 [ 2210.659867] ? fput_many+0x2f/0x1a0 [ 2210.660180] ? ksys_write+0x1a9/0x260 [ 2210.660506] ? __ia32_sys_read+0xb0/0xb0 [ 2210.660858] __x64_sys_sendmmsg+0x99/0x100 [ 2210.661230] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2210.661666] do_syscall_64+0x33/0x40 [ 2210.661983] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2210.662418] RIP: 0033:0x7f862c37fb19 [ 2210.662737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2210.664276] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2210.664922] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2210.665538] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2210.666141] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2210.666742] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2210.667344] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:27:49 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, 0x0, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:27:49 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:27:49 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x1daf, &(0x7f0000000180)={0x0, 0x8b71, 0x0, 0x2, 0x1a4, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040), &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r4, &(0x7f0000000300)=@IORING_OP_TIMEOUT={0xb, 0x5, 0x0, 0x0, 0xa, &(0x7f00000002c0)={0x0, 0x3938700}, 0x1, 0x1, 0x1}, 0x6) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfffffffe) 02:27:49 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x4000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:27:49 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000040), 0x1}}, 0x0, 0xb, 0xffffffffffffffff, 0x2) sendto(0xffffffffffffffff, &(0x7f00000002c0)="b755d84e8e93fe60c4c4fdd3873be78d9d0e11736501d936ea03489e6df50d81f76bf373e0d9d447cd98df199d6b425a255fa09e2677df422182d90360328e63d869d466885b0e97854d26a2e3b8bf48e74f0aa0eff8349de60ef4724e5e8554dee3e9fd3adb923a8a6dc44f311150bfa646990a9f04182e362e5b2d16dce2138ebcd9a9f452367addfe85eb446b554133ac5ed2a865eecda91c5464b1a190eb60e3d5904f972c94bbf69438dd40266de8f6d7d63093d6198141c5c5fc99", 0xbe, 0x1, &(0x7f0000000180)=@x25, 0x80) syz_io_uring_submit(0x0, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10010, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:27:49 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x652a000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:27:49 executing program 7: sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="6c0000000506050000000000000000000700000405000100070000000900020073797a30000000000900020073797a320000000005000100070000000900030073797a30000000000900030073797a30000000000900030073797a32000500000900030073797a3200000000389b6138ecd07344583646e32a2e60c1a508197715dc171c5b83f8dc616ab5f23d964ef3e4d0f704000000000000006d3b1bc87e038b97aa40f7023170f8094a4bf4055a27a240bd2cf921afee19d1256dd40c1bde68248813bd11d6476c2b5f3e5a40837bf010802ff9fef48c30dc5b453badc3ae5b747d1623a4f52da91fc5624b9a6cdafaca5488fcfcbd16cd70a7d8e4b154194586bf6aba0b3990c4e72aedb701ac6508d005e5bedbc6ee22edb4e49c23baf2eb73b1ad4aa956daf88ce0940ba595e35952d467ff8dc8902d76dbe779a5b6d8ab78611de6e880295f5d560d46a6660046f7008ddb34a4b40d91157c96923728544c703d31"], 0x6c}, 0x1, 0x0, 0x0, 0x40000}, 0x1) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_setup(0x6400, &(0x7f0000000300)={0x0, 0x1617, 0x20, 0x3, 0x2b6, 0x0, r0}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000380), &(0x7f00000003c0)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000001, 0x1010, r4, 0xa187c000) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:02 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 87) 02:28:02 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0x5}, 0x850, 0x0, 0x0, 0x2, 0x9, 0x6, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r10 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r8, r2, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f00000000c0)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}}, 0x0) r11 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) syz_io_uring_submit(r5, r9, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x6803b96e66c3d7d2, 0x0, r11, 0x80, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x0, {0xa, 0x4e24, 0x1f, @dev={0xfe, 0x80, '\x00', 0x22}, 0x35f}}}}, 0xd494) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r14 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r12, r13, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r14, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r15 = socket$packet(0x11, 0x0, 0x300) syz_io_uring_submit(r3, r13, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x1, 0x0, @fd_index=0xa, 0x3, {0x0, r15}, 0x80000000, 0x2, 0x0, {0x0, 0x0, r4}}, 0x5) 02:28:02 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x0) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:02 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:02 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xb803, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:28:02 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:02 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff00000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:02 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x10000000000) [ 2224.178968] FAULT_INJECTION: forcing a failure. [ 2224.178968] name failslab, interval 1, probability 0, space 0, times 0 [ 2224.180035] CPU: 1 PID: 13187 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2224.180617] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.181334] Call Trace: [ 2224.181566] dump_stack+0x107/0x167 [ 2224.181879] should_fail.cold+0x5/0xa [ 2224.182205] ? create_object.isra.0+0x3a/0xa20 [ 2224.182597] should_failslab+0x5/0x20 [ 2224.182922] kmem_cache_alloc+0x5b/0x310 [ 2224.183272] create_object.isra.0+0x3a/0xa20 [ 2224.183646] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2224.184077] kmem_cache_alloc+0x159/0x310 [ 2224.184436] skb_clone+0x14f/0x3d0 [ 2224.184746] ip6_finish_output2+0x1225/0x1fe0 [ 2224.185143] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 2224.185571] ip6_output+0x3b8/0x7e0 [ 2224.185886] ip6_local_out+0xb4/0x1a0 [ 2224.186210] ip6_send_skb+0x112/0x460 [ 2224.186538] udp_v6_send_skb+0x7aa/0x15b0 [ 2224.186898] udpv6_sendmsg+0x2116/0x2ad0 [ 2224.187244] ? ip_frag_init+0x350/0x350 [ 2224.187589] ? udp_v6_push_pending_frames+0x360/0x360 [ 2224.188041] ? lock_acquire+0x197/0x470 [ 2224.188378] ? find_held_lock+0x2c/0x110 [ 2224.188732] ? sock_has_perm+0x1ea/0x280 [ 2224.189093] ? __import_iovec+0x458/0x590 [ 2224.189462] ? udp_v6_push_pending_frames+0x360/0x360 [ 2224.189904] inet6_sendmsg+0x105/0x140 [ 2224.190238] ? inet6_compat_ioctl+0x320/0x320 [ 2224.190618] __sock_sendmsg+0xf2/0x190 [ 2224.190950] ____sys_sendmsg+0x334/0x870 [ 2224.191297] ? sock_write_iter+0x3d0/0x3d0 [ 2224.191654] ? do_recvmmsg+0x6d0/0x6d0 [ 2224.191987] ? __lock_acquire+0x1657/0x5b00 [ 2224.192362] ___sys_sendmsg+0xf3/0x170 [ 2224.192695] ? sendmsg_copy_msghdr+0x160/0x160 [ 2224.193086] ? __fget_files+0x2cf/0x520 [ 2224.193445] ? lock_acquire+0x197/0x470 [ 2224.193781] ? find_held_lock+0x2c/0x110 [ 2224.194131] ? __might_fault+0xd3/0x180 [ 2224.194469] ? lock_downgrade+0x6d0/0x6d0 [ 2224.194836] __sys_sendmmsg+0x195/0x470 [ 2224.195178] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2224.195546] ? lock_downgrade+0x6d0/0x6d0 [ 2224.195911] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2224.196323] ? wait_for_completion_io+0x270/0x270 [ 2224.196735] ? rcu_read_lock_any_held+0x75/0xa0 [ 2224.197137] ? vfs_write+0x354/0xb10 [ 2224.197464] ? fput_many+0x2f/0x1a0 [ 2224.197775] ? ksys_write+0x1a9/0x260 [ 2224.198100] ? __ia32_sys_read+0xb0/0xb0 [ 2224.198455] __x64_sys_sendmmsg+0x99/0x100 [ 2224.198815] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.199250] do_syscall_64+0x33/0x40 [ 2224.199566] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2224.200000] RIP: 0033:0x7f862c37fb19 [ 2224.200320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2224.201876] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2224.202520] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2224.203118] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2224.203718] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2224.204325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2224.204926] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:28:02 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:02 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff00000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:02 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x1000000000000) 02:28:02 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x3, 0x10148, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10001, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:02 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x0) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:15 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(0xffffffffffffffff, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:15 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 88) 02:28:15 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffff00000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:15 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x80000000000000) 02:28:15 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x1f90, &(0x7f0000000180)={0x0, 0x234a, 0x0, 0x1, 0x102, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000440)=@IORING_OP_WRITEV={0x2, 0x1, 0x0, @fd_index, 0x2, &(0x7f0000000480)=[{&(0x7f00000002c0)="44e8d02d9ab476b3f6d4468834222705f5a09b6f2ce7ce461d", 0x19}, {&(0x7f0000000300)="ba5a1c0205889d2117030376647715b853465ce1cc4e70bc43fa67084da20cf73c82c906ef7255234ed6cc53ee5741900fca2ccb9f77d145c3f2870e66c6eba59752edb4c1e308b3295d1ea8ecae935cddf7330a27c13506b802371a9cbfb5127387b8d218adffabd202e8f192416902d65d766f14c75dd09977ad4318aa0d099f011edc03e72d361e08e4b53e0c012a25004535ec2340fd3ab95196f34b8203080c7d4202553faf1730002bd74173e033ac25f895d694dad71b41385393646ec4c4bfe7ed073fc74d664acc50", 0xcd}], 0x2, 0x8, 0x1, {0x2}}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:15 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xe031, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:28:15 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0x3f23}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = syz_io_uring_setup(0x55da, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x0, 0x3a7}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000380)=0x0, &(0x7f0000000300)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r6}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x3, 0x0, @fd_index=0x3, 0x4, 0x0, 0x9, 0x4, 0x1, {0x0, r6}}, 0x2) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000000)=@IORING_OP_FSYNC, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000015, 0x810, r0, 0x0) r8 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0xb, 0x4, @tid=r8}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x77359400}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f00000002c0)={0x0, 0x3938700}, &(0x7f00000001c0)) r9 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xfffffffffffeffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r7, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r10, &(0x7f0000000100), 0x5a, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r10, 0xc0189374, &(0x7f0000000180)=ANY=[@ANYBLOB="0100002435830059d80000", @ANYRES32=r9, @ANYBLOB="ff0f0000000000002e2f66696c653000"]) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:15 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x0) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 2237.515003] FAULT_INJECTION: forcing a failure. [ 2237.515003] name failslab, interval 1, probability 0, space 0, times 0 [ 2237.517375] CPU: 0 PID: 13246 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2237.519845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2237.521763] Call Trace: [ 2237.522285] dump_stack+0x107/0x167 [ 2237.522920] should_fail.cold+0x5/0xa [ 2237.523642] ? create_object.isra.0+0x3a/0xa20 [ 2237.524495] should_failslab+0x5/0x20 [ 2237.525231] kmem_cache_alloc+0x5b/0x310 [ 2237.526075] ? ___sys_sendmsg+0xf3/0x170 [ 2237.526915] ? __sys_sendmmsg+0x195/0x470 [ 2237.527818] create_object.isra.0+0x3a/0xa20 [ 2237.528736] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2237.529513] kmem_cache_alloc_node+0x169/0x330 [ 2237.530057] __alloc_skb+0x6d/0x5b0 [ 2237.530419] alloc_skb_with_frags+0x92/0x570 [ 2237.530907] ? trace_hardirqs_on+0x5b/0x180 [ 2237.531324] ? kmem_cache_free+0xa7/0x2d0 [ 2237.531823] sock_alloc_send_pskb+0x7af/0x930 [ 2237.532279] ? sk_alloc+0x350/0x350 [ 2237.532593] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2237.533148] ? lock_chain_count+0x20/0x20 [ 2237.533742] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2237.534225] ? ip6_mtu+0x1bb/0x3d0 [ 2237.534536] ? lock_downgrade+0x6d0/0x6d0 [ 2237.534989] ? ip_frag_init+0x350/0x350 [ 2237.535383] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2237.535873] ? ip6_mtu+0x1e9/0x3d0 [ 2237.536222] ? ip6_setup_cork+0xfb7/0x1740 [ 2237.536583] ip6_make_skb+0x2de/0x4e0 [ 2237.536902] ? ip_frag_init+0x350/0x350 [ 2237.537362] ? ip_frag_init+0x350/0x350 [ 2237.537700] ? ip6_push_pending_frames+0xf0/0xf0 [ 2237.538105] ? ip6_dst_check+0x389/0x8d0 [ 2237.538519] ? sk_dst_check+0x235/0x4c0 [ 2237.538864] udpv6_sendmsg+0x20d3/0x2ad0 [ 2237.539260] ? ip_frag_init+0x350/0x350 [ 2237.539604] ? udp_v6_push_pending_frames+0x360/0x360 [ 2237.540043] ? _down_write_nest_lock+0x160/0x160 [ 2237.540497] ? vmacache_update+0xce/0x140 [ 2237.540853] ? do_user_addr_fault+0x5b0/0xc60 [ 2237.541330] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2237.542317] ? asm_exc_page_fault+0x1e/0x30 [ 2237.543041] ? sock_has_perm+0x1ea/0x280 [ 2237.543787] ? __import_iovec+0x458/0x590 [ 2237.544533] ? udp_v6_push_pending_frames+0x360/0x360 [ 2237.545546] inet6_sendmsg+0x105/0x140 [ 2237.546470] ? inet6_compat_ioctl+0x320/0x320 [ 2237.547530] __sock_sendmsg+0xf2/0x190 [ 2237.548685] ____sys_sendmsg+0x334/0x870 [ 2237.552968] ? sock_write_iter+0x3d0/0x3d0 [ 2237.553892] ? do_recvmmsg+0x6d0/0x6d0 [ 2237.554626] ? __lock_acquire+0x1657/0x5b00 [ 2237.555460] ___sys_sendmsg+0xf3/0x170 [ 2237.556481] ? sendmsg_copy_msghdr+0x160/0x160 [ 2237.557353] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2237.558281] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2237.559032] ? trace_hardirqs_on+0x5b/0x180 [ 2237.559806] ? lock_acquire+0x197/0x470 [ 2237.560549] ? find_held_lock+0x2c/0x110 [ 2237.561298] ? __might_fault+0xd3/0x180 [ 2237.561644] ? lock_downgrade+0x6d0/0x6d0 [ 2237.561998] ? io_schedule_timeout+0x140/0x140 [ 2237.562439] __sys_sendmmsg+0x195/0x470 [ 2237.562783] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2237.563146] ? lock_downgrade+0x6d0/0x6d0 [ 2237.563550] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2237.563958] ? wait_for_completion_io+0x270/0x270 [ 2237.564413] ? rcu_read_lock_any_held+0x75/0xa0 [ 2237.564811] ? vfs_write+0x354/0xb10 [ 2237.565126] ? fput_many+0x2f/0x1a0 [ 2237.565521] ? ksys_write+0x1a9/0x260 [ 2237.565846] ? __ia32_sys_read+0xb0/0xb0 [ 2237.566238] __x64_sys_sendmmsg+0x99/0x100 [ 2237.566597] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2237.567031] do_syscall_64+0x33/0x40 [ 2237.567392] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2237.567820] RIP: 0033:0x7f862c37fb19 [ 2237.568136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2237.569782] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2237.570463] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2237.571058] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2237.571719] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2237.572356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2237.572951] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:28:15 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:15 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x100000000000000) 02:28:16 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x800000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:28:16 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x2, 0x0, 0x0) 02:28:16 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f00000004c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r4 = syz_open_dev$evdev(&(0x7f0000000540), 0x7, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000580)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, r3, &(0x7f0000000500)={0x40000009}, r4, 0x1, 0x0, 0x1}, 0x9) r5 = syz_io_uring_setup(0x6c6b, &(0x7f00000002c0)={0x0, 0x800}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) open(0x0, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, 0x0}, 0x0) lstat(&(0x7f00000001c0)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000340)={{}, {0x1, 0x4}, [{}, {0x2, 0xf831ff745e086261}, {0x2, 0x7, 0xee01}, {0x2, 0x6, 0xee01}, {0x2, 0x6, 0xee01}, {0x2, 0x2, 0xffffffffffffffff}], {0x4, 0x2}, [{0x8, 0x1}], {0x10, 0x2}, {0x20, 0x2}}, 0x5c, 0x2) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_FADVISE={0x18, 0x2, 0x0, @fd_index}, 0x7) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r5, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}, 0xc00, 0x0, 0x0, 0x0, 0x0, 0x1, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r8, r7, &(0x7f0000000080)=@IORING_OP_ACCEPT={0xd, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8001) io_uring_enter(r5, 0x58ab, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x3, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:16 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:16 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd=r0}, 0x1) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x44, r4, 0x4, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x1000}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x5}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x1}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x2}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0xffffff00}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0xffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x840}, 0x80) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x37bc, 0x0, 0x1, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:16 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000005c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000002800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000140000000c00018008000100", @ANYRES32=r3, @ANYBLOB="76a1cce55f953b"], 0x20}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002740), 0xffffffffffffffff) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(r4, &(0x7f0000002800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={0x20, r5, 0x1, 0x0, 0x0, {0x14}, [@ETHTOOL_A_EEE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x20}}, 0x0) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f00000003c0)={0x118, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x9}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0xffff7fff}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0xffffffe0}, @ETHTOOL_A_RINGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x28}, @ETHTOOL_A_RINGS_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}]}, @ETHTOOL_A_RINGS_HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x1}, @ETHTOOL_A_RINGS_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x8000}, 0x44085) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_setup(0x79a2, &(0x7f0000000180)={0x0, 0x73a9, 0x4, 0x0, 0xbf}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)) syz_io_uring_complete(r9) r10 = clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) clone3(&(0x7f0000000800)={0x100, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000880), {0x15}, &(0x7f0000000680)=""/250, 0xfa, &(0x7f0000000380)=""/34, &(0x7f0000000780)=[r10, r10, 0x0, r10, r10, 0x0], 0x6}, 0x58) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0xf443, 0x0, 0x0, 0x8, 0x6, 0x0, 0x2}, r10, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:29 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x2, 0x0, 0x0) 02:28:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 89) 02:28:29 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x410000) fcntl$setown(r3, 0x8, 0xffffffffffffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x104) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000100), 0x5a, 0x0) syz_io_uring_setup(0x1c, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x0, 0x2000, 0x0, r5}, &(0x7f0000ff3000/0x2000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r8 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r8, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r2, &(0x7f00000000c0)=@IORING_OP_CLOSE={0x13, 0x1, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r9}}, 0x979) 02:28:29 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x1000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:28:29 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x200000000000000) 02:28:29 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x18500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x6) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) fcntl$F_GET_RW_HINT(r4, 0x40b, &(0x7f0000000040)) 02:28:29 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:29 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000100), 0x5a, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) io_uring_enter(r4, 0x4b80, 0x3828, 0x3, &(0x7f0000000040)={[0x8]}, 0x8) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2251.314187] FAULT_INJECTION: forcing a failure. [ 2251.314187] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2251.315272] CPU: 0 PID: 13316 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2251.315858] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2251.316555] Call Trace: [ 2251.316788] dump_stack+0x107/0x167 [ 2251.317101] should_fail.cold+0x5/0xa [ 2251.317443] _copy_from_user+0x2e/0x1b0 [ 2251.317790] __copy_msghdr_from_user+0x91/0x4b0 [ 2251.318188] ? __ia32_sys_shutdown+0x80/0x80 [ 2251.318565] ? udp_v6_push_pending_frames+0x360/0x360 [ 2251.319006] ? inet6_sendmsg+0xbd/0x140 [ 2251.319346] ? inet6_compat_ioctl+0x320/0x320 [ 2251.319725] ? __sock_sendmsg+0x55/0x190 [ 2251.320080] sendmsg_copy_msghdr+0xa1/0x160 [ 2251.320459] ? do_recvmmsg+0x6d0/0x6d0 [ 2251.320794] ? __lock_acquire+0x1657/0x5b00 [ 2251.321169] ___sys_sendmsg+0xc6/0x170 [ 2251.321529] ? sendmsg_copy_msghdr+0x160/0x160 [ 2251.322006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2251.322554] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2251.323022] ? trace_hardirqs_on+0x5b/0x180 [ 2251.323479] ? lock_acquire+0x197/0x470 [ 2251.323895] ? find_held_lock+0x2c/0x110 [ 2251.324306] ? __might_fault+0xd3/0x180 [ 2251.324702] ? lock_downgrade+0x6d0/0x6d0 [ 2251.325110] ? io_schedule_timeout+0x140/0x140 [ 2251.325561] __sys_sendmmsg+0x195/0x470 [ 2251.325906] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2251.326274] ? lock_downgrade+0x6d0/0x6d0 [ 2251.326638] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2251.327049] ? wait_for_completion_io+0x270/0x270 [ 2251.327461] ? rcu_read_lock_any_held+0x75/0xa0 [ 2251.327855] ? vfs_write+0x354/0xb10 [ 2251.328173] ? fput_many+0x2f/0x1a0 [ 2251.328485] ? ksys_write+0x1a9/0x260 [ 2251.328811] ? __ia32_sys_read+0xb0/0xb0 [ 2251.329170] __x64_sys_sendmmsg+0x99/0x100 [ 2251.329552] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2251.329991] do_syscall_64+0x33/0x40 [ 2251.330311] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2251.330748] RIP: 0033:0x7f862c37fb19 [ 2251.331065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2251.332616] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2251.333257] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2251.333881] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2251.334485] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2251.335085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2251.335689] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 2251.391118] FAULT_INJECTION: forcing a failure. [ 2251.391118] name failslab, interval 1, probability 0, space 0, times 0 [ 2251.392434] CPU: 0 PID: 13331 Comm: syz-executor.1 Not tainted 5.10.226 #1 02:28:29 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 90) 02:28:29 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x0, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 2251.393133] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2251.393894] Call Trace: [ 2251.394123] dump_stack+0x107/0x167 [ 2251.394433] should_fail.cold+0x5/0xa [ 2251.394759] ? create_object.isra.0+0x3a/0xa20 [ 2251.395147] should_failslab+0x5/0x20 [ 2251.395472] kmem_cache_alloc+0x5b/0x310 [ 2251.395819] create_object.isra.0+0x3a/0xa20 [ 2251.396191] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2251.396626] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2251.401547] ? alloc_skb_with_frags+0x92/0x570 [ 2251.401932] __alloc_skb+0xb1/0x5b0 [ 2251.402240] alloc_skb_with_frags+0x92/0x570 [ 2251.402606] ? trace_hardirqs_on+0x5b/0x180 [ 2251.402967] ? kmem_cache_free+0xa7/0x2d0 [ 2251.403316] sock_alloc_send_pskb+0x7af/0x930 [ 2251.403700] ? sk_alloc+0x350/0x350 [ 2251.404010] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2251.404450] ? lock_chain_count+0x20/0x20 [ 2251.404805] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2251.405227] ? ip6_mtu+0x1bb/0x3d0 [ 2251.405538] ? lock_downgrade+0x6d0/0x6d0 [ 2251.405888] ? ip_frag_init+0x350/0x350 [ 2251.406228] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2251.406616] ? ip6_mtu+0x1e9/0x3d0 [ 2251.406915] ? ip6_setup_cork+0xfb7/0x1740 [ 2251.407271] ip6_make_skb+0x2de/0x4e0 [ 2251.407587] ? ip_frag_init+0x350/0x350 [ 2251.407923] ? ip_frag_init+0x350/0x350 [ 2251.408255] ? ip6_push_pending_frames+0xf0/0xf0 [ 2251.408654] ? ip6_dst_check+0x389/0x8d0 [ 2251.408998] ? sk_dst_check+0x235/0x4c0 [ 2251.409341] udpv6_sendmsg+0x20d3/0x2ad0 [ 2251.409702] ? ip_frag_init+0x350/0x350 [ 2251.410042] ? udp_v6_push_pending_frames+0x360/0x360 [ 2251.410472] ? _down_write_nest_lock+0x160/0x160 [ 2251.410868] ? vmacache_update+0xce/0x140 [ 2251.411220] ? do_user_addr_fault+0x5b0/0xc60 [ 2251.411599] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2251.412043] ? asm_exc_page_fault+0x1e/0x30 [ 2251.412404] ? sock_has_perm+0x1ea/0x280 [ 2251.412759] ? __import_iovec+0x458/0x590 [ 2251.413107] ? udp_v6_push_pending_frames+0x360/0x360 [ 2251.413556] inet6_sendmsg+0x105/0x140 [ 2251.413884] ? inet6_compat_ioctl+0x320/0x320 [ 2251.414258] __sock_sendmsg+0xf2/0x190 [ 2251.414585] ____sys_sendmsg+0x334/0x870 [ 2251.414928] ? sock_write_iter+0x3d0/0x3d0 [ 2251.415285] ? do_recvmmsg+0x6d0/0x6d0 [ 2251.415617] ? __lock_acquire+0x1657/0x5b00 [ 2251.415989] ___sys_sendmsg+0xf3/0x170 [ 2251.416321] ? sendmsg_copy_msghdr+0x160/0x160 [ 2251.416705] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2251.417141] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2251.417529] ? trace_hardirqs_on+0x5b/0x180 [ 2251.417896] ? lock_acquire+0x197/0x470 [ 2251.418229] ? find_held_lock+0x2c/0x110 [ 2251.418575] ? __might_fault+0xd3/0x180 [ 2251.418910] ? lock_downgrade+0x6d0/0x6d0 [ 2251.419262] ? io_schedule_timeout+0x140/0x140 [ 2251.419655] __sys_sendmmsg+0x195/0x470 [ 2251.419998] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2251.420363] ? lock_downgrade+0x6d0/0x6d0 [ 2251.420723] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2251.421130] ? wait_for_completion_io+0x270/0x270 [ 2251.421549] ? rcu_read_lock_any_held+0x75/0xa0 [ 2251.421940] ? vfs_write+0x354/0xb10 [ 2251.422255] ? fput_many+0x2f/0x1a0 [ 2251.422564] ? ksys_write+0x1a9/0x260 [ 2251.422891] ? __ia32_sys_read+0xb0/0xb0 [ 2251.423246] __x64_sys_sendmmsg+0x99/0x100 [ 2251.423604] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2251.424036] do_syscall_64+0x33/0x40 [ 2251.424351] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2251.424781] RIP: 0033:0x7f862c37fb19 [ 2251.425111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2251.426651] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2251.427286] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2251.427879] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2251.428473] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 02:28:29 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x0, 0x0, 0x2, 0x0, 0x0) [ 2251.429065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2251.433687] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:28:29 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, @out_args}, './file0\x00'}) io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x49, 0x0, "a1434d16d9010000004ed1777e0a7fa37760b9e3107318c497350ee047a9f8490f847220e51cb7466d3400322e1767bc90d79831007ef1d09975e05300cb5d5e673b91f6279a08cc5b4cd61c9a449cc7"}, 0xd8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000000180)={0x4, 0x80, 0xd1, 0x3f, 0x5, 0x5, 0x0, 0xff, 0x12021, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x3ff, 0x2, @perf_config_ext={0x1, 0x9bb4}, 0x0, 0x7, 0xffffffff, 0xb, 0xffffffffffff7fff, 0xffffffe1, 0x5, 0x0, 0x1f}, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:29 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:29 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0) io_uring_enter(r0, 0x58af, 0x0, 0x0, 0x0, 0x0) 02:28:29 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x500000000000000) 02:28:29 executing program 7: prctl$PR_SET_ENDIAN(0x14, 0x0) r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed}, &(0x7f00000000c0)=0xe, 0x800) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, 0x0, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r8}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_SENDMSG={0x9, 0x5, 0x0, r3, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x4, 0x1, 0x0, 0x1, {0xa, 0x4e24, 0x3, @loopback, 0xfff}}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000340)="f805da27b62d221223347be4a2a01905cc4fa5fb259993db3be16d75ab105db21d48039249e6c2442ec0c3b1ffed8e8ef2df989730b31b08da2b2dfd159875ed3a7b585700a0e81a21721495ed812f1c19b8843bac74672f1b613878d3cabf76b271fae516b4f22c0d", 0x69}], 0x1, &(0x7f00000003c0)=[{0x78, 0x11, 0x8000, "1787f660ec36edde4856721483835a6ed94c5c1243d6c39b7fc9ddb1291259c3138c4ef8262c20dacdd46ba2af7f80f5e375e96cf7884384eb49a727254e86b11d4559e9d3a30129b027eb3d3ffd6727c5107a0d597787913a57d3c9fe92b5de3e7eb2d6eb9302"}], 0x78}, 0x0, 0x20040002, 0x0, {0x0, r8}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:29 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x2000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:28:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 91) 02:28:43 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000000, 0x80010, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x20010, r0, 0x8000000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r8 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, 0x0, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f00000002c0)="db6ff9ac12cb4ed94d863a5c4e83cfc9f9faaacb9c6c3dfffa5270527e5858ef922dfd625f30a3702da965ee2c77dae4ca3da6079522d9358a50c20d83f4e18026375c6e26f9095152ca23650ddb5b2d18260d07cedbf9d48ffde6a904c01c04791bae2a2fad7877540306e480874d42d72365966185dc60fcfcf67823c5c8ff5107442e98dbbd74b97a7c799d795f84897e1eb854cfae84cb205ab7dd5e7e68d234067f4221d24fb203600d23ea14794745db14e45e7dc05651b0acbf73481aad24851c3e2b4c94e3ea46f2eb6e944ce287b4fe4ff51d4f8f735b52e29ce52a551980a0a2af4dbf35da6d", 0x0, 0x0, 0x0, {0x2, r11}}, 0x0) syz_io_uring_submit(r4, r6, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf, 0x0, {0x0, r11}}, 0x9) 02:28:43 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:43 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:43 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) io_uring_enter(r0, 0x3f23, 0x5cfc, 0x1, &(0x7f0000000040)={[0x20]}, 0x8) 02:28:43 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x800000000000000) 02:28:43 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000000000000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:43 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x5000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) [ 2264.833645] FAULT_INJECTION: forcing a failure. [ 2264.833645] name failslab, interval 1, probability 0, space 0, times 0 [ 2264.834899] CPU: 0 PID: 13391 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2264.835575] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2264.836318] Call Trace: [ 2264.836552] dump_stack+0x107/0x167 [ 2264.836864] should_fail.cold+0x5/0xa [ 2264.837250] ? __alloc_skb+0x6d/0x5b0 [ 2264.837588] should_failslab+0x5/0x20 [ 2264.837920] kmem_cache_alloc_node+0x55/0x330 [ 2264.838358] __alloc_skb+0x6d/0x5b0 [ 2264.838672] alloc_skb_with_frags+0x92/0x570 [ 2264.839044] ? trace_hardirqs_on+0x5b/0x180 [ 2264.839493] ? kmem_cache_free+0xa7/0x2d0 [ 2264.839843] sock_alloc_send_pskb+0x7af/0x930 [ 2264.840282] ? sk_alloc+0x350/0x350 [ 2264.840604] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2264.841043] ? lock_chain_count+0x20/0x20 [ 2264.841470] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2264.841915] ? ip6_mtu+0x1bb/0x3d0 [ 2264.842266] ? lock_downgrade+0x6d0/0x6d0 [ 2264.842618] ? ip_frag_init+0x350/0x350 [ 2264.842961] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2264.843439] ? ip6_mtu+0x1e9/0x3d0 [ 2264.843742] ? ip6_setup_cork+0xfb7/0x1740 [ 2264.844098] ip6_make_skb+0x2de/0x4e0 [ 2264.844475] ? ip_frag_init+0x350/0x350 [ 2264.844816] ? ip_frag_init+0x350/0x350 [ 2264.845206] ? ip6_push_pending_frames+0xf0/0xf0 [ 2264.845643] ? ip6_dst_check+0x389/0x8d0 [ 2264.845991] ? sk_dst_check+0x235/0x4c0 [ 2264.846385] udpv6_sendmsg+0x20d3/0x2ad0 [ 2264.846737] ? ip_frag_init+0x350/0x350 [ 2264.847079] ? udp_v6_push_pending_frames+0x360/0x360 [ 2264.847601] ? _down_write_nest_lock+0x160/0x160 [ 2264.848002] ? vmacache_update+0xce/0x140 [ 2264.848414] ? do_user_addr_fault+0x5b0/0xc60 [ 2264.848796] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2264.849302] ? asm_exc_page_fault+0x1e/0x30 [ 2264.849689] ? sock_has_perm+0x1ea/0x280 [ 2264.850048] ? __import_iovec+0x458/0x590 [ 2264.850484] ? udp_v6_push_pending_frames+0x360/0x360 [ 2264.850918] inet6_sendmsg+0x105/0x140 [ 2264.851333] ? inet6_compat_ioctl+0x320/0x320 [ 2264.851711] __sock_sendmsg+0xf2/0x190 [ 2264.852038] ____sys_sendmsg+0x334/0x870 [ 2264.852439] ? sock_write_iter+0x3d0/0x3d0 [ 2264.852793] ? do_recvmmsg+0x6d0/0x6d0 [ 2264.853123] ? __lock_acquire+0x1657/0x5b00 [ 2264.853562] ___sys_sendmsg+0xf3/0x170 [ 2264.853905] ? sendmsg_copy_msghdr+0x160/0x160 [ 2264.854347] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2264.854723] ? _raw_spin_unlock_irq+0x27/0x30 [ 2264.855105] ? lock_acquire+0x197/0x470 [ 2264.855526] ? find_held_lock+0x2c/0x110 [ 2264.855871] ? __might_fault+0xd3/0x180 [ 2264.856258] ? lock_downgrade+0x6d0/0x6d0 [ 2264.856612] ? io_schedule_timeout+0x140/0x140 [ 2264.857012] __sys_sendmmsg+0x195/0x470 [ 2264.857418] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2264.857804] ? lock_downgrade+0x6d0/0x6d0 [ 2264.858207] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2264.858628] ? wait_for_completion_io+0x270/0x270 [ 2264.859041] ? rcu_read_lock_any_held+0x75/0xa0 [ 2264.859525] ? vfs_write+0x354/0xb10 [ 2264.859842] ? fput_many+0x2f/0x1a0 [ 2264.860202] ? ksys_write+0x1a9/0x260 [ 2264.860536] ? __ia32_sys_read+0xb0/0xb0 [ 2264.860886] __x64_sys_sendmmsg+0x99/0x100 [ 2264.861301] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2264.861753] do_syscall_64+0x33/0x40 [ 2264.862072] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2264.862553] RIP: 0033:0x7f862c37fb19 [ 2264.862872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2264.864525] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2264.865219] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2264.865835] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2264.866486] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2264.867096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2264.867767] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:28:43 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="18000000160011cd0000000000e8ffff0900000004000080"], 0x18}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_WRITEV={0x2, 0x5, 0x2007, @fd=r3, 0x2, &(0x7f0000001500)=[{&(0x7f0000000180)="61e5ee505d66137a2c8f9010d4a2170e036e4b71d7e08969625502b068e4ec7680bf79a4dcde8eb569a39c50a78505658cf11984f26e5f970f5a6edec59c11925f32", 0x42}, {&(0x7f00000002c0)="a0d04a756e12189f45da55976bf8b4d01e9ce0d3e4717ad7c53673239dcd532f668f94202e12f73628f5e91297a66e88074dbc46150a9b9575954b92baa59260bd8f2c076c68667f4dd668a2c6971fc2db76e72d5ddc47875dfeb4160f99919a73ca22eb93e5062ecc17c1c4c8d46c044624931ae3cffefbd0ca54a913a779d950de2e066a6f2dd3467a3708d3cc89ee2a44a0293df10e9896951225d9b47bbc10f853f7875982ceb70481d140cdf341ba6949ba7527c7431ad6be10340d6782f22457daccb0744aebb63709cd20ff3919e111731b97ed5aa9886b1a0ffdb165894850a81cf05fbce8a51e5ffa", 0xed}, {&(0x7f00000003c0)="b1f38160c3bf7056d19376eab0f709fca4d719045736f3da6144df7dbae05e2174fb0526e7047c3930006e66078057748aac120d4669b8b4be7b8056677dda583a5b8480ef51ccdcffc8d137c5264009d36c07966237279460f28a2173e5a9061f504c53c3718259a092cad2e82c7997f6f826c39876b2ed9520164f94efbdcbf1a19a8bc80624adf80edc38de5e421fd11602383faec1cd9a7b7abaa0378122aa3c8be7949d09f22076a8707f1569b377f1e682ef9209c227a7ad0e", 0xbc}, {&(0x7f0000000480)="f940bdc4dd08c45f99f760800b0f075f7f92f23a7b578b3f79df371ee48b66a820ecc37c9b184ececc07ea010209ff1803f702c93f04bcf806afc9fcd7ef0ebb3d23e02d3abc95f1e959ef5927065fbaed78d7aea819", 0x56}, {&(0x7f0000000040)="7ea76ab1d37e04154f43552f55776f3531a3a6c56b0b3ec535ef2794b6f7d91f513f03dcb2785737fef40e670ff7d29da035fc3fcf0b59b8e7efc427", 0x3c}, {&(0x7f0000000500)="51e26555c3504918af696a7b610440fcc3a5f352bdf492d24ad769c5bb66dc11c734f62935ca9cfc9734d7cb0a34124e78230843b41ce81e235b86c2c99ebf3c4da3e12174df4ce64a6c8e5d1842da433762e50d355f32973eb1d744f750fb1c57c989186f089fd745295e1e445f371966c1dbbebda71566c9c363a858c30ef22bb0b92548e07b0ba5a4250c1e4b56870f4333e0328b053ff9ff1ac9e60b452214473ff2d5cf93ee4348982c073112548e9cc1eed58b6bcbcb3576d8b4933e64a8eddac099f4f9a07457c29223cfe1a831133cb79fbe3b00f63aa71d21dfcac15aec68ad74e56b4457a64763432ca45182a8bd5912da63dee17f4f9c2a586fb4bb42be94f66257c70aab694f88e78c96cae5584f05ba5945bc86836ed298f71a5d0885700c9e53b44745dc90acc0e31642c8a25d31b62211874346e41174ecc60df3a35eab31f641597fdf06b11b6b9b3c167418e69a1f56b9b67324bf4f696ea429ed06801a0839b68efe2b0769d355bde9935b009c8137cd3d5021b7bb1124af87d72a53ac65e1576b5eef705ee8bceb3a8cf203a6229bddbca65d4bcc0d23218bbeed81690c27ea358a025e831538428aefaf72ea384666342e1b1c993bd57c3649cf72a1e2640b88fa54e078f3d75c096ee6d0a053793367913eeaaf0e5a876832214306665cecb9b642366fad96c945ee6bb674fe6e3c5a708768ff24aa014ca494492195a001c2ad8959c049580daa9be59a551c4540e25a1169edfdc9157250092383bf6f95ffdbb2c449072d4c01ae4adc17dc18e9376d7146a499026781cb7f0fa90e59107b51aef30947896743efe32eb68baf2848440722f114bd7da26b38692fb2cebf2432d528ff4b2d14977babfb13ed52101f54b991e47a9a89b412c9269d99186ba5085b55ca0a8947b8cb8b463ccb883cdd2e288e309b355fcd5b00d1508d6d076b19bfa0260f44850698f34db4004bd8c17a825259a06c01cca35fb711c17e6fc453727a53b3a29657f406778707ac286f315218ef6b1e88152eb6c74cacf91d5873b08a40361e9ebb4965ac4846605c07839c4e7b91c2dd0838c33a4a6241b6d48677b97a54b247c23b7920b4ec61d6789b611d9724f246e86a35d994f6919c02757ee04a952edd5229efc75f84b5a93c1dfd928e0b6219b5ae2330475c34bf319ab19debf51cab25dbde597288f0d95f187c0763be02cc25d7e645867e955a9297cdeeaf88dea2d6f171f3c3756f554393046d201aa935990887494ec73498edaf017a75fbbc632b12438048af205cb2891ad04291177deb1676bc3d7d24081ce3e043f9ccd74cd4e6419bf1a647247b8fd90e0a95b36d730d190d55edb7dad6ec82eb26ae5e559527a4fb39498fbbc0e60b2d8b7763296e8248b3dc685f17875ea2b100ab56581407315de9e789b5c4b6bf7c976357a95da8cbceb96f3096e609e12063b4d44dcdb7abad7390c876e5efa211f450d0e89092ad1a0319f8ead0cd7cda106f80fbb4cf3bd62d0d29f82e415f2defa51d970f736df62ebb716f5f7f536c3f25d4a7072065972eb6988e2fb802b0c295f7684fba24ffef138ab387e8723c51bbcbad680b723b62cbbf78b5a300baec799d50f2df15f5b2320b6e30f5574e744d66aae4e3e59f2666b06b055ef6a51378623d2eab22ed8ea2bf9cae617d2417ccf85a6dce452d47eca66c4c2306d257b64a79b80c4f714dc0666c5650b8d85937a94be91e092cfaa8fed72e907e6665c13713685e4e419452b435c41b3cd53815be1bf5f9c9847f65a43c46afecd24c360b24b415d982eb57eff5cf8357e58cdce95e4250f67fcf0448f110695c3ac1cfb5a1f12c6fbd6ff1008dc95869f6c496e728dd970a3422af42671b22e56b452ef7952a6b968783262b826cdecba0640d43d8e07520b63c8e1778f2fccecffe0203dde0ca5baffa706d6c14a7717d0575dcbaa3c9dbd8ec50e9034ee80509614302b4179de50731f368c1ed34844a4f1b56ef7ae2a7747967db478c2e87e659d7661b5907132dfb5a26e106b6fce19b2f2388190c0494767f7c1eb52b68e0e21a981e325314cbacdd4738041911b65a3658206b29ff12e7bc15aaff5abed8f2026c4253716858f32f40eb872f0af36122246325acde97f0b5ae66bedeeb7e674f92aa326bb60701a46dc02026f2e69f2482df0af5b1ca29337b6a85a892617b40495c6c5b5e4b6d86df1fde925482e820254ac99528a806ffadc073d486f56d28c055aa254ae79d81c7c9c6bed3e5179c870c9d5cc9806e0ddcf0392b5b6204bbb7a180ac43d9266d25fe82d41d3183d350d0958b78cf40c2e6535bb7b865cdd55e6d4d51e4def2e43ab9d0cbc21679e13fb784537412155aec97034d6273ef6cb26662e8d8d630ead73bc7e09ac70b2e7e6d3cbf9f41e393e9559a0867be77929872423d0cf3a8013203072768b99caec70029a58e76966b56fddb05d3fe30f7874a00811eb145f22b46a056a9332559ad502638108ebfa49b464a7dd51e6bc45f520e479a6d3ab0515dc73c02034b5faaff787799fef3a710bae427f84a9ce99e3bec5967fe8a909fd1bb3d81eb98248b337b758759f46c5d0daf5cf9ba4320338da917d6bdfaba3471dcafaabe0a2c43b54e74a9ca4c42be0d79b391201c23c03b2276deb4d85e02ac749011e73fee1af9f1772b13de6e5f3567de0edf01397441fd0449e8c14150afabc5ad7dfcb5fe3b045786068e344c56dcb5370844717769231bdaf73940dc5876ceedc680334493db829e15654862ca3895af99ca0f0c5f38986e99b25100fefd0b856d33544c3c3c1d16f844910481ec0d31c9fd9f62df9e0facc06aff2c44316050231987e7022da8f69819213ab874283d030a8c75065839650ce9e586a1fd465f704d8e4c795f13dc10ecb6ce0788301ce41ee47edd538d4245db3bdf15d3f6dd5280f5090965ec6c4ebb9f3a9e2c791673ee0567dfa4e3cd7a883557e43dba4f5adc6784593a87afc772a921f350c82e110e9dd67521047bab6eb903de336b9930449f02cb31d34007e754c8885406f18c27894a875450c39999bd8d3dc7bc61f7ff26843dd625ad4fe86e02c38431bb1ba5bc0aa8614f3e238855fe1314b09b4ea5cc7d15c5ec9c490416311584d131f18238d4c53f1f5cc4828a46e49e56c7336d1adfa1ebb167af5c98a45cb5b571534291c2998d20fb08dd7e4bd44caf23aaab3d56e7331222c11b5796309193d34090cced4aea057e2682f15c02980fef493189fab2c6f77b49a0d23b20a96504d702e6018fb66b0784111fbad62ef0eab992e6e5a882e203d9b03238bb1aa7f40e4a08400a8b839eb140e7e6daf5d6ac3ccd9b558d18b4718d1e247ca16212d8ba1f3cba93a0d4f5e977c406e92f52cc7a71b89d4fecbb026e527f73e7062bb63619e2daef2498d2cb97872584c6d5f189b0b3bcc6fcdba9b705f7cb3d99c076a51832b42d55ade3a70a1de0de732eefc547e872591d0a198b66466377c7a5d0b7716608a08ba4a174a707c2a5a695b970df9c31c63c6b323a32e1bfaec3ad35c86ce15cdca6349929f0ac484f2263336e0841cdc7f114268a3d2ad4278983b7681c23a779020d095b02f8b00dfe7f595474d45fc9cd881ae36ee5bb959747a8ba583de8324a34902d9ba0d0382c2fd2382c4f223daccd644b1615a0a6e35fb9e758f5c683b72fa26ed8dd76691b6aca0d95320a6db2811bb8d27b9f5a0232d9b6c843a2aec67dc05a72a5c579e8c28326496cb519a67de4e29f46cb8e194c37eb5eef96f0dc2f00deaa329447dde47e362b23ec3fdb91e78e6bd12552fddc49e08f189260a9ca5632ed5ddc09f7e91b530c9d8beeb5047455502b1030a7a23ffd621e5e935e98b58844692596e361d5145674313973ccac88c8708f17ab9721e1f92a238516ff05ccf8c01e876b25a434eef01e320253838298f270cc81dd7ed82a13e92e163038afe03b3ee8d724d25d349a386d659e570e72330e34de2f71dc8c489a9fe9294c9d6eb5c95aec5f7b15d537dfd4e4b2e4ecc63ffd86ed9e8315caeee9b05da8d542c961eaed55060a6425aeddf996d9f0bdc56f0d07fcefab5bd9827cf47230a79ea92f7d3769f27b0b40c2f568a641c7602dadc56fdeed9a860c4afb6c85ae02f6015a1cf97e0305cad1439718d2df08b110e2eeafeed1f2c93e6b2d77c37a42287551ac1a28aa19177ce4a5aa141a57755669ff3f1cd0a33b8fc7302cc2aaedeb1a57153f83741cb0b6006d4b4f61070807b8502bc29997eef7316456d24698430feef455ec9d21d294b5f02061c0b70ac4c3fdb847e2cabd67a21e74dfe6fb8d9f78d1e3fa70a2c6c19d6c063830bb9ef543b3058ea7dc44c33d3ac4110613ff1535d8b4c998a05179bd0fd70b1b647f7e2e648d072127e8f7311485087edbd4990e8f1fea200c8c5697b5dac58432136d9e8873700d6f2787cc28df07a035f3b5767c0c8756431f2f394c497d8d14168365c4147f12acd44828f53f9d366f6201fee5f29eb025c6d52f87a839eaf9180ca200ff5937eb5dc097c64f48754ee18e874b0a1ab9df87fb49d9dff9df3215a315abae4d0261e15a1f936c28d575ca1a1ce2e7029ff7eca745e0d7a9a78c8d32e5e52f8cbb5f7a9f4cf0497a4f3fb13a9b002e0f41d0c312e47040e7bad403153541f231367db0ea27169aebb7f3a468a1ccf5a16335d65af390d378543b4cb9afa978853a6e05e42031cb9feeb800081bda966763bc32b9f576ae91bd8fdb70a44c844beb799a7c9d4326d710e85c409db5cfb2ab5616d8166417d88c0074c709db10fc69f9379f40c5cc0afd33124eab866098426aa4c1c0398e7e5eaea826c3aa5b3cf833d067cad93573c92a82cb4dbfb174fb28810c28fdd9f2822335a2fe84d29021c6efb4bfdfe4500f2cc279f68f5606649c100c9d915d28393214509c8e48f9c514b80a773d4b0fa07ddc44204d15a0c80da1a44f8739aef036a377df8bc1d49c250336a3b16685ab9d8ee74edf6332918531be3765c32982015093284aefff020a0f2f3f5c34ba2ae24a54c14f6a9d4b4dfa9590d22bb4432c490e67e0e8c6459ec49d8b1f537d664055a3ceef2deca2ea2406516b802ca6f6c0b858469d30ff52b3641d4b49f429019fca65f939216dbe0e506dbda4e68e1bac203d55fdb17c69bdb9f68a43fdd31a9fed98ecd6819f2fbad40c47fefdc59c285602b1150875872de1fb844a95925ec3ddff7774f3dc49ac8e77a1e451d749a9b12fdac6d29ce31fb320ad0557ce56bc43321e6ff39dad1c876a99a56983229960026a0063758b24dc357d98fd5e2ce88acda8159f3de444f257c1bad924b700410935cd274d9d56ca9a8f25701d5337a15cd22972fa63fb33be4bea507ec4aa31e84d389b1eef46c98586ad3877648fd7de3264a9de890558081e5513ed3f865f00709c6cfe2da81929fcfa002a0e4665f04fe288bd31460a7e62c9fa0af3723b88fd7be84c1c8a70f69ae6cf6c57315bb98756de00c26498d45d3303c92c16d40b572b6f9f1ea8366607a95bd933834dec33f760e653c3b04aca0298391fd44e96117210efa514da05d7e6edb6c5a44430981879c4a8402257aa1508246ecf682983c35f6d76c549d19d79f43934894666ff8d7229b2bb351738869258421ec61f431bd8ecd44d5c4c36a4a29c967145e7630342cd1a4ce416c3fcf7ab0652ac3429e50ed20d4c0fcb8d348404a7834e00baa9c84fcfa97ec77481a79452f636262f634b38ea17ba13a3", 0x1000}], 0x6, 0x14, 0x0, {0x3}}, 0x5) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000009, 0x12, r0, 0x8000000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) syz_io_uring_submit(r4, r6, &(0x7f00000016c0)=@IORING_OP_WRITEV={0x2, 0x5, 0x4000, @fd=r8, 0x7fff, &(0x7f0000001680)=[{&(0x7f0000001580)="156a7f799a691dace7f4e97143480a1b21fc96591520d1b137ce2595e8220551c87b0a7f86df2cea87bd18ec123843aac85f9fff6e6871ab992f2dffb6e84866469b2f62e6d1fb905f6e9688bf823f028316c958a90c862b4d8a4e770b1e25d650c8f4585cb247460fa012386ac38502e31b8c23a436f41d49e0ce4d641288211db8fca5387074693517e6e9f3a8d5241b2b22de1424dfa4f604009cec28c1913eb4c58fa973b5c5f9d2bed37ad4eaa959433108e58213ed430ac3e2805244dc2b1918c4b4cac98a9ef9d7950d2626ee10a201dfe080fbe1f5", 0xd9}, {&(0x7f0000001e00)="c02eba2f962521bed317c7e26cc24fc03e1ea44fa55d7b4ad1111efebe0f53dbb4a79f4e42e9592a1891c43b176c8205369becee2d592232f65f8fd5cf764792eec2f2d31bdf835950bf1023c897a1dac656c030d69561109404b0b1dba6d24d8f06590b56c7fcbdf41884ea295cdf81c2749c8079331673d90012efa877640920c85edc4f81fd84d2a7b563390bf3b62aa4656f54db7009e8a71f2e4428b5aab10da69becde3145456c2af84d45f7dc78b81a35fae94539b71aceb16c52d6c2fe7031e5de387e2c5b62a62d2237e589ba6f581e3b1b251ff2319d3f3db98725670f4ec3eb39aa7e1778e3630604d09f80fbdbc933423af09f75f5411661e21f9ae1c17ff3af9232a24b5b3e1245d27d343f1516456ea8fd42c44fde1744ec45f040fc0ff750200f7c94c46a7610c8b52418b2c752e6fe6d50e9d5c4582f76bc0739fa68e8e3aca91615225120e36c980ebe354c853990c0dd30a4c2156d5dc97c9cac5d725764023c5e6a641cba8610a47544c2cc2082112d95bd92eb06e12fcd064eb2eaf9acb1dcf7adf9e392e9a8522ae47fd9e6da12a5a358ed315ea0dcd830f52deb5e5af6e91592a7ec5d15c8e2f4b76efb8cdea0aeb617c3277a44aec5c01f60d0294c2c0ab3aa2e1f03da96453e73b5fca7902738e18ef4b771aef1a7e046a8e7307381d13a78ade050f1f1e8ec1231df785d4fb50b952d44d55234b2091cf9812fe8726014df2b58fd4ad6c87006dcaa158ea65782ef514212e1bea5f5d154cb0bfe5271f78a48b0d5186719dbea5553295906928f8208743af3480769f5dde16babb2381a7373bd30c484e22d280a0beac28d2912f71785b44c2dc7c8eecb71a7f764d7a5121084642d9ce820eb52bbeea135145a5c29746f963ab844c487ab254a9ba3f1d0d5ff6e0b17cbbaf57c0b0c2ba3106ccd7d6f2a24d76a44feff5f5c3f2bd1b5c72185d33967329960ccc34c6feffa99c66d4dbeaba5ce3bff0d36f849d2b932a1412007fb072262409893e69d262d1ca252a5830cfa5fa41ac237f92c63cfee45c7ffab28d9950d509a8358395c29f168bdd695faa3fe8e88fe1011bea2bbdf03e2723bb2caedcc3e16e2c769a08d2fc54c7d2fc04947f956e4142941e909fdaf1289279c9c2efd130c6ff02af0830e36c70238fa7f76689ed68ffda8707e75f2890d44d97343e33228201c5b4a282d5b8ad5a04f5f66a3ac1bba9e1d65d88550095c5831806ddcdf333a1aa539282783295571aa1edce530e3a2dcfe1dcad8c4d3393c24ba536a0b166da9939b8579b62804752a1351c522de5fb7b642b833bdee60dcc333969f908439f01d1d5b7678dd8ee29db503dff6d224274eab4d65fee228d3ce4f1b13fecc2db80a766876c58c470136c90d71152a914098791dda1586e48f2b5e254324f3a9110cd20627db7726a087000a8b3a3bf9de4e2271bb98541aeb5edc98b6fd838aeeb16c58d3a22b5db7e9788b0c2d0e3f2ef37353375de54f57c50688baaf528ca5507acb97f266843818437c74a6fb3ce371fc2afbbc1617f42ae36c899a7e4fec4c5d7b14a3365f5f798b7d5fdcb458088ebc5f0858b488207617d06c805730494474e7c7d6921c3d17d7763e31aa3f386c1631b36f34fe6ed8c3f9c63a830cfce290ad4de1380d2d842c244848ed81185cccb6f9ec7459c9fa0d4079cf2ec92244df54af4a42a2ad098afc846b022c3154f5c26e87fd42bb7e86d5ef32b1c0c55d6205aa8f7352be0e8693df9aa9f27853ad68384bc4fb5319028303ed2037bde3a9e5eb5885b1096696a324438350e83dde88ce49604b5f07ba9a6b58fe8868cd49bc3829e613c6912d1897c4337bd4c16a9ef915c23258be0cdbcba4c1f5dc542190f68a03695c5224aaa27de64cb9081f68115ef112ac11ae51cc0f295376409aed93b892ac11982972f487aa8f0d8e083c7ff71672122a6658bb75bf7bc1a81cec2554d5e4486abd112651948072324d7296da60bab8da45d5894ba19a6a28f025677a726df9ed4f2c989dca80b46c60059fd7ee7de7a1c81057706809dd6384f91283c214a82860b1ed958acce6871d65a4b9a69bd32d7767dbb7a51cd16b7d1c4697dd6eecd95b6b05d2d48dbee3273bca7ec8af777962f19ff507538614d9261f61503a25666ac7a6e14dd8ed009cdca3d9b861743cfc3633a87c736e06995501abd843e8140b99903d7c25d6141bafbb1b52bae215ac401664f2ec854a29e164865cc46922cc7df0f636018d5672fba57c6f9294ba7867ce9626f8598c0f474488849299ac1c3a8b080808a199b15686e8d37e0bee30df6f7712994079e7dbdfaa54cd5b8ab57286cab5ed6f34fc534a0aa42da94ff278c078de39d1ecfee564fd5e98d3fc56b97b8488840b6653ebe17e926797dc59d8c616ecb6cd11e875a9d6364df6731e27ed0bc871989ac28c52c70ce28bbff8cd3145c5d3115a6ee53b37d5e4b2aba4b69885f7dd88e89c308c7b964b47b0d322a689dfd16f4f90741d038bf634a49dab3a8d7720af52cbd21393ba193433a7e497d4aa6f1dcd544c26e67b656bfe3880a136d5aec763c907dcfeed94c26feafacb42fe4282391ac63e2e6d10c969a98bdbc0566b4032b3622c2881b0dd6ca5d06b112ef4e5373c5e542a2d78f92a5d9cab52e70e363715dd90a4d4e39a53468793899071d5eb55e97f6cfb990f3806c7a4a3f3e65bab17e1f0a2ddad8c6866811748bf924290c4f2de4d73007fcefa94f5a7c59841f0541044560f0aaa824d23c8a5d8fec4a653e7a4742ba4ffc14e4d6071a5f945d54e676cbf4848775dccd99dac878a1ab486e7e128ab554c49d01f1ec6c638065fcd05bf9bf18dbef7802d01391f6106780e04aafee98f3996dc6bbf7009933dd055304c0b807397fcb5f41ca3965483344bdd55d5a8624294e4947921a191f63b32f805cd814f93e26513384752a619457f109fba6cd96e1edaefcca0d0bd25aa75e44407dee58a2b5a4981e214dc7f1958d2c37d63a71748334bb2b8ea1bf48213df370c8ca2b4f560914527c55515cf8c168969e8bcf8a5edd7c50faf6786f19b1104d227ddafbc791d2c96907831858c7c674d6647cf59e657774e4a4de9b58c6a6f4de008bbf835c82b1ba01e2550389899c8e8a9b7c6bcd92cd1ad7a9776fcdad078f236922fa1bec5720be6722db12d12c18da4d32dd052a4529af7be1708d0f2855554a43ec19198fdff9725044431021d33c58915b0fcb289be2bc75a64ef833c65816c926fa382ab27d7a52546fe07825977e6b524a200e5142fef46c19ea462b733223b6216d93ff4b2ec65206e30dab233fa3798fe982f24db8fb6750b8c3505b48a41408178ac71400cb61f92e7d0fd128a27d794d7f802c42e4aeb6b667e9698dabe2cca205c2808e949ce3ac6b272f7a0ed7602c81ad68db8ded7691476fdab2ce29fb91ac45232a1a0b7d93f72e3f046594754dd8301d0abe4e7b9a5e8fd44b375295268a5432f842513e0959dc5d9331994e01b132ad6563a2ec93d6dac82fdfe4d4f63bc428265ed607c46cb12026f99f74562b85966928a0ea2cff06e1a0c3aaee79a63e4dc88830ae71d6586d5229ed3b6395d954188791588881228de47d63979a18b8883d11b410963aee06542bae0cf1428a56dacf48db2be4fcbd1d4b28fc14e886f2fe4752ea3c64fb7047cf35a80dc9f77fa11b96adf0a2167712a7b659a38b8902b549dba200a75c53e4b66ad00f2823faf1161e66b9e6743940f3f1cf3376d4d86f87a2841410ee1d92cbf52a5ecc1ee1e431b42d407470206d90601ae491ac1f0d238ef762381506bc907d26c59ea8277dd1784fbe11d586d1ca1a3c937f15f81ea04b7ab360890158ce7c0db0b53c138b298054bed213f7acf94abda08e0683fa5e251b732262aa528ead5125f1224c87401fe654e6ea9c2bee8b623dcf2308aeb1e0675ef36373d73f3912636e4b1ce9215ee7934fe6e41cd5867ffd2d97cba92c012ae5170bbdfa403af654a4e0520f9cdf5118256e57394e379a5421f0e179a5e21a0734bf49ffea4053314e87f2d46ed4520281ca45b433e85f27edc369cff56ea6dfd3ee7f186db771823f7e35885b98d3d5d70f631d1ba092fac1a59e5d55760edeef8df294a33e11dd84c9d3cccba18cca3f94203148fd62ce4e174da84648972aeba7afc3e720599dd6ef651a648437bac2935dbac0a884b18cb2b8e2dfcaa6ccbdf30e295f3367ac13ab68eccd5701d29cda06bd3b8b2e138335baa8181d2cbfd6019e068459673f5df6e211e7c4c652e2fd15687c8a3f0d6b145c6692bdb3ed8315ef01c063d94a6dec2dc6fd3d7ab5eed7aebb39d45f9cb791436f4a5f58416fad7a15a62398212fcafd2f5c089501bfef3b8ddf25312228dd16b0d5a493cdd9558540c8b29db5e9b86a0a2a900f190e26501d9ad8ca097f9c508b150d46386aff2c6fa17f5be4f141dbe1614df737f251c2ec7c05418a3ac7ab473c6c3f0ec3ed538ecb28a1e57518806d9630a1e3db9c9b3dcd9f430a5477c81b2fa5edf1b5afdbff76f10b3cc5cdb8693ee449394162ba577a30c3d526e994bee61684df0716880415a0a7bcd587b3cf0146748d40f743f21b2e66ee80fc0af09f417b12c0aa7cd2b265e9ea326529fc6c355da130066f2e669f3e08db6cf415a0df36fe77e9a9b5d5a34fddb582922ddee27bc5c309e7a92bfcf7486065face0267e0eb4ef0206d27379504d8db2c7cef9f1e3a65575a736053d42637b3b55b54677bb7745a31ba3b304b3254755456c0cbf98aa8757173dc3af05cd8e2671bfa81ef027c820d9f46ad3c28449c7571da0ca0862f4f0bf1f6116c798cccfaf7f29c331e33b05c03276259e67a9cc748268d84546d1b1691c6658cc3e66692364fb037d693159c857e10d08192575c26ef71b87fcbfb640fd7c618e8f03f9dbdd7e5c41d17b07b280eebc303535c61f047b9fc5bee7a3393b4b89b795273e509351015640b338be7202cfbfba864c8d6922c1baaa6e0ebb5c0152437f1801d6034f3504958efca465ec03d14e840775899d889f991d5a47a5e6a54dc906e7561e875af29c8c12346ec83a91ae3c952c825044a8dc545ad6be8455b183a9373348a1c5ee44bf35ddeccc783221d19d5ad201aca5ea499c2be347a3db656a0dbf71474b97c90977731d7a5856e3906a954597547ddda1b4d3763a649f3c997fbbfd1324e0033a964b2258e429c3479ec470087adf2fd7f4e3b28589482b3814dacecca5b5da9f26bef54541b668c4070bcc65ec9460cf333275e481a501de2d2713425ba136ee86b158f23bb1a2adc210f0bcf1db67eea9cf72d50760dcafea39e5c86c8b03931f90ecc56ae0091d2e18b39e6f3f100a671598673374063607fe87c702dc15a82d062a6cb41e9f5b9e94c547e3ca1bc0337448712a553fe8cff6d7f2eb7911019e9ba1b06173a64442d86a86cf2f0210cb33e6543623a16feb9e21990170b3832285fc1c23f8d8d648fdf79d7cd9eeaab21c46e0ad06e8f013f767c571932485e4fa8518457f348e8deaad9804a7c768830a33edefde5d433d4bbbc4a6096ce0a88647ef8ab12cee604eb5eef6cb3678e1cc515f9b47a5ff9d530ae7c3f125d3f39896b739ae8f817e80e78e644f3c32b66381a54a0f458e36c6b4ea55145d80a8279d49a706eec9364ac7dd4bbd9626ada6136eb9d37d715c4139b3edd5176daedb4598746e09a8236ca2bd0eb35db5fd3cf64492a84672409313b71bd97069d2bef7a670", 0x1000}], 0x2, 0x0, 0x0, {0x2}}, 0x81) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:43 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r5, 0x4004f506, &(0x7f0000000040)) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x407d86f9c0f02723, 0x4000010, r4, 0x8000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000000800)="12eb7dc9066b", 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2265.080628] FAULT_INJECTION: forcing a failure. [ 2265.080628] name failslab, interval 1, probability 0, space 0, times 0 [ 2265.081900] CPU: 0 PID: 13435 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2265.082490] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2265.083194] Call Trace: [ 2265.083433] dump_stack+0x107/0x167 [ 2265.083756] should_fail.cold+0x5/0xa [ 2265.084087] ? create_object.isra.0+0x3a/0xa20 [ 2265.084485] should_failslab+0x5/0x20 [ 2265.084813] kmem_cache_alloc+0x5b/0x310 [ 2265.085172] create_object.isra.0+0x3a/0xa20 [ 2265.085563] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2265.086689] kmem_cache_alloc+0x159/0x310 [ 2265.087054] skb_clone+0x14f/0x3d0 [ 2265.087366] ip6_finish_output2+0x1225/0x1fe0 [ 2265.087756] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 2265.088183] ip6_output+0x3b8/0x7e0 [ 2265.088501] ip6_local_out+0xb4/0x1a0 [ 2265.088827] ip6_send_skb+0x112/0x460 [ 2265.089156] udp_v6_send_skb+0x7aa/0x15b0 [ 2265.089519] udpv6_sendmsg+0x2116/0x2ad0 [ 2265.089878] ? ip_frag_init+0x350/0x350 [ 2265.090228] ? udp_v6_push_pending_frames+0x360/0x360 [ 2265.090668] ? _down_write_nest_lock+0x160/0x160 [ 2265.091073] ? vmacache_update+0xce/0x140 [ 2265.091433] ? do_user_addr_fault+0x5b0/0xc60 [ 2265.091832] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2265.092285] ? asm_exc_page_fault+0x1e/0x30 [ 2265.092652] ? sock_has_perm+0x1ea/0x280 [ 2265.093017] ? __import_iovec+0x458/0x590 [ 2265.093376] ? udp_v6_push_pending_frames+0x360/0x360 [ 2265.093842] inet6_sendmsg+0x105/0x140 [ 2265.094177] ? inet6_compat_ioctl+0x320/0x320 [ 2265.094560] __sock_sendmsg+0xf2/0x190 [ 2265.094893] ____sys_sendmsg+0x334/0x870 [ 2265.095240] ? sock_write_iter+0x3d0/0x3d0 [ 2265.095601] ? do_recvmmsg+0x6d0/0x6d0 [ 2265.095934] ? __lock_acquire+0x1657/0x5b00 [ 2265.096310] ___sys_sendmsg+0xf3/0x170 [ 2265.096645] ? sendmsg_copy_msghdr+0x160/0x160 [ 2265.097039] ? __fget_files+0x2cf/0x520 [ 2265.097384] ? lock_acquire+0x197/0x470 [ 2265.097744] ? find_held_lock+0x2c/0x110 [ 2265.098093] ? __might_fault+0xd3/0x180 [ 2265.098435] ? lock_downgrade+0x6d0/0x6d0 [ 2265.098800] __sys_sendmmsg+0x195/0x470 [ 2265.099144] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2265.099510] ? lock_downgrade+0x6d0/0x6d0 [ 2265.099875] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2265.100287] ? wait_for_completion_io+0x270/0x270 [ 2265.100697] ? rcu_read_lock_any_held+0x75/0xa0 [ 2265.101090] ? vfs_write+0x354/0xb10 [ 2265.101408] ? fput_many+0x2f/0x1a0 [ 2265.101741] ? ksys_write+0x1a9/0x260 [ 2265.102064] ? __ia32_sys_read+0xb0/0xb0 [ 2265.102419] __x64_sys_sendmmsg+0x99/0x100 [ 2265.102779] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2265.103212] do_syscall_64+0x33/0x40 [ 2265.103531] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2265.103965] RIP: 0033:0x7f862c37fb19 [ 2265.104284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2265.105833] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2265.106477] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2265.107075] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2265.107678] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2265.108276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2265.108875] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:28:43 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x2000000000000000) 02:28:43 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x8000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:28:43 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, 0x0, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:43 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 92) 02:28:43 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000002800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={0x20, 0x0, 0x1, 0x0, 0x0, {0x14}, [@ETHTOOL_A_EEE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0x20}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000180)={@mcast1, 0x18, r4}) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff5000/0x3000)=nil, 0x3000, 0xeef75dda28f3a9ee, 0x20010, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r9 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r9, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r10, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r10, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r8, &(0x7f0000000040)=@IORING_OP_READ=@pass_buffer={0x16, 0x1, 0x6000, @fd=r10, 0xc662, &(0x7f00000002c0)=""/206, 0xce, 0x15, 0x0, {0x0, r11}}, 0x46be) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2278.348748] FAULT_INJECTION: forcing a failure. [ 2278.348748] name failslab, interval 1, probability 0, space 0, times 0 [ 2278.349805] CPU: 1 PID: 13462 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2278.350388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2278.351079] Call Trace: [ 2278.351312] dump_stack+0x107/0x167 [ 2278.351623] should_fail.cold+0x5/0xa [ 2278.351949] ? skb_clone+0x14f/0x3d0 [ 2278.352268] should_failslab+0x5/0x20 [ 2278.352593] kmem_cache_alloc+0x5b/0x310 [ 2278.352942] skb_clone+0x14f/0x3d0 [ 2278.353252] ip6_finish_output2+0x1225/0x1fe0 [ 2278.353640] __ip6_finish_output.part.0+0x4f7/0xbc0 [ 2278.354091] ip6_output+0x3b8/0x7e0 [ 2278.354406] ip6_local_out+0xb4/0x1a0 [ 2278.354728] ip6_send_skb+0x112/0x460 [ 2278.355053] udp_v6_send_skb+0x7aa/0x15b0 [ 2278.355410] udpv6_sendmsg+0x2116/0x2ad0 [ 2278.355760] ? ip_frag_init+0x350/0x350 [ 2278.356101] ? udp_v6_push_pending_frames+0x360/0x360 [ 2278.356536] ? _down_write_nest_lock+0x160/0x160 [ 2278.356934] ? vmacache_update+0xce/0x140 [ 2278.357288] ? do_user_addr_fault+0x5b0/0xc60 [ 2278.357667] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2278.358132] ? asm_exc_page_fault+0x1e/0x30 [ 2278.358497] ? sock_has_perm+0x1ea/0x280 [ 2278.358856] ? __import_iovec+0x458/0x590 [ 2278.359206] ? udp_v6_push_pending_frames+0x360/0x360 [ 2278.359647] inet6_sendmsg+0x105/0x140 [ 2278.359977] ? inet6_compat_ioctl+0x320/0x320 [ 2278.360355] __sock_sendmsg+0xf2/0x190 [ 2278.360684] ____sys_sendmsg+0x334/0x870 [ 2278.361030] ? sock_write_iter+0x3d0/0x3d0 [ 2278.361385] ? do_recvmmsg+0x6d0/0x6d0 [ 2278.361725] ? __lock_acquire+0x1657/0x5b00 [ 2278.362106] ___sys_sendmsg+0xf3/0x170 [ 2278.362437] ? sendmsg_copy_msghdr+0x160/0x160 [ 2278.362828] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2278.363266] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2278.363642] ? trace_hardirqs_on+0x5b/0x180 [ 2278.364009] ? lock_acquire+0x197/0x470 [ 2278.364345] ? find_held_lock+0x2c/0x110 [ 2278.364690] ? __might_fault+0xd3/0x180 [ 2278.365023] ? lock_downgrade+0x6d0/0x6d0 [ 2278.365375] ? io_schedule_timeout+0x140/0x140 [ 2278.365779] __sys_sendmmsg+0x195/0x470 [ 2278.366121] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2278.366486] ? lock_downgrade+0x6d0/0x6d0 [ 2278.366847] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2278.367258] ? wait_for_completion_io+0x270/0x270 [ 2278.367668] ? rcu_read_lock_any_held+0x75/0xa0 [ 2278.368060] ? vfs_write+0x354/0xb10 [ 2278.368376] ? fput_many+0x2f/0x1a0 [ 2278.368689] ? ksys_write+0x1a9/0x260 [ 2278.369012] ? __ia32_sys_read+0xb0/0xb0 [ 2278.369361] __x64_sys_sendmmsg+0x99/0x100 [ 2278.369739] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2278.370176] do_syscall_64+0x33/0x40 [ 2278.370491] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2278.370921] RIP: 0033:0x7f862c37fb19 [ 2278.371237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2278.372764] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2278.373404] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2278.374018] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2278.374612] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2278.375208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2278.375803] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:28:56 executing program 5: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r5, 0x4004f506, &(0x7f0000000040)) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x407d86f9c0f02723, 0x4000010, r4, 0x8000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x2, 0x0}, &(0x7f0000000800)="12eb7dc9066b", 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:56 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_setup(0xba, &(0x7f0000000180)={0x0, 0x59e2, 0x0, 0x3, 0x275}, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000000c0), &(0x7f00000002c0)=0x0) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) syz_io_uring_submit(r1, r4, &(0x7f0000000300)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x1, 0x0, @fd=r5, 0x100, 0x0, 0xfffffffa, 0x4, 0x1}, 0x6) r6 = syz_open_dev$mouse(&(0x7f0000000040), 0xffffffff00000001, 0x400000) io_uring_enter(r6, 0x58b0, 0x0, 0x1, 0x0, 0x0) 02:28:56 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 93) 02:28:56 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'bridge_slave_1\x00'}) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:56 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x3f00000000000000) 02:28:56 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:56 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x20000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:28:56 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000180)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x4) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000800)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4007, @fd=r4, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)=""/61, 0x3d}, {&(0x7f0000000200)=""/25, 0x19}, {&(0x7f00000002c0)=""/237, 0xed}, {&(0x7f00000003c0)=""/104, 0x68}, {&(0x7f0000000540)=""/193, 0xc1}, {&(0x7f00000006c0)=""/173, 0xad}, {&(0x7f0000000440)=""/57, 0x39}, {&(0x7f00000004c0)=""/63, 0x3f}], 0x8, 0x4, 0x1}, 0x0) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r10 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r10, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r12 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r12, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r12, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) syz_io_uring_submit(r1, r9, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x3, 0x0, @fd=r4, 0x0, 0x0, 0x1, 0x8, 0x0, {0x0, r11, r12}}, 0x400) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:56 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) syz_io_uring_setup(0x20, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)) r4 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f00000000c0)=@in6={0xa, 0x4e22, 0x0, @empty, 0x1}}, 0x80000000) syz_io_uring_setup(0x622a, &(0x7f00000002c0)={0x0, 0xbf90, 0x1, 0x2, 0x1a1}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000000c0)=0x0) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r5, &(0x7f00000003c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000380)={r6, r7+60000000}, 0x1, 0x1, 0x0, {0x0, r8}}, 0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x5a, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000400)={0x0, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x4e23, @private=0xa010101}, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x44}}, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x5, 0x10000, 0x9a1a}) r9 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r9, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r10, &(0x7f0000000100), 0x5a, 0x0) [ 2278.581580] audit: type=1400 audit(1728181736.981:12): avc: denied { execute } for pid=13502 comm="syz-executor.3" path="pipe:[42064]" dev="pipefs" ino=42064 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fifo_file permissive=1 perf_event_open(&(0x7f0000000180)={0x5, 0x80, 0xff, 0xfd, 0x9, 0x0, 0x0, 0x9, 0x0, 0x3, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0xde8, 0x1, @perf_config_ext={0x0, 0x5}, 0x9, 0x81, 0x5, 0x5, 0x40, 0x0, 0xffff, 0x0, 0x9, 0x0, 0x6a48e7b0}, 0xffffffffffffffff, 0x0, r10, 0x1) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:56 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x5, 0x2007, @fd=r0, 0x6, 0x0, 0x0, 0x15, 0x1, {0x3}}, 0x8000) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = pidfd_getfd(0xffffffffffffffff, r4, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x12, r5, 0x0) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:56 executing program 5: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:56 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:28:56 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x4000000000000000) 02:28:56 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x100000c, 0x13, r3, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:28:57 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r6 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) syz_io_uring_submit(0x0, r5, &(0x7f00000002c0)=@IORING_OP_NOP={0x0, 0x1}, 0x10000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69415, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x2}, 0x0, 0x3, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f0000000100), 0x5a, 0x0) syz_io_uring_setup(0x1a7e, &(0x7f0000000180)={0x0, 0x4211, 0x2, 0x0, 0x184, 0x0, r7}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000040), &(0x7f00000000c0)) 02:28:57 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xb72a000000000000) 02:28:57 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0xfffffffffffffff4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000001}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xd, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:28:57 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x3f000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:09 executing program 5: r0 = syz_io_uring_setup(0x1640, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x3af}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:09 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:29:09 executing program 7: r0 = syz_io_uring_setup(0x34e1, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000003c0)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r1, 0x0, &(0x7f0000000440)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400), 0x1, 0x1}, 0xffffffa9) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r9, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r9, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(r9, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000001e00)=ANY=[@ANYBLOB="c01200002b0000032dbd7000fcdbdf250d0000002e0104806513522fdf86854f2f8e949ab9dc0099ac404cbf78feaf0b9a8573a380d3688b7a4b5146e1737ee98ceee81a42cdb4fd15666f371116f18f9687f673ffdf01361e0b3c88dabf7481dd6a24c4e13677aaad5a3e37444ad5c982d9b12bd206bd41d2689e95be3d333e5a9d9196c074b29bdebf26290e2a55a82ecf34e2bba02ab8043ebd73dd608204202955c2a810c3bece5417ef0208e3860004cdee6c3a2d4299f5c74725c7c13767cb71a8e3af4bccd04e722a639057b7167ce25a92851aef11f532d8f1436473ab0734484c02ef0a1acffced7a76715407896234e131530094a07ced671f28260694c8a9840c60a307b7bf40fdd941a2a4b8dc62e4b4ebcd3dcf9f1b2a44b7492354d9b70bdc21f58a7bfe10e9d172d473b0de6a26ecf2e435e808003e00", @ANYRES32=r10, @ANYBLOB="000004100d8023d6a56b1b13b067675810d4c73a133f58f7c987420271dba87b0b5f0a42b7a9cca0fb99e828d7d2c8b65403d92d7e7c419b7e19e7c098d88ad3f0ae1d1b7e3f180c7cbb41adcc3637b09c06dd75c0635cce43e3f570eafba81a59641edb92c88548944d3e8b6c7dc8462355bc5cdd672ffe7084ab9a6873adab9c8f31cd7179b1f8c812d0da1ae245455b7cac4dc0fc8dec9684ff334951c22158ff9d6aef57116abe0ec21cf431560c291064d43f95553bec728dc40fddbb8141f46b80e9f7b5d435120820253a76b2669c36c6d2458f223b296e26d0f48f46dcaac9486c3663a5e5508c9d6f602e22f1de4c021a9415d267fbbd7ad1c7252a8c987c8b1cc524edf05e5fb64a5b13a26e3d19015fc3adfeb12234e01545cd7aab40b44dbf626fe68c63401f020b87e8c7cad709f2c24351149e1abc90624d14079ae44cab68083084985cb57596eef04327c0330c0dd6a003efba20ae035443ec25e09cea4240c6f207c42ce894a9035990a869b05c4b5ef9c0204548ad4f30e5b814fa901bc1cc900645204c03516dd2c59e5c231aa8812cabcd7004d3e78402ce590cd0c51cb642582c10f6072017384701e9587d60f4f1be12900b616c844fc2062b1c645c1672543dfe6df28c074d1243ddab4c870d8b4b8eeb7ab8bf91a17791689fc388f496e630a26f1cf67e50f779c536e7add4faecdaeed250928222867fc8ef82b43ef96d8f852455d485ce94503ccb199e668f95173b192e0fff70ac0db91c89086447d4770d972022ee70f0b67606df0bfa1d82d61e36bcb25ea934e1baff141f8929f77acdfdb2e55946d928119bde27424cf64e940ecdf1a0befd152ffa78527c6b26ef5a7368d73e2fe47b0c1e036b88165b6517b45ff3dc4239094e350936079010b46264d35f137dfd46f8e2e8f7181163a433bee69376d2b740e677c7ddf9d7d7421cefe01c9b3c27243c6e589aa63c83848ae044196f2c93609938c8170c9f22797c572394b2ddc5f54230497e0dd3a88fda0b1fe3924b63cc9b1eeea6721b9e28977fe0b5575c45501f5b26a9cdbffd1b0d4ec551652cb01f78951a79f4323e4e7dee62691d47516be3bc09ce20285dbb93875abe5e44bea0b187329f63dfd7157a39153a3381edd37898b63c7590e1769ba773dffeacab438db5fb47022667ff98397f28e9c14f1932479d8380b84be9591affcd7a6f194023ce16afef677783e71099e9b6c5abee748eb0c2ad900e952c7374c79beb2e959e40fe18b1559007a5cb011f564b28c56d8e540c418f79d87f3a6dc52257cf11e5139f795a66256b3e170a92fb7f023bd8432c3d74e8c71a6add23ed2a72dd2a14f78e079dfb7f70a96a7c2f5bb0f286675e64b1acb6a27c0a25c0d3f0fd3cbeb56275922c5d038d48ef05afff5418f3d3e03f3ba9c48871ee35db04d0ffdd72fcedcb2a7cb54400ea665a951682e3f377a5a61081144a76967fd8bae67e3c432af54d142f8dadac7e99b37723bb5b31f4ef859f92efe72428bd17c087bb8e781f078330f4352283ed2c0f12a387a1422abe586a64f9a4b7f612ffb50f979549060c366fd4123b6e6fd8e3ee4f2ead12aeb2543a05c3ed4518374d6503542b3b848bc9caf1bd8f7f42392d9151a350756a154e9539d343013e617e5fc88a2de3c582aede35380946d5311fc70cfb7fe1acc33ae1c650b4ba790c08ab50f99531355195a9a89bd7218dd2b4621c0eeee9491762161df9619724085e597294b940bb71946c41bc6b05e0dd84d451ed4435a19d5a8ea38f01364b2f827c81b794fe6a9bbe39128106a561ce527740f7241ae0548871670039cee02f80cac1aae27d2c40bdb3b0a48dc6ceb9138b98ab737e7374745ae7d71d88b79d7d46c28687f750e395f8ba30187ea309726e1ccc0baed445b051f0f2502fd1b37e753e54a61ad845374d9da24822a6597c1dfd6103780610db579832cecef6ca9741330ece5e9ae051b81addd9677f2d7280e6f028a4d33ac83f5ad2332a26b5192b3efde7de2b655d50bca0d3dc3bbd8a682018a4602b62062e9681216260d5fe9936263ca3afc2732a493dd49bcb13f6bf70fce709c0e6144339b7300495029a504e4aa48c29472f136cae0106632627b4a59b5a27cf107dd5fbbb95ea3f4ea3a72c20fe29484016b4f4c9fb404e56c17efb84f36d4196d83221da9b718284bb7de91d2238116f5b256de771e2395d5edb7ab43049db91f16969532098eb8f8d0489d56a29e1e906a0b8eb656577bd4d7d9bda795bd78f1f3fbc43a106b37f0d426efa3f079b9f702c0635f33b962b4895f722471dc07e56b961e719dea27f13639c3aa42d6e53240be445de4c68a941bafc8f3fc34e1f7fe4a70102012596edf93b746947ab576bbd747c55215735c7bcb2df3f129c84cfc1496058c9ef3b7399ffb661ab6c61d1da41d1f0903b43c34ec7e439ea5504fd79ed3783ecd31878f9139c386b958ab00501c836733dc294ebf39ec00ea178dd68e7b0af3f68e185f03ed37f1fa97eeeb20e05026a1c5f15b0a3ab01abed8221dc05a984754c5701127790b628bfd73f81cdf8fc294437e6d88bd8076b4f7386791fce7e96eb97b6d07034f5ecba70fd3326d45800757063def1cd0a0bc73b77aa30b921b094fa39cf3430d9e3f696c932c0c3e802d506f64e3a92141f5c2311d72d3f03d36a16f60a40da9f735d7d31065eefade797b50aac0f0fb817a1e2ae0ce301cd96eae5f0034184868fa7e3183a14c07fa60b970509c547223d8d5ba85bb0c5ac27d4d5ab061158fa1757d4d16d649283ff226c5871fa022f68bb47b9690d0fa0e65bd284f75c9643d3cba7bc1756c69f021945985eea3b400ca65ec90bd834f35c2857eed2e8db7cec73fec89909ba8cebfdf24aa608e233aa81afac8533306762401af84cd6df4eb16e61ac6b1ad9444f884216710f5f9a760fd31b7838fefc922cde8734232f6431b27f86f22720d5e1bc134b5c6ccb5bc5fc3845f9eebbbf984f19178fffeff7524cdeef6c742bf9700656783454289d1a7acfc9ea0c5c346b879183e06c5cca258fb8497ebe9e223d31c9f270bf70237a054fe79b597e87987624b9948179399a01a88366f74867455338638bdebbdf5e1fc622d47db6c7332519da7404054fbeddfd88ae90a30143531d6ba3295976ba95ad8d33547e70257e36cff4ab9f309dbcdf529dafeb5c08909c8d81869c5a91f34b8b641959c8c499063ed4d35383ec63111b3e882e564a92f014a0b227ed187043c012fa61847c26708c495d6a8d9f0c538aed5723c1a2a60469c03010c9a4b66bdb9aa29ec51867003c290d47ca3000c0d91c416f713a55c0ca7bd3e43d06a990e76ea2d7603ec342038a2febea0543ebea54fef026dbf764c9ba3b009be5d56dbbf515f8a046c70768f0c50a505df2b95097e3098579a26d6a0fb874c81a991531694d3d340ed4e89a63a4b45ddeeb02820d6fb17ffd08da03ab628b8500d57853b32019f8fc3f8d0798bbb79fd6f4e8f9e39866b89c3a1c6714061824abe2eed5b6ee94776b594927ab7dc8ccd437c7b4eb22016508db89e3de0464b6d2806aeb359f7d8247ee809fce050d2b01740b85a02598ffd35c9f0f041bf59111480c6ccb0435552a203ef725f8ac3e45ec42b025a47e60a7e87fe1874c8cd349e7c5bd98fdf70a1c752bfbc55773e3954c7383326041a0de5e005f26654e53708ecaccb15135cb9a924392b2564fd0b1057229f1282fc25d300de80c6d62956cb5f0701e84665366f6efb0a0998ab2094781d9d5ce5a472889dd79784f608160300d328895e09bb1572aa28e3f1da57a9920085989231ef0212044062e0079591730fb71c82f4ace17206a029b5addd1dec5e5c7de1a89fe52b7c15bc059d219a5bdd3053fcdd1402ebdfcd471d13eb4642b6d945411d1a8344cb9e61ca143d1231e620d6aaa9adc2c951d64583efeb87a03d1e37d06c2d67f510c7e89e56b4bc897e00256eccb24ed361314096bb36e0ed0bafd6f0578a8488ce1207e6f66d4f37a7504a315a3dfdeb8748d267c2a8f2839636d835a009ab802ac8261b105d7e0d8d89c8b29063ae49dd4327ae93ab781aa0854e0a7805e8aa6e345da446841f4c5842453acace8cebd574676fb02a2c040dec8424508f96a5fb0e1b0632f6875221b7b739372af29c50787bf19908120092a74f8071af07121a575727d234e0b818eab30ea61e23325ab73f11905bd450184fa62ef0a4133e1dba503363fb23f99bafabf7f605106bba8876610b6c4d3f654b60ec44674ad98cdb54839ebd8c99595bbd18820a690ceaf5d9b79802ed4a62bd2bfe9a8a3b6304080f0de3ed330cdb6f2fc7502026387e9c83528bc5f33c17a78680f890640554b1a2d2e17955de486a992e671d2f170375ee84b439e9ba7669806091d7f68c19678f1dd4eabfa146f02ea06a1ee1b58d1b28f8db279e26578fd358afd62daf4a2f0270cfa82c3ee760c8a36d2a19c81cbdcf119895583a4eb29a2b3549467b044a3d24944e9687ed8dbc04d617e246624075594f97bdcf8547cbd1472d1af88eb6dd5138a1f4cecbb7ba9c4a2ad3304d4fbc4432e28c03472b7daf24892ef1c3118d68786baadb6200860b5550031e3827430b53f8634186f895407a8e92e7f33f7e7e771e7d2057eea96aa769d9e4f270dd2eeb485f8d2ef1fdef07941c7d4d5de5d15d3975fd017f40109b7bfc32032dbdaceb01d991595950c857455ba25e3a9210741621d07c6b9453a4fb7c43d29bcec6be27bc1cb78dbbb648ea51eab5754ff2b1d66bcfeb5d042a0e54a148626efb7ef95c9aeccf7ec09addc204027d65a97fad87a10c268cee901aeea99ed08ab5bdb7b09537eece51202de1a2d7da14a4b57ed7ccff9a98e3f4693324ddb3d6b1ffdd96d23cbeb5c35c0e71980d1e886b85a6bd954b494dfa5c34f576e84bb665610ca0cca54419b2329222d531649af3f2d8523ee4558c56386db164f4662a814d92947fa8b7e634d69afc05fe1c532d8601eb4a95094e31dc7b6d1af3606f311786991f0fd7977f2b19ae8bf43c5998af53cbf06867d1f093fd2ad677248c6f863d21898e3ca79e30c4beaa09ec635111981efb6541055146cd67a1062ac49bad8cc145872bdd57d8caefc5091f372f5d743ac1157864a64db0b1e74ce09f2cd7f5af10de8d175baea439c7a540616cef5c3c69765bef3620baf40a829f00b83535a0c3b8b3bd1dd7207ef3fe40835da7371d8eeda287fcc83d4d08b65dc8a958ef589243691af975cc5fcf3e3542e496ea8d38192ced662d7af0371518377136bd34e3fccb1ca6aa226294b1075e37251928dfb4061cbd1f5cabfae1ff23bc8c98209c7d96ffb79b71b43c794ea35f258c291c5d2673eb0afe7d42684e91ac7d1dcfbadfecd51f88f98665a9ba3dc069b98b57eac78233b955ecdec943f89ddb81efdf3793d581251d2c2c9988b1f4d7f1e80ceb9ec2a2e390c7cce2313f7eb51a0b60826dd645cbc5605fa445994312bc09f1ad75d547ff3294d4c779ec560aa5d3c7f0076653bde1dd2f349ac6707a117b9c224ddd27f71aa07bdad30e0e57e125cdc2cfbca79d7606a658bd31213c5b678130244810b2d2acb2d69a1f4a1bdee33a467b6e3e35a29f37ce2b9dcb6b3f5b288da06d4507da7d98219d30c1ede37579f797fd7833ff7ef2b47ac1b72ece5e411a79b9bcb188dbf1754bcd1beed5be60ce82674ceb010f73c50693e92b64651027167ae410cea681f05000a32cbc5e55db02e9dff98c868a50f0aa275321547e607ea1501faecd0a8620abf489c4c5dc2b2e436447eb762db0c434c3ea1deee6821092b419ff877c6180b4d1c3a93ddfa6c5e9456ec570a064a069c09fa2c138e053b01376a0d9abdb19c944e50051adce990111129bb9d6963c2fc207fa50d8b84453c10a5cadabab09d8c9ec0deca83e241fa666dc9b0ec820f37505271cc11d58eebe0da0eebd0d8c10dba2a7b5c20dc97cce56a008a2bb11abfee799ec185d4875b10a4029a594fc0bf9419222e8930a101e1a5cebd5d6de1e3337fa0191b532f6fcdf8216f4c78790ed208cca41f8a974430c649c13467f2f7a2819b5d18dbffcc88406a879421ff0b0609dd4c74344978db9f47782c879174ae9b3aba28861e0d4981eafd600c47153b71321860f8734c7f5e0c005280080074007f00000008007000020000000c001b00040000000000000006a5503b5d15b789e564e8c87ed09beee2d99b5ddc005432d077d0551dd05b5e24e85a88698ab7cdfaeb472b6eba7bce939b1d76f08d51decc8e554cb5000000"], 0x12c0}, 0x1, 0x0, 0x0, 0x80}, 0x80) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd=r0, 0x20, {0x0, r8}, 0x0, 0x4, 0x1, {0x0, 0x0, r4}}, 0x3) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:09 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) [ 2291.597525] FAULT_INJECTION: forcing a failure. [ 2291.597525] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2291.598798] CPU: 1 PID: 13542 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2291.599442] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2291.600131] Call Trace: [ 2291.600407] dump_stack+0x107/0x167 [ 2291.600722] should_fail.cold+0x5/0xa [ 2291.601153] _copy_from_user+0x2e/0x1b0 [ 2291.601564] __copy_msghdr_from_user+0x91/0x4b0 [ 2291.601976] ? __ia32_sys_shutdown+0x80/0x80 [ 2291.602395] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2291.602845] sendmsg_copy_msghdr+0xa1/0x160 [ 2291.603209] ? do_recvmmsg+0x6d0/0x6d0 [ 2291.603588] ? handle_mm_fault+0x9e9/0x3500 [ 2291.603956] ? find_held_lock+0x2c/0x110 [ 2291.604349] ___sys_sendmsg+0xc6/0x170 [ 2291.604683] ? sendmsg_copy_msghdr+0x160/0x160 [ 2291.605176] ? vmacache_find+0x55/0x2a0 [ 2291.605588] ? do_user_addr_fault+0x5b0/0xc60 [ 2291.605986] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2291.606477] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2291.606919] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2291.607424] ? trace_hardirqs_on+0x5b/0x180 [ 2291.607794] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2291.608260] __sys_sendmmsg+0x195/0x470 [ 2291.608644] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2291.609109] ? lock_downgrade+0x6d0/0x6d0 [ 2291.609541] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2291.609961] ? wait_for_completion_io+0x270/0x270 [ 2291.610416] ? rcu_read_lock_any_held+0x75/0xa0 [ 2291.610809] ? vfs_write+0x354/0xb10 [ 2291.611123] ? fput_many+0x2f/0x1a0 [ 2291.611482] ? ksys_write+0x1a9/0x260 [ 2291.611805] ? __ia32_sys_read+0xb0/0xb0 [ 2291.612214] __x64_sys_sendmmsg+0x99/0x100 [ 2291.612618] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2291.613189] do_syscall_64+0x33/0x40 [ 2291.613572] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2291.614015] RIP: 0033:0x7f862c37fb19 [ 2291.614376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2291.615943] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2291.616623] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2291.617375] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2291.617983] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2291.618619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2291.619214] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 [ 2291.644023] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13547 comm=syz-executor.7 perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe101000000000000) 02:29:09 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 94) 02:29:09 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x40000000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:09 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL={0xe, 0x5}, 0x0) r3 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, 0x0, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r6}}, 0x0) syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x1, 0x0, 0x3, 0x3, &(0x7f00000000c0)="9b26dff748cba3338f0f9060f0bad405bde7e05a3796623d16be0c902109896b7675288763314fd37ebc666eb48353e20a0f0c2d16bde32775521fd0bb93", 0x1, 0x0, 0x1, {0x1, r6}}, 0x80000) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xa, 0x4004010, r0, 0x10000000) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(r7, r2, &(0x7f0000000040)=@IORING_OP_MADVISE={0x19, 0x5, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x1}, 0x80000000) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:09 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240)={0x0, 0x0, 0x24}, &(0x7f00000a0000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000015c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x3, 0x4004, @fd_index=0x9, 0x192d0422, &(0x7f0000001580)=[{&(0x7f0000001540)=""/1, 0x1}], 0x1, 0x1, 0x1, {0x0, r4}}, 0x1) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) openat$sysfs(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/module/nf_conntrack_ftp', 0x8000, 0x18) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0xff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x40100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) syz_io_uring_submit(r5, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000540)=0x0, &(0x7f0000000140)=0x0) socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000500)=@IORING_OP_OPENAT2={0x1c, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000001600)={0x501002, 0x8, 0x8}, &(0x7f0000001640)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r4}}, 0x0) r8 = syz_open_dev$tty20(0xc, 0x4, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000014c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x4007, @fd=r8, 0x4, &(0x7f0000000400)=[{&(0x7f0000000180)=""/65, 0x41}, {&(0x7f0000000040)=""/54, 0x36}, {&(0x7f0000001e00)=""/4107, 0x100b}, {&(0x7f00000000c0)=""/39, 0x27}, {&(0x7f00000002c0)=""/87, 0x57}, {&(0x7f0000000340)=""/134, 0x86}], 0x6, 0x18, 0x1}, 0x4) openat$sr(0xffffffffffffff9c, &(0x7f0000001500), 0x200080, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) [ 2291.697300] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=13563 comm=syz-executor.7 02:29:10 executing program 5: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:29:10 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 95) 02:29:10 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x0, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:29:10 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xe4ffffff00000000) 02:29:10 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xb8030000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:10 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) sendmsg$sock(r4, &(0x7f0000000540)={&(0x7f0000000300)=@pppol2tpv3={0x18, 0x1, {0x0, r5, {0x2, 0x4e20, @multicast2}, 0x0, 0x2, 0x3}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000380)}, {&(0x7f00000003c0)="a0c6b8610b28f61496e72a0081739ea2d5295fa27ce84b4bb8f37c168e59c6bdd709f2f6b32fde29f3cb37efde17f7c99cb105156b95c054ecbe2f8f77358a419a0cde7b3af316b05c805d1afc656e520f469df3146906606bb1070ffa1009398a786a4f8a15add8210b76a68e9aae2a081d0859d1643f641ccbfb44da0216e62f9cb8785b98fe739072f21d08a10070ff3683ca30b24615ddafd0fc35b373bd809ceac02c256448c12b4433bd45b416316b0c59ded73b66fb4d2879b25eb94b85ec87ef748d4650648dbb7034", 0xcd}], 0x2, &(0x7f0000000500)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x80}}], 0x30}, 0x24011) syz_io_uring_setup(0x63d5, &(0x7f0000000180)={0x0, 0x41b5, 0x0, 0x3, 0x284, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000000040), &(0x7f00000000c0)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r6, &(0x7f00000002c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x3, 0x4004, @fd_index=0x6, 0x1, 0x0, 0x0, 0x0, 0x1, {0x1, r7}}, 0x2) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) [ 2291.806897] FAULT_INJECTION: forcing a failure. [ 2291.806897] name failslab, interval 1, probability 0, space 0, times 0 [ 2291.807956] CPU: 1 PID: 13575 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2291.808536] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2291.809231] Call Trace: [ 2291.809464] dump_stack+0x107/0x167 [ 2291.809777] should_fail.cold+0x5/0xa [ 2291.810591] ? __alloc_skb+0x6d/0x5b0 [ 2291.811254] should_failslab+0x5/0x20 [ 2291.811913] kmem_cache_alloc_node+0x55/0x330 [ 2291.812693] __alloc_skb+0x6d/0x5b0 [ 2291.813324] alloc_skb_with_frags+0x92/0x570 [ 2291.814006] ? trace_hardirqs_on+0x5b/0x180 [ 2291.814375] ? kmem_cache_free+0xa7/0x2d0 [ 2291.814727] sock_alloc_send_pskb+0x7af/0x930 [ 2291.815112] ? sk_alloc+0x350/0x350 [ 2291.815426] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2291.815863] ? trace_hardirqs_on+0x5b/0x180 [ 2291.816232] ? __dev_queue_xmit+0xe4e/0x2710 [ 2291.816602] ? __local_bh_enable_ip+0x9d/0x100 [ 2291.816994] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2291.817425] ? ip6_mtu+0x1bb/0x3d0 [ 2291.817732] ? lock_downgrade+0x6d0/0x6d0 [ 2291.818513] ? ip_frag_init+0x350/0x350 [ 2291.819245] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2291.820048] ? ip6_mtu+0x1e9/0x3d0 [ 2291.820662] ? ip6_setup_cork+0xfb7/0x1740 [ 2291.821391] ip6_make_skb+0x2de/0x4e0 [ 2291.822130] ? ip_frag_init+0x350/0x350 [ 2291.822803] ? ip_frag_init+0x350/0x350 [ 2291.823513] ? ip6_push_pending_frames+0xf0/0xf0 [ 2291.824317] ? ip6_dst_check+0x389/0x8d0 [ 2291.824996] ? sk_dst_check+0x235/0x4c0 [ 2291.825670] udpv6_sendmsg+0x20d3/0x2ad0 [ 2291.826514] ? ip_frag_init+0x350/0x350 [ 2291.827242] ? udp_v6_push_pending_frames+0x360/0x360 [ 2291.828138] ? lock_acquire+0x197/0x470 [ 2291.828841] ? find_held_lock+0x2c/0x110 [ 2291.829564] ? lock_acquire+0x197/0x470 [ 2291.830361] ? find_held_lock+0x2c/0x110 [ 2291.831094] ? sock_has_perm+0x1ea/0x280 [ 2291.831793] ? __import_iovec+0x458/0x590 [ 2291.832492] ? udp_v6_push_pending_frames+0x360/0x360 [ 2291.833361] inet6_sendmsg+0x105/0x140 [ 2291.833399] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13581 comm=syz-executor.7 [ 2291.834079] ? inet6_compat_ioctl+0x320/0x320 [ 2291.836111] __sock_sendmsg+0xf2/0x190 [ 2291.836781] ____sys_sendmsg+0x334/0x870 [ 2291.837480] ? sock_write_iter+0x3d0/0x3d0 [ 2291.838056] ? do_recvmmsg+0x6d0/0x6d0 [ 2291.838391] ? handle_mm_fault+0x9e9/0x3500 [ 2291.838758] ? __lock_acquire+0x1657/0x5b00 [ 2291.839141] ? find_held_lock+0x2c/0x110 [ 2291.839504] ___sys_sendmsg+0xf3/0x170 [ 2291.839836] ? sendmsg_copy_msghdr+0x160/0x160 [ 2291.840217] ? vmacache_find+0x55/0x2a0 [ 2291.840560] ? do_user_addr_fault+0x5b0/0xc60 [ 2291.840940] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2291.841380] ? exc_page_fault+0xca/0x1a0 [ 2291.841720] ? trace_hardirqs_on+0x5b/0x180 [ 2291.842097] ? exc_page_fault+0xca/0x1a0 [ 2291.842443] ? asm_exc_page_fault+0x1e/0x30 [ 2291.842819] __sys_sendmmsg+0x195/0x470 [ 2291.843181] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2291.843548] ? lock_downgrade+0x6d0/0x6d0 [ 2291.843925] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2291.844346] ? wait_for_completion_io+0x270/0x270 [ 2291.844756] ? rcu_read_lock_any_held+0x75/0xa0 [ 2291.845145] ? vfs_write+0x354/0xb10 [ 2291.845462] ? fput_many+0x2f/0x1a0 [ 2291.845770] ? ksys_write+0x1a9/0x260 [ 2291.846110] ? __ia32_sys_read+0xb0/0xb0 [ 2291.846460] __x64_sys_sendmmsg+0x99/0x100 [ 2291.846817] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2291.847249] do_syscall_64+0x33/0x40 [ 2291.847564] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2291.848011] RIP: 0033:0x7f862c37fb19 [ 2291.848326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2291.849856] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2291.850503] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2291.851099] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2291.851694] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2291.852306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2291.852901] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:29:10 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x0, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:29:10 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xfeffffff00000000) 02:29:10 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) dup3(r0, r0, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:10 executing program 7: r0 = syz_io_uring_setup(0x80014d51, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0x2008000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000540)=0x0, &(0x7f00000004c0)=0x0) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000000c0)=@IORING_OP_FALLOCATE={0x11, 0x3, 0x0, @fd=r0, 0x3, 0x0, 0x0, 0x0, 0x1}, 0x383) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}, 0x9038, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0xa917}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f0000000480)=[{&(0x7f00000002c0)="fc57a28dc5b0de4834986968a8a147aa1c356490b2994c49e2c4ff7da8ff8ab29a682ffd2f237180f186f53730745cd6db4a508885565d7691e75228399e103ceaf8ee13d088f2cb5607424210fd8ae393b75d3aa8801da50d3ec1586c8d064c647b", 0x62}, {&(0x7f0000000340)="5d5c9ed30a20b4be7f5b278bcafb5846110c294d794b7cf530badca01c78d53228ad1cf24db32c2e90c9f39610370b02c383c24c49bc5e7f82ea3b2fbc8e23f8d40667f6ee07f6680a6e2e7c194f1b2457cb04460d3862c71310a651a3b61dd490c12f25019365350c0a8b46ea5a470e6e27e1d73de99a18546d72b744566a2c7f07fc61de5f5901f553502021e020a221095febc1e68a011366d37e9865315787c541d3e36760881aaf8dd5014f754bcc6c7ab65c3e9e00eb70324397c7cdbd748c851a2297aa444e4fac17cfdeba64", 0xd0}, {&(0x7f0000000880)="cb350f79697f092530102e4e6054bf94d21193931f3bf8c74042146cf4085c0babd249efa416fb450c3415bac8b0c1706d2cdba347a62aff27c07c81dd4b91d9a9dfb05261f2adf153c75c375d01afb2f7974e9b28094b799525c0338307cd5f99c0f7c8e684adb81a83ffb64ee3f877a4925b99ffcfd312fcc1d78b0fcd0347bd527cfd0e21b0f54222beeb04f38e46a8bbcc48877591072bd3e58a065cb2daa1305c8be59a49f53261e15dc9341b316ef32282e93c8930591e19d242855031379a3764f799cc1b17e3ff070c6c7899b7bd28d86e5323f508393abc545c7170bd042219bb621b1b2df38c460e32be376c7e81d4c0c409348c925c55a32c14fd816db00f63f16b9b97e0c4665078d7419f66174aa5bf1c89f1f82af3c81cc44acc22a14f8a899df41ee2cfd91dd35190a3153bf191ebc1177a71c4c85314f9a3346caa83a3d259c56856beaba54fcc82609e16e1c6bdc8883ca350e18dba7841994abf883938463671843991bc76d22367db0208c57168407077bda8376c8905b665ebc727061b388e1a08a7e96b6cd752dd063b7d6a493bbf3d7a04fc111cdcc0f337c27941513123a3a917b2b478a527545d8b1baf8ee0066a6de4204cf6687a2a51a205d477b9ece84211a749ed471f3f90a06e65c7483466fe245ed771bea7ef1fefeb7efa7499be570f4d168b977251695725c6ee6105873a9ab535139675551999292d37c078e3fd89d4ab2876dce0c7b104b7428bbc7700678859d7c30385f0185d0c929b21562a817a8d5d982d3483296a3a1773f66e581ba6894e07ece2b33cdd021e04ae413e823de09914c5cb17eed1f27e719546102279771098b770187f60d0e3f9986af2b1364c4e4a522ddedfc43100867885f12e9918817ef6b1cba71fc1b6747585328658f8dcf6319109336e510542f80a9ce6f37a4515b60330682e2a5c9d031c75d806acc314740f8e60ccc5bbe757e3d72d1e801412651f1d440fc968a8630621bcc818c39afbd6c45172d8e6737ac37451dfab91aa999c3d9fc21e5a0a6af2520218ed1e19797338a7657d8525487e485e6b00f02dc8cfdc4ff26fbc21c3e7e503ced067828998d802d6b25d91df92b6400f25dd60101444be4bd0d25a6fbc7e0cd300f38e802b5d5f6c81019bd45c137eddecfe1b9c504d3e8b8555446682b5664e64c1ba866eb67301e636ab970b97e2af51dd1a8276db7ae03d8d16515aad619b50b8affecebbbd3e7d59d4f1c35ebacdfb971b6cf47d696961261f69485f0e01eaa9259332a35d93e0d831e6394e859a529c1163db15ac05c7166d99b7b64135bffca6b4cde4f726f7b3984053fe02937eee5d5e3398c89912fb2c6b917494a4f1a37bee6827e2b5780ad82021ae5828511e7900e69deb578e11748e836b5ebd4c82e388a0d7ba090c5a1a48e5f74f1435c9de0cb135b1e8b7afa8c9f296fb12e4a51881265af8fe804fc28b31cc0650c439e1acdb3addd74d6c4a7a21a35d89fc6cfda0a1b4b324131906c16de0dde444be9a7ea01b49dd66f69a592b6b61946984706c05a773047ae75bcca11c6a9b62fb37109f08dfa039a7af8f95946c8ed7c7b9fb4928e03123c94a8d51c136bb7214bc34efe718c9d1187b2b1b44d9472b93c44fef1de8a380d51c8dc26306974ff29608466f805fb1e5877224bc8b65346661dd7acae69e8438acb4aad92fb84558b416cc4c45c70af04c023305354fe2c8418b3c135cfa999974b25cbf0eac266f9a2dba0f47a46ced7f5e52a7065105474f0b09190c3c5dd10a7f2b695fd8036239e7b90805e565a95d37bdbdfdfbd7493eee9b120177a39e068ca120b57b27f70b379f6a6ac26729b3c8aded941f135f34b7702dadb5bdc1e60eef7383081aa70599dd4076d27f1d83f91370f9ca025d380eb64780c6628c3f19a289d76184964d4049559ae2c09bab43b1a5eb3b03e484cfe8a2de92fecb864146d5a3916b38d7cd400873b1047e38060c5e9536af0194e7924e539acb6cecd83f9a22c645462f159d2ea96df8c53c9f4328b26b590a7804bfb97067955d7d930a066bdc434fe9d8b8f5ab242c9a8906620c748071f55682d18a8bc221dfe20f60edd230e6fe353508a67cbe20b802bc126ac1f8554c02cdd017a2277d9dd3b8acd84259ed17aa2b20b51ed453cb6ac1366d9f1fd4a91606cbb02ffc98fdeab135c0517bea34a8718663ab1372d009980135c4a61ea2e5735f8220e3cc3f49d4760516e63d8d5f1a555b843bc732506a794d30cf8bfe2fa5709849822c996668f162842e94e16aea43683037750b5531af9d9cbc079c18739a42541a328327dc0fb7f5af74e490600ac5792cff4945a8e5a35fa0fd68d87881f42c86ca0b3fa6e6e943d9f549803502db2cb99066c61843a02e8c4ab6b335bc103323545491debbadc41466901a180d9f5aa90f45ed1228769543a3fc4b32009926cfed7628dbc798c7e7942d294669ea545dda9d0afd543a34fec3ab4e2553f049fd933d46c520190211eaeb54493c5076540c0410f775373e76bf4ff425f60754a30cff7f159a6626e47788c0e353117739ede4001db76a0f34442bbfe585e25d44ace78366570fe1ea15b9d09f83a6268cd04b9e9c7c7d571c2d8c9968346298e20cd1b27bd3d8253431c5e5e9ae767daf2c8ad12326ef5d5c77d2cf05fc45dfd4d57c98f7516418c3b312d4b7de0504bb43e54bd4c9a4d6090fa89c018db77b37eee557351b68ac79470301b6b9f8c6aba44d045217dfb445372e58367d83a28f46cf7f69a21b01b32398f6fc8b57f3f3bf00974283a6e8c7f8eb6002bbeb325974958633e8cc08007b7bca8b3a734a2b4d267c343a5ccf77e92915bc95bc8420cac7754a9877007a45f3c0eb53fc5e42c2d0dc89edd2845c1c63f01302acb80cb28a981afee01481c5a827ac1aa12b813d9605e2210fe698d9ce0b926eded39918cff3610a8a9bf6327a61c88b01a07efcafa396d1190837361887a0b626cea329a3044a75bed64433d8b8ba1e5336ecad7792e9e972f7fadd48ccb199dd7315ac163c06e3776a479020445569a75952a5df14992c160a376698863439fee8d1fb8db9c2dae08a14976ec3f25d12f2426a3e50d1824c38387777a8724e027bf3450ab5f6b49c0e4926a2189c9fadba189a9c012f063ed709503b0b903fdf712577e7dca7fa79565dac884b6ac8351831a2ba3d6bd7476c066954f44b8067fa15368ccc631e7d36c5c1695e1898c276158691e0b9eac7034b30f8297dfc8620b39653ae9837b2e6eaed367cfdb35d56c7519f9cc0919324b87e10db2746417019f86672cd7be9f77bc60314757cc23cad3623cd489b3f885fa1809fb4b9d4ff34bc4374c4afd42af2238b61c3f12d7bdba83a9b7982b334969327fdaec173f643eb2d8c2c4f0f576e839d2b20c2111760faac33f371f3acaf735005ca37c7eb063928466ca90d0120f1363809da5f8bb91c9929364031fcb8a131d7f854f5f5ff131dba23aaa8806afe5d6056e8cbb1a77d162edce512f8851cf6a814e17f819094339353941f028a1b25f3ea96439bb50bc2bca64cd1836606498ad922436c0617f9ef59d483c0b3096b0aad4446129e633bdee343d3c36ef319a0db9b3a51bde506fa82d4ec7a27e326f5b4d4ef7ae0b32d96323f207adfd54d3937e9e5b6ca5dd8d3848c99949f33489c169b906cbd3f759bac294b60e0a4dbc0aa3201e20675ac6e65bf9bb9ce52626cf3b11716c10498cc629633304656139f6470a9392d654054995a9735fa3fbad41850edf434daf110ad3c35a7313d8e2f99ff95aa3030ee0d3d7e0ce9de29d41990ccd846e8b6ddbf1785b145373978d6ee30a903b45c20e39ef417762f9159ebf64b8ae1a276a506a396a1a25db3ca0ef9345ce15ebdba1d1253505a89a5604b11bb3bd2266fa9cdbf699e566823a2592de87f159642c4859687d7e51bd4ca3ce7ec1585d74467ca72a50dbc382ab2de58b0c03957a918319380511cea100bb540895652eb59e63601c1acf5cb63efb734944615f1c78fd590ab957d276821b8016c011658859b44aacbf8a0fef428941c7d95a6a24a0cd8b92a6010214a03f4586ca91769975565592cc3e6e9c77cdf687ad1caad15b23004157d1e1e7dd21152c1c6718bcd0100e52d7e4fb30b1be21a59c106ec9a4cbe8b9733b06d345104ac5c3b43e153fd36a97c066c8a5fc988d265cb0d022b2ba16eebb0a468c29a3cc71bab84abeef79a665229ae09578f08ac6942cecdd002d255b2ee1026fbdfebd00b4bbddb0bf1ae8e050000cedaab2a83d9a7420b4fb51576cd6abf489e5bac338d7338312f6cfbc6c88390864cacc290dce11498f4fe8b741a2577ba968a08c6246167b76ed7f516a578d738e0b92097bf0ae6e71fec3aca20c33711f056d94d782ffb20b4833621622ffc8470f2fbda45d9072d5174f4182e8caca969fed5d963903309dd28ef1c8dedce043bebdf9093bd66fc7092d73a45a7ebc90fbc30b357f5b27ddbabe56f248f5cf36cb709fa377891ce63a1868d7fc21e82fca7317daac57f456135f9e8d6f7145549f4fc36ae3f41b98ec163f64436d5beeccbbd39e97c8d119af88d38a21cf7fa7b62feac7155d9e9eb4391f5fd8723edc42ba759995d77a8bee0b00e8b5a1f4eb42b79ea66b67bedc9182e2c9beede29a2f33bf75c1f90f8e90ecd9b2813a2f8c0754adcdc90289552130befdd3fb321e037a20e1bbe848a3efba22116bd832a85a4843d2306bf25718be9486700027d992ccbdcd291315690ecaca469772b5bb34984c1cd8dc53ee43a1abdf8474bd04eacd9e8efcab04b941ce69925ebc5d75b475785999de7dd210ebc706ea9d7df0ff02b68e6e6a9bfe3a69399e73b734eb8c7f1c5f96ce6790db03c9105a2b6c41524b975fb4ed0176aa74b52861fc012ab91c4af125068c9513aef2348e7195e583d4d69dfc5a9d90ef41b90ba2a1f9c3acc33370bb429a2c4cafda3b5c03a75cc8cb4c073e2e1a7ebec29bf744c3b2e08a745001ba04a11f47d6b48423cc7539fb9d8d525aa97cfeb00c1ab3207793ef32bc5a1c26921bc238b7db84bcc7b6593fc3c6688613c178ced795e188b490ab0e8e40b50e98b548d1050540f27e37e0970758f89e0e1ca161f1aef4967cedc28c4afa483149d810ca6627a0e28bfcab65f7d113505bff5abdf01e34189ce977d113db6ca0463a54a1f9001bf9da55b62640e7ce7005556b5172561e845e2b8993087ea73cdcdc8ac1d70b35c1e4d63a591156af4f58c9bfd44d29ec0012627b611fffe4e027b228b5ec07ade32c92a11806a283f465945f241567c1117eb544a37cee02646c2196be62f6038a5f42f586b808b2cbd31044da93a213211b4a62cd587ec3805b14448717aa88193cf38d63a24f0c69ae6ac47ed65423f579111489cef8615676326914ef606e208c66609b065ae1d4f7abcb5b1c31fd543c6f7c791a9aebc614a285b1ee277e63c790e3657427e69c8914a343e1fdbaf2e7598aa825adb4505cdabe3454cb6de279171cf64bb0bc4140d868fda428b8db1217f3f013c5aa25e9a1208b7cfde22f4aaaecf1f1f59744e8fa1a0ec41a7be42c72b00e6a23182a726c7e19f608d62eac27be4640c5a7ca5245eb459c2d92b877901ad2953e2f8ba3471d61701cbe50bd275d48ff9efc9ff4e103f72f8e565a40a2472680603c527237b54aeb2c526e9f7fa4575a0b4c6d005a6bffe7f169cabf3acf74a307af713373fb48a3a40c3e9d5c9cbe54b", 0x1000}, {&(0x7f0000000440)="1c1bec94c300c742a6", 0x9}], 0x4, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001b00)=ANY=[@ANYBLOB="18000001000000000000008e78b9ad1d4beac8f48896130a00000000030fdc735da03994ffffffff57c3216a588086ddd4b8aca5f17ebe5866849c95057d74e5d031110d938d570816b47c7c6715e76a6bff5b97b32b704300a31cb2f14150cfa2c1d19c75762b1264723ce6fc8ea9f431c7ea409409906f1926310517d3d002ea5230602a3b88e8b7afdf51d7fb4354b3a34f861246c3f32cb59930cf74b7830b006c8980e5ee041a7dd8937a109a0a08a1902bcd6013829399b2c430b20f983e0cb4256f84ae34848628fb41ea108bdacae49a84b62ba87aac0fa233916cb7fb34c2287d9b74567a3db423c514ae00221d752c150fdbac58030000002531fd6db3c8142e944b3fe9c1d3878994b6e4670b688a2142e252a78f2c5fea935a41bcd96c1ff8046021742de2c6b9a988cbb141096de7e9036607a3abd38784bf6f35014422cdefa185e3d42c68d11d00de46252a23260506d045e2f9fb23e47935b3d9319538d44bd85bd2cdf07f443a6b54f651bc30e00f558232b26dd085a2974ffc9fcda47ca0b60b47a26182246a91319c84dde783c9b79620b61d37fe62726fa66bbb1182ce4586717732fa4b3600522cb267952ae15f77f3077285854c86510e07145fe41bd4b9ad99d3c76a1a739274473db6df200237884fa117c8052c02db0dbc0ff375c2d13cfc1bb597abd85faac24ad228479d2dc02766d400ca230197715e5d81cab38da3943d5ecfe66a90f4a2900d23dba611ad4d5c3d465986db0c1f6f94d760b710552c285b1e13e654ddd52b86f2ac1d72a769be2e2837384d0c7889af845a9841bbc12f3b1b552339bc1c8e662eb10b3750"], 0x18}}, 0x0) ioctl$LOOP_SET_FD(r7, 0x4c00, r8) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f0000000100), 0x5a, 0x0) openat(r9, &(0x7f0000000040)='./file0\x00', 0x200, 0x15d) 02:29:10 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xe0310000, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:23 executing program 5: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x0, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:29:23 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xc, 0x10, r0, 0x10000000) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x18, 0x16, 0x69844ea0a6ddcd11, 0x0, 0x0, {0xa}, [@nested={0x4}]}, 0x18}}, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x1, 0x0, @fd_index=0x8, 0x4991c9e7, {0x0, r5}, 0xffff0000, 0xc, 0x0, {0x0, 0x0, r0}}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r6, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:23 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xe4ffffff, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:23 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x0, 0x3, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:29:23 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000000, 0x12, r0, 0x10000000) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) r6 = syz_io_uring_setup(0x55db, &(0x7f0000000080), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, 0x0, 0x0, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x1, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, {0x2, r9}}, 0x0) syz_io_uring_submit(r1, r3, &(0x7f0000000180)=@IORING_OP_LINK_TIMEOUT={0xf, 0x3, 0x0, 0x0, 0x0, &(0x7f00000000c0)={r4, r5+10000000}, 0x1, 0x0, 0x0, {0x0, r9}}, 0x1) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r10, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) r11 = openat$hpet(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_OPENAT2={0x1c, 0x4, 0x0, r11, &(0x7f00000002c0)={0x8000, 0x4c, 0x8}, &(0x7f0000000300)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r9}}, 0xffd) 02:29:23 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) copy_file_range(r0, 0x0, r1, &(0x7f0000000040)=0x1, 0x80000000, 0x0) sendmmsg$inet6(r0, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000080)='K', 0x1}], 0x1}}], 0x7ffff000, 0x0) (fail_nth: 96) 02:29:23 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:23 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0xffffffff00000000) [ 2304.997062] FAULT_INJECTION: forcing a failure. [ 2304.997062] name failslab, interval 1, probability 0, space 0, times 0 [ 2304.998137] CPU: 1 PID: 13636 Comm: syz-executor.1 Not tainted 5.10.226 #1 [ 2304.998720] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2304.999414] Call Trace: [ 2304.999647] dump_stack+0x107/0x167 [ 2304.999960] should_fail.cold+0x5/0xa [ 2305.000289] ? create_object.isra.0+0x3a/0xa20 [ 2305.000678] should_failslab+0x5/0x20 [ 2305.001004] kmem_cache_alloc+0x5b/0x310 [ 2305.001351] ? ___sys_sendmsg+0xf3/0x170 [ 2305.001694] ? __sys_sendmmsg+0x195/0x470 [ 2305.002058] create_object.isra.0+0x3a/0xa20 [ 2305.002437] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2305.002870] kmem_cache_alloc_node+0x169/0x330 [ 2305.003262] __alloc_skb+0x6d/0x5b0 [ 2305.003576] alloc_skb_with_frags+0x92/0x570 [ 2305.003949] ? trace_hardirqs_on+0x5b/0x180 [ 2305.004317] ? kmem_cache_free+0xa7/0x2d0 [ 2305.004670] sock_alloc_send_pskb+0x7af/0x930 [ 2305.005057] ? sk_alloc+0x350/0x350 [ 2305.005374] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2305.005813] ? trace_hardirqs_on+0x5b/0x180 [ 2305.006195] ? __dev_queue_xmit+0xe4e/0x2710 [ 2305.006570] ? __local_bh_enable_ip+0x9d/0x100 [ 2305.006965] __ip6_append_data.isra.0+0x1c12/0x3a70 [ 2305.007396] ? ip6_mtu+0x1bb/0x3d0 [ 2305.007701] ? lock_downgrade+0x6d0/0x6d0 [ 2305.008054] ? ip_frag_init+0x350/0x350 [ 2305.008403] ? ip6_finish_output2+0x1fe0/0x1fe0 [ 2305.008798] ? ip6_mtu+0x1e9/0x3d0 [ 2305.009101] ? ip6_setup_cork+0xfb7/0x1740 [ 2305.009461] ip6_make_skb+0x2de/0x4e0 [ 2305.009785] ? ip_frag_init+0x350/0x350 [ 2305.010148] ? ip_frag_init+0x350/0x350 [ 2305.010488] ? ip6_push_pending_frames+0xf0/0xf0 [ 2305.010897] ? ip6_dst_check+0x389/0x8d0 [ 2305.011242] ? sk_dst_check+0x235/0x4c0 [ 2305.011586] udpv6_sendmsg+0x20d3/0x2ad0 [ 2305.011935] ? ip_frag_init+0x350/0x350 [ 2305.012281] ? udp_v6_push_pending_frames+0x360/0x360 [ 2305.012723] ? lock_acquire+0x197/0x470 [ 2305.013062] ? find_held_lock+0x2c/0x110 [ 2305.013414] ? lock_acquire+0x197/0x470 [ 2305.013753] ? find_held_lock+0x2c/0x110 [ 2305.014381] ? sock_has_perm+0x1ea/0x280 [ 2305.014747] ? __import_iovec+0x458/0x590 [ 2305.015099] ? udp_v6_push_pending_frames+0x360/0x360 [ 2305.015539] inet6_sendmsg+0x105/0x140 [ 2305.015876] ? inet6_compat_ioctl+0x320/0x320 [ 2305.016254] __sock_sendmsg+0xf2/0x190 [ 2305.016585] ____sys_sendmsg+0x334/0x870 [ 2305.016931] ? sock_write_iter+0x3d0/0x3d0 [ 2305.017288] ? do_recvmmsg+0x6d0/0x6d0 [ 2305.017618] ? handle_mm_fault+0x9e9/0x3500 [ 2305.017993] ? __lock_acquire+0x1657/0x5b00 [ 2305.018405] ? find_held_lock+0x2c/0x110 [ 2305.018755] ___sys_sendmsg+0xf3/0x170 [ 2305.019088] ? sendmsg_copy_msghdr+0x160/0x160 [ 2305.019473] ? vmacache_find+0x55/0x2a0 [ 2305.019817] ? do_user_addr_fault+0x5b0/0xc60 [ 2305.020199] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2305.020639] ? exc_page_fault+0xca/0x1a0 [ 2305.020979] ? trace_hardirqs_on+0x5b/0x180 [ 2305.021342] ? exc_page_fault+0xca/0x1a0 [ 2305.021687] ? asm_exc_page_fault+0x1e/0x30 [ 2305.022139] __sys_sendmmsg+0x195/0x470 [ 2305.022813] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 2305.023544] ? finish_task_switch+0x127/0x5d0 [ 2305.024295] ? __switch_to_asm+0x34/0x60 [ 2305.024978] ? __schedule+0x82c/0x1ea0 [ 2305.025636] ? io_schedule_timeout+0x140/0x140 [ 2305.026555] ? trace_event_raw_event_x86_fpu+0x390/0x390 [ 2305.027726] ? ksys_write+0x1a9/0x260 [ 2305.028562] __x64_sys_sendmmsg+0x99/0x100 [ 2305.029481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2305.030612] do_syscall_64+0x33/0x40 [ 2305.031422] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2305.032535] RIP: 0033:0x7f862c37fb19 [ 2305.033348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2305.037350] RSP: 002b:00007f86298f5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 2305.039007] RAX: ffffffffffffffda RBX: 00007f862c492f60 RCX: 00007f862c37fb19 [ 2305.040549] RDX: 000000007ffff000 RSI: 0000000020004d00 RDI: 0000000000000004 [ 2305.042098] RBP: 00007f86298f51d0 R08: 0000000000000000 R09: 0000000000000000 [ 2305.043642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2305.045189] R13: 00007ffd1a0e155f R14: 00007f86298f5300 R15: 0000000000022000 02:29:23 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0x483, &(0x7f0000000380)={0x0, 0xc95f, 0x8, 0x0, 0xac}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000000c0)) syz_io_uring_submit(r3, r2, &(0x7f0000000480)=@IORING_OP_WRITE={0x17, 0x3, 0x4000, @fd_index=0x2, 0x100000000, &(0x7f0000000400)="433a3984bcdfd438b2a9353472970975f8390614e1ef9857bb41478a2622501e3813fd984a2a25da529338e674f672032bd9feca828d4b4f6cc59933d4f81d7ee640b2acbb6a7eaf5f52212442e475", 0x4f, 0x8}, 0x7fffffff) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) sendto(0xffffffffffffffff, &(0x7f00000002c0)="8012cf16f3684a0e65dd0ea0825be4776cd0e225ccfb37661d52b0687dc6ae116ae43b42ed6f7dee86d19e857efb5767c39f503a0001abfdde3f667b8d7c2b2d0fcb2118ea5e2b907cd51f367157c0f8763eb91125c3ebe77ec517930ed329101ce2db8dfdbeae3f96c4813f3d79ef8ad04a20328a022338f7e9edafe5db4cf81f4e33a64e002643b9279a5f32426d154c4df93abe879031c6e760cf52390a53188faff411137158d1555006aac145282f8d33ada9bc", 0xb6, 0x4000, &(0x7f0000000180)=@llc={0x1a, 0x6, 0x7, 0x2a, 0x20, 0x81, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x80) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:23 executing program 4: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000640)={0x0}, &(0x7f0000000680)=0xc) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000100), 0x5a, 0x0) perf_event_open(&(0x7f0000000480)={0x2, 0x80, 0xc7, 0x8, 0xac, 0x3, 0x0, 0x204b7d8f, 0x20400, 0x2, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x7, 0x2, @perf_config_ext={0xffffffff00000001, 0x1}, 0x2000, 0x5, 0x5, 0x0, 0x3f, 0x5, 0xd306, 0x0, 0x80, 0x0, 0x758c5fc6}, r0, 0x5, r1, 0x1) r2 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r2, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180), 0x6e, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/108, 0x6c}], 0x1, &(0x7f00000000c0)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}, 0x100a0) syz_io_uring_setup(0x967, &(0x7f0000000380)={0x0, 0x17d7, 0x4, 0x1, 0x92, 0x0, r6}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000000400), &(0x7f0000000440)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xa03}, 0x0, 0x5, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r5, r4, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r2, 0x58af, 0x0, 0x2, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002740), 0xffffffffffffffff) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_EEE_SET(r7, &(0x7f0000002800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={0x20, r8, 0x1, 0x0, 0x0, {0x14}, [@ETHTOOL_A_EEE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}]}, 0x20}}, 0x0) sendmmsg$inet6(r6, &(0x7f0000003640)=[{{&(0x7f0000000500)={0xa, 0x4e21, 0x8, @private0, 0x3}, 0x1c, &(0x7f0000000600)=[{&(0x7f00000006c0)="1f2862d8ea591b3fa40cc4006034d0bb51bae0a7ab23d739cd769b3af4205525c78e808d3f30ace9ddfd2478646d768d35af323d6b49b2b4f0259cc3c2564c3f142c8acef828e1cb5a92e642d6eb64b971f1981ab0a32085008f1d46a954ce36c880d7fd8a4fde5bee0dbf8371a1c5d0feebc9615062149c0bfee5cb8f9d39ac6797b46ba1fd6ee933ee111309ea5136bf2b8f04fd568a20081190e3184aa4970c616914be8c0830576da37be379d5cba843eef1c2c8f526626582a9a626324d0f291c1472de5a5280bef557bd2aaeb8e7cb0ddc1c66902a9827bc861d5e808508273c9cfdab1bbfba6d933757032fbb92b3d558510a76eb3bebe5d5adfcc701affae90de58d6227a927fccd337e6ba66b08f5779883adf8f4039146288edbaab8180f695819c97a1b32b4939f3fe82936176ffb65b1ee413465a0bba57b3292846f3e7b6bcad41688973d6d77f0ce8abb9914511649f3b2c7eff54b78772f244507532ba77e34e15fd0d0a64cd293b3f15de0811c147d30463f0d0b65b3e9289651afd6f663a4223af772d3c0e054f9445c902c798f00f1de2f79483d71e45074cc9e0abf341d669d52b5b1b7ac6cddfc6a2bba95ba3b86a4e3feed9607b08d61c38731696f0945320d81a71144ce72306d0233bf531ade9857dc757fd8095c4c26270055206adaf81ec217dc9b8d949c8bc4f7b37a01a849148c15e3fb579261c54dac305168531b9ce4334d1d3aace1698bab63ba605477cac59fbff0cbec21b865616850600ad9cf25c95e1c28aec7cb9ccccae10606034ef465694c87e9e331ce6c2ea93965d51c6896566d985ee6afdadc5b7331f8b247210393fbcaeeb21e72ffaa318897bf8cef567f483380de26affe4e7eb80157fa0bc5c6a1f85b4272eb1fb2c9fd5b2e6bb87178db411fd7c98e1b20a9179547d7ba35290d1f6826ce2a89545b5a5b84c4714f34a12b56410ce74eade0ba1df6ba985f0585e2355dd468b60a731529936466708f5cd7af792a24d8937e0c154417d910444af1350ae4d8a3302d3c4eccaa6ae65fd10fc987dc2b2456e04072ec8802da6280329af6069f8284bbab5815ec8f6f8fb8c7ffd54fb60f752578cab99d458b59806b4ad6fd7efe8abd0de1126d2283ca6ea8b2b82e9482c7f87bf93295554227dea130d504679a77e6a0c17497864b699808199db9892076a4947551baf215921e6f4758cfbdc069bd9bdb1fae155581ffa135f6a8960a82582a7d9b50d218e55bf3ec98ed8f071818f9d4340c8eaa05aecb2e72b16d50d1a10b31c1ce275eedaa6dc58f1545fae5f4bfa02c85453225f797db023a2041d2470d224a7a0fe9c763c5715d95388ecce2c119eec660e4319939d4933d5585cb87a45c69a16fcb2379846e0029011b3c37a0470cb6eb99f1984435919b105132311f1a7d45f3a7584321839526e6eb597446dec5a139b987cf5d2f0421c0343dc0424f3b13da25773f4628c25d80207f7e6baad83b4457d028f39bb7d8313e52a49ba638efe2a25bd4cbf5d9df2eeaa332d27317f4ad31deb4733ebb9afb1a14798ee9d501ac6947c02b69dfea65ba72dff8af1135ee4033ccca50b1e47b207ac91112a5e54ed4454debc2ee5c09fe5be363034dc11931340d0abab735ba5ae81e1ffc222871f7f78c98af60411e9bfa0a07e04e29647ecb8509547569f1a06d17ed71e74d89d92defe549f97439cb725bdfcdae3ad08f32fae3a3970c93870d84e41914fa8c278629f47b477e5d084ec8e3d2c72213e7a664985b378f4421c453cce81fc7ec14a610016a03bc2565ac8d8ca3dfee952749839963907d7494cc13913c985e013f3e6905ba036dd8cba853ead6b4a2836a814feebf53e736139e8b93afc2b24b89a2c15dfe80907b616b8ef36850a2d642736a9d53d2050485cae4a5bffc19cf10b2114e69445b1c80d6bfd1a3d664703b220ec001b896fadadfeaa9b14d57c148c19f16a04d2fe305de88aa247fc8681843eeffa3f083ded1f6d6dc9599a2034110d53ee0be1ed0324089df9394a874da90ffa63668ea6194408e7f589b403ff69c3acd622432295b5d09f20c1ffda20ad8ce25dcf18f7fbc239dd97a1d8152b5ea26e67c912713ac9f07581825a2a491d55158672db4ce2ea959faa4a1ee800092142a27717c892a1684f4f86e64f9110c3eeb03a424fdf7acbab0d71eeed85c8a0ef5f7f8c80c40778e2d8003f94333d8773e98f859f2a3524caf5377236da7e306bdefe85402724b3fd3a066ad4b3c22e7f6ef9991e1ae938ba970ae434a2e8695ee3379b9f05df911c26a6036d256df0f40538b05905a40180f0cb7b08ae87b6837835e39b779594a9482ec91af9170b43bce797e6d35aa7a2ee314626ac4ed0ee4d9831f6d8103c94af38a46d4e2f68313f97aba39e4abce73b4954112bc9bbb688520cda4d473393e918e8a8173c3668b7f479f53a4246f1b98f16ed2e757c3911438fb8edb9f86a0263b37b386c3f5e09db14b81fbcabe037b41979a9c1d6e00b9a84b50c939b13a49ce056c4c859b68a091631cf74103f5dc46f73d2701f287e578deef70538c885f11ee7d0b566db28c038c501ac55ba7417a8f20c95ccdf385165561416c351e77758a0b140c7b62f57e2d76c6c61727f26752c2f24d2351faacbef68e3c202f885f436a93b21ff97fb0ed4ebc708b4e5ac8627511c0e4ca43c164d038ae2aeec3ae3b1a0b376a288a6a954c5605ecfa5734381a5252ceb2bb5ef5e0d9c49de27e85eaa4de2f8a61b6de87a43865a888470d5a5686f445ed5855973b0fa47c724919057d34ca5bbc211c1ba884be1dea8be84fd24212da07d8af2aa4312dcf939b605a8715d65767829716cc84b27c1c39c83f78c35c01d59fbb827dc285aa529824b6722a9cc3a468a30adf9157b809d68a0efc098653fd8cd3bbbe7a00341015d9e80115f627ce7975f79a120d2c06a5e164a468313dea43b41739ef211e74cde41f20f61ab534203ae5830b9a67dac066f68a9d2836a3d37107588c4aba1095576163cf313926f61eaab6a349ecf74d76389ff5a1a716f148bd2ec54b9e0b52540c954e89ff7dc29cb40823845d7e66e71ce3fd12f55910df6c079895d88c600480753c3948bd4c4d40a374656d0d91c2d0182a731ebddb70cee59e492712e97ddfb036963499785ee5f17b28b3892af9a3eef99c01de1b5ad39401cf53a0d71d98e042f74ea980571d5f4eac5bb2a7fecb1e7424ba30eba10498cf4dfd70a6809d226f4770fb4f59f5662891f85ee7d937720de50449c53648de53ca964a97600b81c07012d2442c2660e3ea1ccc0183abd059d9873b067403d33999ae5242dd94ea675d12da9c8f351203ae259ab6657fbb3e651b6edd6b8baebdbcd4b0a8c5d342103890d635368efe9a904096568c958965c1b91f9fd40d1a0a2fd14b093cf443f66354341a7e98d7f321f3df85e274d5f21b7c859318fef57459a3d5f4f0f230ef7974ebd83e5533ceafbccaf4b2c773c3608a436a0b43cfdf9494f66cd42d63cb4a6d9d6ec8be8b56299882db4bf3f1711b60785add2f1d9fa61777386613af2663c58b49b0a72999edc9abd41038ea3210aa0a077538f724eb8fda3892a3a94efe86710e72463cfe77d6447d00d62416b435c850e694050ba5034177ed576b3c68a22665e0decc9d71b52232e7324d949b77eb816fd0588db27eb72c5c0ac1a6b04109d21d408885b5b6e81b825658476833b2961e0cf898ae00bdbe6cd7a95702098412e74b1c0675c6ab3ab6c2dcc963361daaf1f509fecea0566f3f8eaa7f8d903294976e20283636772d6de05d75334d97e831b787f81296c0c4a4036af0a8509dbf799b0a90dc33633bea7a8f58261d485cdf96e27e88bf5122551696a4fd87816114c2e718cc8be16da574220572615fe52bf684d6f434ead6e7e1427a709823150ee552a2fd257d5e544911c11cbdd56ab5b83fbe717a29af558674237bcef6574819ac5c91f9209c09aace1d6cbc61e1dd58e486268abfc25db10dba4b4dae2735d8102dbf2e2e3a1adb50083e47be813875df9bf1118d3fcac77544e244f8429fcf1f05e96526b6f87b7fe561e12cabd7b610d582265c68b9a5c5a0b763820c8b853589900ce797f5dfe58f5c4bcfbb5ac69ee79cc05e0b4637824cdb367b4ad051d8f31a9aa2da1b0fe88407c897a7986aa8b9d6897954c15847bb880ee9271e44bb351eac4c26436041cf0c162d084b2758c6648cdb290e2c8ac8e9fd537febde3072be1e16deb7de7c575d1c26556f2ecc16ea18941e62e96b8659a67bdd7d03eaa6c9d4bacd4bbdd35df7f62b3b14045aab46d2196e5085388b35079513c0e986ef7a3c6fdc77c949d5aebe38029b17f940f08866f4ca6c75188a092b29a068ae0e1fa9660bb54e23281bc4a88b565278b7453666944ec901b3cdca906e28620ecd659ce69d77b4fa85efec4b6e7b96f30b94c49eb859a2c97d6bd2ef9ff213b587acc7a35d3fddbb79d580b469a19090da8dd184d4ef611c4e3182b1b09926640f9cbef2453d93cc1dc4c6b8ea1b29df8b72d2c7fee5ddb699c6119ab5e820f05e6fbea4fcaa1a9fb0ee3aa4073416dc6936db6ab9fdecb844d990291554682dce8c10c791ebebf5eefe07a74474f5ddfe13148e556d625e09e890b0bdc48f57024d614502febf5e9ed3f18fad9505fcfd3c8a985fd0b6ae7bae94b6a5d71e9436deaa0e03e8e0de5fa87e6475aaa2670eafcc5ec5f30d6e465c2f204cc48230c5ccd2f50b69ec71e87ae9ef5720253fa2420a7f4decf7c994c03edab770a8f575ddc395bbde608b1e71a3354627682080488f4c3b24ecd87654e544948727f28505b460a76328bf363accb4cdf7d69adb126b89000f4c9707c783a7e941b2be4f09bb0c9fb03f695a95ef04e92679c255212afdbd0db2d8ae61bc0957b93b2ec9f19889bf7a64c2177af2bd716bf8f67384cc265da170ba57147047308c699f6c761d736098e37c148fa94b83dcf24fca8eeb1b0dc96e37d0247a5178964de9f899b5efaa6455e665d17f3749276c492d8cc6b6065b467ae7adbd18adf1513b1aa989b1dbbf1286ba92db9d01cc30e5f9c2b9d31d3073a8c75cfbfd4f54da15262dc5ab16a46f65cc6382848f7b90991add61f057f4d472cb8ff6c76c5a0bcc0976fcd7cb0bc055c18aec79eebbca543b48f631e64016ebc12506b7f530ad579bbdb86bc3056ec186358de8dfab8068e30d6ba82b14d9404a4065f65536a6e5b98478763f4f3274b2cc6f0ffd3cba69048670505a69b2f33724265e2c4b344728f207c875720738c79bad2b84edad46c38d8f51e36143e22eea6a92af852080a23a272a663a5de990d7c8dae8c01d442c3dfbf262c1b431ae97405ae5aa4002ec89813058a1958cfb97dc646da175d85bcb61b4d4871beead776c351f6918cbb9ec30c26121faf7682251c54cc3cebb71f61442afc878565f4bbbf1f169faff72098a4bbf082561a6cf0340724531d9293bbc1a187802784d5c143f491fd393e67c2263ef17537246bc1ea35d72560809940f5ba781b93b04564091500d4f0032e556fa1ac61e75943f897c619898bc06681c7d5fd073b41db555daac62db4634b50377111785c1bb342fbc177a754927c404c6633719c635f1a6267fa6312f47c71c2c2ebbf4d064da596d85946cb590b73e43ec614b7e8daddf41b3abdf324c77ee37b40b217a1cfb9e378a8620fc920dc3283ab2d264b0147eb21c9a7e6d4ee74a9aa2a22b0ec79e9b2a80", 0x1000}, {&(0x7f0000000540)="2416873f3d0b7944eeb8a0331ea8d03ec9f454212e384a33689f34dea0185f8b4f86138e63d1db520bd9698152b6623a328f6974db92458de609973ecde4b9c58e5d2497152e3ff68520217bd6bf2e2a73df2a677f6d5f6849cd945d67b568001fac3329be36913a2004d5cb95afad70b29245eb1bb90773cee0f3415e81f249c3ecb9732a8d6ee6d2903cd9d03baebeeacb133221ce", 0x96}], 0x2, &(0x7f00000016c0)=[@rthdrdstopts={{0xe8, 0x29, 0x37, {0x3b, 0x19, '\x00', [@ra={0x5, 0x2, 0x4d}, @pad1, @generic={0x1, 0xc0, "249bcfd1238dda51226a95e14afa6d783ef9026d45a6b5f56b914f9d33eb0772482302485a23d1b31a95bfed3414c240b720194b8d4b6cba82f2f46d306bda800a8403786c2785311f237ceed60482f4be38a50454956333edfcc876b5a795882bdefcb2454441df9ce32420cbee93cc59453782721a781dd332e364c19801c577b079c9c1bb6c29d4b351426ffb8e782d81cc368fc3f32527637ce90de7a54e0f8d7d39aaba3b8d61858e1d4b9789f5d493feef9a5c0cdfb602b4c6808122ed"}, @generic={0x20}, @pad1]}}}, @hopopts_2292={{0xc8, 0x29, 0x36, {0x73, 0x15, '\x00', [@calipso={0x7, 0x20, {0x3, 0x6, 0xff, 0x8, [0x2f442b7b, 0x80, 0x640]}}, @ra={0x5, 0x2, 0x6}, @jumbo={0xc2, 0x4, 0x9}, @hao={0xc9, 0x10, @empty}, @ra={0x5, 0x2, 0x7}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @padn={0x1, 0x1, [0x0]}, @pad1, @generic={0x9, 0x4b, "2d53cf3813c98bbb3bf47ee7f3e735f0f26f8fc682d3bb0f408709f44221c87a4878442f3231d14e07a1e93f0a6ee379939e85d1e83a91335d76d746a32320054b4a10ea6660f824fa3d8d"}, @padn={0x1, 0x2, [0x0, 0x0]}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3ff}}, @dontfrag={{0x14, 0x29, 0x3e, 0x800}}, @flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x1f8}}, {{&(0x7f00000018c0)={0xa, 0x4e21, 0x5f9, @dev={0xfe, 0x80, '\x00', 0x15}, 0x3}, 0x1c, &(0x7f0000003000)=[{&(0x7f0000001900)="c8246e629e8a91c051e4dc56a30bbbd54fcb89b3efa8f32d94a336ed8a607d4af5c23639cdc5ac1494a3cc260bd0a800dfd366260b38d3c6f31bd8f09d9caed03ab187f920f57055c89eca641f0ec177e64da7bb467336d750a66d4c2c88b6240f669a0a8c90513089483a6d29f08ea66fb7cc04fa79d5e339ea09bcdedee25aba9cfc58fe2d7124d3133c947b0f190c4363a137728dcb3157b72f95f4dabe83c1e75009fb27e1c2ef4a7f1cbf9ddd1e9f9b18bb239fb99d86562db56339b73955a2", 0xc2}, {&(0x7f0000001a00)="847fe16d28ee1d8d7e89441357ab07ae1a65cfdcf8b649eadd816fc9b72581ce77eb847ecbcae4c23ef22bd3dc878e11a6b966b078ecd55e3f36948d18575321578ba42574a5f044d108ae67cc7804c5d1788e89c79984eb2c379ad20111cdf4ce44d752b56f258156bac382", 0x6c}, {&(0x7f0000001a80)="b1eb98def8f9656528d147597aa8942192350d8717368bd47f16ca2f9d71404aec451cd4d2b2abb1096d1e4ff41ff862f7d4d5bb666df204d6215d4a23fe01f6176c4654e450c8bb8f1641fd3bba71f9fe", 0x51}, {&(0x7f0000001b00)="05c84d73db45a4b84f6e2f0bbfbdb7420a7e6cbcf9cd5d5285bfb48f4c28629be076b9446cef82a4af6c0b978c9753c146f37250fe32e4d7b4125b718d310e0ef794c35a067709387ca62d6b5a9c16339c0f5a394be04dc257dce36642a3994cc2c32ea63b5a6c47f29c7334c15681dfc79f93442d3a82225d04aed696b290f8701f5c6669fdc4077cc7a98bb0982fd2474895ab3b8ee2f215c8c59dfe035e", 0x9f}, {&(0x7f0000001bc0)="aa04bd37f3a66430fed59ee48d226e22b56d608c114bbdc41d218825a7a39a627d2390375ae744a544ba8d13de935603f7681df6d992530cd4dfd57e066eb9af084fbdc5436d1b7dd2e70beb02695f9c5b7c65536c520c5a37cebbc380dbf8b177d38b381720d1a2e07d32d21edebbdeb9eb108916df69d6685001301380e1d4e28bcbbb44439f2d7bfa038300b3414dc2e5cd2313910a49779727dec7dd0980619c418cd8538e801756ea631447f90051a138e9d1c4d478fe2b99cbc1e946d9a4d54964ec9025f91456f30dd4f104f1592381f9dd2e2e42a66e5ca218702947bc53e20a5922", 0xe6}, {&(0x7f0000001e00)="d1754f50164e9dd5c0a0203619aa889015102f799cfa35662229c5d2f54ac0cf73b863d33bcbc72f94e23ea7bd5e8ab1cd4d8a690ced380677ac53b7e42844532ec8418b581c8738dc62c7cce7009bf9661219b70308fcf33b3926a4405fcc1099b14d0c90365334f37bf55f156e2d4bc7b550c2541fcfc2ddd32017eecb42abe9ba54a178d55d179fa5d39191c966c473b23f59361546b23902dbb9b351aa2154961e05e5338d86ecf9e90a3963979072cfd83e6621335298072a6d378f0b408e036e32ac2ed23bf1b3838a130d007a16add502191047742ce7dda120320484bee9510ecb68b3969ea2a7b6724fd988607f56a8b467bd36c612049e8d9b3ad93206b0645f649c98ba85c6e20e3519e74d02835e47ab11f8db38a959b3c0d7f3eab2266316ab546fb10276872ad22e27111751b095fffa6d6bee4f869959d1be7323cf6930ab817d33b22f7615e9d71ae9e15939fc7779eda1d927ce48afa927a9fe41ebfe4c9da82fca1b18ba09246a0e9d10201d76e057f12b6f9bc4466d03e9ab43733076d43d2369e56bd4b3e863330f62f73cdb5281a7d7ffbbd5370e20518690d3b0390cafd02fdb6e0dc02589f6d29c8dbe953bdc44b23d5626b7357e9b5dd1429e037cb0b8ec747d7a91c7dafb52844a2a5ea5a6c729cba45bb6ee7dace9ccb4bef8c93384b6fdbc0bf79a5486eefcd2efa04b3f6159e7eb56a0cad48be47f09ea0229a303e92695a9d713d10111ce8e6ddfc539d9465d1a708f4d6fd1b117cb5748fcb330c4096d2d2bbe038cb67410aaf05029b916ef06ad23e6841b1eeb42b487581def65cc7db5dcff401b163c3f937767d4603e0b52338ba9a99038316f879a4d398ec2104178d03fbf37d977dde634b2c0d1f49d11637ad8982272704bece4a6753a30d22cf94ef73a5173145060697d4be97721c9931806172c759bba14c3132fe46fa3e7bb713074336b3e94dcad2d48e9f6d41ccddad0bf3a44df2dc311ca2f58391253c55302fc34eb2025616dc55a84d8036248bc3db0954ff4fc1f8875444b9bbb5c6dc17a622fec4202c905aa02356070b10eb518efeba5f3e2057d2737384b63214eed303ca36323e52a1d54c2aa2e575d25b517a2d570447abc3f1bb7ec5dd171287009641da6b431dc9ebc299a0e662aa031b07cecddc440785e86eecc60cc625687ac470371c7a0a971bd1f30f3035a19efb63246cb7a9ba3300f225927201a884d72f7ac1396791b99922971381bc30150c42a725e3c8e893aa463c2487cc8e391a1eaaf7322064ae752126489b66c86cb0d6b5d20dd44fce2e7b1fe19ed37b26a33f0f985ae97328db1b5090b3dec976598da7374563ce07a555d12050f8e25f244df5c4b65fca4a469bc5bc8d5d6993256eca8785e509c35aae9c46943d715312071bff74730d8720a1d1b4a5690947be2cbe9c0bff33cd5b47b3210ce7d71333f0fc28732b277415a6bea75a18ad9846ccc9a75a6c1e8a7ce0daf1eacd1efec8f13f459ba6ed961e5e3e0b7012d2717eeb64de95a7229a5d141e098cb71223b86366be8afb4e0c39de847b44b2303205b372b827bb1a2d314c1085689ac312cc1b7441559e87b6969e968b74191aad5bc43a8c3dfeec2184dc3ed7ba649efc05350e0e66ee77eda645d79b24f29ebc915bd089bb6d68ea305417730076c48860c28819a5f71bc64b748f00a6b21c25c13c3292af5363180c73f771a4db6bcd725cfb3ea523c71923a2752b0167308fd8b6752cd9652e04a1aa3ec2ef4cf25916ca760bcc8bfba19819460e633d7f01c494ce65ab15bf4eca1ee8cbf321202c5f0163727549ca06a1e9d72062c9c5842f37a54a1b5f6c34170b2a5fcc866dddc80a0b8ba9a072fae0153e5b281f58d2d9c2563e856daf74ea6317e9b146eefa1791da28feb2377d4a807a15049d9273a2b71db5fcab53107fbd534abd59a10345dff9b4e68a6cff796bff05fb4ae6149ce9628888f1628972056463a296a02b339d9ea5df4bb8c7e41e7d153a6467b9f3d402ea527e74505c930be4615a6b09810182ed03c5f474cc235347a8a205bfeb952f4fb3503a1cb86116f1124f36e3454c0d7c0a410cfc3a9387893dd4e068001972df079db7715f6fd70ce78fa04aae73bdb74d4e13a325d7e2ca39a7b9a32fccac83d01c4a2a1cb7fad4d1de642230c42d195f2e4e9a6a1abfacaabc9779a9f638a8e643516f5c731a28294518f9c224fc5ba9d599b2cfdcb7b7ad3629834c82919170b373cda97c6bc298a9726ad9f5c1caa192e4c026bc17cd52ca9ead26d62de628327f92c50da1770cdba0d664aedf90e1142f68b73e64bd535af1e7d00f874410f504d9d0545dd9c31a49af15cc2efe2f769770e7a010e48675181f06a87c244cf1d615ec0217f9cc5c88201d5a828de5908abe2ee11e50a6918c60cd03b9baa81df335c0eca8cbe27bc4d1db6fd674ee4b16d0bb5efc8b1a3cec92a77fd83b7ae66281c8696b41edccd0e5ad1e17e9cd7f7b6db736fafbff864c41968f0d7914a62843f74d4af340fe301a65b7d6427aebd2859eabb89186fdf4256e6366dc6cb2364b0e519c5478168a19c6a534eddcad5c8501d19e1b9f59d4f1a04741d5c0c7ea4b5cfeaf96f49f8f305dc28e5e1d7c550be6ef7acef017ab370fa85b7ce060d1aeef1f881aee72f6fdbe8a48a33fe239117cac2e1440c25fd00e19e8fae04d484673e18e2143c138b9f1db9b30f493ffe4ff0ebf85f92bfd13716c0ab46bdeeb71d3ff99d23b656f3fb0e0c17ae6847f20a656271c975ec03ae73b108f3938b0fa7b822bcbaa47a4c240c6b8a035050d6c91bfe2a406c88051cb3de85f7640c488e61fc29f21ba5820204625a77723be5690457ea5a64576c4b9a0086a5831cfc7f0c32b6c465a8fcd43297c013f192ae4675a94e39556be1bbf94f799a2b5089af6a59cdae0cdd139616bef611d69be70de95eada39688e9a2349843c7b942ebbe4e8de85ab4f9483756dfe8f13d46b10133fc8e94ebe42aefcfa466e6a679671c3d1c45c9d6439dc0b2cb1ba9b3f0b3bc9aebc22c785ec90e3f7332ee68141959486d4576969bc21f50a6582d079f018232b992b676d54753c836d0be4686199615ad1482f6b96d7093336ac4740af123dfbbcecacca128605dec6e9ad6627342e57dd23f8483534d9b6dbf19358a17838d04f7f269c3f74d1d81ad9a539deedc0ff99b5ce5067a62dfa3c17c60db1ac38f6f4490439d96ec89c7a62995d49aa68b84f4b023e75942f4c3dee0ae2efeea90f13c20dd2cb5cc10ce4142f224efbc11016775f6a28898b8619d5d4b985b3e9e330a707dd5088b939975a478ffb76da49e7c8970a4e2ba84b3341abf6f1e5f2efd4de0be7813b0282d713353c18625d5e3319e77ec8b866d34cc15a3cfd351d8c734b5a8189a84f61f92e6cc17a199d65f33439519fb34628d50fdc4316536732a263a13e5b6c7936d0265abac54d16c2c29dcae6ada247cae18a7849744888ec19d16fdaa2967f64a0171d28ff8e21b606ab5f93b7d1005e8206dbd68793d04c6c1df65818334ec2b1cc4eeb9f1569b70183405f4621506d090f7d952eddfc707592d1bb73e90238ae97e6b18f95abc2d93fbe63698a4f9a0750f7187dfff08fd4d6a9d2695cdf4fcb6726cbdd6b70c4dace19b2951c1389ad19192c9ee0bba3c42d3fefcbe3c763e59026a9326bd3ac726261600d80dedee11e8e05e69bcc58ff8e1e1dcf07dbb0b59b836bbef2a91e4c2b389ba4c4647e84162c50207fbcf241c860959a785d5e6cef8662d7e3eaba5764192bcafb042ed316981b4258bf78302c9cb7ebc30cca5550a40b0efb3c45b84da345c1d0ca67b5e3fac5cad88cefac114c1d95aaac8e294bf21ebb482a4d48b735a9b6adb3311f4b461864c92cede8de214c34abc8438d68982d7c1c2aa493d577b28a0d3db45582463ef3c24102e268f0a4d482b4cd78ed77df3e9038cdc8a4fe68827d1c38e4f5e885d3cd8158af7609c0f97f691683b4b71e5cac47ddb3dd2edf174313bb316ecfc834063bb043f16a493776f42e634252f80a5fd04569828da785f9ddf38bbbadd8456b62d7f5769c3acec62d49418a7bc7a04f441ba3f1cc83b1fe54099ec07e735a67f1cce059fdf3e875d14882a3387b5be19fd369a132892f160e673441991c16c1c72b616f3169b48434ab792a9683922c929730d736eae3940e300bf14795e0f1db1113b4252470d453a17afb2003282826bff9938014d5fc7de95f8388ef43d8c49d989338cf42061fbc5f8c1cc032022f2012222fc10f7ad49d4369bbae80d34ecd184513d32ef3440deab03d0b8c1a851390bd4f9e471c4d9657f136fc17b77c42af287f910ef1e1cc5ff22ed813f57397f40f19c1a209ddeb2d5f8b3eb23ce8b3fbba2537025615c577804a6eed9dcd3d439450b07a97d3fd3dd0e781c606c055d84b3df18098228c9b727d2d7df13e3c07a3e9f5b51e60349a4892f9b7a0cf28f24dc425e0813e2f60c58c5bdedb3ccc8afa0c931ffbff8e51abdfc76c07955400a980fe7ce689e4076aeadb87fa7e498dc2cf3eea836315c9f7208d1f6e8582255ee4f5f2bf44c3cb9f6d06889a10274c4c4fd9f8d542e7b7a74b4082e51a68885a291a9d235adac8d5e650d33e932c01a1cf03ca4624f2c2e7a75f18e18a6f5cbeea0b840c3529fde774ba99cd19071acb8ad5b3e96af9f1d57607d418fa3124eccad548f3aa76e24a0ff2343204b4f9d4c2364eb2230107a61a839140d36c66254b4e6d6a4d5b53b58cf75adce18c89736cbf44301a6b57bdbf4e212e90afa6343935333f554ceaa5a01611fed488fad6a3b07eacd10772740840eaff59ddb20174d3651e34e3e94156ef960f7e82f6112cdb68f43c7f8e209dc0620a8b80cde533340a141a62c0b493ea273c4cfed68e4116e84ada159fa5333046eac263b019fd9e0507cca49045cec0cc637a2973e1d296f456b8e3843a02c76e8a56f0714a40385fda1dd59ae022a72212c87409bae348309b9a8f1c61e20d229a59f48b431b7387fef1ae1d697b397bbb78cb3683a9cdaf924c412b358d55bc74de3ccb3ffffbaa179ae5f511e8ae200ad8f3c4a4f1a0c1b6ecfa0a6b3953caf8dfad4832a4043c5e7e829d14664c85c070f58e95e65ac931f790c50f540ddaa9a9f9d19d568ba2884df52b84c94b58b642315ce5d2804180c5bd4e11a1c7dd8e4173b17a67a2a250692109914c2c366e975ddcdbc316dd330952437480192c8eb36a3d1b482f318ec9b3ffc89f7b6e2f47cf152e95bdcbee015843a83669e0e792253a047fc1af1ad765881cd2b1217526ca07aa1fb2bc653c66fd333f86619b8c6c774807b328227629a91095d192ab56d1ea8ddd60244f587f816ab78eaec766c91d9ab9503eba8f91ea073d69f790d3d7b75a81f606eb14bba53de69aa7f13d9e1a1b89ac8ce45607d0983c15efcc9c2a891b19f8d0fcff428d40627b934a63514dfdcf9ec41c91a5dfe0cc0c925e14d15f17466e5a5151317a34738f2e002fcdb468a17a66fe6be58839c9fdcaf3a0b4c55c730a750d723fdaa19c9d5452f7672e27cb1b73fc07b7f74e03d5f9e2434b5873a0a664d56170c71424ed6d19db0d73281a30712a9e5d07c06bdaf60e1b4ceda9ca8c6f5bfa1171bf16b0aa0edeee035e53d8ed213afc0de3ce5868b5708cfbedb4ee7e701249e9805dcdb07b42e8db7c8d84d0e15915a84422d585e01e728d942370b764a1f45a36d0f7ec2e2c14c72dc1e7744eb2192", 0x1000}, {&(0x7f0000001cc0)="ebafbc63d576ea1a1ab18c02f472d378454b9f493f1b4e8870dd39fa501740ea30e121ab17fecb27df335c7ea41e35faa9036cd1d64c94369c2fed28a32afe7949e5bce7d1c2145f02a6eabae1", 0x4d}, {&(0x7f0000002e00)="e96ec42a0146a9ade6d5c0f6eaae57def3aa6cb56415e36410ca34f872b059f7662a9207bf4b5581d120ff37751b34fcc982d46cc1c1fc89cc250e6021320a1deded98f9b8dfc87dd04e357fe953d60babdee1f59936982d37278bb635c6bde4674a007ecda34357d04bd4115a63afa7f66ec302bd3d5dea559b2de790dafbb9be6aa2921f76390674ed7a12beb25ac942c47c92fb4ae936ac7da339c8a386d4f54395a5b9dc5c354ff8118a1cce9b23f1733fd41435cdb9dc58596f5c16a8f35c65d110041d73050bc728e583c19de58f98b840c4e017794fc3a3a8ce83", 0xde}, {&(0x7f0000001d40)="e9a8e920", 0x4}, {&(0x7f0000002f00)="aa0696f70fad7c4f255e718a7ab323977b91b6e53f4ea2e865bf524ec07d57184baba0095a5552be57f7ac409faa66091c97217b49c918015e07834e571db0ab32562bb201f671b7f430ec3a9871ebe291a114270b7c43ed3070b8e94b9dbbe9cb95406c5e2ef2d343cf3aaeea2c46ae23e5614c22308bc9ecaedabc3c234d3e9d1de6e33ad1659993a2554cd394d3eba8a86fd1bb742d85ec25e535e539ef15291516ad5c71185a57e29f581a5a81a054cb0587840001319bdf7454c57dedf048556274b6cf603534d6f763805685232a0e9929a50d39a6c3de611f09f9735c8bef07194e98fb2e7fb46ea1cee06c5aed0debc67d889d79ed44c645f7", 0xfd}], 0xa, &(0x7f00000030c0)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x100}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @hopopts_2292={{0xd8, 0x29, 0x36, {0x21, 0x17, '\x00', [@ra, @generic={0x3f, 0xb3, "4926939c8e97222327c4ab9771c9d8ad947c2ecd9809f741ec5cee33d6e65592719289b448e27fb29b4c23448fdf8fd4cfd137f01bbb6002c2872da787117ec9b85209f58cd3ed588aab60fdbe8fb65022e87d0ddc4208fa3cf593da2c83e4db4cfb790f7e7359643fd220885e08d216589393c9ccc426a915982816a50ba7dfe4edef70f607c191a6f7e2c3bc3b387538e0668f0548f0dc5738e2d751ee894aeeda5a0bac0f7cd50d8b5daa2518d30c983a73"}]}}}], 0x108}}, {{0x0, 0x0, &(0x7f0000003340)=[{&(0x7f0000003200)="06c3ad566eff20f48c55b4301487e11f5d67e3c8f7b9d698f44952b99921468d1808e6e148671faa79d852e03d6ad7c28fe1c265e12b9e1ea1b4e4a6ab9bab8aad1e981f7e867f42aa36a0ae6e51dc34f3cb0faef235d61060cf87f9f46932274537b0a338f1be30551a135c30c23705cc7368829a89fe60f4a230b8328b68d333c721ef967586e47d4d87167a2deb7c76aac42319c8630907f5f15b4c253b1807037849692fbfab773a3b65d4ee499ae65c9df6c4a45f2515137b6d85f6a7bb5c82cbbbb4", 0xc5}, {&(0x7f0000003300)="4f054bbdfdb0614286840aa74620cfea6030dda167c0aadd", 0x18}], 0x2, &(0x7f0000003380)=[@hoplimit={{0x14, 0x29, 0x34, 0x8001}}, @dstopts={{0x40, 0x29, 0x37, {0x5a, 0x4, '\x00', [@calipso={0x7, 0x20, {0x2, 0x6, 0x7, 0x9, [0x2d, 0x100, 0x1]}}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x51}}, @rthdr={{0x78, 0x29, 0x39, {0x29, 0xc, 0x2, 0x81, 0x0, [@dev={0xfe, 0x80, '\x00', 0x35}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @private2={0xfc, 0x2, '\x00', 0x1}, @remote, @empty, @private1]}}}, @rthdr={{0xb8, 0x29, 0x39, {0x87, 0x14, 0x1, 0x3, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @multicast1}, @private1={0xfc, 0x1, '\x00', 0x1}, @loopback, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @mcast2, @mcast2, @empty, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x401}}, @pktinfo={{0x24, 0x29, 0x32, {@private2={0xfc, 0x2, '\x00', 0x1}, r10}}}, @rthdr={{0xa8, 0x29, 0x39, {0x2b, 0x12, 0x0, 0x2, 0x0, [@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, @empty, @private0, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback, @local, @mcast1, @private0]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x499}}, @tclass={{0x14}}], 0x2b8}}], 0x3, 0x20000000) 02:29:23 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) 02:29:23 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xfeffffff, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:23 executing program 7: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000100), 0x5a, 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x80010, r3, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:23 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x0, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) 02:29:23 executing program 5: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xe4ffffff, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:23 executing program 4: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x4, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:23 executing program 7: r0 = syz_io_uring_setup(0x4d4d, &(0x7f00000002c0)={0x0, 0x48000}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000100), 0x5a, 0x0) syz_io_uring_setup(0x6d33, &(0x7f0000000180)={0x0, 0x80b3, 0x2, 0x1, 0x23f, 0x0, r4}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000000c0)) 02:29:23 executing program 2: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000300), 0x40, 0x0) r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000340)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0xc, &(0x7f0000000000)=0x5, 0xff4d) sendmsg$nl_generic(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="18000000160011cd0000000005db7b007cf36a1e7de50000"], 0x18}}, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000380)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd=r3, 0x3f, {0x0, r4}, 0xcbe, 0x6, 0x0, {0x0, 0x0, r5}}, 0x33) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r6}}, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r0, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000400), 0xc8802, 0x0) sendmsg$NL80211_CMD_START_P2P_DEVICE(r7, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x50000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x14, 0x0, 0x400, 0x70bd28, 0x25dfdbff, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000080}, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan1\x00'}) syz_io_uring_setup(0x75cc, &(0x7f0000000180)={0x0, 0x59c6, 0x8, 0x2, 0x26}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000000c0)) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r8, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) 02:29:23 executing program 3: r0 = syz_io_uring_setup(0x4d4f, &(0x7f0000000180)={0x0, 0x0, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r3, r2, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r0, 0x58af, 0x0, 0x2, 0x0, 0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f0000000480)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2, 0x4007, @fd_index=0x5, 0xffffffffffff8001, 0x0, 0x0, 0x18, 0x0, {0x1, r4}}, 0x1000) 02:29:23 executing program 6: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, 0x0, 0x677a75c5b666ec4e) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0xffffffe4, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0x1c, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f0000ff2000/0xc000)=nil, &(0x7f0000000040), &(0x7f0000000140)) 02:29:23 executing program 0: sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000300)={0x20, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x677a75c5b666ec4e) syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x400000, 0x0, 0x2}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000100)) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') pread64(r0, &(0x7f0000000240)=""/83, 0x53, 0x200000048) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="000000002d3030303030303030303239547ae91e2002c54a000000000001000000"]) r1 = syz_io_uring_setup(0x4d4f, &(0x7f0000000240), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_ASYNC_CANCEL, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FSYNC={0x3, 0x0, 0x0, @fd_index}, 0x8) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0x0) syz_io_uring_setup(0x2a7b, &(0x7f0000000340)={0x0, 0x2000000, 0x4}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200), 0x0) r4 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x61d69414, 0x100000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_submit(r4, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) io_uring_enter(r1, 0x58af, 0x0, 0x2, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000480)=@IORING_OP_READ_FIXED={0x4, 0x3, 0x4003, @fd_index=0x1, 0x7f, 0x3, 0x400, 0x8, 0x0, {0x3}}, 0x1000) syz_io_uring_setup(0xed5, &(0x7f00000003c0)={0x0, 0x4ef9, 0x8, 0x0, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040), &(0x7f00000001c0)) r5 = socket$inet(0x2, 0x1, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000500)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f00000000c0)=@alg={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}}, 0x0) [ 2327.266755] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2327.268048] CPU: 0 PID: 257 Comm: syz-fuzzer Not tainted 5.10.226 #1 [ 2327.268630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2327.269384] Call Trace: [ 2327.269634] dump_stack+0x107/0x167 [ 2327.269972] dump_header+0x106/0x655 [ 2327.270350] oom_kill_process.cold+0x10/0x15 [ 2327.270758] out_of_memory+0x1149/0x1440 [ 2327.271138] ? oom_killer_disable+0x280/0x280 [ 2327.271675] ? mutex_trylock+0x237/0x2b0 [ 2327.272045] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2327.272604] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2327.273146] ? lock_acquire+0xf7/0x470 [ 2327.273525] ? warn_alloc+0x190/0x190 [ 2327.273896] __alloc_pages_nodemask+0x51d/0x600 [ 2327.274461] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2327.275706] ? find_get_entry+0x2c8/0x740 [ 2327.276483] alloc_pages_current+0x187/0x280 [ 2327.277313] __page_cache_alloc+0x2d2/0x360 [ 2327.278129] pagecache_get_page+0x2c7/0xc80 [ 2327.279141] filemap_fault+0x177d/0x2210 [ 2327.280064] ? read_cache_page_gfp+0x30/0x30 [ 2327.280918] ? replace_page_cache_page+0x1200/0x1200 [ 2327.281893] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2327.283072] ext4_filemap_fault+0x87/0xc0 [ 2327.283850] __do_fault+0x113/0x410 [ 2327.284647] handle_mm_fault+0x1e53/0x3500 [ 2327.285452] ? _copy_from_user+0xfb/0x1b0 [ 2327.286239] ? __pmd_alloc+0x5e0/0x5e0 [ 2327.287178] ? vmacache_find+0x55/0x2a0 [ 2327.287938] ? vmacache_update+0xce/0x140 [ 2327.288852] do_user_addr_fault+0x56e/0xc60 [ 2327.289693] exc_page_fault+0xa2/0x1a0 [ 2327.290495] ? asm_exc_page_fault+0x8/0x30 [ 2327.291281] asm_exc_page_fault+0x1e/0x30 [ 2327.292158] RIP: 0033:0x466533 [ 2327.292768] Code: Unable to access opcode bytes at RIP 0x466509. [ 2327.293900] RSP: 002b:000000c00003fe80 EFLAGS: 00010202 [ 2327.295088] RAX: ffffffffffffff92 RBX: 000000003b983aa7 RCX: 0000000000466533 [ 2327.296569] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000001f20e78 [ 2327.297947] RBP: 000000c00003fec8 R08: 0000000000000000 R09: 0000000000000000 [ 2327.299579] R10: 000000c00003feb8 R11: 0000000000000202 R12: 0000000000438880 [ 2327.301033] R13: 0000000000000000 R14: 0000000000e5de2c R15: 0000000000000000 [ 2327.303182] Mem-Info: [ 2327.303756] active_anon:4530 inactive_anon:52730 isolated_anon:0 [ 2327.303756] active_file:2 inactive_file:1 isolated_file:0 [ 2327.303756] unevictable:0 dirty:0 writeback:0 [ 2327.303756] slab_reclaimable:8569 slab_unreclaimable:266779 [ 2327.303756] mapped:69634 shmem:115 pagetables:1003 bounce:0 [ 2327.303756] free:3610 free_pcp:274 free_cma:0 [ 2327.310059] Node 0 active_anon:18120kB inactive_anon:210920kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:460kB writeback_tmp:0kB kernel_stack:3648kB all_unreclaimable? yes [ 2327.315695] Node 0 DMA free:6508kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2327.319442] lowmem_reserve[]: 0 1616 1616 1616 [ 2327.319904] Node 0 DMA32 free:7932kB min:17404kB low:19056kB high:20708kB reserved_highatomic:0KB active_anon:18120kB inactive_anon:210920kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:2080640kB managed:1660468kB mlocked:0kB pagetables:4012kB bounce:0kB free_pcp:1096kB local_pcp:252kB free_cma:0kB [ 2327.322632] lowmem_reserve[]: 0 0 0 0 [ 2327.323058] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6492kB [ 2327.324588] Node 0 DMA32: 1915*4kB (UME) 25*8kB (UM) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7860kB [ 2327.326147] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2327.327023] 118 total pagecache pages [ 2327.327488] 0 pages in swap cache [ 2327.327832] Swap cache stats: add 0, delete 0, find 0/0 [ 2327.328392] Free swap = 0kB [ 2327.328692] Total swap = 0kB [ 2327.328993] 524158 pages RAM [ 2327.329324] 0 pages HighMem/MovableOnly [ 2327.329823] 105064 pages reserved [ 2327.330219] Unreclaimable slab info: [ 2327.330969] Name Used Total [ 2327.331605] pid_3 3KB 3KB [ 2327.332129] pid_2 63KB 63KB [ 2327.332693] IEEE-802.15.4-MAC 31KB 31KB [ 2327.333219] p9_req_t 8KB 8KB [ 2327.333779] fib6_nodes 28KB 28KB [ 2327.334339] ip6_dst_cache 41KB 41KB [ 2327.334983] RAWv6 252KB 252KB [ 2327.335533] UDPLITEv6 62KB 62KB [ 2327.336079] UDPv6 62KB 62KB [ 2327.336624] tw_sock_TCPv6 7KB 7KB [ 2327.337161] request_sock_TCPv6 7KB 7KB [ 2327.337715] TCPv6 62KB 62KB [ 2327.338288] scsi_sense_cache 8KB 8KB [ 2327.338813] sd_ext_cdb 3KB 3KB [ 2327.339486] virtio_scsi_cmd 16KB 16KB [ 2327.340034] sgpool-128 59KB 59KB [ 2327.340580] sgpool-64 63KB 63KB [ 2327.341115] sgpool-32 63KB 63KB [ 2327.341661] sgpool-16 22KB 22KB [ 2327.342198] sgpool-8 45KB 45KB [ 2327.342760] io_kiocb 297KB 375KB [ 2327.343432] mqueue_inode_cache 62KB 62KB [ 2327.343962] nfs_commit_data 15KB 15KB [ 2327.344525] nfs_write_data 47KB 47KB [ 2327.345049] jbd2_inode 7KB 7KB [ 2327.345611] ext4_system_zone 3KB 3KB [ 2327.346132] ext4_io_end_vec 7KB 7KB [ 2327.346702] ext4_bio_post_read_ctx 15KB 15KB [ 2327.347291] kioctx 15KB 15KB [ 2327.347944] aio_kiocb 3KB 3KB [ 2327.348513] dio 15KB 15KB [ 2327.349035] bio-2 4KB 4KB [ 2327.349594] fasync_cache 7KB 7KB [ 2327.350117] pid_namespace 7KB 7KB [ 2327.350687] posix_timers_cache 15KB 15KB [ 2327.351222] rpc_buffers 31KB 31KB [ 2327.351880] rpc_tasks 3KB 3KB [ 2327.352580] UNIX 294KB 320KB [ 2327.353137] tcp_bind_bucket 8KB 8KB [ 2327.353711] ip_fib_trie 8KB 8KB [ 2327.354289] ip_fib_alias 15KB 15KB [ 2327.354844] ip_dst_cache 8KB 8KB [ 2327.355416] RAW 93KB 93KB [ 2327.356084] UDP 262KB 283KB [ 2327.356653] request_sock_TCP 15KB 15KB [ 2327.357207] TCP 60KB 60KB [ 2327.357768] hugetlbfs_inode_cache 15KB 15KB [ 2327.358386] bio-1 11KB 11KB [ 2327.358909] eventpoll_pwq 27KB 27KB [ 2327.359499] eventpoll_epi 39KB 39KB [ 2327.360035] inotify_inode_mark 50KB 50KB [ 2327.360747] request_queue 60KB 60KB [ 2327.361327] blkdev_ioc 15KB 15KB [ 2327.361859] bio-0 96KB 96KB [ 2327.362438] biovec-max 981KB 981KB [ 2327.362971] biovec-64 173KB 189KB [ 2327.363666] biovec-16 15KB 15KB [ 2327.364200] user_namespace 31KB 31KB [ 2327.364779] uid_cache 4KB 4KB [ 2327.365339] dmaengine-unmap-2 4KB 4KB [ 2327.365887] audit_buffer 7KB 7KB [ 2327.366452] skbuff_fclone_cache 90KB 90KB [ 2327.367028] skbuff_head_cache 1382KB 1485KB [ 2327.367700] file_lock_cache 63KB 63KB [ 2327.368262] file_lock_ctx 7KB 7KB [ 2327.368942] fsnotify_mark_connector 28KB 28KB [ 2327.369561] net_namespace 143KB 143KB [ 2327.370210] task_delay_info 131KB 131KB [ 2327.370744] taskstats 54KB 54KB [ 2327.371245] proc_dir_entry 396KB 420KB [ 2327.371720] pde_opener 31KB 31KB [ 2327.372209] seq_file 63KB 63KB [ 2327.372725] sigqueue 98KB 98KB [ 2327.373217] shmem_inode_cache 1226KB 1257KB [ 2327.373708] kernfs_iattrs_cache 235KB 235KB [ 2327.374210] kernfs_node_cache 5396KB 5396KB [ 2327.374717] mnt_cache 236KB 236KB [ 2327.375254] filp 1303KB 1965KB [ 2327.375740] names_cache 7701KB 8806KB [ 2327.376252] hashtab_node 274KB 274KB [ 2327.376728] ebitmap_node 1149KB 1149KB [ 2327.377223] avtab_node 4976KB 4976KB [ 2327.377723] avc_node 31KB 31KB [ 2327.378260] lsm_inode_cache 3192KB 3269KB [ 2327.378739] lsm_file_cache 165KB 176KB [ 2327.379253] key_jar 39KB 39KB [ 2327.379731] uts_namespace 15KB 15KB [ 2327.380202] nsproxy 11KB 11KB [ 2327.380861] vm_area_struct 728KB 1044KB [ 2327.381372] fs_cache 60KB 60KB [ 2327.381847] files_cache 81KB 239KB [ 2327.382354] signal_cache 290KB 370KB [ 2327.382837] sighand_cache 330KB 330KB [ 2327.383335] task_struct 925KB 1470KB [ 2327.383824] cred_jar 130KB 172KB [ 2327.384338] anon_vma_chain 170KB 240KB [ 2327.384934] anon_vma 185KB 215KB [ 2327.385438] pid 90KB 116KB [ 2327.385931] Acpi-Operand 127KB 158KB [ 2327.386445] Acpi-ParseExt 31KB 31KB [ 2327.386971] Acpi-Parse 51KB 67KB [ 2327.387467] Acpi-State 153KB 169KB [ 2327.387953] Acpi-Namespace 24KB 24KB [ 2327.388455] numa_policy 7KB 7KB [ 2327.389058] trace_event_file 176KB 176KB [ 2327.389561] ftrace_event_field 280KB 280KB [ 2327.390062] pool_workqueue 32KB 32KB [ 2327.390575] task_group 16KB 16KB [ 2327.391066] mm_struct 276KB 346KB [ 2327.391561] vmap_area 236KB 236KB [ 2327.392055] page->ptl 166KB 216KB [ 2327.392555] kmemleak_scan_area 119KB 127KB [ 2327.393151] kmemleak_object 821055KB 821055KB [ 2327.393671] kmalloc-8k 4704KB 4896KB [ 2327.394176] kmalloc-4k 6664KB 8160KB [ 2327.394694] kmalloc-2k 4056KB 4736KB [ 2327.395196] kmalloc-1k 2254KB 3232KB [ 2327.395693] kmalloc-512 30489KB 30576KB [ 2327.396173] kmalloc-256 1171KB 1232KB [ 2327.396691] kmalloc-192 515KB 528KB [ 2327.397171] kmalloc-128 475KB 516KB [ 2327.397798] kmalloc-96 467KB 552KB [ 2327.398333] kmalloc-64 1111KB 1212KB [ 2327.398807] kmalloc-32 99984KB 99984KB [ 2327.399313] kmalloc-16 360KB 360KB [ 2327.399786] kmalloc-8 310KB 310KB [ 2327.400276] kmem_cache_node 47KB 47KB [ 2327.400762] kmem_cache 71KB 71KB [ 2327.401256] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=syz-fuzzer,pid=257,uid=0 [ 2327.404422] Out of memory (oom_kill_allocating_task): Killed process 256 (syz-fuzzer) total-vm:1238100kB, anon-rss:195524kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:924kB oom_score_adj:0 [ 2327.479778] syz-executor.2: page allocation failure: order:0, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz2,mems_allowed=0 [ 2327.481289] CPU: 1 PID: 13693 Comm: syz-executor.2 Not tainted 5.10.226 #1 [ 2327.481908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2327.483602] Call Trace: [ 2327.483869] dump_stack+0x107/0x167 [ 2327.484290] warn_alloc.cold+0x95/0x18a [ 2327.484685] ? zone_watermark_ok_safe+0x260/0x260 [ 2327.485238] ? queue_oom_reaper+0x86/0x1e0 [ 2327.485668] ? wait_for_completion_io+0x270/0x270 [ 2327.486203] __alloc_pages_slowpath.constprop.0+0x1c33/0x2170 [ 2327.486759] ? lock_acquire+0xf7/0x470 [ 2327.487114] ? warn_alloc+0x190/0x190 [ 2327.487530] __alloc_pages_nodemask+0x51d/0x600 [ 2327.487953] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2327.488562] alloc_pages_current+0x187/0x280 [ 2327.488961] allocate_slab+0x29b/0x380 [ 2327.489402] ___slab_alloc+0x470/0x700 [ 2327.489757] ? io_issue_sqe+0x2492/0x77b0 [ 2327.490184] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2327.490680] ? trace_hardirqs_on+0x5b/0x180 [ 2327.491057] ? io_issue_sqe+0x2492/0x77b0 [ 2327.491407] ? kmem_cache_alloc_trace+0x305/0x320 [ 2327.491802] kmem_cache_alloc_trace+0x305/0x320 [ 2327.492188] io_issue_sqe+0x2492/0x77b0 [ 2327.492530] ? io_connect+0x610/0x610 [ 2327.492846] ? mark_lock+0xf5/0x2df0 [ 2327.493158] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2327.493594] ? lock_chain_count+0x20/0x20 [ 2327.493935] ? io_dismantle_req+0xdf/0x180 [ 2327.494301] __io_queue_sqe+0x90/0x9d0 [ 2327.494630] ? io_issue_sqe+0x77b0/0x77b0 [ 2327.494976] ? mark_held_locks+0x9e/0xe0 [ 2327.495317] ? rwlock_bug.part.0+0x90/0x90 [ 2327.495670] io_req_task_submit+0xbf/0x1b0 [ 2327.496019] tctx_task_work+0x21a/0x8a0 [ 2327.496356] ? io_fallback_req_func+0x430/0x430 [ 2327.496737] ? rwlock_bug.part.0+0x90/0x90 [ 2327.497089] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2327.497523] task_work_run+0xe2/0x1a0 [ 2327.497844] exit_to_user_mode_prepare+0x17c/0x190 [ 2327.498252] syscall_exit_to_user_mode+0x38/0x1d0 [ 2327.498660] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2327.499079] RIP: 0033:0x7f1a7fffbb19 [ 2327.499390] Code: Unable to access opcode bytes at RIP 0x7f1a7fffbaef. [ 2327.499921] RSP: 002b:00007f1a7d571188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2327.500542] RAX: 000000000000030e RBX: 00007f1a8010ef60 RCX: 00007f1a7fffbb19 [ 2327.501122] RDX: 0000000000000000 RSI: 00000000000058af RDI: 0000000000000003 [ 2327.501701] RBP: 00007f1a80055f6d R08: 0000000000000000 R09: 0000000000000000 [ 2327.502295] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 2327.502879] R13: 00007ffddc6a717f R14: 00007f1a7d571300 R15: 0000000000022000 [ 2327.503496] Mem-Info: [ 2327.503719] active_anon:4530 inactive_anon:52730 isolated_anon:0 [ 2327.503719] active_file:2 inactive_file:1 isolated_file:0 [ 2327.503719] unevictable:0 dirty:0 writeback:0 [ 2327.503719] slab_reclaimable:8569 slab_unreclaimable:266779 [ 2327.503719] mapped:69634 shmem:115 pagetables:1003 bounce:0 [ 2327.503719] free:3698 free_pcp:287 free_cma:0 [ 2327.510252] Node 0 active_anon:18120kB inactive_anon:210920kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:460kB writeback_tmp:0kB kernel_stack:3360kB all_unreclaimable? yes [ 2327.513219] Node 0 DMA free:6484kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2327.515587] lowmem_reserve[]: 0 1616 1616 1616 [ 2327.516033] Node 0 DMA32 free:8308kB min:17404kB low:19056kB high:20708kB reserved_highatomic:0KB active_anon:18120kB inactive_anon:210920kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:2080640kB managed:1660468kB mlocked:0kB pagetables:4012kB bounce:0kB free_pcp:1120kB local_pcp:848kB free_cma:0kB [ 2327.518631] lowmem_reserve[]: 0 0 0 0 [ 2327.519009] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6476kB [ 2327.520306] Node 0 DMA32: 1915*4kB (UME) 25*8kB (UM) 0*16kB 15*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8340kB [ 2327.521562] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2327.526380] 118 total pagecache pages [ 2327.526728] 0 pages in swap cache [ 2327.527041] Swap cache stats: add 0, delete 0, find 0/0 [ 2327.527544] Free swap = 0kB [ 2327.527820] Total swap = 0kB [ 2327.528094] 524158 pages RAM [ 2327.528396] 0 pages HighMem/MovableOnly [ 2327.528753] 105064 pages reserved [ 2327.529159] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2327.529890] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2327.530695] node 0: slabs: 24996, objs: 1599744, free: 0 [ 2327.531582] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-250 [ 2327.532600] CPU: 0 PID: 102 Comm: systemd-journal Not tainted 5.10.226 #1 [ 2327.533238] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2327.533992] Call Trace: [ 2327.534370] dump_stack+0x107/0x167 [ 2327.534714] dump_header+0x106/0x655 [ 2327.535064] oom_kill_process.cold+0x10/0x15 [ 2327.535498] out_of_memory+0x1149/0x1440 [ 2327.535884] ? oom_killer_disable+0x280/0x280 [ 2327.536321] ? mutex_trylock+0x237/0x2b0 [ 2327.536696] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2327.537255] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2327.537810] ? lock_acquire+0xf7/0x470 [ 2327.538176] ? warn_alloc+0x190/0x190 [ 2327.538677] __alloc_pages_nodemask+0x51d/0x600 [ 2327.539110] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2327.539684] ? find_get_entry+0x2c8/0x740 [ 2327.540079] alloc_pages_current+0x187/0x280 [ 2327.540505] __page_cache_alloc+0x2d2/0x360 [ 2327.540910] pagecache_get_page+0x2c7/0xc80 [ 2327.541317] filemap_fault+0x177d/0x2210 [ 2327.541718] ? read_cache_page_gfp+0x30/0x30 [ 2327.542128] ? replace_page_cache_page+0x1200/0x1200 [ 2327.542717] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2327.543209] ext4_filemap_fault+0x87/0xc0 [ 2327.543611] __do_fault+0x113/0x410 [ 2327.543957] handle_mm_fault+0x1e53/0x3500 [ 2327.544359] ? __pmd_alloc+0x5e0/0x5e0 [ 2327.544745] ? vmacache_find+0x55/0x2a0 [ 2327.545112] ? vmacache_update+0xce/0x140 [ 2327.545511] do_user_addr_fault+0x56e/0xc60 [ 2327.545991] exc_page_fault+0xa2/0x1a0 [ 2327.546380] ? asm_exc_page_fault+0x8/0x30 [ 2327.546922] asm_exc_page_fault+0x1e/0x30 [ 2327.547318] RIP: 0033:0x7f6498458116 [ 2327.547667] Code: Unable to access opcode bytes at RIP 0x7f64984580ec. [ 2327.548321] RSP: 002b:00007fffa7c9cc40 EFLAGS: 00010293 [ 2327.548812] RAX: 0000000000000001 RBX: 000055e78f85f360 RCX: 00007f6498458116 [ 2327.549479] RDX: 0000000000000014 RSI: 000055e78f8658e0 RDI: 0000000000000008 [ 2327.550140] RBP: ffffffffffffffff R08: 0000000000000000 R09: 00007fffa7dd8080 [ 2327.550812] R10: 00000000ffffffff R11: 0000000000000293 R12: 0000000000000001 [ 2327.551589] R13: 0000000000000014 R14: 0000000000000000 R15: 0000000000000000 [ 2327.552427] Mem-Info: [ 2327.552680] active_anon:4530 inactive_anon:52709 isolated_anon:0 [ 2327.552680] active_file:2 inactive_file:1 isolated_file:0 [ 2327.552680] unevictable:0 dirty:0 writeback:0 [ 2327.552680] slab_reclaimable:8569 slab_unreclaimable:266779 [ 2327.552680] mapped:69634 shmem:115 pagetables:1003 bounce:0 [ 2327.552680] free:3698 free_pcp:296 free_cma:0 [ 2327.555646] Node 0 active_anon:18120kB inactive_anon:210836kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:460kB writeback_tmp:0kB kernel_stack:3328kB all_unreclaimable? yes [ 2327.557721] Node 0 DMA free:6484kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2327.560274] lowmem_reserve[]: 0 1616 1616 1616 [ 2327.560741] Node 0 DMA32 free:8308kB min:17404kB low:19056kB high:20708kB reserved_highatomic:0KB active_anon:18120kB inactive_anon:210836kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:2080640kB managed:1660468kB mlocked:0kB pagetables:4012kB bounce:0kB free_pcp:1184kB local_pcp:336kB free_cma:0kB [ 2327.563360] lowmem_reserve[]: 0 0 0 0 [ 2327.563852] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6476kB [ 2327.565161] Node 0 DMA32: 1915*4kB (UME) 25*8kB (UM) 0*16kB 16*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8372kB [ 2327.566467] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2327.567260] 118 total pagecache pages [ 2327.567613] 0 pages in swap cache [ 2327.567928] Swap cache stats: add 0, delete 0, find 0/0 [ 2327.568546] Free swap = 0kB [ 2327.568824] Total swap = 0kB [ 2327.569246] 524158 pages RAM [ 2327.569524] 0 pages HighMem/MovableOnly [ 2327.569880] 105064 pages reserved [ 2327.570209] Unreclaimable slab info: [ 2327.570360] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2327.570659] Name Used Total [ 2327.571293] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2327.571304] node 0: slabs: 24996, objs: 1599744, free: 0 [ 2327.573124] pid_3 3KB 3KB [ 2327.573747] pid_2 63KB 63KB [ 2327.574256] IEEE-802.15.4-MAC 31KB 31KB [ 2327.574759] p9_req_t 8KB 8KB [ 2327.575264] fib6_nodes 28KB 28KB [ 2327.575760] ip6_dst_cache 41KB 41KB [ 2327.576263] RAWv6 252KB 252KB [ 2327.576758] UDPLITEv6 62KB 62KB [ 2327.577259] UDPv6 62KB 62KB [ 2327.577866] tw_sock_TCPv6 7KB 7KB [ 2327.578386] request_sock_TCPv6 7KB 7KB [ 2327.578890] TCPv6 62KB 62KB [ 2327.579400] scsi_sense_cache 8KB 8KB [ 2327.579893] sd_ext_cdb 3KB 3KB [ 2327.580396] virtio_scsi_cmd 16KB 16KB [ 2327.580900] sgpool-128 59KB 59KB [ 2327.581409] sgpool-64 63KB 63KB [ 2327.582009] sgpool-32 63KB 63KB [ 2327.582535] sgpool-16 22KB 22KB [ 2327.583085] sgpool-8 45KB 45KB [ 2327.583610] io_kiocb 297KB 375KB [ 2327.584106] mqueue_inode_cache 62KB 62KB [ 2327.584617] nfs_commit_data 15KB 15KB [ 2327.585109] nfs_write_data 47KB 47KB [ 2327.585619] jbd2_inode 7KB 7KB [ 2327.586261] ext4_system_zone 3KB 3KB [ 2327.586746] ext4_io_end_vec 7KB 7KB [ 2327.587264] ext4_bio_post_read_ctx 15KB 15KB [ 2327.587781] kioctx 15KB 15KB [ 2327.588295] aio_kiocb 3KB 3KB [ 2327.588777] dio 15KB 15KB [ 2327.589297] bio-2 4KB 4KB [ 2327.589778] fasync_cache 7KB 7KB [ 2327.590408] pid_namespace 7KB 7KB [ 2327.590887] posix_timers_cache 15KB 15KB [ 2327.591415] rpc_buffers 31KB 31KB [ 2327.591895] rpc_tasks 3KB 3KB [ 2327.592411] UNIX 294KB 320KB [ 2327.592895] tcp_bind_bucket 8KB 8KB [ 2327.593400] ip_fib_trie 8KB 8KB [ 2327.593893] ip_fib_alias 15KB 15KB [ 2327.594418] ip_dst_cache 8KB 8KB [ 2327.595017] RAW 93KB 93KB [ 2327.595528] UDP 262KB 283KB [ 2327.596027] request_sock_TCP 15KB 15KB [ 2327.596528] TCP 60KB 60KB [ 2327.597022] hugetlbfs_inode_cache 15KB 15KB [ 2327.597553] bio-1 11KB 11KB [ 2327.598047] eventpoll_pwq 27KB 27KB [ 2327.598572] eventpoll_epi 39KB 39KB [ 2327.599163] inotify_inode_mark 50KB 50KB [ 2327.599675] request_queue 60KB 60KB [ 2327.600172] blkdev_ioc 15KB 15KB [ 2327.600682] bio-0 96KB 96KB [ 2327.601176] biovec-max 981KB 981KB [ 2327.601679] biovec-64 173KB 189KB [ 2327.602173] biovec-16 15KB 15KB [ 2327.602692] user_namespace 31KB 31KB [ 2327.603320] uid_cache 4KB 4KB [ 2327.603802] dmaengine-unmap-2 4KB 4KB [ 2327.604149] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2327.604321] audit_buffer 7KB 7KB [ 2327.605023] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2327.605039] node 0: slabs: 24996, objs: 1599744, free: 0 [ 2327.605544] skbuff_fclone_cache 90KB 90KB [ 2327.607475] skbuff_head_cache 1395KB 1485KB [ 2327.607956] file_lock_cache 63KB 63KB [ 2327.608473] file_lock_ctx 7KB 7KB [ 2327.609476] fsnotify_mark_connector 28KB 28KB [ 2327.610008] net_namespace 143KB 143KB [ 2327.610720] task_delay_info 131KB 131KB [ 2327.611206] taskstats 54KB 54KB [ 2327.611853] proc_dir_entry 396KB 420KB [ 2327.612364] pde_opener 31KB 31KB [ 2327.612866] seq_file 63KB 63KB [ 2327.613377] sigqueue 98KB 98KB [ 2327.613978] shmem_inode_cache 1226KB 1257KB [ 2327.614498] kernfs_iattrs_cache 235KB 235KB [ 2327.615008] kernfs_node_cache 5396KB 5396KB [ 2327.615518] mnt_cache 236KB 236KB [ 2327.616092] filp 1303KB 1965KB [ 2327.616612] names_cache 7701KB 8806KB [ 2327.617110] hashtab_node 274KB 274KB [ 2327.617616] ebitmap_node 1149KB 1149KB [ 2327.618209] avtab_node 4976KB 4976KB [ 2327.618732] avc_node 31KB 31KB [ 2327.619262] lsm_inode_cache 3192KB 3269KB [ 2327.619744] lsm_file_cache 165KB 176KB [ 2327.620263] key_jar 39KB 39KB [ 2327.620744] uts_namespace 15KB 15KB [ 2327.621258] nsproxy 11KB 11KB [ 2327.621773] vm_area_struct 728KB 1044KB [ 2327.622413] fs_cache 60KB 60KB [ 2327.622896] files_cache 81KB 239KB [ 2327.623416] signal_cache 290KB 370KB [ 2327.623896] sighand_cache 330KB 330KB [ 2327.624417] task_struct 925KB 1470KB [ 2327.624900] cred_jar 130KB 172KB [ 2327.625426] anon_vma_chain 170KB 240KB [ 2327.625909] anon_vma 185KB 215KB [ 2327.626539] pid 90KB 116KB [ 2327.627020] Acpi-Operand 127KB 158KB [ 2327.627542] Acpi-ParseExt 31KB 31KB [ 2327.628020] Acpi-Parse 51KB 67KB [ 2327.628538] Acpi-State 153KB 169KB [ 2327.629018] Acpi-Namespace 24KB 24KB [ 2327.629535] numa_policy 7KB 7KB [ 2327.630015] trace_event_file 176KB 176KB [ 2327.630659] ftrace_event_field 280KB 280KB [ 2327.631147] pool_workqueue 32KB 32KB [ 2327.631666] task_group 16KB 16KB [ 2327.632145] mm_struct 276KB 346KB [ 2327.632661] vmap_area 236KB 236KB [ 2327.633142] page->ptl 166KB 216KB [ 2327.633644] kmemleak_scan_area 119KB 127KB [ 2327.634148] kmemleak_object 821112KB 821112KB [ 2327.634688] kmalloc-8k 4704KB 4896KB [ 2327.635321] kmalloc-4k 6664KB 8160KB [ 2327.635826] kmalloc-2k 4056KB 4736KB [ 2327.636339] kmalloc-1k 2254KB 3232KB [ 2327.636818] kmalloc-512 30552KB 30576KB [ 2327.637338] kmalloc-256 1171KB 1232KB [ 2327.637817] kmalloc-192 515KB 528KB [ 2327.638359] kmalloc-128 475KB 516KB [ 2327.638846] kmalloc-96 467KB 552KB [ 2327.639482] kmalloc-64 1111KB 1212KB [ 2327.639959] kmalloc-32 99984KB 99984KB [ 2327.640477] kmalloc-16 360KB 360KB [ 2327.640954] kmalloc-8 310KB 310KB [ 2327.641468] kmem_cache_node 47KB 47KB [ 2327.641945] kmem_cache 71KB 71KB [ 2327.642474] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=102,uid=0 [ 2327.644273] Out of memory (oom_kill_allocating_task): Killed process 102 (systemd-journal) total-vm:40132kB, anon-rss:860kB, file-rss:0kB, shmem-rss:4kB, UID:0 pgtables:104kB oom_score_adj:-250 [ 2327.644287] SLUB: Unable to allocate memory on node -1, gfp=0x400cc0(GFP_KERNEL_ACCOUNT) [ 2327.644306] cache: kmalloc-32, object size: 32, buffer size: 64, default order: 0, min order: 0 [ 2327.647106] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2327.647324] node 0: slabs: 24996, objs: 1599744, free: 0 [ 2327.648941] CPU: 0 PID: 182 Comm: in:imklog Not tainted 5.10.226 #1 [ 2327.649506] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2327.650257] Call Trace: [ 2327.650506] dump_stack+0x107/0x167 [ 2327.650852] dump_header+0x106/0x655 [ 2327.651191] oom_kill_process.cold+0x10/0x15 [ 2327.651600] out_of_memory+0x1149/0x1440 [ 2327.652092] ? oom_killer_disable+0x280/0x280 [ 2327.652500] ? mutex_trylock+0x237/0x2b0 [ 2327.652880] ? __alloc_pages_slowpath.constprop.0+0xa72/0x2170 [ 2327.653411] __alloc_pages_slowpath.constprop.0+0x1b63/0x2170 [ 2327.653957] ? lock_acquire+0xf7/0x470 [ 2327.654329] ? warn_alloc+0x190/0x190 [ 2327.654695] __alloc_pages_nodemask+0x51d/0x600 [ 2327.655130] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2327.655681] ? find_get_entry+0x2c8/0x740 [ 2327.656189] alloc_pages_current+0x187/0x280 [ 2327.656593] __page_cache_alloc+0x2d2/0x360 [ 2327.657005] pagecache_get_page+0x2c7/0xc80 [ 2327.657404] filemap_fault+0x177d/0x2210 [ 2327.657782] ? read_cache_page_gfp+0x30/0x30 [ 2327.658198] ? replace_page_cache_page+0x1200/0x1200 [ 2327.658668] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 2327.659162] ext4_filemap_fault+0x87/0xc0 [ 2327.659544] __do_fault+0x113/0x410 [ 2327.659882] handle_mm_fault+0x1e53/0x3500 [ 2327.660390] ? __pmd_alloc+0x5e0/0x5e0 [ 2327.660753] ? vmacache_find+0x55/0x2a0 [ 2327.661111] ? vmacache_update+0xce/0x140 [ 2327.661511] do_user_addr_fault+0x56e/0xc60 [ 2327.661911] exc_page_fault+0xa2/0x1a0 [ 2327.662285] ? asm_exc_page_fault+0x8/0x30 [ 2327.662671] asm_exc_page_fault+0x1e/0x30 [ 2327.663040] RIP: 0033:0x7f1dc40ed08c [ 2327.663506] Code: Unable to access opcode bytes at RIP 0x7f1dc40ed062. [ 2327.664086] RSP: 002b:00007f1dc36894d0 EFLAGS: 00010246 [ 2327.664583] RAX: 0000000000001f90 RBX: 0000000000000000 RCX: 00007f1dc40ed08c [ 2327.665216] RDX: 0000000000001fa0 RSI: 00007f1dc3689d00 RDI: 0000000000000005 [ 2327.665862] RBP: 0000562dc89cd4c0 R08: 0000000000000000 R09: 0000562dc89c9e88 [ 2327.666518] R10: a3d70a3d70a3d70b R11: 0000000000000246 R12: 00007f1dc3689d00 [ 2327.667153] R13: 0000000000001fa0 R14: 00007f1dc3689d00 R15: 00007f1dc368af62 [ 2327.667971] Mem-Info: [ 2327.668230] active_anon:4530 inactive_anon:52667 isolated_anon:0 [ 2327.668230] active_file:2 inactive_file:1 isolated_file:0 [ 2327.668230] unevictable:0 dirty:0 writeback:0 [ 2327.668230] slab_reclaimable:8569 slab_unreclaimable:266779 [ 2327.668230] mapped:69634 shmem:115 pagetables:1003 bounce:0 [ 2327.668230] free:4474 free_pcp:328 free_cma:0 [ 2327.671045] Node 0 active_anon:18120kB inactive_anon:210668kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278536kB dirty:0kB writeback:0kB shmem:460kB writeback_tmp:0kB kernel_stack:3328kB all_unreclaimable? yes [ 2327.673193] Node 0 DMA free:6484kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2327.675545] lowmem_reserve[]: 0 1616 1616 1616 [ 2327.675986] Node 0 DMA32 free:11412kB min:17404kB low:19056kB high:20708kB reserved_highatomic:0KB active_anon:18120kB inactive_anon:210668kB active_file:8kB inactive_file:4kB unevictable:0kB writepending:0kB present:2080640kB managed:1660468kB mlocked:0kB pagetables:4012kB bounce:0kB free_pcp:1300kB local_pcp:324kB free_cma:0kB [ 2327.678686] lowmem_reserve[]: 0 0 0 0 [ 2327.679067] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 1*64kB (U) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 1*2048kB (M) 1*4096kB (M) = 6476kB [ 2327.680499] Node 0 DMA32: 1915*4kB (UME) 25*8kB (UM) 0*16kB 16*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (U) 0*4096kB = 11444kB [ 2327.681833] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2327.682624] 118 total pagecache pages [ 2327.682963] 0 pages in swap cache [ 2327.683300] Swap cache stats: add 0, delete 0, find 0/0 [ 2327.683883] Free swap = 0kB [ 2327.684155] Total swap = 0kB [ 2327.684454] 524158 pages RAM [ 2327.684744] 0 pages HighMem/MovableOnly [ 2327.685095] 105064 pages reserved [ 2327.685427] Unreclaimable slab info: [ 2327.685773] Name Used Total [ 2327.686290] pid_3 3KB 3KB [ 2327.686780] pid_2 63KB 63KB [ 2327.687282] IEEE-802.15.4-MAC 31KB 31KB [ 2327.687868] p9_req_t 8KB 8KB [ 2327.688370] fib6_nodes 28KB 28KB [ 2327.688860] ip6_dst_cache 41KB 41KB [ 2327.689356] RAWv6 252KB 252KB [ 2327.689842] UDPLITEv6 62KB 62KB [ 2327.690349] UDPv6 62KB 62KB [ 2327.690835] tw_sock_TCPv6 7KB 7KB [ 2327.691337] request_sock_TCPv6 7KB 7KB [ 2327.691816] TCPv6 62KB 62KB [ 2327.692432] scsi_sense_cache 8KB 8KB [ 2327.692905] sd_ext_cdb 3KB 3KB [ 2327.693416] virtio_scsi_cmd 16KB 16KB [ 2327.693906] sgpool-128 59KB 59KB [ 2327.694427] sgpool-64 63KB 63KB [ 2327.694900] sgpool-32 63KB 63KB [ 2327.695416] sgpool-16 22KB 22KB [ 2327.695888] sgpool-8 45KB 45KB [ 2327.696503] io_kiocb 297KB 375KB [ 2327.696977] mqueue_inode_cache 62KB 62KB [ 2327.697497] nfs_commit_data 15KB 15KB [ 2327.697970] nfs_write_data 47KB 47KB [ 2327.698490] jbd2_inode 7KB 7KB [ 2327.698963] ext4_system_zone 3KB 3KB [ 2327.699577] ext4_io_end_vec 7KB 7KB [ 2327.700050] ext4_bio_post_read_ctx 15KB 15KB [ 2327.700600] kioctx 15KB 15KB [ 2327.701072] aio_kiocb 3KB 3KB [ 2327.701586] dio 15KB 15KB [ 2327.702058] bio-2 4KB 4KB [ 2327.702579] fasync_cache 7KB 7KB [ 2327.703052] pid_namespace 7KB 7KB [ 2327.703669] posix_timers_cache 15KB 15KB [ 2327.704156] rpc_buffers 31KB 31KB [ 2327.704672] rpc_tasks 3KB 3KB [ 2327.705146] UNIX 294KB 320KB [ 2327.705646] tcp_bind_bucket 8KB 8KB [ 2327.706139] ip_fib_trie 8KB 8KB [ 2327.706649] ip_fib_alias 15KB 15KB [ 2327.707139] ip_dst_cache 8KB 8KB [ 2327.707644] RAW 93KB 93KB [ 2327.708257] UDP 262KB 283KB [ 2327.708738] request_sock_TCP 15KB 15KB [ 2327.709259] TCP 60KB 60KB [ 2327.709745] hugetlbfs_inode_cache 15KB 15KB [ 2327.710308] bio-1 11KB 11KB [ 2327.710791] eventpoll_pwq 27KB 27KB [ 2327.711315] eventpoll_epi 39KB 39KB [ 2327.711796] inotify_inode_mark 50KB 50KB [ 2327.712435] request_queue 60KB 60KB [ 2327.712912] blkdev_ioc 15KB 15KB [ 2327.713443] bio-0 96KB 96KB [ 2327.713922] biovec-max 981KB 981KB [ 2327.714512] biovec-64 173KB 189KB [ 2327.714996] biovec-16 15KB 15KB [ 2327.715534] user_namespace 31KB 31KB [ 2327.716023] uid_cache 4KB 4KB [ 2327.716661] dmaengine-unmap-2 4KB 4KB [ 2327.717133] audit_buffer 7KB 7KB [ 2327.717709] skbuff_fclone_cache 90KB 90KB [ 2327.718195] skbuff_head_cache 1404KB 1485KB [ 2327.718730] file_lock_cache 63KB 63KB [ 2327.719200] file_lock_ctx 7KB 7KB [ 2327.719776] fsnotify_mark_connector 28KB 28KB [ 2327.720319] net_namespace 143KB 143KB [ 2327.720947] task_delay_info 131KB 131KB [ 2327.721453] taskstats 54KB 54KB [ 2327.721990] proc_dir_entry 396KB 420KB [ 2327.722507] pde_opener 31KB 31KB [ 2327.722996] seq_file 63KB 63KB [ 2327.723492] sigqueue 98KB 98KB [ 2327.723979] shmem_inode_cache 1226KB 1257KB [ 2327.724481] kernfs_iattrs_cache 235KB 235KB [ 2327.725082] kernfs_node_cache 5396KB 5396KB [ 2327.725582] mnt_cache 236KB 236KB [ 2327.726077] filp 1303KB 1965KB [ 2327.726591] names_cache 7701KB 8806KB [ 2327.727082] hashtab_node 274KB 274KB [ 2327.727582] ebitmap_node 1149KB 1149KB [ 2327.728076] avtab_node 4976KB 4976KB [ 2327.728585] avc_node 31KB 31KB [ 2327.729186] lsm_inode_cache 3192KB 3269KB [ 2327.729688] lsm_file_cache 165KB 176KB [ 2327.730180] key_jar 39KB 39KB [ 2327.730697] uts_namespace 15KB 15KB [ 2327.731187] nsproxy 11KB 11KB [ 2327.731690] vm_area_struct 728KB 1044KB [ 2327.732177] fs_cache 60KB 60KB [ 2327.732680] files_cache 81KB 239KB [ 2327.733154] signal_cache 290KB 370KB [ 2327.733776] sighand_cache 330KB 330KB [ 2327.734296] task_struct 925KB 1470KB [ 2327.734775] cred_jar 130KB 172KB [ 2327.735270] anon_vma_chain 170KB 240KB [ 2327.735761] anon_vma 185KB 211KB [ 2327.736256] pid 90KB 116KB [ 2327.736748] Acpi-Operand 127KB 158KB [ 2327.737223] Acpi-ParseExt 31KB 31KB [ 2327.737846] Acpi-Parse 51KB 67KB [ 2327.738364] Acpi-State 153KB 169KB [ 2327.738854] Acpi-Namespace 24KB 24KB [ 2327.739351] numa_policy 7KB 7KB [ 2327.739841] trace_event_file 176KB 176KB [ 2327.740335] ftrace_event_field 280KB 280KB [ 2327.740828] pool_workqueue 32KB 32KB [ 2327.741334] task_group 16KB 16KB [ 2327.741920] mm_struct 276KB 346KB [ 2327.742431] vmap_area 236KB 236KB [ 2327.742922] page->ptl 166KB 216KB [ 2327.743416] kmemleak_scan_area 119KB 127KB [ 2327.743910] kmemleak_object 821127KB 821127KB [ 2327.744411] kmalloc-8k 4704KB 4896KB [ 2327.744901] kmalloc-4k 6664KB 8160KB [ 2327.745408] kmalloc-2k 4056KB 4736KB [ 2327.745887] kmalloc-1k 2254KB 3232KB [ 2327.746510] kmalloc-512 30558KB 30576KB [ 2327.746994] kmalloc-256 1171KB 1232KB [ 2327.747488] kmalloc-192 515KB 528KB [ 2327.747961] kmalloc-128 475KB 516KB [ 2327.748476] kmalloc-96 467KB 552KB [ 2327.748952] kmalloc-64 1115KB 1212KB [ 2327.749465] kmalloc-32 99984KB 99984KB [ 2327.749937] kmalloc-16 360KB 360KB [ 2327.750583] kmalloc-8 310KB 310KB [ 2327.751055] kmem_cache_node 47KB 47KB [ 2327.751559] kmem_cache 71KB 71KB [ 2327.752023] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/rsyslog.service,task=in:imklog,pid=182,uid=0 [ 2327.753585] Out of memory (oom_kill_allocating_task): Killed process 175 (rsyslogd) total-vm:220876kB, anon-rss:992kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:0 [ 2327.958855] systemd[1]: ssh.service: A process of this unit has been killed by the OOM killer. [ 2327.974305] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL [ 2327.979453] systemd[1]: rsyslog.service: Failed with result 'oom-kill'. [ 2328.081055] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL [ 2328.093911] systemd[1]: systemd-journald.service: Failed with result 'oom-kill'. [ 2328.151929] systemd[1]: systemd-journald.service: Consumed 5.817s CPU time. [ 2328.188944] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. [ 2328.190017] systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 1. [ 2328.190846] systemd[1]: Stopped System Logging Service. [ 2328.278815] systemd[1]: Starting System Logging Service... [ 2328.395792] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 2328.476848] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 2328.494173] systemd[1]: ssh.service: Failed with result 'oom-kill'. [ 2328.495847] systemd[1]: ssh.service: Unit process 250 (sshd) remains running after unit stopped. [ 2328.518411] systemd[1]: ssh.service: Consumed 31min 48.792s CPU time. [ 2328.589629] systemd[1]: Stopped target Bluetooth. [ 2328.783615] systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1. [ 2328.788725] systemd[1]: Stopped OpenBSD Secure Shell server. [ 2328.792980] systemd[1]: ssh.service: Consumed 31min 48.815s CPU time. [ 2328.795262] systemd[1]: ssh.service: Found left-over process 250 (sshd) in control group while starting unit. Ignoring. [ 2328.803611] systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [ 2328.828227] systemd[1]: Starting OpenBSD Secure Shell server... [ 2329.182997] systemd[1]: systemd-journal-flush.service: Succeeded. [ 2329.196259] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 2329.206941] systemd[1]: Stopped Journal Service. [ 2329.207767] systemd[1]: systemd-journald.service: Consumed 5.817s CPU time. [ 2329.290601] systemd[1]: Starting Journal Service... [ 2329.365417] systemd[1]: ssh.service: Found left-over process 250 (sshd) in control group while starting unit. Ignoring. [ 2329.367253] systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [ 2329.396819] systemd[1]: Started Load/Save RF Kill Switch Status. [ 2329.435269] systemd[1]: Started System Logging Service. [ 2329.453317] oom_reaper: reaped process 256 (syz-fuzzer), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB [ 2329.600415] systemd[1]: Started OpenBSD Secure Shell server. [ 2329.761697] systemd-journald[13724]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 2330.321807] systemd[1]: Started Journal Service. [ 2330.442403] systemd-journald[13724]: Received client request to flush runtime journal. VM DIAGNOSIS: 02:29:48 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffff88804d22d128 RCX=ffffffff8127e9a1 RDX=1ffff11009a45a26 RSI=ffffffff86c12520 RDI=ffff88804d22d130 RBP=0000000000000246 RSP=ffff8880466978e8 R8 =0000000000000001 R9 =0000000000000003 R10=ffffed1008cd2f0b R11=0000000000000001 R12=ffff88804d22d290 R13=ffff88804d22d488 R14=ffff8880083fe8c0 R15=ffff88800dba7000 RIP=ffffffff816f3445 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1a273fde70 CR3=000000004c8e2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=0000000000000000000055ef003c8060 XMM02=ff000000000000ff0000000000ff0000 XMM03=66207463656e6e6f6373696420646576 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0d0c0f0e09080b0a0504070601000302 XMM07=00000000000000000000000000000000 XMM08=000a0d732a2e25006c61746166003367 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=ffffed1001137f1c RBX=ffffed1001137f27 RCX=ffffffff81108caa RDX=ffffed1001137f27 RSI=0000000000000060 RDI=ffff8880089bf8d8 RBP=ffffed1001137f1b RSP=ffff8880089bf848 R8 =0000000000000001 R9 =ffff8880089bf937 R10=ffffed1001137f26 R11=0000000000000001 R12=0000000000000060 R13=0000000000000000 R14=ffff8880089b0000 R15=ffff8880089bf8d8 RIP=ffffffff816c8fc8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f1a2798eff0 CR3=0000000017ce4000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=9e8e1759221f6a895eec259a527e2d8f XMM02=12a99b7545e8d9973de74bb56d162fe2 XMM03=d845dd78b21b1ab4e4bc101925b412df XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=0d0c0f0e09080b0a0504070601000302 XMM07=0e0d0c0f0a09080b0605040702010003 XMM08=64707466730073254073250070746673 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000